From 8e8e348374429fa77a4977663fe8165bbcc01e13 Mon Sep 17 00:00:00 2001 From: fluentdo-ci <210516725+fluentdo-ci@users.noreply.github.com> Date: Mon, 22 Dec 2025 10:38:23 +0000 Subject: [PATCH] ci: add mapping version for agent 25.10.10 Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- .../agent/cyclonedx-25.10.10.cdx.json | 50137 +++++ docs/security/agent/grype-25.10.1.json | 4077 +- docs/security/agent/grype-25.10.1.md | 17 +- docs/security/agent/grype-25.10.10.json | 7838 + docs/security/agent/grype-25.10.10.md | 57 + docs/security/agent/grype-25.10.2.json | 4077 +- docs/security/agent/grype-25.10.2.md | 17 +- docs/security/agent/grype-25.10.3.json | 4077 +- docs/security/agent/grype-25.10.3.md | 17 +- docs/security/agent/grype-25.10.4.json | 4077 +- docs/security/agent/grype-25.10.4.md | 17 +- docs/security/agent/grype-25.10.5.json | 4077 +- docs/security/agent/grype-25.10.5.md | 17 +- docs/security/agent/grype-25.10.6.json | 4077 +- docs/security/agent/grype-25.10.6.md | 17 +- docs/security/agent/grype-25.10.7.json | 4077 +- docs/security/agent/grype-25.10.7.md | 17 +- docs/security/agent/grype-25.10.8.json | 3071 +- docs/security/agent/grype-25.10.8.md | 15 +- docs/security/agent/grype-25.10.9.json | 3255 +- docs/security/agent/grype-25.10.9.md | 17 +- docs/security/agent/grype-25.11.1.json | 4077 +- docs/security/agent/grype-25.11.1.md | 17 +- docs/security/agent/grype-25.11.2.json | 4077 +- docs/security/agent/grype-25.11.2.md | 17 +- docs/security/agent/grype-25.12.1.json | 3357 +- docs/security/agent/grype-25.12.1.md | 19 +- docs/security/agent/grype-25.12.2.json | 3317 +- docs/security/agent/grype-25.12.2.md | 17 +- docs/security/agent/grype-25.12.3.json | 3317 +- docs/security/agent/grype-25.12.3.md | 17 +- docs/security/agent/grype-25.7.1.json | 7389 +- docs/security/agent/grype-25.7.1.md | 33 +- docs/security/agent/grype-25.7.2.json | 7389 +- docs/security/agent/grype-25.7.2.md | 33 +- docs/security/agent/grype-25.7.4.json | 7075 +- docs/security/agent/grype-25.7.4.md | 31 +- docs/security/agent/grype-25.8.2.json | 4929 +- docs/security/agent/grype-25.8.2.md | 21 +- docs/security/agent/grype-25.8.4.json | 4665 +- docs/security/agent/grype-25.8.4.md | 21 +- docs/security/agent/grype-25.9.1.json | 4393 +- docs/security/agent/grype-25.9.1.md | 17 +- docs/security/agent/grype-25.9.2.json | 4393 +- docs/security/agent/grype-25.9.2.md | 17 +- docs/security/agent/grype-25.9.3.json | 4393 +- docs/security/agent/grype-25.9.3.md | 17 +- docs/security/agent/grype-25.9.4.json | 4077 +- docs/security/agent/grype-25.9.4.md | 17 +- docs/security/agent/grype-25.9.5.json | 4077 +- docs/security/agent/grype-25.9.5.md | 17 +- docs/security/agent/grype-latest.md | 2 +- docs/security/agent/spdx-25.10.10.spdx.json | 87185 +++++++ docs/security/agent/syft-25.10.10.json | 174919 +++++++++++++++ docs/security/cves.md | 9 + docs/security/oss/grype-4.0.10.json | 1282 +- docs/security/oss/grype-4.0.10.md | 6 +- docs/security/oss/grype-4.0.11.json | 1282 +- docs/security/oss/grype-4.0.11.md | 6 +- docs/security/oss/grype-4.0.12.json | 1204 +- docs/security/oss/grype-4.0.12.md | 4 +- docs/security/oss/grype-4.0.13.json | 1204 +- docs/security/oss/grype-4.0.13.md | 4 +- docs/security/oss/grype-4.0.3.json | 2482 +- docs/security/oss/grype-4.0.3.md | 12 +- docs/security/oss/grype-4.0.4.json | 2482 +- docs/security/oss/grype-4.0.4.md | 12 +- docs/security/oss/grype-4.0.5.json | 1528 +- docs/security/oss/grype-4.0.5.md | 8 +- docs/security/oss/grype-4.0.6.json | 1528 +- docs/security/oss/grype-4.0.6.md | 8 +- docs/security/oss/grype-4.0.7.json | 1528 +- docs/security/oss/grype-4.0.7.md | 8 +- docs/security/oss/grype-4.0.8.json | 1528 +- docs/security/oss/grype-4.0.8.md | 8 +- docs/security/oss/grype-4.0.9.json | 1528 +- docs/security/oss/grype-4.0.9.md | 8 +- docs/security/oss/grype-4.1.0.json | 1492 +- docs/security/oss/grype-4.1.0.md | 8 +- docs/version-mapping.md | 1 + scripts/security/scan-config.json | 1 + 81 files changed, 381648 insertions(+), 63913 deletions(-) create mode 100644 docs/security/agent/cyclonedx-25.10.10.cdx.json create mode 100644 docs/security/agent/grype-25.10.10.json create mode 100644 docs/security/agent/grype-25.10.10.md create mode 100644 docs/security/agent/spdx-25.10.10.spdx.json create mode 100644 docs/security/agent/syft-25.10.10.json diff --git a/docs/security/agent/cyclonedx-25.10.10.cdx.json b/docs/security/agent/cyclonedx-25.10.10.cdx.json new file mode 100644 index 0000000..b022e66 --- /dev/null +++ b/docs/security/agent/cyclonedx-25.10.10.cdx.json @@ -0,0 +1,50137 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:c7b17783-cbdf-4b78-913e-c6eb0c5cd982", + "version": 1, + "metadata": { + "timestamp": "2025-12-22T10:37:01Z", + "tools": { + "components": [ + { + "type": "application", + "author": "anchore", + "name": "syft", + "version": "1.38.2" + } + ] + }, + "component": { + "bom-ref": "50101e20af61a72e", + "type": "container", + "name": "ghcr.io/fluentdo/agent", + "version": "25.10.10" + }, + "properties": [ + { + "name": "syft:image:labels:architecture", + "value": "x86_64" + }, + { + "name": "syft:image:labels:build-date", + "value": "20251222-100331" + }, + { + "name": "syft:image:labels:com.redhat.component", + "value": "ubi9-minimal-container" + }, + { + "name": "syft:image:labels:com.redhat.license_terms", + "value": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" + }, + { + "name": "syft:image:labels:description", + "value": "FluentDo Agent is a stable, secure by default, OSS (Apache-licensed) downstream distribution of Fluent Bit with predictable releases and long-term supported versions for 24 months." + }, + { + "name": "syft:image:labels:distribution-scope", + "value": "public" + }, + { + "name": "syft:image:labels:io.buildah.version", + "value": "1.39.0-dev" + }, + { + "name": "syft:image:labels:io.k8s.description", + "value": "FluentDo Agent is a stable, secure by default, OSS (Apache-licensed) downstream distribution of Fluent Bit with predictable releases and long-term supported versions for 24 months." + }, + { + "name": "syft:image:labels:io.k8s.display-name", + "value": "FluentDo Agent" + }, + { + "name": "syft:image:labels:io.openshift.tags", + "value": "observability,logging,log-aggregation,fluentdo,fluent-bit" + }, + { + "name": "syft:image:labels:maintainer", + "value": "FluentDo via info@fluent.do" + }, + { + "name": "syft:image:labels:name", + "value": "FluentDo Agent" + }, + { + "name": "syft:image:labels:org.opencontainers.image.created", + "value": "2025-12-22T10:03:31.809Z" + }, + { + "name": "syft:image:labels:org.opencontainers.image.description", + "value": "FluentDo Agent is a stable, secure by default, OSS (Apache-licensed) downstream distribution of Fluent Bit with predictable releases and long-term supported versions for 24 months." + }, + { + "name": "syft:image:labels:org.opencontainers.image.revision", + "value": "e4a1b4ebc8acec8e447344c9251528a710df7b11" + }, + { + "name": "syft:image:labels:org.opencontainers.image.source", + "value": "https://github.com/FluentDo/agent" + }, + { + "name": "syft:image:labels:org.opencontainers.image.title", + "value": "agent" + }, + { + "name": "syft:image:labels:org.opencontainers.image.url", + "value": "https://github.com/FluentDo/agent" + }, + { + "name": "syft:image:labels:org.opencontainers.image.version", + "value": "v25.10.10" + }, + { + "name": "syft:image:labels:release", + "value": "1747111267" + }, + { + "name": "syft:image:labels:summary", + "value": "FluentDo Agent is an Enterprise hardened version of Fluent Bit" + }, + { + "name": "syft:image:labels:url", + "value": "https://fluent.do" + }, + { + "name": "syft:image:labels:vcs-ref", + "value": "7575d7eb45eb7f545fef31ba067dfe3d8e52c4eb" + }, + { + "name": "syft:image:labels:vcs-type", + "value": "git" + }, + { + "name": "syft:image:labels:vendor", + "value": "FluentDo at https://fluent.do" + }, + { + "name": "syft:image:labels:version", + "value": "25.10.10" + } + ] + }, + "components": [ + { + "bom-ref": "pkg:rpm/redhat/alternatives@1.24-2.el9?arch=x86_64&distro=rhel-9.7&package-id=22d0e7bdd9bb8c1a&upstream=chkconfig-1.24-2.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "alternatives", + "version": "1.24-2.el9", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:alternatives:alternatives:1.24-2.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/alternatives@1.24-2.el9?arch=x86_64&distro=rhel-9.7&upstream=chkconfig-1.24-2.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:alternatives:1.24-2.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "2.el9" + }, + { + "name": "syft:metadata:size", + "value": "63489" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "chkconfig-1.24-2.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/audit-libs@3.1.5-7.el9?arch=x86_64&distro=rhel-9.7&package-id=394eda196ea9cc18&upstream=audit-3.1.5-7.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "audit-libs", + "version": "3.1.5-7.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:audit-libs:audit-libs:3.1.5-7.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/audit-libs@3.1.5-7.el9?arch=x86_64&distro=rhel-9.7&upstream=audit-3.1.5-7.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:audit-libs:audit_libs:3.1.5-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:audit_libs:audit-libs:3.1.5-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:audit_libs:audit_libs:3.1.5-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:audit-libs:3.1.5-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:audit_libs:3.1.5-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:audit:audit-libs:3.1.5-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:audit:audit_libs:3.1.5-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "7.el9" + }, + { + "name": "syft:metadata:size", + "value": "334617" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "audit-3.1.5-7.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/basesystem@11-13.el9?arch=noarch&distro=rhel-9.7&package-id=2cedbe7bd36d2161&upstream=basesystem-11-13.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "basesystem", + "version": "11-13.el9", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "cpe": "cpe:2.3:a:basesystem:basesystem:11-13.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/basesystem@11-13.el9?arch=noarch&distro=rhel-9.7&upstream=basesystem-11-13.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:basesystem:11-13.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "13.el9" + }, + { + "name": "syft:metadata:size", + "value": "0" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "basesystem-11-13.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "bash", + "version": "5.1.8-9.el9", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "cpe": "cpe:2.3:a:redhat:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&upstream=bash-5.1.8-9.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bash:bash:5.1.8-9.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "9.el9" + }, + { + "name": "syft:metadata:size", + "value": "7738778" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "bash-5.1.8-9.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/bzip2-libs@1.0.8-10.el9_5?arch=x86_64&distro=rhel-9.7&package-id=17802e5820eaaec1&upstream=bzip2-1.0.8-10.el9_5.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "bzip2-libs", + "version": "1.0.8-10.el9_5", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "cpe": "cpe:2.3:a:bzip2-libs:bzip2-libs:1.0.8-10.el9_5:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/bzip2-libs@1.0.8-10.el9_5?arch=x86_64&distro=rhel-9.7&upstream=bzip2-1.0.8-10.el9_5.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bzip2-libs:bzip2_libs:1.0.8-10.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bzip2_libs:bzip2-libs:1.0.8-10.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bzip2_libs:bzip2_libs:1.0.8-10.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:bzip2-libs:1.0.8-10.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:bzip2_libs:1.0.8-10.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bzip2:bzip2-libs:1.0.8-10.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bzip2:bzip2_libs:1.0.8-10.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "10.el9_5" + }, + { + "name": "syft:metadata:size", + "value": "78228" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "bzip2-1.0.8-10.el9_5.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/ca-certificates@2025.2.80_v9.0.305-91.el9?arch=noarch&distro=rhel-9.7&package-id=6be629e4a12f87af&upstream=ca-certificates-2025.2.80_v9.0.305-91.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "ca-certificates", + "version": "2025.2.80_v9.0.305-91.el9", + "licenses": [ + { + "expression": "MIT AND GPL-2.0-or-later" + } + ], + "cpe": "cpe:2.3:a:ca-certificates:ca-certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/ca-certificates@2025.2.80_v9.0.305-91.el9?arch=noarch&distro=rhel-9.7&upstream=ca-certificates-2025.2.80_v9.0.305-91.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca_certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca-certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca_certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ca-certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ca_certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca-certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca_certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "91.el9" + }, + { + "name": "syft:metadata:size", + "value": "2791711" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "ca-certificates-2025.2.80_v9.0.305-91.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&package-id=8ef168befafd7b27&upstream=coreutils-8.32-39.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "coreutils-single", + "version": "8.32-39.el9", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "cpe": "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "39.el9" + }, + { + "name": "syft:metadata:size", + "value": "1403185" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "coreutils-8.32-39.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/crypto-policies@20250905-1.git377cc42.el9_7?arch=noarch&distro=rhel-9.7&package-id=db4134870a686c23&upstream=crypto-policies-20250905-1.git377cc42.el9_7.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "crypto-policies", + "version": "20250905-1.git377cc42.el9_7", + "licenses": [ + { + "license": { + "id": "LGPL-2.1-or-later" + } + } + ], + "cpe": "cpe:2.3:a:crypto-policies:crypto-policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/crypto-policies@20250905-1.git377cc42.el9_7?arch=noarch&distro=rhel-9.7&upstream=crypto-policies-20250905-1.git377cc42.el9_7.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:crypto-policies:crypto_policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:crypto_policies:crypto-policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:crypto_policies:crypto_policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:crypto:crypto-policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:crypto:crypto_policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:crypto-policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:crypto_policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "1.git377cc42.el9_7" + }, + { + "name": "syft:metadata:size", + "value": "101000" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "crypto-policies-20250905-1.git377cc42.el9_7.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&package-id=eb5d2c76ed21fa8e&upstream=curl-7.76.1-34.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "34.el9" + }, + { + "name": "syft:metadata:size", + "value": "245105" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "curl-7.76.1-34.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/cyrus-sasl-lib@2.1.27-22.el9?arch=x86_64&distro=rhel-9.7&package-id=bace04fe1571465a&upstream=cyrus-sasl-2.1.27-22.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "cyrus-sasl-lib", + "version": "2.1.27-22.el9", + "licenses": [ + { + "license": { + "name": "BSD with advertising" + } + } + ], + "cpe": "cpe:2.3:a:cyrus-sasl-lib:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/cyrus-sasl-lib@2.1.27-22.el9?arch=x86_64&distro=rhel-9.7&upstream=cyrus-sasl-2.1.27-22.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cyrus-sasl-lib:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cyrus_sasl_lib:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cyrus_sasl_lib:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cyrus-sasl:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cyrus-sasl:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cyrus_sasl:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cyrus_sasl:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cyrus:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cyrus:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "22.el9" + }, + { + "name": "syft:metadata:size", + "value": "2380232" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "cyrus-sasl-2.1.27-22.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/dejavu-sans-fonts@2.37-18.el9?arch=noarch&distro=rhel-9.7&package-id=dfd23518c3ae46b3&upstream=dejavu-fonts-2.37-18.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "dejavu-sans-fonts", + "version": "2.37-18.el9", + "licenses": [ + { + "license": { + "name": "Bitstream Vera and Public Domain" + } + } + ], + "cpe": "cpe:2.3:a:dejavu-sans-fonts:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/dejavu-sans-fonts@2.37-18.el9?arch=noarch&distro=rhel-9.7&upstream=dejavu-fonts-2.37-18.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:dejavu-sans-fonts:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:dejavu_sans_fonts:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:dejavu_sans_fonts:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:dejavu-sans:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:dejavu-sans:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:dejavu_sans:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:dejavu_sans:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:dejavu:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:dejavu:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "18.el9" + }, + { + "name": "syft:metadata:size", + "value": "5930958" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "dejavu-fonts-2.37-18.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/dnf-data@4.14.0-31.el9?arch=noarch&distro=rhel-9.7&package-id=9fcab3ada3c25f5e&upstream=dnf-4.14.0-31.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "dnf-data", + "version": "4.14.0-31.el9", + "licenses": [ + { + "license": { + "name": "GPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:dnf-data:dnf-data:4.14.0-31.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/dnf-data@4.14.0-31.el9?arch=noarch&distro=rhel-9.7&upstream=dnf-4.14.0-31.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:dnf-data:dnf_data:4.14.0-31.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:dnf_data:dnf-data:4.14.0-31.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:dnf_data:dnf_data:4.14.0-31.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:dnf-data:4.14.0-31.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:dnf_data:4.14.0-31.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:dnf:dnf-data:4.14.0-31.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:dnf:dnf_data:4.14.0-31.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "31.el9" + }, + { + "name": "syft:metadata:size", + "value": "40102" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "dnf-4.14.0-31.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/file-libs@5.39-16.el9?arch=x86_64&distro=rhel-9.7&package-id=2bd21e0156fe2aa0&upstream=file-5.39-16.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "file-libs", + "version": "5.39-16.el9", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "cpe": "cpe:2.3:a:file-libs:file-libs:5.39-16.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/file-libs@5.39-16.el9?arch=x86_64&distro=rhel-9.7&upstream=file-5.39-16.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:file-libs:file_libs:5.39-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:file_libs:file-libs:5.39-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:file_libs:file_libs:5.39-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:file-libs:5.39-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:file_libs:5.39-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:file:file-libs:5.39-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:file:file_libs:5.39-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "16.el9" + }, + { + "name": "syft:metadata:size", + "value": "8086748" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "file-5.39-16.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/filesystem@3.16-5.el9?arch=x86_64&distro=rhel-9.7&package-id=35298adfca223979&upstream=filesystem-3.16-5.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "filesystem", + "version": "3.16-5.el9", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "cpe": "cpe:2.3:a:filesystem:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/filesystem@3.16-5.el9?arch=x86_64&distro=rhel-9.7&upstream=filesystem-3.16-5.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:filesystem:3.16-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "5.el9" + }, + { + "name": "syft:metadata:size", + "value": "106" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "filesystem-3.16-5.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/findutils@4.8.0-7.el9?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=23c842a484ebcfd5&upstream=findutils-4.8.0-7.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "findutils", + "version": "1:4.8.0-7.el9", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "cpe": "cpe:2.3:a:findutils:findutils:1\\:4.8.0-7.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/findutils@4.8.0-7.el9?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=findutils-4.8.0-7.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:findutils:1\\:4.8.0-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:epoch", + "value": "1" + }, + { + "name": "syft:metadata:release", + "value": "7.el9" + }, + { + "name": "syft:metadata:size", + "value": "1756958" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "findutils-4.8.0-7.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:github/fluent/fluent-bit@25.10.10?package-id=af1ef2b90efeccfe", + "type": "application", + "name": "fluent-bit", + "version": "25.10.10", + "cpe": "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*", + "purl": "pkg:github/fluent/fluent-bit@25.10.10", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "binary-classifier-cataloger" + }, + { + "name": "syft:package:type", + "value": "binary" + }, + { + "name": "syft:package:metadataType", + "value": "binary-signature" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764" + }, + { + "name": "syft:location:0:path", + "value": "/fluent-bit/bin/fluent-bit" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/fonts-filesystem@2.0.5-7.el9.1?arch=noarch&distro=rhel-9.7&epoch=1&package-id=2635452dfff4321d&upstream=fonts-rpm-macros-2.0.5-7.el9.1.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "fonts-filesystem", + "version": "1:2.0.5-7.el9.1", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:fonts-filesystem:fonts-filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/fonts-filesystem@2.0.5-7.el9.1?arch=noarch&distro=rhel-9.7&epoch=1&upstream=fonts-rpm-macros-2.0.5-7.el9.1.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:fonts-filesystem:fonts_filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:fonts_filesystem:fonts-filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:fonts_filesystem:fonts_filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:fonts-filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:fonts_filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:fonts:fonts-filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:fonts:fonts_filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:epoch", + "value": "1" + }, + { + "name": "syft:metadata:release", + "value": "7.el9.1" + }, + { + "name": "syft:metadata:size", + "value": "0" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "fonts-rpm-macros-2.0.5-7.el9.1.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&package-id=9dcf052ea12fdad7&upstream=gawk-5.1.0-6.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "gawk", + "version": "5.1.0-6.el9", + "licenses": [ + { + "license": { + "name": "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + } + } + ], + "cpe": "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6.el9" + }, + { + "name": "syft:metadata:size", + "value": "1685726" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "gawk-5.1.0-6.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/gdbm-libs@1.23-1.el9?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=fcfdc07fd546a72e&upstream=gdbm-1.23-1.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "gdbm-libs", + "version": "1:1.23-1.el9", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "cpe": "cpe:2.3:a:gdbm-libs:gdbm-libs:1\\:1.23-1.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/gdbm-libs@1.23-1.el9?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=gdbm-1.23-1.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gdbm-libs:gdbm_libs:1\\:1.23-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gdbm_libs:gdbm-libs:1\\:1.23-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gdbm_libs:gdbm_libs:1\\:1.23-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:gdbm-libs:1\\:1.23-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:gdbm_libs:1\\:1.23-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gdbm:gdbm-libs:1\\:1.23-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gdbm:gdbm_libs:1\\:1.23-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:epoch", + "value": "1" + }, + { + "name": "syft:metadata:release", + "value": "1.el9" + }, + { + "name": "syft:metadata:size", + "value": "128586" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "gdbm-1.23-1.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&package-id=bcbac17c560ff49d&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "18.el9_7" + }, + { + "name": "syft:metadata:size", + "value": "13443391" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glib2-2.68.4-18.el9_7.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "cpe": "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "231.el9_7.2" + }, + { + "name": "syft:metadata:size", + "value": "6461123" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-231.el9_7.2.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=daddd35181720871&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "cpe": "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "231.el9_7.2" + }, + { + "name": "syft:metadata:size", + "value": "1081366" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-231.el9_7.2.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=5adaf9930b0243ad&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "cpe": "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "231.el9_7.2" + }, + { + "name": "syft:metadata:size", + "value": "5955802" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-231.el9_7.2.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b75c9ce4cb4a4d36&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + } + } + ], + "cpe": "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "231.el9_7.2" + }, + { + "name": "syft:metadata:size", + "value": "0" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "glibc-2.34-231.el9_7.2.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/gmp@6.2.0-13.el9?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=5530ff7e4715e8b5&upstream=gmp-6.2.0-13.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "gmp", + "version": "1:6.2.0-13.el9", + "licenses": [ + { + "license": { + "name": "LGPLv3+ or GPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:redhat:gmp:1\\:6.2.0-13.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/gmp@6.2.0-13.el9?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=gmp-6.2.0-13.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gmp:gmp:1\\:6.2.0-13.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:epoch", + "value": "1" + }, + { + "name": "syft:metadata:release", + "value": "13.el9" + }, + { + "name": "syft:metadata:size", + "value": "816844" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "gmp-6.2.0-13.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&package-id=4796aaf427df0782&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "cpe": "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "4.el9" + }, + { + "name": "syft:metadata:size", + "value": "9227533" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "gnupg2-2.3.3-4.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&package-id=a65fe92a04ecf6ce&upstream=gnutls-3.8.3-9.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "gnutls", + "version": "3.8.3-9.el9", + "licenses": [ + { + "license": { + "name": "GPLv3+ and LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "9.el9" + }, + { + "name": "syft:metadata:size", + "value": "3456709" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "gnutls-3.8.3-9.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/gobject-introspection@1.68.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=a940b80fe4b46c8b&upstream=gobject-introspection-1.68.0-11.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "gobject-introspection", + "version": "1.68.0-11.el9", + "licenses": [ + { + "license": { + "name": "GPLv2+ and LGPLv2+ and MIT" + } + } + ], + "cpe": "cpe:2.3:a:gobject-introspection:gobject-introspection:1.68.0-11.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/gobject-introspection@1.68.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gobject-introspection-1.68.0-11.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gobject-introspection:gobject_introspection:1.68.0-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gobject_introspection:gobject-introspection:1.68.0-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gobject_introspection:gobject_introspection:1.68.0-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gobject:gobject-introspection:1.68.0-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gobject:gobject_introspection:1.68.0-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:gobject-introspection:1.68.0-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:gobject_introspection:1.68.0-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "11.el9" + }, + { + "name": "syft:metadata:size", + "value": "936649" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "gobject-introspection-1.68.0-11.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.7&package-id=07413682000f3d88", + "type": "library", + "name": "gpg-pubkey", + "version": "5a6340b3-6229229e", + "licenses": [ + { + "license": { + "name": "pubkey" + } + } + ], + "cpe": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.7", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6229229e" + }, + { + "name": "syft:metadata:size", + "value": "0" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.7&package-id=a243d3460507af96", + "type": "library", + "name": "gpg-pubkey", + "version": "fd431d51-4ae0493b", + "licenses": [ + { + "license": { + "name": "pubkey" + } + } + ], + "cpe": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.7", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpg:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "4ae0493b" + }, + { + "name": "syft:metadata:size", + "value": "0" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/gpgme@1.15.1-6.el9?arch=x86_64&distro=rhel-9.7&package-id=f1b53ce035ee04b6&upstream=gpgme-1.15.1-6.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "gpgme", + "version": "1.15.1-6.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and GPLv3+" + } + } + ], + "cpe": "cpe:2.3:a:redhat:gpgme:1.15.1-6.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/gpgme@1.15.1-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gpgme-1.15.1-6.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gpgme:gpgme:1.15.1-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6.el9" + }, + { + "name": "syft:metadata:size", + "value": "576065" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "gpgme-1.15.1-6.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/grep@3.6-5.el9?arch=x86_64&distro=rhel-9.7&package-id=196df9cad96e380f&upstream=grep-3.6-5.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "grep", + "version": "3.6-5.el9", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "cpe": "cpe:2.3:a:redhat:grep:3.6-5.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/grep@3.6-5.el9?arch=x86_64&distro=rhel-9.7&upstream=grep-3.6-5.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:grep:grep:3.6-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "5.el9" + }, + { + "name": "syft:metadata:size", + "value": "857840" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "grep-3.6-5.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64&distro=rhel-9.7&package-id=e2e600817bb6e830&upstream=json-c-0.14-11.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "json-c", + "version": "0.14-11.el9", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:json-c:json-c:0.14-11.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64&distro=rhel-9.7&upstream=json-c-0.14-11.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:json-c:json_c:0.14-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:json_c:json-c:0.14-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:json_c:json_c:0.14-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:json-c:0.14-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:json_c:0.14-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:json:json-c:0.14-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:json:json_c:0.14-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "11.el9" + }, + { + "name": "syft:metadata:size", + "value": "79282" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "json-c-0.14-11.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/json-glib@1.6.6-1.el9?arch=x86_64&distro=rhel-9.7&package-id=32dc8d9385f596a8&upstream=json-glib-1.6.6-1.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "json-glib", + "version": "1.6.6-1.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:json-glib:json-glib:1.6.6-1.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/json-glib@1.6.6-1.el9?arch=x86_64&distro=rhel-9.7&upstream=json-glib-1.6.6-1.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:json-glib:json_glib:1.6.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:json_glib:json-glib:1.6.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:json_glib:json_glib:1.6.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:json-glib:1.6.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:json_glib:1.6.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:json:json-glib:1.6.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:json:json_glib:1.6.6-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "1.el9" + }, + { + "name": "syft:metadata:size", + "value": "555868" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "json-glib-1.6.6-1.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/keyutils-libs@1.6.3-1.el9?arch=x86_64&distro=rhel-9.7&package-id=4422e914738c17ef&upstream=keyutils-1.6.3-1.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "keyutils-libs", + "version": "1.6.3-1.el9", + "licenses": [ + { + "license": { + "name": "GPLv2+ and LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:keyutils-libs:keyutils-libs:1.6.3-1.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/keyutils-libs@1.6.3-1.el9?arch=x86_64&distro=rhel-9.7&upstream=keyutils-1.6.3-1.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:keyutils-libs:keyutils_libs:1.6.3-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:keyutils_libs:keyutils-libs:1.6.3-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:keyutils_libs:keyutils_libs:1.6.3-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:keyutils:keyutils-libs:1.6.3-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:keyutils:keyutils_libs:1.6.3-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:keyutils-libs:1.6.3-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:keyutils_libs:1.6.3-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "1.el9" + }, + { + "name": "syft:metadata:size", + "value": "55267" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "keyutils-1.6.3-1.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=rhel-9.7&package-id=b888bcdc2051543e&upstream=krb5-1.21.1-8.el9_6.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "krb5-libs", + "version": "1.21.1-8.el9_6", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:krb5-libs:krb5-libs:1.21.1-8.el9_6:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=rhel-9.7&upstream=krb5-1.21.1-8.el9_6.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:krb5-libs:krb5_libs:1.21.1-8.el9_6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:krb5_libs:krb5-libs:1.21.1-8.el9_6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:krb5_libs:krb5_libs:1.21.1-8.el9_6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:krb5-libs:1.21.1-8.el9_6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:krb5_libs:1.21.1-8.el9_6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:krb5:krb5-libs:1.21.1-8.el9_6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:krb5:krb5_libs:1.21.1-8.el9_6:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "8.el9_6" + }, + { + "name": "syft:metadata:size", + "value": "2503193" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "krb5-1.21.1-8.el9_6.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/langpacks-core-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&package-id=df5d3ce64e6dc98c&upstream=langpacks-3.0-16.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "langpacks-core-en", + "version": "3.0-16.el9", + "licenses": [ + { + "license": { + "name": "GPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:langpacks-core-en:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/langpacks-core-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&upstream=langpacks-3.0-16.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks-core-en:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks_core_en:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks_core_en:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks-core:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks-core:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks_core:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks_core:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "16.el9" + }, + { + "name": "syft:metadata:size", + "value": "398" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "langpacks-3.0-16.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/langpacks-core-font-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&package-id=d73e936743b685e7&upstream=langpacks-3.0-16.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "langpacks-core-font-en", + "version": "3.0-16.el9", + "licenses": [ + { + "license": { + "name": "GPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:langpacks-core-font-en:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/langpacks-core-font-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&upstream=langpacks-3.0-16.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks-core-font-en:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks_core_font_en:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks_core_font_en:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks-core-font:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks-core-font:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks_core_font:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks_core_font:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks-core:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks-core:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks_core:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks_core:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "16.el9" + }, + { + "name": "syft:metadata:size", + "value": "351" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "langpacks-3.0-16.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/langpacks-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&package-id=27488b456777ffc1&upstream=langpacks-3.0-16.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "langpacks-en", + "version": "3.0-16.el9", + "licenses": [ + { + "license": { + "name": "GPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:langpacks-en:langpacks-en:3.0-16.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/langpacks-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&upstream=langpacks-3.0-16.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks-en:langpacks_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks_en:langpacks-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks_en:langpacks_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks:langpacks-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:langpacks:langpacks_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:langpacks-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:langpacks_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "16.el9" + }, + { + "name": "syft:metadata:size", + "value": "400" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "langpacks-3.0-16.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libacl@2.3.1-4.el9?arch=x86_64&distro=rhel-9.7&package-id=efaae8c603855dcd&upstream=acl-2.3.1-4.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libacl", + "version": "2.3.1-4.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libacl:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libacl@2.3.1-4.el9?arch=x86_64&distro=rhel-9.7&upstream=acl-2.3.1-4.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libacl:2.3.1-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "4.el9" + }, + { + "name": "syft:metadata:size", + "value": "40554" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "acl-2.3.1-4.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&package-id=5fe8b53173092253&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "cpe": "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6.el9_6" + }, + { + "name": "syft:metadata:size", + "value": "906150" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libarchive-3.5.3-6.el9_6.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libassuan@2.5.5-3.el9?arch=x86_64&distro=rhel-9.7&package-id=a799ab1600e49872&upstream=libassuan-2.5.5-3.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libassuan", + "version": "2.5.5-3.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and GPLv3+" + } + } + ], + "cpe": "cpe:2.3:a:libassuan:libassuan:2.5.5-3.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libassuan@2.5.5-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libassuan-2.5.5-3.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libassuan:2.5.5-3.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "3.el9" + }, + { + "name": "syft:metadata:size", + "value": "171165" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libassuan-2.5.5-3.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libattr@2.5.1-3.el9?arch=x86_64&distro=rhel-9.7&package-id=304e2047f10e5c4f&upstream=attr-2.5.1-3.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libattr", + "version": "2.5.1-3.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libattr:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libattr@2.5.1-3.el9?arch=x86_64&distro=rhel-9.7&upstream=attr-2.5.1-3.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libattr:2.5.1-3.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "3.el9" + }, + { + "name": "syft:metadata:size", + "value": "29429" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "attr-2.5.1-3.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&package-id=09371eedc2b9d95d&upstream=util-linux-2.37.4-21.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libblkid", + "version": "2.37.4-21.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "21.el9" + }, + { + "name": "syft:metadata:size", + "value": "229849" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "util-linux-2.37.4-21.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=rhel-9.7&package-id=b3389bc8d420d9cb&upstream=libcap-2.48-10.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libcap", + "version": "2.48-10.el9", + "licenses": [ + { + "license": { + "name": "BSD or GPLv2" + } + } + ], + "cpe": "cpe:2.3:a:libcap:libcap:2.48-10.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=rhel-9.7&upstream=libcap-2.48-10.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libcap:2.48-10.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "10.el9" + }, + { + "name": "syft:metadata:size", + "value": "177447" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libcap-2.48-10.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libcap-ng@0.8.2-7.el9?arch=x86_64&distro=rhel-9.7&package-id=a3aa75d8273e1cac&upstream=libcap-ng-0.8.2-7.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libcap-ng", + "version": "0.8.2-7.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libcap-ng:libcap-ng:0.8.2-7.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libcap-ng@0.8.2-7.el9?arch=x86_64&distro=rhel-9.7&upstream=libcap-ng-0.8.2-7.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcap-ng:libcap_ng:0.8.2-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcap_ng:libcap-ng:0.8.2-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcap_ng:libcap_ng:0.8.2-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcap:libcap-ng:0.8.2-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcap:libcap_ng:0.8.2-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libcap-ng:0.8.2-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libcap_ng:0.8.2-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "7.el9" + }, + { + "name": "syft:metadata:size", + "value": "75196" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libcap-ng-0.8.2-7.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libcom_err@1.46.5-8.el9?arch=x86_64&distro=rhel-9.7&package-id=cf7d0f71948121ea&upstream=e2fsprogs-1.46.5-8.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libcom_err", + "version": "1.46.5-8.el9", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:libcom-err:libcom-err:1.46.5-8.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libcom_err@1.46.5-8.el9?arch=x86_64&distro=rhel-9.7&upstream=e2fsprogs-1.46.5-8.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcom-err:libcom_err:1.46.5-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcom_err:libcom-err:1.46.5-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcom_err:libcom_err:1.46.5-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcom:libcom-err:1.46.5-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcom:libcom_err:1.46.5-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libcom-err:1.46.5-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libcom_err:1.46.5-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "8.el9" + }, + { + "name": "syft:metadata:size", + "value": "68401" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "e2fsprogs-1.46.5-8.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&package-id=dbb58be7b5652cc7&upstream=curl-7.76.1-34.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "34.el9" + }, + { + "name": "syft:metadata:size", + "value": "518166" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "curl-7.76.1-34.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libdnf@0.69.0-16.el9?arch=x86_64&distro=rhel-9.7&package-id=5cff8fae12ce3677&upstream=libdnf-0.69.0-16.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libdnf", + "version": "0.69.0-16.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libdnf:libdnf:0.69.0-16.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libdnf@0.69.0-16.el9?arch=x86_64&distro=rhel-9.7&upstream=libdnf-0.69.0-16.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libdnf:0.69.0-16.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "16.el9" + }, + { + "name": "syft:metadata:size", + "value": "2147301" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libdnf-0.69.0-16.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libevent@2.1.12-8.el9_4?arch=x86_64&distro=rhel-9.7&package-id=0299e311fe243bca&upstream=libevent-2.1.12-8.el9_4.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libevent", + "version": "2.1.12-8.el9_4", + "licenses": [ + { + "license": { + "name": "BSD and ISC" + } + } + ], + "cpe": "cpe:2.3:a:libevent:libevent:2.1.12-8.el9_4:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libevent@2.1.12-8.el9_4?arch=x86_64&distro=rhel-9.7&upstream=libevent-2.1.12-8.el9_4.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libevent:2.1.12-8.el9_4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "8.el9_4" + }, + { + "name": "syft:metadata:size", + "value": "928090" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libevent-2.1.12-8.el9_4.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libffi@3.4.2-8.el9?arch=x86_64&distro=rhel-9.7&package-id=090027c7d7254e53&upstream=libffi-3.4.2-8.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libffi", + "version": "3.4.2-8.el9", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:libffi:libffi:3.4.2-8.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libffi@3.4.2-8.el9?arch=x86_64&distro=rhel-9.7&upstream=libffi-3.4.2-8.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libffi:3.4.2-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "8.el9" + }, + { + "name": "syft:metadata:size", + "value": "65761" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libffi-3.4.2-8.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=06e2c48d975ea1da&upstream=gcc-11.5.0-11.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libgcc", + "version": "11.5.0-11.el9", + "licenses": [ + { + "license": { + "name": "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + } + } + ], + "cpe": "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "11.el9" + }, + { + "name": "syft:metadata:size", + "value": "207028" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "gcc-11.5.0-11.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=bdcb3bee3b1ed812&upstream=libgcrypt-1.10.0-11.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libgcrypt", + "version": "1.10.0-11.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libgcrypt:libgcrypt:1.10.0-11.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=libgcrypt-1.10.0-11.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libgcrypt:1.10.0-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "11.el9" + }, + { + "name": "syft:metadata:size", + "value": "1398394" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libgcrypt-1.10.0-11.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libgpg-error@1.42-5.el9?arch=x86_64&distro=rhel-9.7&package-id=102fca6f01ef28cf&upstream=libgpg-error-1.42-5.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libgpg-error", + "version": "1.42-5.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libgpg-error:libgpg-error:1.42-5.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libgpg-error@1.42-5.el9?arch=x86_64&distro=rhel-9.7&upstream=libgpg-error-1.42-5.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libgpg-error:libgpg_error:1.42-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libgpg_error:libgpg-error:1.42-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libgpg_error:libgpg_error:1.42-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libgpg:libgpg-error:1.42-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libgpg:libgpg_error:1.42-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libgpg-error:1.42-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libgpg_error:1.42-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "5.el9" + }, + { + "name": "syft:metadata:size", + "value": "837088" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libgpg-error-1.42-5.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libidn2@2.3.0-7.el9?arch=x86_64&distro=rhel-9.7&package-id=6a3c1818891dac67&upstream=libidn2-2.3.0-7.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libidn2", + "version": "2.3.0-7.el9", + "licenses": [ + { + "license": { + "name": "(GPLv2+ or LGPLv3+) and GPLv3+" + } + } + ], + "cpe": "cpe:2.3:a:libidn2:libidn2:2.3.0-7.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libidn2@2.3.0-7.el9?arch=x86_64&distro=rhel-9.7&upstream=libidn2-2.3.0-7.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libidn2:2.3.0-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "7.el9" + }, + { + "name": "syft:metadata:size", + "value": "253460" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libidn2-2.3.0-7.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libksba@1.5.1-7.el9?arch=x86_64&distro=rhel-9.7&package-id=b0dd457df676ceac&upstream=libksba-1.5.1-7.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libksba", + "version": "1.5.1-7.el9", + "licenses": [ + { + "license": { + "name": "(LGPLv3+ or GPLv2+) and GPLv3+" + } + } + ], + "cpe": "cpe:2.3:a:libksba:libksba:1.5.1-7.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libksba@1.5.1-7.el9?arch=x86_64&distro=rhel-9.7&upstream=libksba-1.5.1-7.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libksba:1.5.1-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "7.el9" + }, + { + "name": "syft:metadata:size", + "value": "394486" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libksba-1.5.1-7.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libmodulemd@2.13.0-2.el9?arch=x86_64&distro=rhel-9.7&package-id=b47dd00953817b05&upstream=libmodulemd-2.13.0-2.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libmodulemd", + "version": "2.13.0-2.el9", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:libmodulemd:libmodulemd:2.13.0-2.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libmodulemd@2.13.0-2.el9?arch=x86_64&distro=rhel-9.7&upstream=libmodulemd-2.13.0-2.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libmodulemd:2.13.0-2.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "2.el9" + }, + { + "name": "syft:metadata:size", + "value": "733911" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libmodulemd-2.13.0-2.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&package-id=403e3b854fc89f1e&upstream=util-linux-2.37.4-21.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libmount", + "version": "2.37.4-21.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "21.el9" + }, + { + "name": "syft:metadata:size", + "value": "318437" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "util-linux-2.37.4-21.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=rhel-9.7&package-id=8f40faa2a3bf3018&upstream=nghttp2-1.43.0-6.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libnghttp2", + "version": "1.43.0-6.el9", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:libnghttp2:libnghttp2:1.43.0-6.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=nghttp2-1.43.0-6.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libnghttp2:1.43.0-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6.el9" + }, + { + "name": "syft:metadata:size", + "value": "169892" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "nghttp2-1.43.0-6.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libpeas@1.30.0-4.el9?arch=x86_64&distro=rhel-9.7&package-id=bd201f1503e17989&upstream=libpeas-1.30.0-4.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libpeas", + "version": "1.30.0-4.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libpeas:libpeas:1.30.0-4.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libpeas@1.30.0-4.el9?arch=x86_64&distro=rhel-9.7&upstream=libpeas-1.30.0-4.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libpeas:1.30.0-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "4.el9" + }, + { + "name": "syft:metadata:size", + "value": "370454" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libpeas-1.30.0-4.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/librepo@1.14.5-3.el9?arch=x86_64&distro=rhel-9.7&package-id=32c854c70c4b9bc6&upstream=librepo-1.14.5-3.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "librepo", + "version": "1.14.5-3.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:librepo:librepo:1.14.5-3.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/librepo@1.14.5-3.el9?arch=x86_64&distro=rhel-9.7&upstream=librepo-1.14.5-3.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:librepo:1.14.5-3.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "3.el9" + }, + { + "name": "syft:metadata:size", + "value": "224508" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "librepo-1.14.5-3.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libreport-filesystem@2.15.2-6.el9?arch=noarch&distro=rhel-9.7&package-id=53232b1db4311718&upstream=libreport-2.15.2-6.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libreport-filesystem", + "version": "2.15.2-6.el9", + "licenses": [ + { + "license": { + "name": "GPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libreport-filesystem:libreport-filesystem:2.15.2-6.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libreport-filesystem@2.15.2-6.el9?arch=noarch&distro=rhel-9.7&upstream=libreport-2.15.2-6.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libreport-filesystem:libreport_filesystem:2.15.2-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libreport_filesystem:libreport-filesystem:2.15.2-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libreport_filesystem:libreport_filesystem:2.15.2-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libreport:libreport-filesystem:2.15.2-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libreport:libreport_filesystem:2.15.2-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libreport-filesystem:2.15.2-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libreport_filesystem:2.15.2-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6.el9" + }, + { + "name": "syft:metadata:size", + "value": "0" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libreport-2.15.2-6.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/librhsm@0.0.3-9.el9?arch=x86_64&distro=rhel-9.7&package-id=3bba3fa15b959901&upstream=librhsm-0.0.3-9.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "librhsm", + "version": "0.0.3-9.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:librhsm:librhsm:0.0.3-9.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/librhsm@0.0.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=librhsm-0.0.3-9.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:librhsm:0.0.3-9.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "9.el9" + }, + { + "name": "syft:metadata:size", + "value": "79578" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "librhsm-0.0.3-9.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ccc2461d41d72dde&upstream=libselinux-3.6-3.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libselinux", + "version": "3.6-3.el9", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "cpe": "cpe:2.3:a:libselinux:libselinux:3.6-3.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libselinux-3.6-3.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libselinux:3.6-3.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "3.el9" + }, + { + "name": "syft:metadata:size", + "value": "176845" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libselinux-3.6-3.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libsemanage@3.6-5.el9_6?arch=x86_64&distro=rhel-9.7&package-id=1d43a3fb8f185afb&upstream=libsemanage-3.6-5.el9_6.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libsemanage", + "version": "3.6-5.el9_6", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libsemanage:libsemanage:3.6-5.el9_6:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libsemanage@3.6-5.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libsemanage-3.6-5.el9_6.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libsemanage:3.6-5.el9_6:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "5.el9_6" + }, + { + "name": "syft:metadata:size", + "value": "307182" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libsemanage-3.6-5.el9_6.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libsepol@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=cecb06c03b371de6&upstream=libsepol-3.6-3.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libsepol", + "version": "3.6-3.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libsepol:libsepol:3.6-3.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libsepol@3.6-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libsepol-3.6-3.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libsepol:3.6-3.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "3.el9" + }, + { + "name": "syft:metadata:size", + "value": "829131" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libsepol-3.6-3.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libsigsegv@2.13-4.el9?arch=x86_64&distro=rhel-9.7&package-id=2baa82c983b30582&upstream=libsigsegv-2.13-4.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libsigsegv", + "version": "2.13-4.el9", + "licenses": [ + { + "license": { + "name": "GPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libsigsegv:libsigsegv:2.13-4.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libsigsegv@2.13-4.el9?arch=x86_64&distro=rhel-9.7&upstream=libsigsegv-2.13-4.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libsigsegv:2.13-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "4.el9" + }, + { + "name": "syft:metadata:size", + "value": "50338" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libsigsegv-2.13-4.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&package-id=7069d90382d7c593&upstream=util-linux-2.37.4-21.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libsmartcols", + "version": "2.37.4-21.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "21.el9" + }, + { + "name": "syft:metadata:size", + "value": "134899" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "util-linux-2.37.4-21.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libsolv@0.7.24-3.el9?arch=x86_64&distro=rhel-9.7&package-id=79ba35edcc44da5f&upstream=libsolv-0.7.24-3.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libsolv", + "version": "0.7.24-3.el9", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "cpe": "cpe:2.3:a:libsolv:libsolv:0.7.24-3.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libsolv@0.7.24-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libsolv-0.7.24-3.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libsolv:0.7.24-3.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "3.el9" + }, + { + "name": "syft:metadata:size", + "value": "917082" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libsolv-0.7.24-3.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=e66b7275c6659e9c&upstream=gcc-11.5.0-11.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "licenses": [ + { + "license": { + "name": "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + } + } + ], + "cpe": "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "11.el9" + }, + { + "name": "syft:metadata:size", + "value": "2585745" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "gcc-11.5.0-11.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&package-id=4fbfd80d85bb460e&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "licenses": [ + { + "license": { + "name": "GPLv3+ and LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "9.el9" + }, + { + "name": "syft:metadata:size", + "value": "183364" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libtasn1-4.16.0-9.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libtool-ltdl@2.4.6-46.el9?arch=x86_64&distro=rhel-9.7&package-id=923f2a036f9ecf65&upstream=libtool-2.4.6-46.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libtool-ltdl", + "version": "2.4.6-46.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libtool-ltdl:libtool-ltdl:2.4.6-46.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libtool-ltdl@2.4.6-46.el9?arch=x86_64&distro=rhel-9.7&upstream=libtool-2.4.6-46.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libtool-ltdl:libtool_ltdl:2.4.6-46.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libtool_ltdl:libtool-ltdl:2.4.6-46.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libtool_ltdl:libtool_ltdl:2.4.6-46.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libtool:libtool-ltdl:2.4.6-46.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libtool:libtool_ltdl:2.4.6-46.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libtool-ltdl:2.4.6-46.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libtool_ltdl:2.4.6-46.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "46.el9" + }, + { + "name": "syft:metadata:size", + "value": "71568" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libtool-2.4.6-46.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libunistring@0.9.10-15.el9?arch=x86_64&distro=rhel-9.7&package-id=e1c9803b20913af1&upstream=libunistring-0.9.10-15.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libunistring", + "version": "0.9.10-15.el9", + "licenses": [ + { + "license": { + "name": "GPLv2+ or LGPLv3+" + } + } + ], + "cpe": "cpe:2.3:a:libunistring:libunistring:0.9.10-15.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libunistring@0.9.10-15.el9?arch=x86_64&distro=rhel-9.7&upstream=libunistring-0.9.10-15.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libunistring:0.9.10-15.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "15.el9" + }, + { + "name": "syft:metadata:size", + "value": "1643051" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libunistring-0.9.10-15.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libusbx@1.0.26-1.el9?arch=x86_64&distro=rhel-9.7&package-id=2f1e24780cfea663&upstream=libusbx-1.0.26-1.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libusbx", + "version": "1.0.26-1.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:libusbx:libusbx:1.0.26-1.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libusbx@1.0.26-1.el9?arch=x86_64&distro=rhel-9.7&upstream=libusbx-1.0.26-1.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libusbx:1.0.26-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "1.el9" + }, + { + "name": "syft:metadata:size", + "value": "169790" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libusbx-1.0.26-1.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&package-id=07c41562e2bee55f&upstream=util-linux-2.37.4-21.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libuuid", + "version": "2.37.4-21.el9", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "cpe": "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "21.el9" + }, + { + "name": "syft:metadata:size", + "value": "38109" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "util-linux-2.37.4-21.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libverto@0.3.2-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ec9dd0ac24b8d8c2&upstream=libverto-0.3.2-3.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libverto", + "version": "0.3.2-3.el9", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:libverto:libverto:0.3.2-3.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libverto@0.3.2-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libverto-0.3.2-3.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libverto:0.3.2-3.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "3.el9" + }, + { + "name": "syft:metadata:size", + "value": "30365" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libverto-0.3.2-3.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libxcrypt@4.4.18-3.el9?arch=x86_64&distro=rhel-9.7&package-id=726407ce9205c669&upstream=libxcrypt-4.4.18-3.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libxcrypt", + "version": "4.4.18-3.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and BSD and Public Domain" + } + } + ], + "cpe": "cpe:2.3:a:libxcrypt:libxcrypt:4.4.18-3.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libxcrypt@4.4.18-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libxcrypt-4.4.18-3.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libxcrypt:4.4.18-3.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "3.el9" + }, + { + "name": "syft:metadata:size", + "value": "270692" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libxcrypt-4.4.18-3.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&package-id=79cdbcbd3d61afd9&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "14.el9_7" + }, + { + "name": "syft:metadata:size", + "value": "1959268" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libxml2-2.9.13-14.el9_7.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libyaml@0.2.5-7.el9?arch=x86_64&distro=rhel-9.7&package-id=a495c2a7de1ac993&upstream=libyaml-0.2.5-7.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libyaml", + "version": "0.2.5-7.el9", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:libyaml:libyaml:0.2.5-7.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libyaml@0.2.5-7.el9?arch=x86_64&distro=rhel-9.7&upstream=libyaml-0.2.5-7.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libyaml:0.2.5-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "7.el9" + }, + { + "name": "syft:metadata:size", + "value": "138283" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "libyaml-0.2.5-7.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/libzstd@1.5.5-1.el9?arch=x86_64&distro=rhel-9.7&package-id=88eb82cde1f0760c&upstream=zstd-1.5.5-1.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "libzstd", + "version": "1.5.5-1.el9", + "licenses": [ + { + "license": { + "name": "BSD and GPLv2" + } + } + ], + "cpe": "cpe:2.3:a:libzstd:libzstd:1.5.5-1.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/libzstd@1.5.5-1.el9?arch=x86_64&distro=rhel-9.7&upstream=zstd-1.5.5-1.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:libzstd:1.5.5-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "1.el9" + }, + { + "name": "syft:metadata:size", + "value": "773894" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "zstd-1.5.5-1.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/lua-libs@5.4.4-4.el9?arch=x86_64&distro=rhel-9.7&package-id=b9930935983f5330&upstream=lua-5.4.4-4.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "lua-libs", + "version": "5.4.4-4.el9", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:lua-libs:lua-libs:5.4.4-4.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/lua-libs@5.4.4-4.el9?arch=x86_64&distro=rhel-9.7&upstream=lua-5.4.4-4.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:lua-libs:lua_libs:5.4.4-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:lua_libs:lua-libs:5.4.4-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:lua_libs:lua_libs:5.4.4-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:lua-libs:5.4.4-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:lua_libs:5.4.4-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:lua:lua-libs:5.4.4-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:lua:lua_libs:5.4.4-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "4.el9" + }, + { + "name": "syft:metadata:size", + "value": "287331" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "lua-5.4.4-4.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/lz4-libs@1.9.3-5.el9?arch=x86_64&distro=rhel-9.7&package-id=0fc14552c6652ab5&upstream=lz4-1.9.3-5.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "lz4-libs", + "version": "1.9.3-5.el9", + "licenses": [ + { + "license": { + "name": "GPLv2+ and BSD" + } + } + ], + "cpe": "cpe:2.3:a:lz4-libs:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/lz4-libs@1.9.3-5.el9?arch=x86_64&distro=rhel-9.7&upstream=lz4-1.9.3-5.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:lz4-libs:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:lz4_libs:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:lz4_libs:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:lz4:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:lz4:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "5.el9" + }, + { + "name": "syft:metadata:size", + "value": "145483" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "lz4-1.9.3-5.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/microdnf@3.9.1-3.el9?arch=x86_64&distro=rhel-9.7&package-id=9564ca1ffe7fce37&upstream=microdnf-3.9.1-3.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "microdnf", + "version": "3.9.1-3.el9", + "licenses": [ + { + "license": { + "name": "GPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:microdnf:microdnf:3.9.1-3.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/microdnf@3.9.1-3.el9?arch=x86_64&distro=rhel-9.7&upstream=microdnf-3.9.1-3.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:microdnf:3.9.1-3.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "3.el9" + }, + { + "name": "syft:metadata:size", + "value": "125966" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "microdnf-3.9.1-3.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/mpfr@4.1.0-7.el9?arch=x86_64&distro=rhel-9.7&package-id=9606bf2c1d407bed&upstream=mpfr-4.1.0-7.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "mpfr", + "version": "4.1.0-7.el9", + "licenses": [ + { + "license": { + "name": "LGPLv3+" + } + } + ], + "cpe": "cpe:2.3:a:redhat:mpfr:4.1.0-7.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/mpfr@4.1.0-7.el9?arch=x86_64&distro=rhel-9.7&upstream=mpfr-4.1.0-7.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mpfr:mpfr:4.1.0-7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "7.el9" + }, + { + "name": "syft:metadata:size", + "value": "802539" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "mpfr-4.1.0-7.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&package-id=0215995764e9f654&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "12.20210508.el9" + }, + { + "name": "syft:metadata:size", + "value": "307293" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "ncurses-6.2-12.20210508.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&package-id=9dc1b34cdde2c695&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "12.20210508.el9" + }, + { + "name": "syft:metadata:size", + "value": "994415" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "ncurses-6.2-12.20210508.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/nettle@3.10.1-1.el9?arch=x86_64&distro=rhel-9.7&package-id=d95be7a40dea16b9&upstream=nettle-3.10.1-1.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "nettle", + "version": "3.10.1-1.el9", + "licenses": [ + { + "license": { + "name": "LGPLv3+ or GPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:nettle:nettle:3.10.1-1.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/nettle@3.10.1-1.el9?arch=x86_64&distro=rhel-9.7&upstream=nettle-3.10.1-1.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:nettle:3.10.1-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "1.el9" + }, + { + "name": "syft:metadata:size", + "value": "1169592" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "nettle-3.10.1-1.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/npth@1.6-8.el9?arch=x86_64&distro=rhel-9.7&package-id=e8d4429184219587&upstream=npth-1.6-8.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "npth", + "version": "1.6-8.el9", + "licenses": [ + { + "license": { + "name": "LGPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:redhat:npth:1.6-8.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/npth@1.6-8.el9?arch=x86_64&distro=rhel-9.7&upstream=npth-1.6-8.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:npth:npth:1.6-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "8.el9" + }, + { + "name": "syft:metadata:size", + "value": "50619" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "npth-1.6-8.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&package-id=f8bdc202e20abd5b&upstream=openldap-2.6.8-4.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "openldap", + "version": "2.6.8-4.el9", + "licenses": [ + { + "license": { + "id": "OLDAP-2.8" + } + } + ], + "cpe": "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "4.el9" + }, + { + "name": "syft:metadata:size", + "value": "1087273" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "openldap-2.6.8-4.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=25e16a00909d33d5&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "cpe": "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:epoch", + "value": "1" + }, + { + "name": "syft:metadata:release", + "value": "4.el9_7" + }, + { + "name": "syft:metadata:size", + "value": "2263368" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "openssl-3.5.1-4.el9_7.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&package-id=3f743355082e9e4b&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9", + "licenses": [ + { + "license": { + "name": "ASL 2.0" + } + } + ], + "cpe": "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "8.el9" + }, + { + "name": "syft:metadata:size", + "value": "251" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "openssl-fips-provider-3.0.7-8.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&package-id=039e508ce9d5da38&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "openssl-fips-provider-so", + "version": "3.0.7-8.el9", + "licenses": [ + { + "license": { + "name": "ASL 2.0" + } + } + ], + "cpe": "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "8.el9" + }, + { + "name": "syft:metadata:size", + "value": "1337154" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "openssl-fips-provider-3.0.7-8.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=9620df42e45abf0c&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "cpe": "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:epoch", + "value": "1" + }, + { + "name": "syft:metadata:release", + "value": "4.el9_7" + }, + { + "name": "syft:metadata:size", + "value": "7470331" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "openssl-3.5.1-4.el9_7.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&package-id=39edf0f240a77402&upstream=p11-kit-0.25.3-3.el9_5.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "p11-kit", + "version": "0.25.3-3.el9_5", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "cpe": "cpe:2.3:a:p11-kit:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&upstream=p11-kit-0.25.3-3.el9_5.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:p11-kit:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:p11_kit:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:p11_kit:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:p11:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:p11:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "3.el9_5" + }, + { + "name": "syft:metadata:size", + "value": "2530659" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "p11-kit-0.25.3-3.el9_5.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&package-id=546bedf3e2fa6b85&upstream=p11-kit-0.25.3-3.el9_5.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "p11-kit-trust", + "version": "0.25.3-3.el9_5", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "cpe": "cpe:2.3:a:p11-kit-trust:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&upstream=p11-kit-0.25.3-3.el9_5.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:p11-kit-trust:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:p11_kit_trust:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:p11_kit_trust:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:p11-kit:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:p11-kit:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:p11_kit:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:p11_kit:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:p11:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:p11:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "3.el9_5" + }, + { + "name": "syft:metadata:size", + "value": "478116" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "p11-kit-0.25.3-3.el9_5.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/pcre@8.44-4.el9?arch=x86_64&distro=rhel-9.7&package-id=eed46dd832bd62c9&upstream=pcre-8.44-4.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "pcre", + "version": "8.44-4.el9", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "cpe": "cpe:2.3:a:redhat:pcre:8.44-4.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/pcre@8.44-4.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre-8.44-4.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre:pcre:8.44-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "4.el9" + }, + { + "name": "syft:metadata:size", + "value": "537728" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "pcre-8.44-4.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&package-id=d52857c4436af57f&upstream=pcre2-10.40-6.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "pcre2", + "version": "10.40-6.el9", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "cpe": "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6.el9" + }, + { + "name": "syft:metadata:size", + "value": "652298" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "pcre2-10.40-6.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&package-id=79b3a388130aa9b9&upstream=pcre2-10.40-6.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "pcre2-syntax", + "version": "10.40-6.el9", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "cpe": "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "6.el9" + }, + { + "name": "syft:metadata:size", + "value": "234324" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "pcre2-10.40-6.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/popt@1.18-8.el9?arch=x86_64&distro=rhel-9.7&package-id=81dc18ef79d2b2cb&upstream=popt-1.18-8.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "popt", + "version": "1.18-8.el9", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:redhat:popt:1.18-8.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/popt@1.18-8.el9?arch=x86_64&distro=rhel-9.7&upstream=popt-1.18-8.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:popt:popt:1.18-8.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "8.el9" + }, + { + "name": "syft:metadata:size", + "value": "130360" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "popt-1.18-8.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/readline@8.1-4.el9?arch=x86_64&distro=rhel-9.7&package-id=86bb1c48d046cf90&upstream=readline-8.1-4.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "readline", + "version": "8.1-4.el9", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "cpe": "cpe:2.3:a:readline:readline:8.1-4.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/readline@8.1-4.el9?arch=x86_64&distro=rhel-9.7&upstream=readline-8.1-4.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:readline:8.1-4.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "4.el9" + }, + { + "name": "syft:metadata:size", + "value": "492844" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "readline-8.1-4.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/redhat-release@9.7-0.7.el9?arch=x86_64&distro=rhel-9.7&package-id=734e3b82978b46ed&upstream=redhat-release-9.7-0.7.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "redhat-release", + "version": "9.7-0.7.el9", + "licenses": [ + { + "license": { + "name": "GPLv2" + } + } + ], + "cpe": "cpe:2.3:a:redhat-release:redhat-release:9.7-0.7.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/redhat-release@9.7-0.7.el9?arch=x86_64&distro=rhel-9.7&upstream=redhat-release-9.7-0.7.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat-release:redhat_release:9.7-0.7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat_release:redhat-release:9.7-0.7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat_release:redhat_release:9.7-0.7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:redhat-release:9.7-0.7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:redhat_release:9.7-0.7.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "0.7.el9" + }, + { + "name": "syft:metadata:size", + "value": "75786" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "redhat-release-9.7-0.7.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/rootfiles@8.1-35.el9?arch=noarch&distro=rhel-9.7&package-id=f180d99433c6c3a0&upstream=rootfiles-8.1-35.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "rootfiles", + "version": "8.1-35.el9", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "cpe": "cpe:2.3:a:rootfiles:rootfiles:8.1-35.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/rootfiles@8.1-35.el9?arch=noarch&distro=rhel-9.7&upstream=rootfiles-8.1-35.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:rootfiles:8.1-35.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "35.el9" + }, + { + "name": "syft:metadata:size", + "value": "1216" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "rootfiles-8.1-35.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/rpm@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&package-id=6fc4f99cb27a629a&upstream=rpm-4.16.1.3-39.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "rpm", + "version": "4.16.1.3-39.el9", + "licenses": [ + { + "license": { + "name": "GPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:redhat:rpm:4.16.1.3-39.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/rpm@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&upstream=rpm-4.16.1.3-39.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rpm:rpm:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "39.el9" + }, + { + "name": "syft:metadata:size", + "value": "2750478" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "rpm-4.16.1.3-39.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/rpm-libs@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&package-id=81412860457969fe&upstream=rpm-4.16.1.3-39.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "rpm-libs", + "version": "4.16.1.3-39.el9", + "licenses": [ + { + "license": { + "name": "GPLv2+ and LGPLv2+ with exceptions" + } + } + ], + "cpe": "cpe:2.3:a:rpm-libs:rpm-libs:4.16.1.3-39.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/rpm-libs@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&upstream=rpm-4.16.1.3-39.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rpm-libs:rpm_libs:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rpm_libs:rpm-libs:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rpm_libs:rpm_libs:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:rpm-libs:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:rpm_libs:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rpm:rpm-libs:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rpm:rpm_libs:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "39.el9" + }, + { + "name": "syft:metadata:size", + "value": "773068" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "rpm-4.16.1.3-39.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/sed@4.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=e21cb9e7dda039e1&upstream=sed-4.8-9.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "sed", + "version": "4.8-9.el9", + "licenses": [ + { + "license": { + "name": "GPLv3+" + } + } + ], + "cpe": "cpe:2.3:a:redhat:sed:4.8-9.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/sed@4.8-9.el9?arch=x86_64&distro=rhel-9.7&upstream=sed-4.8-9.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sed:sed:4.8-9.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "9.el9" + }, + { + "name": "syft:metadata:size", + "value": "813599" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "sed-4.8-9.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/setup@2.13.7-10.el9?arch=noarch&distro=rhel-9.7&package-id=5e411c4e4f6d3d56&upstream=setup-2.13.7-10.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "setup", + "version": "2.13.7-10.el9", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "cpe": "cpe:2.3:a:redhat:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/setup@2.13.7-10.el9?arch=noarch&distro=rhel-9.7&upstream=setup-2.13.7-10.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:setup:setup:2.13.7-10.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "10.el9" + }, + { + "name": "syft:metadata:size", + "value": "725932" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "setup-2.13.7-10.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/shadow-utils@4.9-15.el9?arch=x86_64&distro=rhel-9.7&epoch=2&package-id=4e01ddd4ea86a505&upstream=shadow-utils-4.9-15.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "shadow-utils", + "version": "2:4.9-15.el9", + "licenses": [ + { + "license": { + "name": "BSD and GPLv2+" + } + } + ], + "cpe": "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-15.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/shadow-utils@4.9-15.el9?arch=x86_64&distro=rhel-9.7&epoch=2&upstream=shadow-utils-4.9-15.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-15.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-15.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-15.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-15.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-15.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-15.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-15.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:epoch", + "value": "2" + }, + { + "name": "syft:metadata:release", + "value": "15.el9" + }, + { + "name": "syft:metadata:size", + "value": "3812562" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "shadow-utils-4.9-15.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&package-id=87ad778255840d3f&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "cpe": "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "9.el9_7" + }, + { + "name": "syft:metadata:size", + "value": "1372984" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "sqlite-3.34.1-9.el9_7.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&package-id=e28c009b2c72d8a9&upstream=systemd-252-55.el9_7.7.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "systemd-libs", + "version": "252-55.el9_7.7", + "licenses": [ + { + "license": { + "name": "LGPLv2+ and MIT" + } + } + ], + "cpe": "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "55.el9_7.7" + }, + { + "name": "syft:metadata:size", + "value": "1814768" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "systemd-252-55.el9_7.7.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/tzdata@2025c-1.el9?arch=noarch&distro=rhel-9.7&package-id=a08e57c8715e4d05&upstream=tzdata-2025c-1.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "tzdata", + "version": "2025c-1.el9", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "cpe": "cpe:2.3:a:redhat:tzdata:2025c-1.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/tzdata@2025c-1.el9?arch=noarch&distro=rhel-9.7&upstream=tzdata-2025c-1.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:tzdata:tzdata:2025c-1.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "1.el9" + }, + { + "name": "syft:metadata:size", + "value": "1914371" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "tzdata-2025c-1.el9.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.7&package-id=f3e667a0375f3959&upstream=xz-5.2.5-8.el9_0.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "xz-libs", + "version": "5.2.5-8.el9_0", + "licenses": [ + { + "license": { + "name": "Public Domain" + } + } + ], + "cpe": "cpe:2.3:a:xz-libs:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.7&upstream=xz-5.2.5-8.el9_0.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:xz-libs:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:xz_libs:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:xz_libs:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:redhat:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:xz:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:xz:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "8.el9_0" + }, + { + "name": "syft:metadata:size", + "value": "181573" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "xz-5.2.5-8.el9_0.src.rpm" + } + ] + }, + { + "bom-ref": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&package-id=3b95a370d9cbeb72&upstream=zlib-1.2.11-40.el9.src.rpm", + "type": "library", + "publisher": "Red Hat, Inc.", + "name": "zlib", + "version": "1.2.11-40.el9", + "licenses": [ + { + "license": { + "name": "zlib and Boost" + } + } + ], + "cpe": "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "rpm-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "rpm" + }, + { + "name": "syft:package:metadataType", + "value": "rpm-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "name": "syft:location:0:path", + "value": "/var/lib/rpm/rpmdb.sqlite" + }, + { + "name": "syft:metadata:release", + "value": "40.el9" + }, + { + "name": "syft:metadata:size", + "value": "202921" + }, + { + "name": "syft:metadata:sourceRpm", + "value": "zlib-1.2.11-40.el9.src.rpm" + } + ] + }, + { + "bom-ref": "os:rhel@9.7", + "type": "operating-system", + "name": "rhel", + "version": "9.7", + "description": "Red Hat Enterprise Linux 9.7 (Plow)", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", + "swid": { + "tagId": "rhel", + "name": "rhel", + "version": "9.7" + }, + "externalReferences": [ + { + "url": "https://issues.redhat.com/", + "type": "issue-tracker" + }, + { + "url": "https://www.redhat.com/", + "type": "website" + } + ], + "properties": [ + { + "name": "syft:distro:extendedSupport", + "value": "false" + }, + { + "name": "syft:distro:id", + "value": "rhel" + }, + { + "name": "syft:distro:idLike:0", + "value": "fedora" + }, + { + "name": "syft:distro:prettyName", + "value": "Red Hat Enterprise Linux 9.7 (Plow)" + }, + { + "name": "syft:distro:versionID", + "value": "9.7" + } + ] + }, + { + "bom-ref": "e427d65853822d0a", + "type": "file", + "name": "/etc/GREP_COLORS", + "hashes": [ + { + "alg": "SHA-1", + "content": "3e31ab9b1a70f6dbf441b2cb6fe9b6f6f8497c07" + }, + { + "alg": "SHA-256", + "content": "e94e50735e137e769b40e230f019d5be755571129e0f7669c4570bb45c5c162e" + } + ] + }, + { + "bom-ref": "2ccdba2d440270fd", + "type": "file", + "name": "/etc/aliases", + "hashes": [ + { + "alg": "SHA-1", + "content": "41b96f30cc6b111373281bb4a549d252acff8d61" + }, + { + "alg": "SHA-256", + "content": "a4c569569f893bc22fbe696c459f8fba0fe4565022637300b705b54a95c47bce" + } + ] + }, + { + "bom-ref": "4214e7ba484a297f", + "type": "file", + "name": "/etc/bashrc", + "hashes": [ + { + "alg": "SHA-1", + "content": "7743c11f20d32680eab82e12b8042792c263dd67" + }, + { + "alg": "SHA-256", + "content": "bb091ed0ed1cbf1cd40cd3da60a4a994e2246c551ab086e96f43fefca197f75e" + } + ] + }, + { + "bom-ref": "c84674aa2b18f5e3", + "type": "file", + "name": "/etc/crypto-policies/config", + "hashes": [ + { + "alg": "SHA-1", + "content": "3e0085ee611a9cf4ff7133da0360718b436baaeb" + }, + { + "alg": "SHA-256", + "content": "ecae097fb02a733ac98c03d7527fd923d5c9607c6a02feb5f0d388375f3e70dc" + } + ] + }, + { + "bom-ref": "dcff234cc54fd81f", + "type": "file", + "name": "/etc/crypto-policies/state/current", + "hashes": [ + { + "alg": "SHA-1", + "content": "3e0085ee611a9cf4ff7133da0360718b436baaeb" + }, + { + "alg": "SHA-256", + "content": "ecae097fb02a733ac98c03d7527fd923d5c9607c6a02feb5f0d388375f3e70dc" + } + ] + }, + { + "bom-ref": "e97d4e379ab1245e", + "type": "file", + "name": "/etc/csh.cshrc", + "hashes": [ + { + "alg": "SHA-1", + "content": "8107c5537407a77fe092c0431351c59a9f5b1a1f" + }, + { + "alg": "SHA-256", + "content": "441b02ec287f3bd2b94e2df4462e29f1f2f49d5fa41b8cce9dddd7865775868d" + } + ] + }, + { + "bom-ref": "6a0e82cf1b36536f", + "type": "file", + "name": "/etc/csh.login", + "hashes": [ + { + "alg": "SHA-1", + "content": "5d131e943a6965da06cd60b4dce9a4fcbd77b371" + }, + { + "alg": "SHA-256", + "content": "c9ea846975d2c90ac93c86ff6b04566f2b1d15c705ab62ec467c194b8a242f0e" + } + ] + }, + { + "bom-ref": "e715eea96e3656d1", + "type": "file", + "name": "/etc/dnf/dnf.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "aeefb5d8201390aee81435c2a048dca74c462bcb" + }, + { + "alg": "SHA-256", + "content": "1557f960a39d444375a3a28994eb082fdab2887a16da2b677ba181658f2512b7" + } + ] + }, + { + "bom-ref": "df0de9d0d9d031e1", + "type": "file", + "name": "/etc/dnf/protected.d/dnf.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "44802b4599dd6b62d00636f397c973d81ae1942a" + }, + { + "alg": "SHA-256", + "content": "b6f0d7b9f4d69e86833ec77802d3af8e5ecc5b9820e1fe0d774b7922e1da57fe" + } + ] + }, + { + "bom-ref": "baeeddada1c5c95f", + "type": "file", + "name": "/etc/dnf/protected.d/setup.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "da041fe15ae9d8b17172d1a52a6621b25436d1f8" + }, + { + "alg": "SHA-256", + "content": "9752eb62a6845a78a9e2eaeb4a6eb2d93a1b654ee8665f71d516cfaca3e7cf57" + } + ] + }, + { + "bom-ref": "93adb1065f80dba5", + "type": "file", + "name": "/etc/environment" + }, + { + "bom-ref": "3fdd477d017dfa61", + "type": "file", + "name": "/etc/ethertypes", + "hashes": [ + { + "alg": "SHA-1", + "content": "07eb268f4ccd95249f0e5b62e73c546d2d213cba" + }, + { + "alg": "SHA-256", + "content": "ed38f9d644befc87eb41a8649c310073240d9a8cd75b2f9c115b5d9d7e5d033c" + } + ] + }, + { + "bom-ref": "bd8b17f97c934a0e", + "type": "file", + "name": "/etc/exports" + }, + { + "bom-ref": "fce3874eeffc9682", + "type": "file", + "name": "/etc/filesystems", + "hashes": [ + { + "alg": "SHA-1", + "content": "f27be95d40c6cdd69350ca46e1d5a186d7212b9b" + }, + { + "alg": "SHA-256", + "content": "ba1ed4fe76cd63c37dbd44a040921db7810c4b63f46ee6635779627a4a36a196" + } + ] + }, + { + "bom-ref": "771749e6b4b96062", + "type": "file", + "name": "/etc/host.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "b10cafadc043aec4056a948914f011bc39d2ec13" + }, + { + "alg": "SHA-256", + "content": "380f5fe21d755923b44203b58ca3c8b9681c485d152bd5d7e3914f67d821d32a" + } + ] + }, + { + "bom-ref": "22e48b3787fe754f", + "type": "file", + "name": "/etc/hosts", + "hashes": [ + { + "alg": "SHA-1", + "content": "7335999eb54c15c67566186bdfc46f64e0d5a1aa" + }, + { + "alg": "SHA-256", + "content": "498f494232085ec83303a2bc6f04bea840c2b210fbbeda31a46a6e5674d4fc0e" + } + ] + }, + { + "bom-ref": "59b11299ce6d190a", + "type": "file", + "name": "/etc/inputrc", + "hashes": [ + { + "alg": "SHA-1", + "content": "9482ed88a6779f0c14eb00e2e667960664dfcb98" + }, + { + "alg": "SHA-256", + "content": "e016c93c4ded93c7e08e92957345746618c5893eae0c8528b0392a6e0d6e447a" + } + ] + }, + { + "bom-ref": "32ec75dedc8ed09d", + "type": "file", + "name": "/etc/ld.so.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "52ab6b95985c3fb925765d081bc9b36a048ec825" + }, + { + "alg": "SHA-256", + "content": "239c865e4c0746a01f82b03d38d620853bab2a2ba8e81d6f5606c503e0ea379f" + } + ] + }, + { + "bom-ref": "69a1f8b190180ac2", + "type": "file", + "name": "/etc/libreport/events.d/collect_dnf.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "d19eba9f751edaf8120bb8b9b722cea99fb4f60f" + }, + { + "alg": "SHA-256", + "content": "cc0feca59af66ea18656fc5774b78f586b97864965cf1add75b3f9944678e999" + } + ] + }, + { + "bom-ref": "8c585fd49a1add6b", + "type": "file", + "name": "/etc/logrotate.d/dnf", + "hashes": [ + { + "alg": "SHA-1", + "content": "2b0735c29b53a2561a3f5047bdf4c3a619d3f31e" + }, + { + "alg": "SHA-256", + "content": "6d02a56605a12e2dd3e05da2ab86ef77d013af53c31f2b8cf5c7c69288ee3387" + } + ] + }, + { + "bom-ref": "ce2b6455c3786791", + "type": "file", + "name": "/etc/motd" + }, + { + "bom-ref": "778fd3cc081fcb4b", + "type": "file", + "name": "/etc/networks", + "hashes": [ + { + "alg": "SHA-1", + "content": "5c3cb9c5e7b7f4a6a1929c35727da7651e6c5bf4" + }, + { + "alg": "SHA-256", + "content": "ae89ab2e35076a070ae7cf5b0edf600c3ea6999e15db9b543ef35dfc76d37cb1" + } + ] + }, + { + "bom-ref": "dcb109d4616daae5", + "type": "file", + "name": "/etc/nsswitch.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "4854b8c739119e4997f9f002b88dbb8985135821" + }, + { + "alg": "SHA-256", + "content": "c1cc473688f64942669ee7eb72b262103db75498d9236356bdf25289828f5b46" + } + ] + }, + { + "bom-ref": "ba08977cca6b4d95", + "type": "file", + "name": "/etc/pki/swid/CA/redhat.com/redhatcodesignca.cert", + "hashes": [ + { + "alg": "SHA-1", + "content": "d0748b117f3a53df2e67c8fa9586d7c67133a2be" + }, + { + "alg": "SHA-256", + "content": "b0cf509b823e9b89c43bc373229f87d3cfee4264c35c6ac82b58e5251c3e8c39" + } + ] + }, + { + "bom-ref": "de86f0e21726089b", + "type": "file", + "name": "/etc/printcap", + "hashes": [ + { + "alg": "SHA-1", + "content": "72ebd61cd29193f572f2f0f4aa8a5a121ae10dd4" + }, + { + "alg": "SHA-256", + "content": "f809352567a37d932b014311cf626774b97b63ec06d4f7bdd8a9cfcc34c691d9" + } + ] + }, + { + "bom-ref": "09d562b678f1e99d", + "type": "file", + "name": "/etc/profile", + "hashes": [ + { + "alg": "SHA-1", + "content": "d862efffc6a2f64d3a065606fe23508e711e5adc" + }, + { + "alg": "SHA-256", + "content": "304bbca429881a74f3e8f8b1c003b29020c635b83661492accd576c99baf9f30" + } + ] + }, + { + "bom-ref": "ba105d23baa6b7a7", + "type": "file", + "name": "/etc/profile.d/colorgrep.csh", + "hashes": [ + { + "alg": "SHA-1", + "content": "6da63d9debe9ce564bac9e533288cc14f1d74d04" + }, + { + "alg": "SHA-256", + "content": "74d270fe4476fdcba60df7d00c808e11681ac918f335c951cba4f118532a4b8c" + } + ] + }, + { + "bom-ref": "43e6c2af7d668269", + "type": "file", + "name": "/etc/profile.d/colorgrep.sh", + "hashes": [ + { + "alg": "SHA-1", + "content": "1e39e9c628803da5b6f5a5d9e77fbe3cfefc996a" + }, + { + "alg": "SHA-256", + "content": "89008d115c5bbd783b985d8cab18e935978c83e362043ffc981063ffed74e1c7" + } + ] + }, + { + "bom-ref": "309e9a859538dede", + "type": "file", + "name": "/etc/profile.d/csh.local", + "hashes": [ + { + "alg": "SHA-1", + "content": "13f50b8589668cb1e668ece7d5907fc3a3b88901" + }, + { + "alg": "SHA-256", + "content": "07a2a80f1386c89941b3da4cda68790afe19f7425a14e01acdc2fbddb73b5508" + } + ] + }, + { + "bom-ref": "75de514af4a6a058", + "type": "file", + "name": "/etc/profile.d/gawk.csh", + "hashes": [ + { + "alg": "SHA-1", + "content": "8885907baec3899ef96764a08bbe053455224b76" + }, + { + "alg": "SHA-256", + "content": "9ba2af9853121df6dd5edff9254a2946e39eab8dc6513348fea28f739ee96648" + } + ] + }, + { + "bom-ref": "c7221a3ee9652521", + "type": "file", + "name": "/etc/profile.d/gawk.sh", + "hashes": [ + { + "alg": "SHA-1", + "content": "e69dfc5c1b719471f65c11b88325b80ae7e373e7" + }, + { + "alg": "SHA-256", + "content": "70621a3b586d3d523b020e76977633b444a70013ba50e1ea901a3a07a676f15f" + } + ] + }, + { + "bom-ref": "8749be7a28c9df79", + "type": "file", + "name": "/etc/profile.d/lang.csh", + "hashes": [ + { + "alg": "SHA-1", + "content": "1acf946eb09ca7854cc0c2389b284a061a4fb0fc" + }, + { + "alg": "SHA-256", + "content": "5486ae2358f54ba086017a5a7d89fc71855e4071c06fe1866a278838b465b161" + } + ] + }, + { + "bom-ref": "ecd59c27c4d0b4cf", + "type": "file", + "name": "/etc/profile.d/lang.sh", + "hashes": [ + { + "alg": "SHA-1", + "content": "cda23d45cf45e4fdc5f907e460e35b502b9a4285" + }, + { + "alg": "SHA-256", + "content": "58bf8b07428754b273560c5ea4040c672440b2bb04709842cf94163e15dc144f" + } + ] + }, + { + "bom-ref": "f729120a91b21aad", + "type": "file", + "name": "/etc/profile.d/sh.local", + "hashes": [ + { + "alg": "SHA-1", + "content": "4008fb3787fe37f16b9530eccfdaa4563c93b920" + }, + { + "alg": "SHA-256", + "content": "3c5de252d65ae8c40e54c21be09dc574ca3641d036d7b44174939a7e64863920" + } + ] + }, + { + "bom-ref": "8f747ea6b704da50", + "type": "file", + "name": "/etc/protocols", + "hashes": [ + { + "alg": "SHA-1", + "content": "f72135c1eae65b2eff3217cb656ec1101ddb892e" + }, + { + "alg": "SHA-256", + "content": "d0e614d3ac7c6d9f6fe7b6c8ac678f26cca185de66f5dd34b56e634b2398a8cd" + } + ] + }, + { + "bom-ref": "eb199925a99265ef", + "type": "file", + "name": "/etc/rpc", + "hashes": [ + { + "alg": "SHA-1", + "content": "8c68c8283757db3e910865b245077387f9166a08" + }, + { + "alg": "SHA-256", + "content": "3b24a975dcde688434258566813a83ce256a4c73efd7a8a9c3998327b0b4de68" + } + ] + }, + { + "bom-ref": "06f9f967b38cdb1b", + "type": "file", + "name": "/etc/services", + "hashes": [ + { + "alg": "SHA-1", + "content": "2c36cb01508c1050c2f0e82a25e1dff777d58a25" + }, + { + "alg": "SHA-256", + "content": "ac7ed9a0608f2ee925d17dfa8154102f56d863e0ab53f39053ff27120ce571ce" + } + ] + }, + { + "bom-ref": "4af50e7c341ae36f", + "type": "file", + "name": "/etc/shells", + "hashes": [ + { + "alg": "SHA-1", + "content": "23c79830c4c6cdaf90348347e9c982c28708b315" + }, + { + "alg": "SHA-256", + "content": "4ec4e8c524a4f10ca5898ccfaa6d29e7e08aff3a681f6bafbb62e7bec91aa154" + } + ] + }, + { + "bom-ref": "b3f4e891b12a90bd", + "type": "file", + "name": "/etc/skel/.bash_logout", + "hashes": [ + { + "alg": "SHA-1", + "content": "66296908ae73bd0b72b71fb15b413e9c7b81c69d" + }, + { + "alg": "SHA-256", + "content": "2584c4ba8b0d2a52d94023f420b7e356a1b1a3f2291ad5eba06683d58c48570d" + } + ] + }, + { + "bom-ref": "e7e93dc9a8cd8988", + "type": "file", + "name": "/etc/skel/.bash_profile", + "hashes": [ + { + "alg": "SHA-1", + "content": "3dd5fa8ddb34c23b4c2bac9754004e2a3aa01605" + }, + { + "alg": "SHA-256", + "content": "28bc81aadfd6e6639675760dc11dddd4ed1fcbd08f423224a93c09802552b87e" + } + ] + }, + { + "bom-ref": "8b56bfbdb189c2e3", + "type": "file", + "name": "/etc/skel/.bashrc", + "hashes": [ + { + "alg": "SHA-1", + "content": "80081f668a345bec7a41424edd6c60e82315ee6d" + }, + { + "alg": "SHA-256", + "content": "b152cd21940a5775052414906ab7473a62b69da2300bbf541ce8e10f00c487d5" + } + ] + }, + { + "bom-ref": "43fea2a5407cf6a0", + "type": "file", + "name": "/etc/xattr.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "cf60c512782375f738c3b989b24a72729693fcf2" + }, + { + "alg": "SHA-256", + "content": "b159c32d33b2ef8a2edac38d0a1bb1254376ee9fef939af190e0535f1f4d06a0" + } + ] + }, + { + "bom-ref": "7cb64c7e18cde43e", + "type": "file", + "name": "/root/.bash_logout", + "hashes": [ + { + "alg": "SHA-1", + "content": "66296908ae73bd0b72b71fb15b413e9c7b81c69d" + }, + { + "alg": "SHA-256", + "content": "2584c4ba8b0d2a52d94023f420b7e356a1b1a3f2291ad5eba06683d58c48570d" + } + ] + }, + { + "bom-ref": "f2709836d058e8a6", + "type": "file", + "name": "/root/.bash_profile", + "hashes": [ + { + "alg": "SHA-1", + "content": "3dd5fa8ddb34c23b4c2bac9754004e2a3aa01605" + }, + { + "alg": "SHA-256", + "content": "28bc81aadfd6e6639675760dc11dddd4ed1fcbd08f423224a93c09802552b87e" + } + ] + }, + { + "bom-ref": "f406f3d9e22dd9bc", + "type": "file", + "name": "/root/.bashrc", + "hashes": [ + { + "alg": "SHA-1", + "content": "11ca3585a568f82dad333b5ac15937c738d4e864" + }, + { + "alg": "SHA-256", + "content": "7e5d5df65ced1e47aee7b016d405ace4298fd9134d6caef45e1c835078c79aec" + } + ] + }, + { + "bom-ref": "e190ef15bc4d4bad", + "type": "file", + "name": "/root/.cshrc", + "hashes": [ + { + "alg": "SHA-1", + "content": "ea145e5186958c0c70514ab1eab4ce9cc9f71073" + }, + { + "alg": "SHA-256", + "content": "4e9418cde048f912e4aadb76ba55045b5d9af0e0565f7091bfc752154451eca9" + } + ] + }, + { + "bom-ref": "396b6bea574d6036", + "type": "file", + "name": "/root/.tcshrc", + "hashes": [ + { + "alg": "SHA-1", + "content": "2c691d1108be15163e3211776730031b40641d96" + }, + { + "alg": "SHA-256", + "content": "1bb91935e2cee1d5d2ab7e8d92125acbfac12d9bf3f1c7922aa4ce77ae7ea131" + } + ] + }, + { + "bom-ref": "7957bae02b1bafd1", + "type": "file", + "name": "/run/motd" + }, + { + "bom-ref": "b0144fc5fac67179", + "type": "file", + "name": "/usr/bin/alias", + "hashes": [ + { + "alg": "SHA-1", + "content": "289a406fd8600b2d75723e3757e88166ca880ca0" + }, + { + "alg": "SHA-256", + "content": "c277897660adddce26a75871188bdae7ffa73f571a6fb779090a4c92df33988d" + } + ] + }, + { + "bom-ref": "457e99e6356b07d9", + "type": "file", + "name": "/usr/bin/bash", + "hashes": [ + { + "alg": "SHA-1", + "content": "53d87a944dddbb3d8cbd26ff61e4753bdd989469" + }, + { + "alg": "SHA-256", + "content": "97995faa249e5706dd0b0373c9da547709bf7349755d5fc8e52f97a4bd04feaf" + } + ] + }, + { + "bom-ref": "b6cdb94774d588e9", + "type": "file", + "name": "/usr/bin/bashbug-64", + "hashes": [ + { + "alg": "SHA-1", + "content": "246466f1716587250062fc2b3bd8d67a2f8c4600" + }, + { + "alg": "SHA-256", + "content": "5588678b4cf9d513e85c908fad23ed079135656be7b79559570b23f4c3433022" + } + ] + }, + { + "bom-ref": "dcd596fa9d66ed3f", + "type": "file", + "name": "/usr/bin/bg", + "hashes": [ + { + "alg": "SHA-1", + "content": "6acece014fee3a6a99a7c8127876e3ed5675aede" + }, + { + "alg": "SHA-256", + "content": "5a864f2047a83aa767ac1a3fca577e5f3a8eb4d129b4b1974fb2009960a9a0be" + } + ] + }, + { + "bom-ref": "8721732baf3d2db8", + "type": "file", + "name": "/usr/bin/cd", + "hashes": [ + { + "alg": "SHA-1", + "content": "00c2f95c966b664793bb6b27b56b81a2fdd0a58d" + }, + { + "alg": "SHA-256", + "content": "3f794988bc9b6e734d06c6507b4335054d01760a741b60104a49543cf7a964ed" + } + ] + }, + { + "bom-ref": "d567ea1a1bff3f0b", + "type": "file", + "name": "/usr/bin/command", + "hashes": [ + { + "alg": "SHA-1", + "content": "47e25f606eaf2eccca20ccb92aaf0ad751d6e49e" + }, + { + "alg": "SHA-256", + "content": "aafc06c6657ccf32c0af350777aa38537ff90685345dc19078afaa26bbe4412a" + } + ] + }, + { + "bom-ref": "5f553a8203875941", + "type": "file", + "name": "/usr/bin/dirmngr", + "hashes": [ + { + "alg": "SHA-1", + "content": "7e919ec37b01d322ca530e0f86e3943c3ef09ccc" + }, + { + "alg": "SHA-256", + "content": "bba4fd4ea202c0d57474a0703900134b1e442971c7b81a2119c1a48bbd64c750" + } + ] + }, + { + "bom-ref": "42ff3dedd2729016", + "type": "file", + "name": "/usr/bin/dirmngr-client", + "hashes": [ + { + "alg": "SHA-1", + "content": "9787998a6afc8b8b932874bc731c4f0739c06605" + }, + { + "alg": "SHA-256", + "content": "da3ec27493d1d28cc1e1d3916a209754005b0e882873ae14a8d3aad115b98e20" + } + ] + }, + { + "bom-ref": "6c51703fecd14955", + "type": "file", + "name": "/usr/bin/egrep", + "hashes": [ + { + "alg": "SHA-1", + "content": "8b6fb94569c007bf7a2bfb8d3a69dcdf0e28f4b4" + }, + { + "alg": "SHA-256", + "content": "50496c34633635bf3fe9c108ae26c26f8871ffc35f741b9e1426897a1e65f263" + } + ] + }, + { + "bom-ref": "cf2b5514af5f4b1c", + "type": "file", + "name": "/usr/bin/fc", + "hashes": [ + { + "alg": "SHA-1", + "content": "c4a74b311a6ea7e521c1abf779399fc8b3ac2270" + }, + { + "alg": "SHA-256", + "content": "86495d1781eeec50764ce4e629f316087c2b53054b999308f40580633601b270" + } + ] + }, + { + "bom-ref": "4eb740e67d5a13d9", + "type": "file", + "name": "/usr/bin/fg", + "hashes": [ + { + "alg": "SHA-1", + "content": "8edc00bfce83f8c865185c188a0643eeeefb8559" + }, + { + "alg": "SHA-256", + "content": "0af28b724b8b1850fa6b4f232cf51229b2efed0333ebfb51d940798e28e0d625" + } + ] + }, + { + "bom-ref": "9e6bcbbaf4a27702", + "type": "file", + "name": "/usr/bin/fgrep", + "hashes": [ + { + "alg": "SHA-1", + "content": "81d09de7d53ee725afdb9bcae8a9a61915e12a22" + }, + { + "alg": "SHA-256", + "content": "a35795589500118708cb879c5678c1daa0dc3c636c7dbad172a6a5918ae91c5b" + } + ] + }, + { + "bom-ref": "e30dfe11fd680ba9", + "type": "file", + "name": "/usr/bin/g13", + "hashes": [ + { + "alg": "SHA-1", + "content": "a1859526c18480bbdc14dcdfb4edae02064daefb" + }, + { + "alg": "SHA-256", + "content": "7e3482ba95fcd94bc0392c732fc5ef8afc0f67d493d006cc318aede7680ec4e2" + } + ] + }, + { + "bom-ref": "06978697a3279859", + "type": "file", + "name": "/usr/bin/gawk", + "hashes": [ + { + "alg": "SHA-1", + "content": "01959f306d180b3a6d35ec523c6f0a1a9b4c9334" + }, + { + "alg": "SHA-256", + "content": "b374177d6c91dad7eafe4d89ecfc414aa8e2bafb06b1f94d6f6d1d41dfad10ff" + } + ] + }, + { + "bom-ref": "8b20c49352d19b94", + "type": "file", + "name": "/usr/bin/getopts", + "hashes": [ + { + "alg": "SHA-1", + "content": "25e71412ce313beaeed25e28ea82dca878eddfc8" + }, + { + "alg": "SHA-256", + "content": "7f1a970be00f749e2c9a820592e8109ddb7efc76cd8f8f47b748a16feab8cabb" + } + ] + }, + { + "bom-ref": "ea18bc9bca18857f", + "type": "file", + "name": "/usr/bin/gpg", + "hashes": [ + { + "alg": "SHA-1", + "content": "f7278aa72c89349d5b91dd566f2cae8a2b29ed19" + }, + { + "alg": "SHA-256", + "content": "88c20ca1458b62385cf987b91cf4f0354a31c2eac7bc1da48321255520406652" + } + ] + }, + { + "bom-ref": "f678176067e0b9ee", + "type": "file", + "name": "/usr/bin/gpg-agent", + "hashes": [ + { + "alg": "SHA-1", + "content": "248f3e2a12c9d99f247f42132a694563d75d7f78" + }, + { + "alg": "SHA-256", + "content": "db012878c08be000f0406b1a83debcf65ae313580d399b61f10ce74792e529c1" + } + ] + }, + { + "bom-ref": "7ae425cfbef4d3db", + "type": "file", + "name": "/usr/bin/gpg-card", + "hashes": [ + { + "alg": "SHA-1", + "content": "72df5c93591e340d17adcf91f8802cf6179710ae" + }, + { + "alg": "SHA-256", + "content": "103b35b82e7fc9a6924d621cf1695a709fcbff1430b7e708b1c76dd3c0d37298" + } + ] + }, + { + "bom-ref": "6b17a25ebe568098", + "type": "file", + "name": "/usr/bin/gpg-connect-agent", + "hashes": [ + { + "alg": "SHA-1", + "content": "9d686ed777e5a1742263776247f439e6ec166a9f" + }, + { + "alg": "SHA-256", + "content": "e049b637aa178619761bddfb52f8f531f097e6d70f4cf53312c897f98bd07cc0" + } + ] + }, + { + "bom-ref": "506b975f1b474e9c", + "type": "file", + "name": "/usr/bin/gpg-error", + "hashes": [ + { + "alg": "SHA-1", + "content": "e695c139ca1e552d5d50289ace4c3ab966316634" + }, + { + "alg": "SHA-256", + "content": "5804e22c791634c44d17cb8cd342e7951bed5397eeb809f7f15b2674830529c4" + } + ] + }, + { + "bom-ref": "3803513ccea114ad", + "type": "file", + "name": "/usr/bin/gpg-wks-client", + "hashes": [ + { + "alg": "SHA-1", + "content": "f352442ba2b781949cdc9d6e0549d7fe40518538" + }, + { + "alg": "SHA-256", + "content": "1ebcab7126f7329fe2af9c331766d95d4d66bf633032024e3b2e00392b5fb5f2" + } + ] + }, + { + "bom-ref": "600d18be0a1f4796", + "type": "file", + "name": "/usr/bin/gpg-wks-server", + "hashes": [ + { + "alg": "SHA-1", + "content": "3faaa8ce65fc3d04b68600de14d8c8341836e40b" + }, + { + "alg": "SHA-256", + "content": "04460084c5f70a7cf12cd1205c7055816193f9c1567353371dde856bc7d2bf3c" + } + ] + }, + { + "bom-ref": "48073038849245c3", + "type": "file", + "name": "/usr/bin/gpgconf", + "hashes": [ + { + "alg": "SHA-1", + "content": "b11a25aeb96759201ac6be29ea48de7d91d6e1ee" + }, + { + "alg": "SHA-256", + "content": "112a23ac806fedacd6084f3ba54eba0f1f79412844e3de265400cee64b987348" + } + ] + }, + { + "bom-ref": "e68c533bd3284ce0", + "type": "file", + "name": "/usr/bin/gpgme-json", + "hashes": [ + { + "alg": "SHA-1", + "content": "1cdfaef616e271850763e5291b8f6f85444aa156" + }, + { + "alg": "SHA-256", + "content": "70b4e73c0e5da91aa071f364f45893229ae1153d3a25ed01720843d941388063" + } + ] + }, + { + "bom-ref": "e5adbfb76fdfb396", + "type": "file", + "name": "/usr/bin/gpgparsemail", + "hashes": [ + { + "alg": "SHA-1", + "content": "8184387dfbf4798e9e4389c220a50c4218e55c16" + }, + { + "alg": "SHA-256", + "content": "9f040dc684184a0eec5ea42930f7795589bca34f8dc5f7def3248174412a6051" + } + ] + }, + { + "bom-ref": "8b767435cc79702c", + "type": "file", + "name": "/usr/bin/gpgsplit", + "hashes": [ + { + "alg": "SHA-1", + "content": "4d8ce8db146ee1887ec6adb79a059e89c0ff39ba" + }, + { + "alg": "SHA-256", + "content": "82bed8e53bf3a8b52611e9361a3585609a39fbafd90a7a0c28dbc1c1429fe553" + } + ] + }, + { + "bom-ref": "b5acc177f3d31ff8", + "type": "file", + "name": "/usr/bin/gpgtar", + "hashes": [ + { + "alg": "SHA-1", + "content": "36f3a80c0313d4784b75fba9b901f0254def3a19" + }, + { + "alg": "SHA-256", + "content": "7df3103946b96d3888fc36ffd874ff00c6effebfb5361867809b0e59f4181c36" + } + ] + }, + { + "bom-ref": "d48dfdfee64bde22", + "type": "file", + "name": "/usr/bin/gpgv", + "hashes": [ + { + "alg": "SHA-1", + "content": "c528684214a72707d1374d95e919e8fb0fe2d7b9" + }, + { + "alg": "SHA-256", + "content": "3a4a2b6c85d77f396f6ff7bdbcb4be58c3c81ecd26fc2f3e43ecb01b1a4ba4d5" + } + ] + }, + { + "bom-ref": "0bceaf8088a9ad73", + "type": "file", + "name": "/usr/bin/grep", + "hashes": [ + { + "alg": "SHA-1", + "content": "7a0ccd7dd389bfc3dd6a50f375767177520034b1" + }, + { + "alg": "SHA-256", + "content": "b9ae1630da770fa343c346c97f081ba6a4350f569f27205dc37a8953715564fb" + } + ] + }, + { + "bom-ref": "544a5e04e861b70c", + "type": "file", + "name": "/usr/bin/hash", + "hashes": [ + { + "alg": "SHA-1", + "content": "72baf7f3448f4cdccad27005032868973a557d29" + }, + { + "alg": "SHA-256", + "content": "a5c3efd29eb134da49b68b78155c0338ab614eec99094bd07cdda7e99e53ddca" + } + ] + }, + { + "bom-ref": "c2099ec9fb017164", + "type": "file", + "name": "/usr/bin/jobs", + "hashes": [ + { + "alg": "SHA-1", + "content": "ed10dcf4f9065c771147428a413ddaf035d220d4" + }, + { + "alg": "SHA-256", + "content": "1e4046021f3ae7abb820a995c8572cda3f3b4a4d14cb50e3bcb0f50f391a5bd2" + } + ] + }, + { + "bom-ref": "047e6b67f6510fd7", + "type": "file", + "name": "/usr/bin/microdnf", + "hashes": [ + { + "alg": "SHA-1", + "content": "9c612e21a0453ab31f81f6feaaeb8d6ba3a52267" + }, + { + "alg": "SHA-256", + "content": "725a49a7f9f827c96e9166259cbfb217fdc02a0e842707a7f8e42e764b1b82df" + } + ] + }, + { + "bom-ref": "026e9bfa4e973170", + "type": "file", + "name": "/usr/bin/modulemd-validator", + "hashes": [ + { + "alg": "SHA-1", + "content": "33c2811ff007a946d429e90e83235e5860fa1fb6" + }, + { + "alg": "SHA-256", + "content": "b9f45047a342934d5aee3d2d068d5c158328200069855057af25f5e582c57e2e" + } + ] + }, + { + "bom-ref": "4c0fede68f0598f1", + "type": "file", + "name": "/usr/bin/p11-kit", + "hashes": [ + { + "alg": "SHA-1", + "content": "c8001800fef6c4e3f15f559d3418352ae2683f34" + }, + { + "alg": "SHA-256", + "content": "d543651b76dc84c8179e1de487101a4906be24767cfcb8136835fafbd7b79a8a" + } + ] + }, + { + "bom-ref": "00b2dfb2762e3451", + "type": "file", + "name": "/usr/bin/read", + "hashes": [ + { + "alg": "SHA-1", + "content": "bf8e3fc1852d2925f2cba52fb1be0c94a8e76ac5" + }, + { + "alg": "SHA-256", + "content": "f0f717be7c907acc0c1c4b489d619663076e5f08ed56257d647d192d492a147b" + } + ] + }, + { + "bom-ref": "7522e277c19c73d2", + "type": "file", + "name": "/usr/bin/sed", + "hashes": [ + { + "alg": "SHA-1", + "content": "83637685db51755643a782f122bfb7a8a4f52b87" + }, + { + "alg": "SHA-256", + "content": "094185ede26906ce24155af7d04ed766bb854e4061a52cd8a063e23e98cfaa76" + } + ] + }, + { + "bom-ref": "b8e48c126ab0bfb8", + "type": "file", + "name": "/usr/bin/trust", + "hashes": [ + { + "alg": "SHA-1", + "content": "73218ce5ea376d2ebc2019b093f36c94bb32eed6" + }, + { + "alg": "SHA-256", + "content": "577085f236a406b2115922ac26e739fc88189affee2d255681b34b64684807a8" + } + ] + }, + { + "bom-ref": "c2b780c83765c415", + "type": "file", + "name": "/usr/bin/type", + "hashes": [ + { + "alg": "SHA-1", + "content": "339eedcc50d7b24c3c15e056ca79a2a6394f0811" + }, + { + "alg": "SHA-256", + "content": "36d5d35fee92010a0869fa9229d201b54f795217557105409e381f471a8038cd" + } + ] + }, + { + "bom-ref": "399960ec84398034", + "type": "file", + "name": "/usr/bin/ulimit", + "hashes": [ + { + "alg": "SHA-1", + "content": "09651176811817d03591ae8c4258d04a01562e67" + }, + { + "alg": "SHA-256", + "content": "d66bfb63a8afcea2c6d17561f27f8d3ddb49062f221c9b18d64e7c846c34ff94" + } + ] + }, + { + "bom-ref": "c8e5318148bed297", + "type": "file", + "name": "/usr/bin/umask", + "hashes": [ + { + "alg": "SHA-1", + "content": "4e230e28dcb60d5587a12f9e7ad9920846cfb113" + }, + { + "alg": "SHA-256", + "content": "975d986bf2124069a5781239ba169c894f3c0c152e3262cbddd64fff74e88171" + } + ] + }, + { + "bom-ref": "911641d65b7558d3", + "type": "file", + "name": "/usr/bin/unalias", + "hashes": [ + { + "alg": "SHA-1", + "content": "f4a3cff8af1e0bdee91fe52da50c184e4c4db4c4" + }, + { + "alg": "SHA-256", + "content": "9631a027d22e68cb01c9753dc6cd44b9b210007cb0c1162cab12a715a2bcef60" + } + ] + }, + { + "bom-ref": "293eafcf9526eaf2", + "type": "file", + "name": "/usr/bin/wait", + "hashes": [ + { + "alg": "SHA-1", + "content": "5626cfe4711da11e9b207d8c920364138af94d3d" + }, + { + "alg": "SHA-256", + "content": "238e0bce60ea5baff73d00fe4bb580335c5fb2c50fc3d9527f80fa57f5648550" + } + ] + }, + { + "bom-ref": "5db6da7845914c87", + "type": "file", + "name": "/usr/bin/watchgnupg", + "hashes": [ + { + "alg": "SHA-1", + "content": "92c2b0ab2051c9c1055ea87014cb9325197d88fe" + }, + { + "alg": "SHA-256", + "content": "d8594b5e2e73de2573e250e395cf5eb30de8c6b852fc6b8cb2cb30a47d202596" + } + ] + }, + { + "bom-ref": "c84b226abccf7d4b", + "type": "file", + "name": "/usr/lib/motd" + }, + { + "bom-ref": "cc798dcb38eba1a3", + "type": "file", + "name": "/usr/lib/rpm/rpm.log", + "hashes": [ + { + "alg": "SHA-1", + "content": "29c0990a863f9f69f4ab26b4a0c31b3eff432a5a" + }, + { + "alg": "SHA-256", + "content": "ed0a8b7f8ec41ea0d6d8d7ccdc698d216cd7a7154e77bbdaf8eb02bc4535ab0a" + } + ] + }, + { + "bom-ref": "8044442fd16feb3e", + "type": "file", + "name": "/usr/lib/rpm/rpm.supp", + "hashes": [ + { + "alg": "SHA-1", + "content": "9b3ed20f6fdb44d14c2d2087c012d137a8d33acf" + }, + { + "alg": "SHA-256", + "content": "d88d7b62b79bf754a47ba69d0997ae82c4f0e5ea6af3f8fe2e40ffb1fc3fe054" + } + ] + }, + { + "bom-ref": "6d23106926cedc71", + "type": "file", + "name": "/usr/lib/rpm/rpmdb_dump", + "hashes": [ + { + "alg": "SHA-1", + "content": "b598461dc785d6c9758bbebd2430571099d12605" + }, + { + "alg": "SHA-256", + "content": "bf09433a9284ba72a3e7e698d74f7d3873dab852d4aa4a0e1ef78b2a1711c96c" + } + ] + }, + { + "bom-ref": "d0ceb81547867a2e", + "type": "file", + "name": "/usr/lib/rpm/rpmdb_load", + "hashes": [ + { + "alg": "SHA-1", + "content": "22634bc843cf4129f9a6197031f9c3975ad59acf" + }, + { + "alg": "SHA-256", + "content": "9e924a2590ec3c4322f07e24f1ed7f3aa16f13e2c38496a78f7ab873d238b27e" + } + ] + }, + { + "bom-ref": "65b422093ea150ab", + "type": "file", + "name": "/usr/lib/rpm/tgpg", + "hashes": [ + { + "alg": "SHA-1", + "content": "65838988252004b9373bb969e44be70f95e868d9" + }, + { + "alg": "SHA-256", + "content": "2301f06a63659cc2acd2f8c3c00f19a4cfeb427b916345299a3112844ae2b5b0" + } + ] + }, + { + "bom-ref": "f1544ef0e6f4315a", + "type": "file", + "name": "/usr/lib/swidtag/redhat.com/com.redhat.RHEL-9-x86_64.swidtag", + "hashes": [ + { + "alg": "SHA-1", + "content": "68b18fb7002f6d32299e0d3bc253f188894e0b1d" + }, + { + "alg": "SHA-256", + "content": "d6edae22d91b9a245159ebd816e61b855571c620cf56e68cbf6d0b177cf0cf06" + } + ] + }, + { + "bom-ref": "f3601cef86b4f2cd", + "type": "file", + "name": "/usr/lib/tmpfiles.d/dnf.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad2b4fc104428f80282f94f4b925ff12ba92aba7" + }, + { + "alg": "SHA-256", + "content": "365360de240de77d77843de09d14272cb91fe853400473178f44903de4949b68" + } + ] + }, + { + "bom-ref": "db4305a1b2dc79a9", + "type": "file", + "name": "/usr/lib/tmpfiles.d/setup.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "e4d485145026d758bcf51aa356aa1795981e3ab5" + }, + { + "alg": "SHA-256", + "content": "b1a7958d03497b0e231f8f14ee501ebb4d15a822d096c180226af5429df15f78" + } + ] + }, + { + "bom-ref": "ef5630fdf7377aa2", + "type": "file", + "name": "/usr/lib64/.libgmp.so.10.4.0.hmac", + "hashes": [ + { + "alg": "SHA-1", + "content": "6e6c4061b34937a88c91be5a9219abe8d626e0db" + }, + { + "alg": "SHA-256", + "content": "fd921c4a661f25dee6ec4d8de64d92baf7a61ddd3f33694da12f83b43fd534b9" + } + ] + }, + { + "bom-ref": "e6f45669dd679452", + "type": "file", + "name": "/usr/lib64/fipscheck/libcrypt.so.2.0.0.hmac", + "hashes": [ + { + "alg": "SHA-1", + "content": "5c04277c82d9b718135c58aa07fa2de027d1bcc9" + }, + { + "alg": "SHA-256", + "content": "bdba59b24107da95ade6c1a6c359861baec8182ae70e871424578ef9c61cd389" + } + ] + }, + { + "bom-ref": "3e384d933fad624e", + "type": "file", + "name": "/usr/lib64/fipscheck/libgmp.so.10.4.0.hmac", + "hashes": [ + { + "alg": "SHA-1", + "content": "6e6c4061b34937a88c91be5a9219abe8d626e0db" + }, + { + "alg": "SHA-256", + "content": "fd921c4a661f25dee6ec4d8de64d92baf7a61ddd3f33694da12f83b43fd534b9" + } + ] + }, + { + "bom-ref": "86a9e363787cae70", + "type": "file", + "name": "/usr/lib64/gawk/filefuncs.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "37eaa70235c34188b98e5202fa9bb1fbbfa06593" + }, + { + "alg": "SHA-256", + "content": "08daf63964a4da243a342a71cd900b6bbc536d63e65b3fa200cdf30febe56063" + } + ] + }, + { + "bom-ref": "6459258497686318", + "type": "file", + "name": "/usr/lib64/gawk/fnmatch.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "11719811351f67dca282058ef12e299dc047e266" + }, + { + "alg": "SHA-256", + "content": "6fc76e3013bedf78d4bece60f60bcc9bfdbef00c659513337f2398907108d1c8" + } + ] + }, + { + "bom-ref": "7b5244660b3ff49f", + "type": "file", + "name": "/usr/lib64/gawk/fork.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "7c6054c5a245ffece9e055c31b1826a4c6c7e6b1" + }, + { + "alg": "SHA-256", + "content": "ecad486105c51fa598dd4b727e3734d4655f242174d2b31c5e04c1e2f5b43193" + } + ] + }, + { + "bom-ref": "2a9ba5e47a1caf49", + "type": "file", + "name": "/usr/lib64/gawk/inplace.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "85cda1a73ff8d854c57fcb7f89ac239da07d6616" + }, + { + "alg": "SHA-256", + "content": "7e9fc9a7602dd997b880518d70bc7bc32d6929b96f939b4359c019543a72d1f1" + } + ] + }, + { + "bom-ref": "e1955cc8bd7d7354", + "type": "file", + "name": "/usr/lib64/gawk/intdiv.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "c21b8aba737e1b229cc92f34416c7b2ca80276bc" + }, + { + "alg": "SHA-256", + "content": "89b8ccda8a2bbba4276f13ecdf6ef8bd9419d73b5c860ad8f02c3d6ee9dd0193" + } + ] + }, + { + "bom-ref": "d548c3c0c2e1c5f3", + "type": "file", + "name": "/usr/lib64/gawk/ordchr.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "196f7a4cb44e703e50c9b884a4f77cb24aafc125" + }, + { + "alg": "SHA-256", + "content": "fe87bf2d1356a8d568a47705a26f59c589011c819fa8a433b50999f76822932f" + } + ] + }, + { + "bom-ref": "e91e2e6213b87b0b", + "type": "file", + "name": "/usr/lib64/gawk/readdir.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "3d521cd923eb6ca57db65ef29afa0cab9d3309cb" + }, + { + "alg": "SHA-256", + "content": "8553215e8ffebdcc353bc16e15ff10abb538d07def13488ad19f1ef80eb8d07d" + } + ] + }, + { + "bom-ref": "23d013f0de6bb227", + "type": "file", + "name": "/usr/lib64/gawk/readfile.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "7a013b78afc9a3d8c4ffedd8ac551fba321d9ca4" + }, + { + "alg": "SHA-256", + "content": "5ce8ed25ccc02ae960b6123cf804cd43bd2d165962e907a0ba311b8785531370" + } + ] + }, + { + "bom-ref": "64d9d5371892c01a", + "type": "file", + "name": "/usr/lib64/gawk/revoutput.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "576dc35ec1edb574756b1bafb77d5ae087791e18" + }, + { + "alg": "SHA-256", + "content": "46dca6dece20b4bb37cb091a82ca6e4ffd32398e2d1b4669327b335ed359dea1" + } + ] + }, + { + "bom-ref": "9eebb7943e5997ad", + "type": "file", + "name": "/usr/lib64/gawk/revtwoway.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "32af370c9708b622c8f64b8b8388de36eec592b7" + }, + { + "alg": "SHA-256", + "content": "f1cc9a475e8154da632614e48fb8836b994643947582eb0dc5486a5a105e0b8b" + } + ] + }, + { + "bom-ref": "9b4fdfd089bd0f72", + "type": "file", + "name": "/usr/lib64/gawk/rwarray.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "232077fc412b5fa8cdeb7c2ce5f2537365d0fcc6" + }, + { + "alg": "SHA-256", + "content": "395be1e8e158672cbe30547f78daa93d1b7525a5bb893ae36b66fc9f2c81fa72" + } + ] + }, + { + "bom-ref": "d64f3b4ac3fb03ad", + "type": "file", + "name": "/usr/lib64/gawk/time.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "3a9feb12a625c8b025e6fff008d799913f86b873" + }, + { + "alg": "SHA-256", + "content": "17df1cec822ba1dd53c9c5a4f5ba9c880c6362a68ecf76671b7b9c6fb5947056" + } + ] + }, + { + "bom-ref": "3203fde87778c9ed", + "type": "file", + "name": "/usr/lib64/girepository-1.0/DBus-1.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "a0c3dd54e7942d3f60f78f581572c2f0539832e9" + }, + { + "alg": "SHA-256", + "content": "0843f4d6a549703df7c07f8e96d3c47752123ecf910c7571d786f5347fa02234" + } + ] + }, + { + "bom-ref": "0ddc9dba708b678b", + "type": "file", + "name": "/usr/lib64/girepository-1.0/DBusGLib-1.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "35bfa94bd1942481f5fab66ea134badddf242eea" + }, + { + "alg": "SHA-256", + "content": "2aa3277d88103f0c475700cd56fcadbcd7ddb2a588cff93696efd4922e151807" + } + ] + }, + { + "bom-ref": "c9e7cc7fd09f7054", + "type": "file", + "name": "/usr/lib64/girepository-1.0/GIRepository-2.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "b3800c684c910bdee152fa2cd1eb4d1333b2d6a4" + }, + { + "alg": "SHA-256", + "content": "c9a2d028aa8df8bf3bab2c192f2622e6c9c9b10869b7153a69b861776b95662f" + } + ] + }, + { + "bom-ref": "a6ecbe53b00c0170", + "type": "file", + "name": "/usr/lib64/girepository-1.0/GL-1.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "2764e078b231ca64f9ee887829caf33ad16b5fda" + }, + { + "alg": "SHA-256", + "content": "e6677facd41cc99b3e3e1a9007d9762b00a446b42206d78dd28ea2653478bc80" + } + ] + }, + { + "bom-ref": "bf0b590157599e95", + "type": "file", + "name": "/usr/lib64/girepository-1.0/GLib-2.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "4ddd34f845a98636f83726958b81a068d10fed07" + }, + { + "alg": "SHA-256", + "content": "fba14550feaa86c2c00a0f36bdb6aa30ae4ad45a103b909929c326804f96117f" + } + ] + }, + { + "bom-ref": "838664dccf164d17", + "type": "file", + "name": "/usr/lib64/girepository-1.0/GModule-2.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "d4b6921ffe93cef4846e7513049fb788ab2b6106" + }, + { + "alg": "SHA-256", + "content": "7bc362f60318f3a313498585ee80c9d70ea64d81e6f913b17a094dd92f2d86c6" + } + ] + }, + { + "bom-ref": "47daa9b0930ea0f5", + "type": "file", + "name": "/usr/lib64/girepository-1.0/GObject-2.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "4653544a623da01fe9f97f47f200d4fe3800fcc5" + }, + { + "alg": "SHA-256", + "content": "0b8b1f8589a4664de9d45e3104c84ef1007142f268c86cd74ec3d41dba7ede07" + } + ] + }, + { + "bom-ref": "8a3d13c3ee10bc95", + "type": "file", + "name": "/usr/lib64/girepository-1.0/Gio-2.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "e52f933b9d3633a31c6876ab3db469a11baf6d6e" + }, + { + "alg": "SHA-256", + "content": "23f713c670592ea3a475a841c2390a686426f6f08575e9d2aa4ab9a9f4d2d63f" + } + ] + }, + { + "bom-ref": "e43bb769482b55c9", + "type": "file", + "name": "/usr/lib64/girepository-1.0/Json-1.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "6adeb0eb8aa9915248b546ad5025aa99dfb344eb" + }, + { + "alg": "SHA-256", + "content": "7a33c50a8748297d29811226528c592ce323a80d024c898c03bc0c59e8ec169b" + } + ] + }, + { + "bom-ref": "27ae868c8ec36403", + "type": "file", + "name": "/usr/lib64/girepository-1.0/Modulemd-2.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "b94ae13c66d2ad4460f3e81e1a65732168e90b06" + }, + { + "alg": "SHA-256", + "content": "b2efe05bbd9a1fccb5399815baa12ae9fb7f5776b30ea63517abda946089f4a0" + } + ] + }, + { + "bom-ref": "81bbe926b6aead1e", + "type": "file", + "name": "/usr/lib64/girepository-1.0/Peas-1.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "f55cba402d91bddda9b68ebcf939968f85b32ad3" + }, + { + "alg": "SHA-256", + "content": "f565f6faf06dd6ab0d48b8222c9a57f8afd8fb3acac9b63bd72955c05854702b" + } + ] + }, + { + "bom-ref": "1a3133d2f0305784", + "type": "file", + "name": "/usr/lib64/girepository-1.0/Vulkan-1.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "990f50121bdb450e7cc284416847f9ec12e4d667" + }, + { + "alg": "SHA-256", + "content": "c90a6028c5b4903ca95569cce7068138396c68d86a7d029755efc97c8b7b4640" + } + ] + }, + { + "bom-ref": "ec87058761e8948b", + "type": "file", + "name": "/usr/lib64/girepository-1.0/cairo-1.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "e078bece9d494ab88f1fb1df74f825f2080c5a12" + }, + { + "alg": "SHA-256", + "content": "73a442091999a33cb0927163aaa2052bb2c62dd5a2921e616168ed2e73edf582" + } + ] + }, + { + "bom-ref": "d9ff4f32eeb17c6b", + "type": "file", + "name": "/usr/lib64/girepository-1.0/fontconfig-2.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f49aa46670adb0309fd3d7dea310f413ea08a60" + }, + { + "alg": "SHA-256", + "content": "17dd220833e93884c4b261336c9bcd1bd546ed2c10920d578de04138182debec" + } + ] + }, + { + "bom-ref": "7ab7f3522d309852", + "type": "file", + "name": "/usr/lib64/girepository-1.0/freetype2-2.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "56fa561a33b695289715386cf38125a2d491a13c" + }, + { + "alg": "SHA-256", + "content": "03a385fb9e769b084d5df54aae60bbcfa7ca06b14d5a514f5251a175ddb77b3d" + } + ] + }, + { + "bom-ref": "18cf06d4abbb39ce", + "type": "file", + "name": "/usr/lib64/girepository-1.0/libxml2-2.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "d82473e07cb70a82563b48efb1973b02bc28fdfd" + }, + { + "alg": "SHA-256", + "content": "428ea3f8b393c44b7682acdcad718d5f6dc87ca6adc6417af06e3f22d8f2aa1b" + } + ] + }, + { + "bom-ref": "c6783499aa12b204", + "type": "file", + "name": "/usr/lib64/girepository-1.0/win32-1.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f289edeef92d2fdfd6ed220ebcc517e9d56fd21" + }, + { + "alg": "SHA-256", + "content": "f58e32852eeba023aa69ffc0a384452a99df362d91c17ebf1c7e6d72baa8b75c" + } + ] + }, + { + "bom-ref": "67c5ab204d910f75", + "type": "file", + "name": "/usr/lib64/girepository-1.0/xfixes-4.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "87adc0f52a16dabaf8d2bb73ef670644af6c6676" + }, + { + "alg": "SHA-256", + "content": "e55b4e0489c9aac5c7f055f4a1b40e0f92417e0db7c02d1611d342a3396c0890" + } + ] + }, + { + "bom-ref": "85e93a42c71df820", + "type": "file", + "name": "/usr/lib64/girepository-1.0/xft-2.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "7458fb1126bafae2ab26b5fc526db68eba7dc844" + }, + { + "alg": "SHA-256", + "content": "aa4e253474c1084af97eeec58108590488d2b4e82cf9d37c57160c01e6480a6e" + } + ] + }, + { + "bom-ref": "32a0c00ecef8529c", + "type": "file", + "name": "/usr/lib64/girepository-1.0/xlib-2.0.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "a1904a60e3355033ed511e7e60912d2b51c23812" + }, + { + "alg": "SHA-256", + "content": "4450fa0426b410db5a219f64b4e0d7f9b0be17ae81b9a6947045aeaacf417f91" + } + ] + }, + { + "bom-ref": "9e393ba47e750cde", + "type": "file", + "name": "/usr/lib64/girepository-1.0/xrandr-1.3.typelib", + "hashes": [ + { + "alg": "SHA-1", + "content": "7e2fc5c059b74dc675e5b84eafa4937ab3adc31b" + }, + { + "alg": "SHA-256", + "content": "860b43fd4ff40bae47b48111ff49d432acf96c0211a95b26df5ae8c32179591e" + } + ] + }, + { + "bom-ref": "ee957d0fd6dceb6b", + "type": "file", + "name": "/usr/lib64/libacl.so.1.1.2301", + "hashes": [ + { + "alg": "SHA-1", + "content": "94d85a7ef951984cc7d9337ba6f4adf1b09a74dc" + }, + { + "alg": "SHA-256", + "content": "4894d693ef1fd6acbd95a8ef1873716b6086523084fceca0b16f430acb2d67c7" + } + ] + }, + { + "bom-ref": "20166f892a70cb1d", + "type": "file", + "name": "/usr/lib64/libassuan.so.0.8.5", + "hashes": [ + { + "alg": "SHA-1", + "content": "d7073b36a9259025a56139b223bd1b266dc3154b" + }, + { + "alg": "SHA-256", + "content": "2802ab456d7ce9730af980620dc280917270b33efb514af96ed9fafd4f7237d9" + } + ] + }, + { + "bom-ref": "37278abcf11da63d", + "type": "file", + "name": "/usr/lib64/libattr.so.1.1.2501", + "hashes": [ + { + "alg": "SHA-1", + "content": "cf304368638fcb8aef50f0e1ded25deadb64b33c" + }, + { + "alg": "SHA-256", + "content": "944c2763b2c727d3126e9f60edac6189d9ac072cb91538eda0f4cc55bc24a5a0" + } + ] + }, + { + "bom-ref": "03fde1b1904f0a48", + "type": "file", + "name": "/usr/lib64/libbz2.so.1.0.8", + "hashes": [ + { + "alg": "SHA-1", + "content": "7b74c640e36fea8d0196a28e381a00684c488bf5" + }, + { + "alg": "SHA-256", + "content": "0be7c010debc1bc5b53f59449ee204e5f927978439e6bd5df256cd36c288272d" + } + ] + }, + { + "bom-ref": "874052fff98a4177", + "type": "file", + "name": "/usr/lib64/libcap-ng.so.0.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "98046eaa771d306fe8be38bfff4913df74f41283" + }, + { + "alg": "SHA-256", + "content": "0f03248a4184699f298d006c36cad963dba065d451ed8dc187aceb7c1e3fff81" + } + ] + }, + { + "bom-ref": "c1d8fac200470efc", + "type": "file", + "name": "/usr/lib64/libcrypt.so.2.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "ac63dc058acacd5935ff0887b206e6a2f76816bb" + }, + { + "alg": "SHA-256", + "content": "67847e804cdd224fc438207e6919a69ce03cdede0fa3f3467fbd09b554640667" + } + ] + }, + { + "bom-ref": "2a53cced56358980", + "type": "file", + "name": "/usr/lib64/libdnf/plugins/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "557ca9f62680017df81311fafa956b9baa3e036b" + }, + { + "alg": "SHA-256", + "content": "73532ee155af95978529b5d896ed657ac8823a3ab32959bdde9719b35e6a7ae6" + } + ] + }, + { + "bom-ref": "873c917cafce7f50", + "type": "file", + "name": "/usr/lib64/libdrop_ambient.so.0.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "3e283fefd85ac380b7c83f9e9bd3c6319ce3cca4" + }, + { + "alg": "SHA-256", + "content": "37552076c61781047d691ace88972921141f471ca1c76f223b48331d6350c70f" + } + ] + }, + { + "bom-ref": "caa129ad797767a7", + "type": "file", + "name": "/usr/lib64/libevent-2.1.so.7.0.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "f20129854c8aeac2120d5b8e20203cbca02b65de" + }, + { + "alg": "SHA-256", + "content": "bb9471ece95b9eed40f0a6b30d90305f8586573ef511945d0852aab8cd544c6f" + } + ] + }, + { + "bom-ref": "0641d6c97b0ce150", + "type": "file", + "name": "/usr/lib64/libevent_core-2.1.so.7.0.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "88dd27a01a0563fb9334fbcd29474d0d4db5ed7e" + }, + { + "alg": "SHA-256", + "content": "62e6a6c76d6478a2c2aa9548c5e8ee62d51fb2b9c3f59fdf773f3a8d7cab6b38" + } + ] + }, + { + "bom-ref": "7e97c46e2ba7aa0e", + "type": "file", + "name": "/usr/lib64/libevent_extra-2.1.so.7.0.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "8e4573d1ff82fb9911793412593a90beee3914b9" + }, + { + "alg": "SHA-256", + "content": "55995d6af18cb176d702d4f5ac0cc88816d91121b213425d688ddfe4520877d5" + } + ] + }, + { + "bom-ref": "126ddf605a08aa6f", + "type": "file", + "name": "/usr/lib64/libevent_openssl-2.1.so.7.0.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "1d4c956778f6b27e5d8fb61d75e5c7ef21d86436" + }, + { + "alg": "SHA-256", + "content": "639f118b45454cf12f92f9cb4ef1ffce8ac016729fb7c6089328859d54b25394" + } + ] + }, + { + "bom-ref": "4032189b898fefaf", + "type": "file", + "name": "/usr/lib64/libevent_pthreads-2.1.so.7.0.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "a22122596aeaf38cde41102703db1dce48a55755" + }, + { + "alg": "SHA-256", + "content": "65bdebb29d7a1b9b3704d9e0a626d372548dcbae9e606282ece94ed4149c4569" + } + ] + }, + { + "bom-ref": "c9e0a30b10d2fe01", + "type": "file", + "name": "/usr/lib64/libffi.so.8.1.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "652d8774241577295e1ee6a0d2e57a6d5d1a1331" + }, + { + "alg": "SHA-256", + "content": "c575bec3faae030f61b7dd26a40480e60e6f0060e2b4d3a6f3cacd6da9fc01ff" + } + ] + }, + { + "bom-ref": "64405ea653cfe62f", + "type": "file", + "name": "/usr/lib64/libgcrypt.so.20.4.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "62a55f264e929f20ab20ad8dfea9b94e6d8047c8" + }, + { + "alg": "SHA-256", + "content": "ad3532c2f6a3bb7bf5d4cf3b5014e3db23a99ae4d7876882ccf56e898af6e81d" + } + ] + }, + { + "bom-ref": "62aab177572c81d2", + "type": "file", + "name": "/usr/lib64/libgdbm.so.6.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "788eaf9def72fe7cf0b5b0df4ca3e4443c30ee60" + }, + { + "alg": "SHA-256", + "content": "bdc7274699add513c815dae574464f2dd2c5d25ac0365cb840d55faad3551989" + } + ] + }, + { + "bom-ref": "bea130dbfc935616", + "type": "file", + "name": "/usr/lib64/libgdbm_compat.so.4.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "a5ae97bd3dbe08e0eb1ae86220f534bd5425b547" + }, + { + "alg": "SHA-256", + "content": "0b6e593bcda737cc2634fbf08b69f7cd12d01bc1db04ff7d95e2cecca0394463" + } + ] + }, + { + "bom-ref": "e69d26bcb0a24e1b", + "type": "file", + "name": "/usr/lib64/libgirepository-1.0.so.1.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "ba9788ef4fdfb288815525c1c74afbf8fa2d5557" + }, + { + "alg": "SHA-256", + "content": "20c154e743cea2df90cec58d41e9b5e26bc10cd1a0cb9f616d81e48cabf4e0fe" + } + ] + }, + { + "bom-ref": "76096f929a097db2", + "type": "file", + "name": "/usr/lib64/libgmp.so.10.4.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "32475e5d51d9b9b5b2bd99731601e258d65627b1" + }, + { + "alg": "SHA-256", + "content": "b9d1265de01c92a6565272aa3ffa30034fe3656c73c348fc988a2e65389d6782" + } + ] + }, + { + "bom-ref": "6b8f40a297fb9256", + "type": "file", + "name": "/usr/lib64/libgpg-error.so.0.32.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "0c197bcbbd57299c70775b9a50ec2a8f5f33e8b8" + }, + { + "alg": "SHA-256", + "content": "7c35a3105985309405449a6f609cab1b0971fd65d44d70c4780106c12673ba08" + } + ] + }, + { + "bom-ref": "3c3cb91a078fde6e", + "type": "file", + "name": "/usr/lib64/libgpgme.so.11.24.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "732b6788c2f9089361158c53f5c147fbc39935cf" + }, + { + "alg": "SHA-256", + "content": "0ba972ec6ce71ecb0d07f1a5fa318c2f498eb671327ba444393cb3a1b6b497a4" + } + ] + }, + { + "bom-ref": "315872dd93390c03", + "type": "file", + "name": "/usr/lib64/libhistory.so.8.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "ee35f373b496c24e9b0eb04c51f51ff141c2ec16" + }, + { + "alg": "SHA-256", + "content": "1624092f4c9c1b6dba385d4a2acf707f02620f4ea6e4de478887f9dbae31c66a" + } + ] + }, + { + "bom-ref": "f25c4208eeb070b6", + "type": "file", + "name": "/usr/lib64/libidn2.so.0.3.7", + "hashes": [ + { + "alg": "SHA-1", + "content": "885dcf79a492efb10cb15e13ad80a0f889cbd09c" + }, + { + "alg": "SHA-256", + "content": "dc245bad13edbcd52b6f654a3de2ddcb017c92590e0b7b473b8a69a3db3a2b9c" + } + ] + }, + { + "bom-ref": "77c9b4d0917880dc", + "type": "file", + "name": "/usr/lib64/libjson-c.so.5.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "5cb568c7b5fbd446a520efe927ff3dee04b6da8d" + }, + { + "alg": "SHA-256", + "content": "8aa6483f266303dd0116a85882806382c9e254bceeb17be1c1f8933a1ea9f33e" + } + ] + }, + { + "bom-ref": "b4b67fbfb5f5e23e", + "type": "file", + "name": "/usr/lib64/libjson-glib-1.0.so.0.600.6", + "hashes": [ + { + "alg": "SHA-1", + "content": "a24f2e1e611e1ebeed67b9bcf2c3e2e6615e02c9" + }, + { + "alg": "SHA-256", + "content": "9ffe45c8c5b88fabf34a007c4b0ccc0322728f5790e43e11785ccdad64557a0e" + } + ] + }, + { + "bom-ref": "09908bd891f4a1fb", + "type": "file", + "name": "/usr/lib64/libkeyutils.so.1.10", + "hashes": [ + { + "alg": "SHA-1", + "content": "b80385902e58f095f0f4b2f4e7707e38152bc853" + }, + { + "alg": "SHA-256", + "content": "b0aaec55115d2ab97e1a70cb4c9a1b036d839d7922e67d3e610cd3ccd58521e3" + } + ] + }, + { + "bom-ref": "1e29db6133907052", + "type": "file", + "name": "/usr/lib64/libksba.so.8.13.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "b75cef0731f4977cfbcda33d8458b37fcf05ce8e" + }, + { + "alg": "SHA-256", + "content": "081792cc346461618b8723abc84afe792870d36452f47a3c2e7acab017c1021b" + } + ] + }, + { + "bom-ref": "f18c9f92057ac960", + "type": "file", + "name": "/usr/lib64/liblua-5.4.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "2c34f6a723b87db49b380ae747c19c134f5daa38" + }, + { + "alg": "SHA-256", + "content": "a51bea6a192c1ae861b20f871fca5e3ea4751b9ad31ca448d9799965d4b208fc" + } + ] + }, + { + "bom-ref": "07c7e420648edb7f", + "type": "file", + "name": "/usr/lib64/liblz4.so.1.9.3", + "hashes": [ + { + "alg": "SHA-1", + "content": "9d7a2adf1f1ad3f6c1a57fc2fb4fc136e97a307c" + }, + { + "alg": "SHA-256", + "content": "cd2cd6b9b4ddc0fda8eb8bd2597566f50efd4848ce24f071c88385bae200e166" + } + ] + }, + { + "bom-ref": "d25c76d984b3aa3b", + "type": "file", + "name": "/usr/lib64/liblzma.so.5.2.5", + "hashes": [ + { + "alg": "SHA-1", + "content": "1c20beff7a63fea7251efb9f1435c619828244dd" + }, + { + "alg": "SHA-256", + "content": "16125c779c2442c5bc32a3aeded7e6a5e70c9112864eebb5bb061651222a2dda" + } + ] + }, + { + "bom-ref": "33e898c1f45c8cd6", + "type": "file", + "name": "/usr/lib64/libmagic.so.1.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "228ac994fe088a510f8caa60e52052573e5ee01d" + }, + { + "alg": "SHA-256", + "content": "a0909463137c552f416e7438e4f97beaef6940154c17a974467d339618ad70c2" + } + ] + }, + { + "bom-ref": "88ecb7a06373bb64", + "type": "file", + "name": "/usr/lib64/libmodulemd.so.2.13.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "1b941e764c69a1b87880d5f18d6dde61c61daec9" + }, + { + "alg": "SHA-256", + "content": "55d52f9d60881e172cfdea50c658d4890e2d5fd0cc9bc5bc69b3955514f0ff0d" + } + ] + }, + { + "bom-ref": "c430935fd8f2dc21", + "type": "file", + "name": "/usr/lib64/libmpfr.so.6.1.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "04bc73f1550e9d40f9582f2d7e84e5ea7d989917" + }, + { + "alg": "SHA-256", + "content": "737d4ad1015f97e0bfa59cc62d79e2a5fe7ac62148fd7f2826977de75f2f9ba4" + } + ] + }, + { + "bom-ref": "a2d7e7570645fbd9", + "type": "file", + "name": "/usr/lib64/libnghttp2.so.14.20.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "67566f22812d095385f7f0bd5d5c12ffa53cef33" + }, + { + "alg": "SHA-256", + "content": "04be3e1e30dc721889595dfc826aefb82d84994218b1e433f81f7e727c39791c" + } + ] + }, + { + "bom-ref": "cb56001146a5f57c", + "type": "file", + "name": "/usr/lib64/libnpth.so.0.1.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "42eedfa668f126069ef7b65e06610e02484dda2d" + }, + { + "alg": "SHA-256", + "content": "a90bc7657c5f2a4aeee8e6068c4e7318e856d5870e59203cc0f38e0d3e27ed78" + } + ] + }, + { + "bom-ref": "4b7e13d2d8bedc71", + "type": "file", + "name": "/usr/lib64/libp11-kit.so.0.3.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "ddd78d6340c805bf19000f4bf16f8f198fb8cc95" + }, + { + "alg": "SHA-256", + "content": "9eec2de8301813279c4ade5b8705229d75eebd3d55d28bf42141d61a43055be0" + } + ] + }, + { + "bom-ref": "61217bc8d6063ca5", + "type": "file", + "name": "/usr/lib64/libpcre.so.1.2.12", + "hashes": [ + { + "alg": "SHA-1", + "content": "342f304c2c94ed6be689e3d6a4bf43f3f9dd013e" + }, + { + "alg": "SHA-256", + "content": "853849dc5e7393ec3451683443d164b12783019e1b68bc64b49c64812886364d" + } + ] + }, + { + "bom-ref": "11d09b8e145a45b4", + "type": "file", + "name": "/usr/lib64/libpcre2-8.so.0.11.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "db7a2cef3127771056ee892267c25685dc314eb9" + }, + { + "alg": "SHA-256", + "content": "9a7c5324aa19b789ec6451fac312238ba8b266886e37f2dcad51b612deaae96c" + } + ] + }, + { + "bom-ref": "225f79c9b0575a25", + "type": "file", + "name": "/usr/lib64/libpcre2-posix.so.3.0.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "a3e8ef0589686f39054ecb031e75898288209b3d" + }, + { + "alg": "SHA-256", + "content": "cd07b910ec2713c62bd756ca1b5b1b33822fe53b0c22b57bb21a7277c6d38664" + } + ] + }, + { + "bom-ref": "ba67a519ab935fa6", + "type": "file", + "name": "/usr/lib64/libpcreposix.so.0.0.7", + "hashes": [ + { + "alg": "SHA-1", + "content": "a9aaf3592a59f95df4797d0b993e3aafbe66373f" + }, + { + "alg": "SHA-256", + "content": "a829890434a50682fa95b2278d8daf3037a6bb195c4ad31d7c14901168ba6a7d" + } + ] + }, + { + "bom-ref": "196b545787abaf02", + "type": "file", + "name": "/usr/lib64/libpeas-1.0.so.0.3000.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "5dd09d787c6efcc89059b45c90cd5d371505c8c4" + }, + { + "alg": "SHA-256", + "content": "f8b1dc530521545628192a831eaf36cc36499bd1ac28c8241bc6f2d114753df9" + } + ] + }, + { + "bom-ref": "5563d371a9f13ec7", + "type": "file", + "name": "/usr/lib64/libpopt.so.0.0.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "aa7f191ea0894ab9c74aa189e905a7cfacad919e" + }, + { + "alg": "SHA-256", + "content": "5e9f3f8a88255fcb88220f7af51a96fb7328a2ea73154dd306277271571acffd" + } + ] + }, + { + "bom-ref": "cf56343ce42be2bf", + "type": "file", + "name": "/usr/lib64/libreadline.so.8.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "d7042d8c19057b1da6d78ae87c60cc937b0e764a" + }, + { + "alg": "SHA-256", + "content": "cd005d15fd3c6546b1ce73e629e516a421c9b0776cb7a0609f45c5c2f8d395bb" + } + ] + }, + { + "bom-ref": "64b06586db1d77b9", + "type": "file", + "name": "/usr/lib64/librhsm.so.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "7c40890f3df5a0abb1902afa7024f877eaf13b77" + }, + { + "alg": "SHA-256", + "content": "a5e26140e65f99559e39b6d532399de433af5e0eac6020301f98cdf2a1323977" + } + ] + }, + { + "bom-ref": "9f3a8aed149de7d0", + "type": "file", + "name": "/usr/lib64/libsigsegv.so.2.0.6", + "hashes": [ + { + "alg": "SHA-1", + "content": "c406b306355f1c1c06880f216c6b43f8c08a7d7a" + }, + { + "alg": "SHA-256", + "content": "ed87f1cc009a33dec708be009dee5f66ac26f2b5e1638d8ff2c460e8c34f3375" + } + ] + }, + { + "bom-ref": "c1271ae5fbf0e0c3", + "type": "file", + "name": "/usr/lib64/libsolv.so.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "6e7c34a210e2d38bd03b23ee88a5e4e9d3a86267" + }, + { + "alg": "SHA-256", + "content": "073f24f7025c724f73f34a4657a56144ed6ecb2dd2a2a711d44302f92f4738a5" + } + ] + }, + { + "bom-ref": "c47cc5d32f44cc87", + "type": "file", + "name": "/usr/lib64/libsolvext.so.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "1a06ee428720abbf5e2935058cfcefaafee33547" + }, + { + "alg": "SHA-256", + "content": "5b399a58080823e1a335fea1e445adb5c4b862bd6421840d5273e64f85463962" + } + ] + }, + { + "bom-ref": "24d9c2015a515f85", + "type": "file", + "name": "/usr/lib64/libunistring.so.2.1.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "011b23aeff6c2a0d175aebc8729a23a863566974" + }, + { + "alg": "SHA-256", + "content": "70b4c4050c4319fb109a3cf5745f9a6ab2e5862c6bc809aea0e4cb94c87978ef" + } + ] + }, + { + "bom-ref": "d1c85f195452933d", + "type": "file", + "name": "/usr/lib64/libusb-1.0.so.0.3.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "a3555cf89d10c168db67ef5600c57a756ef416c2" + }, + { + "alg": "SHA-256", + "content": "09b5033698a18d0a8c10869482ebb4b6a978d8066d3f62e73c62def304a3ceeb" + } + ] + }, + { + "bom-ref": "4a37b99f0e0affbc", + "type": "file", + "name": "/usr/lib64/libverto.so.1.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "ca3544d440ec0e684380ab8377f2a0a3951d12ed" + }, + { + "alg": "SHA-256", + "content": "958431bde9ce05c76a54d56ed3a89fae93704e62d7e5c697ed9816c256611efc" + } + ] + }, + { + "bom-ref": "4958c0305cc0c1c1", + "type": "file", + "name": "/usr/lib64/libyaml-0.so.2.0.9", + "hashes": [ + { + "alg": "SHA-1", + "content": "b735b32b9f03ca776b34dabfe5ba03ba49d44c2c" + }, + { + "alg": "SHA-256", + "content": "65b0fa7db95791f0b54442efde3dda6c81704eb0c0134e9371cfc76bd349f67c" + } + ] + }, + { + "bom-ref": "b19008fcaf37b79a", + "type": "file", + "name": "/usr/lib64/libz.so.1.2.11", + "hashes": [ + { + "alg": "SHA-1", + "content": "293a86297efce3f36c02972678590049bc8882ab" + }, + { + "alg": "SHA-256", + "content": "fae9fde931c0df13874fa4cf12cff3047c2570956b496d161fdf4aee7d62b3d7" + } + ] + }, + { + "bom-ref": "d6f9cc0f25c163fa", + "type": "file", + "name": "/usr/lib64/pkcs11/p11-kit-trust.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "24c4f04076d3fc00ffe57132d886e5095530c047" + }, + { + "alg": "SHA-256", + "content": "f3cf20976d79dc24c45caa5fc941b954680f634a7fd7fb5101c94025de77f23c" + } + ] + }, + { + "bom-ref": "e7b09fa086b60c5a", + "type": "file", + "name": "/usr/libexec/awk/grcat", + "hashes": [ + { + "alg": "SHA-1", + "content": "759442278b5e8da98d08e4d4f452e42c35bf794d" + }, + { + "alg": "SHA-256", + "content": "01b5deef8969921f03e9f272b9503238c633c2f346806f2ba7f9ae22df6c7782" + } + ] + }, + { + "bom-ref": "c668344a0bca4102", + "type": "file", + "name": "/usr/libexec/awk/pwcat", + "hashes": [ + { + "alg": "SHA-1", + "content": "11c01eabcee7e5a115eff682afa4ab36ce1705fe" + }, + { + "alg": "SHA-256", + "content": "e77e5d5f4347b0c44c70c9320fe5276215bab80bd1f75db796520ecf24da029b" + } + ] + }, + { + "bom-ref": "c34070cd9804459e", + "type": "file", + "name": "/usr/libexec/dirmngr_ldap", + "hashes": [ + { + "alg": "SHA-1", + "content": "45403f9f9fd294d93e2aecb0a9e7da4bc6fb2a22" + }, + { + "alg": "SHA-256", + "content": "b6ee806155d883a9a6809a25f6fd05e76ed29a6206c7b19ade7cf8050ebccb90" + } + ] + }, + { + "bom-ref": "0b538d4e3bdd8dca", + "type": "file", + "name": "/usr/libexec/gpg-check-pattern", + "hashes": [ + { + "alg": "SHA-1", + "content": "942e225856be050a94df58a50baf8a85a0f1fd9f" + }, + { + "alg": "SHA-256", + "content": "6c5199a71deb82996d035c4622891ab1a9e93cde709733e68a03571ff8cb1a4b" + } + ] + }, + { + "bom-ref": "52874dccfe95c831", + "type": "file", + "name": "/usr/libexec/gpg-pair-tool", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f1326d87ef00379a30534c1fa6048c1f7d901d5" + }, + { + "alg": "SHA-256", + "content": "a33a4303e9f9a5232c7fa52d5c7d3c74f70e830d2e96d9fd1f9b042f9c025675" + } + ] + }, + { + "bom-ref": "23d7f71ae89b5434", + "type": "file", + "name": "/usr/libexec/gpg-preset-passphrase", + "hashes": [ + { + "alg": "SHA-1", + "content": "bb48fdf4bdd230a0328514ddd7adffd449658376" + }, + { + "alg": "SHA-256", + "content": "69c20fb4a9ccc913661f0e23df84ecbf10c8ea4bfd3d8ae8ddb6b144747edbbc" + } + ] + }, + { + "bom-ref": "3cb192baafd3b531", + "type": "file", + "name": "/usr/libexec/gpg-protect-tool", + "hashes": [ + { + "alg": "SHA-1", + "content": "234503e2e761a9c4d7454ce7e37ffcc67fa91658" + }, + { + "alg": "SHA-256", + "content": "bc423e2f7d0daf95dc36e7952a788764a512aed6e899a6ff57c63890112374c4" + } + ] + }, + { + "bom-ref": "11a2f3793b9fe540", + "type": "file", + "name": "/usr/libexec/gpg-wks-client", + "hashes": [ + { + "alg": "SHA-1", + "content": "fbe48d6a850791aad7e41ba92583ca7260e89ab5" + }, + { + "alg": "SHA-256", + "content": "3f1de40f9613d4dcd75a04578bca75cce9225eef0c4bb79e7efd9bcf528ce6d6" + } + ] + }, + { + "bom-ref": "9f5373b01acacc41", + "type": "file", + "name": "/usr/libexec/grepconf.sh", + "hashes": [ + { + "alg": "SHA-1", + "content": "676e6b27856f77ef2f4d401fdcfc8ed46c25020b" + }, + { + "alg": "SHA-256", + "content": "b91c10cb140a1593b37fba2dcab5cddf53c8e2c5104980b2ed7a1b42b7aa7d1b" + } + ] + }, + { + "bom-ref": "065c6ce3e216c867", + "type": "file", + "name": "/usr/libexec/keyboxd", + "hashes": [ + { + "alg": "SHA-1", + "content": "79a0b70430cde458073e8a60ced78ddb0801be94" + }, + { + "alg": "SHA-256", + "content": "15c1d0a42e84a5094d429b93f37186220a4288173fa2c5bc9a8d2a5b8af6587b" + } + ] + }, + { + "bom-ref": "c12db9c09490c941", + "type": "file", + "name": "/usr/libexec/p11-kit/p11-kit-remote", + "hashes": [ + { + "alg": "SHA-1", + "content": "22308d08d710fef01c0d86b09bb62b73dc5fb85e" + }, + { + "alg": "SHA-256", + "content": "0cdd6b349a22932ae1021cae38105908711ecd6ae77c0054838033a5d7bedec7" + } + ] + }, + { + "bom-ref": "7ef56425a25f608f", + "type": "file", + "name": "/usr/libexec/p11-kit/trust-extract-compat", + "hashes": [ + { + "alg": "SHA-1", + "content": "0901ecfb340c91cb7f8b0d6ae6a73a1fd7309290" + }, + { + "alg": "SHA-256", + "content": "e3b9b63689b120e461687c7febc6ab0c3d33d6acd6f943c46113c9ed284b49ac" + } + ] + }, + { + "bom-ref": "354c42ab720de6f2", + "type": "file", + "name": "/usr/libexec/scdaemon", + "hashes": [ + { + "alg": "SHA-1", + "content": "7f055ca27a54d3fb3a7dbf140bc836ec0864982d" + }, + { + "alg": "SHA-256", + "content": "46c51066517183a224049cfc8303c3af8c7df759e9036f01d76abbfc7fd79ded" + } + ] + }, + { + "bom-ref": "602a7edba2b31626", + "type": "file", + "name": "/usr/sbin/addgnupghome", + "hashes": [ + { + "alg": "SHA-1", + "content": "ec930db595f079fefc1def3f6345e06dc5b2f8b5" + }, + { + "alg": "SHA-256", + "content": "5a0b0b80fb7121d408fbd732f278ddaa93dd092bd5551b9b42dfffa5ac28199a" + } + ] + }, + { + "bom-ref": "2ec5b1c87fd0a215", + "type": "file", + "name": "/usr/sbin/applygnupgdefaults", + "hashes": [ + { + "alg": "SHA-1", + "content": "19b7b3ffe3e69f6b17f3bc4f6d6717ea843bf735" + }, + { + "alg": "SHA-256", + "content": "27c38fc03c86c8712ecbaf1ff689ef8061c0e9ab9ca5cf9d98a35b0c49a34a33" + } + ] + }, + { + "bom-ref": "e199d7c82c646f70", + "type": "file", + "name": "/usr/sbin/g13-syshelp", + "hashes": [ + { + "alg": "SHA-1", + "content": "39e5e1e65b4fe341ab0bed190e21b7855b2e6ca1" + }, + { + "alg": "SHA-256", + "content": "98e57e6a162f9cd1b8f0472277ad359fb16c241e854a9d5d3815b0774326d72f" + } + ] + }, + { + "bom-ref": "43f5c8e2c050e9b4", + "type": "file", + "name": "/usr/share/awk/assert.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "988b7bae890aa00936e30a528cd282f35463b5cc" + }, + { + "alg": "SHA-256", + "content": "07f9e0362956d40ea6a92bedd4f292666185d038885387cb00adb5ade1582d93" + } + ] + }, + { + "bom-ref": "a7ff93fae1c38258", + "type": "file", + "name": "/usr/share/awk/bits2str.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "f0e66d5f21580eabedb241107bfa7f84598144eb" + }, + { + "alg": "SHA-256", + "content": "d7529387edb12e4054b384e96bc4911cb3b0e544602fb1e9de8a983f5fd46c5a" + } + ] + }, + { + "bom-ref": "3f9e7beb12691dc7", + "type": "file", + "name": "/usr/share/awk/cliff_rand.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "83aae44c23414de4e961a5899e5bc83f09649fda" + }, + { + "alg": "SHA-256", + "content": "41b20eba1d788cdc7d64c3860315b3bb8613f80b5f7d8f04774c31caef64dd42" + } + ] + }, + { + "bom-ref": "03ded06f5978a219", + "type": "file", + "name": "/usr/share/awk/ctime.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "995c25fb72416266c582c23f0c7430ffb8cc1acd" + }, + { + "alg": "SHA-256", + "content": "cf1b816f600516ec0a4f84901e12c48f44c5309bd6bd7b32f9a17abd026f2b86" + } + ] + }, + { + "bom-ref": "9177f91992e80c85", + "type": "file", + "name": "/usr/share/awk/ftrans.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "6754f46ec10f7681756924cc2ff2901576174412" + }, + { + "alg": "SHA-256", + "content": "9957afaddfec5f2c6bc4f9cb12c576e6c367c1b681a472e91ced9caff5292722" + } + ] + }, + { + "bom-ref": "e01b45f2896e2b8f", + "type": "file", + "name": "/usr/share/awk/getopt.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "c219bd8577d864cfbcce5383b71d0fcd2d613ab3" + }, + { + "alg": "SHA-256", + "content": "0144e3be4c5abc67bdace3b41a03cfea94a778268ca4df7efe5931737306e888" + } + ] + }, + { + "bom-ref": "3ce5c71bd91a6fb8", + "type": "file", + "name": "/usr/share/awk/gettime.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "8b5f919aaa995229b3d35bd3dcf6a55a272ae637" + }, + { + "alg": "SHA-256", + "content": "7baacb670919547d1fc2ec186d6ad937c6f7cc2d03e0b2e8f6802742dc7c6023" + } + ] + }, + { + "bom-ref": "f68d462d6f0dec41", + "type": "file", + "name": "/usr/share/awk/group.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "59f1283139b9ede22bb4946159a57db2ab950206" + }, + { + "alg": "SHA-256", + "content": "dcabe4d2e2f93972471e7eade26a7779e0c160c23570d3b32509433756083073" + } + ] + }, + { + "bom-ref": "504ece9f854051a7", + "type": "file", + "name": "/usr/share/awk/have_mpfr.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "b333a7cb12ddbf6625f3cb68321296aa490063d1" + }, + { + "alg": "SHA-256", + "content": "40d45f7e243e4f7faa1335852c5839fa80c60d70eccd94918cee7edbc58fd9a4" + } + ] + }, + { + "bom-ref": "21f69a66a8e1f30d", + "type": "file", + "name": "/usr/share/awk/inplace.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "49af3c8ab5fc51ce3bf9644a8902cc5aaac828bc" + }, + { + "alg": "SHA-256", + "content": "c9420b8b4cef25e7f7982800a24d7ecdf2708e9514e8d0f48f471b6bdfec7f1e" + } + ] + }, + { + "bom-ref": "cad2d692d922a012", + "type": "file", + "name": "/usr/share/awk/intdiv0.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "b0b21f70c7b88ac4e15570af9fdbf58736a7acf0" + }, + { + "alg": "SHA-256", + "content": "c184f8a175c7226e9c567a8bb91e5e67ed8e239769012ad16f93c48f8e328bfd" + } + ] + }, + { + "bom-ref": "57a23fddeb51a231", + "type": "file", + "name": "/usr/share/awk/join.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "66c87357ce4c55e201e7e6ff5cfbc1795875f30c" + }, + { + "alg": "SHA-256", + "content": "9af26157a40c1e1c09dfa73152e07cbff4c4f4b31b7bf8132572270da6dfc052" + } + ] + }, + { + "bom-ref": "c5d5d77dbb5b491d", + "type": "file", + "name": "/usr/share/awk/libintl.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "d38956139eb1f3848b26e10cac26951fcb637a09" + }, + { + "alg": "SHA-256", + "content": "2b3a65b9053d2f4f08733870ef2cf1b5ee8aeba74dc6b9b1d1610fc0d9ac0eee" + } + ] + }, + { + "bom-ref": "0a88a27a0a532250", + "type": "file", + "name": "/usr/share/awk/noassign.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "286163f5748bd207c1cccec304db9dbb3745515d" + }, + { + "alg": "SHA-256", + "content": "7ffc84e6d111aaf56cb0d3756bbcbd73e2510069ee6fc05bc1ea0e412884663e" + } + ] + }, + { + "bom-ref": "af584ef6a682393d", + "type": "file", + "name": "/usr/share/awk/ns_passwd.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "7c7e1715594a43efb0ce3190414dedc5817cf8b5" + }, + { + "alg": "SHA-256", + "content": "65670dbe643091de33dd490b71609677c875166d0aa59378a6576f979ba9886a" + } + ] + }, + { + "bom-ref": "e2d294e2988586b1", + "type": "file", + "name": "/usr/share/awk/ord.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "87c053430fed042fc413fdbb2f1a9a2f228f4f81" + }, + { + "alg": "SHA-256", + "content": "e7d37acc67a101dd2e23c19ed3f9dfd5d01ea93af63b2ebc8679976e1ef051ce" + } + ] + }, + { + "bom-ref": "604ed35d2e3c3905", + "type": "file", + "name": "/usr/share/awk/passwd.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "94fe0019f12e4cca0bb6995655363e14b3a71a7a" + }, + { + "alg": "SHA-256", + "content": "bdaf71595b473e0cfffaa426f451e1cbeae6d8a9047c5e78cf254b33586ac5eb" + } + ] + }, + { + "bom-ref": "db8886a0050e15b4", + "type": "file", + "name": "/usr/share/awk/processarray.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "a55964177451767adb55da211e29b1fffbf3134c" + }, + { + "alg": "SHA-256", + "content": "ac1e8e8dee8105c5c1ab2a1b87fcb668885473b7e90b7b0c137275742c704166" + } + ] + }, + { + "bom-ref": "eeb961a2a9d5084b", + "type": "file", + "name": "/usr/share/awk/quicksort.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f0f77de69c1cca88a9b36fb65c527a3cb612ee8" + }, + { + "alg": "SHA-256", + "content": "b769b7a892acedcdb98d18c3cf05544d4d85488a0378aaacba0c6e2ddb71bf35" + } + ] + }, + { + "bom-ref": "c57d87b0b5a2fdf1", + "type": "file", + "name": "/usr/share/awk/readable.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "16d49f6cc9809e837c041e15c1bbea974ee48e34" + }, + { + "alg": "SHA-256", + "content": "06e27abeb78eff929cb1f44256f195fe2d86ebb62814f731f420df286c8f1094" + } + ] + }, + { + "bom-ref": "89e5a19c73e3c007", + "type": "file", + "name": "/usr/share/awk/readfile.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "ba25be8407fcb21803e70800e33cc66e4c56f9df" + }, + { + "alg": "SHA-256", + "content": "751d619465eb57c9d6314eb2a97e783ff84ff108cd1c4efeff8f62400dd77609" + } + ] + }, + { + "bom-ref": "a586091b446e0346", + "type": "file", + "name": "/usr/share/awk/rewind.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "a981bfceae29b029950fcd889e9e9af0a163fd68" + }, + { + "alg": "SHA-256", + "content": "878279434b70956b26eca128a0939c1a14da97b1626fe402eb76d44485fbc268" + } + ] + }, + { + "bom-ref": "4faae474a1995428", + "type": "file", + "name": "/usr/share/awk/round.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "ac2465e7f1e5316549d445a12a21896e989e4afe" + }, + { + "alg": "SHA-256", + "content": "28b705d2e2b01cc3ed450cc42e2ff99b058b55ef5a49cbc483aded7bdfa58aff" + } + ] + }, + { + "bom-ref": "ffd67d68e23c19c8", + "type": "file", + "name": "/usr/share/awk/shellquote.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "e843b07b4988ab9f6b9f847d7f891a281f7383b2" + }, + { + "alg": "SHA-256", + "content": "78e7df6e31f55536a4c3853f6d54644877aa892ed7fc6e1d4dc9080284d78565" + } + ] + }, + { + "bom-ref": "ff0ea36e439da173", + "type": "file", + "name": "/usr/share/awk/strtonum.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "4b66da8d9923f57e8da8ce6746cdd007c939f1e9" + }, + { + "alg": "SHA-256", + "content": "abd27d285278e83655617efbd8e09b5f5271dd6ede37847b0ebd6632be2dde74" + } + ] + }, + { + "bom-ref": "af1939bedac4fc42", + "type": "file", + "name": "/usr/share/awk/walkarray.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "54771f1379f65d9b1d01550d191d624d8afe0293" + }, + { + "alg": "SHA-256", + "content": "3a7f02f135e91bbf1c1cd498ea0e1489802d58c83bb4d112c0a407593db31dd8" + } + ] + }, + { + "bom-ref": "0459a6aa08d9b230", + "type": "file", + "name": "/usr/share/awk/zerofile.awk", + "hashes": [ + { + "alg": "SHA-1", + "content": "b34e3b5801b20cfe2f3d3188058b5b7b8a7f3c71" + }, + { + "alg": "SHA-256", + "content": "c20a5e00b43fbfb9ea420da93f64422ce13d4aebb3b725e2ac3ba0102f169bee" + } + ] + }, + { + "bom-ref": "558485814f2546ce", + "type": "file", + "name": "/usr/share/bash-completion/completions/gapplication", + "hashes": [ + { + "alg": "SHA-1", + "content": "a8ce8d6253282622367216c4103e99a4627122f8" + }, + { + "alg": "SHA-256", + "content": "199885a791120de218784b28d189becea2cdbdd1c297e8a4a92602a969857fe7" + } + ] + }, + { + "bom-ref": "63fcf5c880513783", + "type": "file", + "name": "/usr/share/bash-completion/completions/gdbus", + "hashes": [ + { + "alg": "SHA-1", + "content": "b10d7ce36f18627e7610b5fa1f9f56526cb4b645" + }, + { + "alg": "SHA-256", + "content": "819c76693b994a291c175c3d7a394022b7429644794816071ae40b5ca405105e" + } + ] + }, + { + "bom-ref": "2d800e884032c615", + "type": "file", + "name": "/usr/share/bash-completion/completions/gio", + "hashes": [ + { + "alg": "SHA-1", + "content": "a134f412a1a77a1f7ae2a996bf5f96064341695a" + }, + { + "alg": "SHA-256", + "content": "5da96db9ea9295e068a1c6c046b5ee32718489af43a949425b7d8c6cdc2ca493" + } + ] + }, + { + "bom-ref": "47a82969cc47629d", + "type": "file", + "name": "/usr/share/bash-completion/completions/gsettings", + "hashes": [ + { + "alg": "SHA-1", + "content": "26096b914c674eb35632b2dad7ed967726dee6aa" + }, + { + "alg": "SHA-256", + "content": "8b0b278b6e20a401e94afb6164f99f73ee49af70e12e6c7c054a48fc8dccb552" + } + ] + }, + { + "bom-ref": "8696c78b618bb236", + "type": "file", + "name": "/usr/share/bash-completion/completions/p11-kit", + "hashes": [ + { + "alg": "SHA-1", + "content": "cc2413a2f6841811720c23b832d2fee9f9737273" + }, + { + "alg": "SHA-256", + "content": "eb0648a5487f28baa01ac6247de2fc187a25745159bf017054b04e1ce8cc6411" + } + ] + }, + { + "bom-ref": "f977a337241b88a6", + "type": "file", + "name": "/usr/share/bash-completion/completions/trust", + "hashes": [ + { + "alg": "SHA-1", + "content": "8cbc3774e9ff169e5d4a6ec0036636726fe61530" + }, + { + "alg": "SHA-256", + "content": "c4304c6b8c8af29909280a836e26cc6072f6d6994bab6a23efefc4fd7655f03a" + } + ] + }, + { + "bom-ref": "f38158a60f58dcf7", + "type": "file", + "name": "/usr/share/fontconfig/conf.avail/20-unhint-small-dejavu-sans.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "efe047199a3154ded7927e855b0faf545f608f66" + }, + { + "alg": "SHA-256", + "content": "9fd242f22463300d6e365ece9d7a74c9a5442d29bf0c67b2b58f64b8c0303a76" + } + ] + }, + { + "bom-ref": "1e810aa32799dda1", + "type": "file", + "name": "/usr/share/fontconfig/conf.avail/57-dejavu-sans-fonts.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "18779a612da3014b2f6392da793723d741176b32" + }, + { + "alg": "SHA-256", + "content": "f0decf1d9c3c25bae3db27516c40ce3f80616362942c5cf1a3b9a21a1de1a0c8" + } + ] + }, + { + "bom-ref": "4ec017684ca0701e", + "type": "file", + "name": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSans-Bold.ttf", + "hashes": [ + { + "alg": "SHA-1", + "content": "87d3dcf4b666f77c320bd30dcdc8ade33d08c160" + }, + { + "alg": "SHA-256", + "content": "6e118ccd0d61f948ee8fe7674efd977e319929a81c0a92bd3081676cbd9e7d6e" + } + ] + }, + { + "bom-ref": "68a7a1aecef0f0bb", + "type": "file", + "name": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSans-BoldOblique.ttf", + "hashes": [ + { + "alg": "SHA-1", + "content": "ef1263ea79b647e190cee127cab9a1447ff08032" + }, + { + "alg": "SHA-256", + "content": "02eb8bf872f5d62748c2e5580378ea505f0bc64ebfc96ff1f2e1555a7081b09f" + } + ] + }, + { + "bom-ref": "8f422b316d200560", + "type": "file", + "name": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSans-ExtraLight.ttf", + "hashes": [ + { + "alg": "SHA-1", + "content": "068605e7bfe415e5f349a763aafdf6c19b417689" + }, + { + "alg": "SHA-256", + "content": "baea85ba0e558d3999b672844170bee9d43a4d107bbf85a41bc436d0ea1f2ac2" + } + ] + }, + { + "bom-ref": "10e1abf320fef787", + "type": "file", + "name": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSans-Oblique.ttf", + "hashes": [ + { + "alg": "SHA-1", + "content": "d1f533943748a5794c7d591ec37ed6a2a9edd796" + }, + { + "alg": "SHA-256", + "content": "b7f32088fac05f585418f7c6d93951f08968e987a877b4fba96384eb55211181" + } + ] + }, + { + "bom-ref": "b23178d125545f49", + "type": "file", + "name": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSans.ttf", + "hashes": [ + { + "alg": "SHA-1", + "content": "1678de3625fee2cb91585ac30add82f1be092400" + }, + { + "alg": "SHA-256", + "content": "66b8a8ee0a4d1d46ff40f3352b05dbaffb63669c0577096f4a513772d21290f1" + } + ] + }, + { + "bom-ref": "b6ef71dfaf54dd21", + "type": "file", + "name": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed-Bold.ttf", + "hashes": [ + { + "alg": "SHA-1", + "content": "83f785c82118cb52a1e3806663e882161a895d3d" + }, + { + "alg": "SHA-256", + "content": "f24a0c5afd58a647df07b1cd259b87d597fb1b21c76926d227c520321579c1c7" + } + ] + }, + { + "bom-ref": "c3d987af03b2c23d", + "type": "file", + "name": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed-BoldOblique.ttf", + "hashes": [ + { + "alg": "SHA-1", + "content": "78371892eac1374124d067ac681e8bca7b1cec71" + }, + { + "alg": "SHA-256", + "content": "f1bd593e64d302b1e776d0fee1db207f8ce77c3bfaf13e98fffca246ebece1eb" + } + ] + }, + { + "bom-ref": "f868e0e9521cbfd9", + "type": "file", + "name": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed-Oblique.ttf", + "hashes": [ + { + "alg": "SHA-1", + "content": "7f0b43f650a6e29b3b4e2f0e3e1bce28eae42774" + }, + { + "alg": "SHA-256", + "content": "62770f2d0218fb5e839dac94fce530e305aea2c995e688313127b14ba51a8a73" + } + ] + }, + { + "bom-ref": "e03106a16175f05c", + "type": "file", + "name": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed.ttf", + "hashes": [ + { + "alg": "SHA-1", + "content": "b44a6621929bfe826924a50b48083b641a6e4ab6" + }, + { + "alg": "SHA-256", + "content": "16b971ef662a96d3e2d65d1756674c510c3af4dfddd99083dcdfb7aa2acd57c2" + } + ] + }, + { + "bom-ref": "eacb78f0177ac6e1", + "type": "file", + "name": "/usr/share/gnupg/distsigkey.gpg", + "hashes": [ + { + "alg": "SHA-1", + "content": "7f622e5d2234f119ac15213b7d3b300f536803dd" + }, + { + "alg": "SHA-256", + "content": "7f04a82407e2074d57efbac9487b4f1ef9bc23c2a55a44ab4b1c396050251bef" + } + ] + }, + { + "bom-ref": "fadfa2cc594e6ac1", + "type": "file", + "name": "/usr/share/gnupg/sks-keyservers.netCA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "ce86fdbc099e5607ea8a149d760b30c725e299e6" + }, + { + "alg": "SHA-256", + "content": "0666ee848e03a48f3ea7bb008dbe9d63dfde280af82fb4412a04bf4e24cab36b" + } + ] + }, + { + "bom-ref": "0022cc837623aa93", + "type": "file", + "name": "/usr/share/libgpg-error/errorref.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "297b1d47f27ecf5f2b4b625984bf85b85781c103" + }, + { + "alg": "SHA-256", + "content": "feddde721e0488a9ea06eed9d12628ed156ca7645fcbc50f6405f16d858ef908" + } + ] + }, + { + "bom-ref": "6a9d7cb03432b94a", + "type": "file", + "name": "/usr/share/licenses/alternatives/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "alg": "SHA-256", + "content": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "bom-ref": "181d870990e0b987", + "type": "file", + "name": "/usr/share/licenses/bash/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "alg": "SHA-256", + "content": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ] + }, + { + "bom-ref": "334ab95186904be9", + "type": "file", + "name": "/usr/share/licenses/bzip2-libs/LICENSE", + "hashes": [ + { + "alg": "SHA-1", + "content": "ddf157bc55ed6dec9541e4af796294d666cd0926" + }, + { + "alg": "SHA-256", + "content": "c6dbbf828498be844a89eaa3b84adbab3199e342eb5cb2ed2f0d4ba7ec0f38a3" + } + ] + }, + { + "bom-ref": "83a5e806ca6828ee", + "type": "file", + "name": "/usr/share/licenses/coreutils-single/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "alg": "SHA-256", + "content": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ] + }, + { + "bom-ref": "524d8032f81017af", + "type": "file", + "name": "/usr/share/licenses/cyrus-sasl-lib/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "86af2c4321b2d4b4f092b31fd897444a701c0085" + }, + { + "alg": "SHA-256", + "content": "9d6e5d1632140a6c135b251260953650d17d87cd1124f87aaf72192aa4580d4b" + } + ] + }, + { + "bom-ref": "82c2c4328ac0b8d1", + "type": "file", + "name": "/usr/share/licenses/dejavu-sans-fonts/LICENSE", + "hashes": [ + { + "alg": "SHA-1", + "content": "2cba132501cc69b943061ac075153ad475c7e72a" + }, + { + "alg": "SHA-256", + "content": "7a083b136e64d064794c3419751e5c7dd10d2f64c108fe5ba161eae5e5958a93" + } + ] + }, + { + "bom-ref": "5cc4a51ee7c8655e", + "type": "file", + "name": "/usr/share/licenses/dnf/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "alg": "SHA-256", + "content": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "bom-ref": "dc88753ee1f91b36", + "type": "file", + "name": "/usr/share/licenses/dnf/PACKAGE-LICENSING", + "hashes": [ + { + "alg": "SHA-1", + "content": "0445a12ba82a08be59bde464a61176dca779d9d4" + }, + { + "alg": "SHA-256", + "content": "c06f0c7eb611c6d77892bd02832dcae01c9fac292ccd55d205924388e178a35c" + } + ] + }, + { + "bom-ref": "cb8e98a52ae7350a", + "type": "file", + "name": "/usr/share/licenses/file-libs/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f5bf317af31a6dac50b5f5504aa63b59d05442c" + }, + { + "alg": "SHA-256", + "content": "0bfa856a9930bddadbef95d1be1cf4e163c0be618e76ea3275caaf255283e274" + } + ] + }, + { + "bom-ref": "cc34ed57e626e93f", + "type": "file", + "name": "/usr/share/licenses/gawk/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "alg": "SHA-256", + "content": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ] + }, + { + "bom-ref": "c9e4b809beaa97bd", + "type": "file", + "name": "/usr/share/licenses/gawk/LICENSE.BSD", + "hashes": [ + { + "alg": "SHA-1", + "content": "f6e5b0b0e8a21707c3c149e15189e9d9d073e6e9" + }, + { + "alg": "SHA-256", + "content": "fea62a56afb45d77d33fd57599d5936d01bdda60d738e869df795a7392b1b320" + } + ] + }, + { + "bom-ref": "9a3472e293b9bde1", + "type": "file", + "name": "/usr/share/licenses/gawk/LICENSE.GPLv2", + "hashes": [ + { + "alg": "SHA-1", + "content": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "alg": "SHA-256", + "content": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "bom-ref": "eb8d2881557e6d12", + "type": "file", + "name": "/usr/share/licenses/gawk/LICENSE.LGPLv2", + "hashes": [ + { + "alg": "SHA-1", + "content": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "alg": "SHA-256", + "content": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "bom-ref": "c85e4b9dfd628442", + "type": "file", + "name": "/usr/share/licenses/gdbm-libs/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "70e64fe9090c157e441681779e0f31aad34f35cb" + }, + { + "alg": "SHA-256", + "content": "690d762f2e8e149ab1e2d6a409a3853b6151a2533b2382fae549a176d6bedecf" + } + ] + }, + { + "bom-ref": "34f393bc80919207", + "type": "file", + "name": "/usr/share/licenses/glib2/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "alg": "SHA-256", + "content": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "bom-ref": "4c3362aa50faa23f", + "type": "file", + "name": "/usr/share/licenses/glibc/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "alg": "SHA-256", + "content": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "bom-ref": "0c6263baa58699ee", + "type": "file", + "name": "/usr/share/licenses/glibc/COPYING.LIB", + "hashes": [ + { + "alg": "SHA-1", + "content": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "alg": "SHA-256", + "content": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "bom-ref": "6e267a1855234be9", + "type": "file", + "name": "/usr/share/licenses/glibc/LICENSES", + "hashes": [ + { + "alg": "SHA-1", + "content": "7a61ff17323319d01ed2cae913a5febc968d29f3" + }, + { + "alg": "SHA-256", + "content": "b33d0bd9f685b46853548814893a6135e74430d12f6d94ab3eba42fc591f83bc" + } + ] + }, + { + "bom-ref": "4d97ae3ae35a9c5a", + "type": "file", + "name": "/usr/share/licenses/gmp/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "alg": "SHA-256", + "content": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ] + }, + { + "bom-ref": "6eabae886edadff7", + "type": "file", + "name": "/usr/share/licenses/gmp/COPYING.LESSERv3", + "hashes": [ + { + "alg": "SHA-1", + "content": "e7d563f52bf5295e6dba1d67ac23e9f6a160fab9" + }, + { + "alg": "SHA-256", + "content": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + } + ] + }, + { + "bom-ref": "f92ef671d1cffb18", + "type": "file", + "name": "/usr/share/licenses/gmp/COPYINGv2", + "hashes": [ + { + "alg": "SHA-1", + "content": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "alg": "SHA-256", + "content": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "bom-ref": "f8649341444163e6", + "type": "file", + "name": "/usr/share/licenses/gmp/COPYINGv3", + "hashes": [ + { + "alg": "SHA-1", + "content": "e88f6aea9379eb98a7bbea965fc7127a64b41ad9" + }, + { + "alg": "SHA-256", + "content": "e6037104443f9a7829b2aa7c5370d0789a7bda3ca65a0b904cdc0c2e285d9195" + } + ] + }, + { + "bom-ref": "227900176c400f3a", + "type": "file", + "name": "/usr/share/licenses/gnupg2/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "4bc05f7560e1e3ced08b71c93f10abe9e702c3ee" + }, + { + "alg": "SHA-256", + "content": "bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357" + } + ] + }, + { + "bom-ref": "bcaf00ba173110fe", + "type": "file", + "name": "/usr/share/licenses/gnutls/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "alg": "SHA-256", + "content": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ] + }, + { + "bom-ref": "d68d8112761d584e", + "type": "file", + "name": "/usr/share/licenses/gnutls/COPYING.LESSER", + "hashes": [ + { + "alg": "SHA-1", + "content": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "alg": "SHA-256", + "content": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "bom-ref": "d0738c4e72c4921b", + "type": "file", + "name": "/usr/share/licenses/gnutls/LICENSE", + "hashes": [ + { + "alg": "SHA-1", + "content": "1f511bc8132f3904e090af21d25ef3453314b910" + }, + { + "alg": "SHA-256", + "content": "3e043d77917e48e262301b8f880812fcd82236482630a421d555a38804eee643" + } + ] + }, + { + "bom-ref": "21aedef33c6a13c9", + "type": "file", + "name": "/usr/share/licenses/gobject-introspection/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "80fe7119545c554233bbac373a7d8b0104e45cd1" + }, + { + "alg": "SHA-256", + "content": "1b3275b028bcaa77e4580a302ae80473abb97139b84a0e48618be34cd65f8aaa" + } + ] + }, + { + "bom-ref": "a9674222eadcd7f2", + "type": "file", + "name": "/usr/share/licenses/gobject-introspection/COPYING.GPL", + "hashes": [ + { + "alg": "SHA-1", + "content": "dfac199a7539a404407098a2541b9482279f690d" + }, + { + "alg": "SHA-256", + "content": "32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670" + } + ] + }, + { + "bom-ref": "c5fd943acd121228", + "type": "file", + "name": "/usr/share/licenses/gobject-introspection/COPYING.LGPL", + "hashes": [ + { + "alg": "SHA-1", + "content": "bf50bac24e7ec325dbb09c6b6c4dcc88a7d79e8f" + }, + { + "alg": "SHA-256", + "content": "d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5" + } + ] + }, + { + "bom-ref": "c80a36e5dd926d46", + "type": "file", + "name": "/usr/share/licenses/gpgme/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "dfac199a7539a404407098a2541b9482279f690d" + }, + { + "alg": "SHA-256", + "content": "32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670" + } + ] + }, + { + "bom-ref": "d615f7deb40d8890", + "type": "file", + "name": "/usr/share/licenses/gpgme/COPYING.LESSER", + "hashes": [ + { + "alg": "SHA-1", + "content": "0bf81afbc585fd8fa3a9267d33498831f5a5c9c2" + }, + { + "alg": "SHA-256", + "content": "ca0061fc1381a3ab242310e4b3f56389f28e3d460eb2fd822ed7a21c6f030532" + } + ] + }, + { + "bom-ref": "87ae451c23a5ef8a", + "type": "file", + "name": "/usr/share/licenses/gpgme/LICENSES", + "hashes": [ + { + "alg": "SHA-1", + "content": "7f6d7039cb982a2acec77a9d337942283a3875a0" + }, + { + "alg": "SHA-256", + "content": "950fbc07a2b8e34514936ad591544e6857b8e68079c92b78b5f8e997f415208a" + } + ] + }, + { + "bom-ref": "6dba54af8c7facae", + "type": "file", + "name": "/usr/share/licenses/grep/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "alg": "SHA-256", + "content": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ] + }, + { + "bom-ref": "867f228cd495980e", + "type": "file", + "name": "/usr/share/licenses/json-c/AUTHORS", + "hashes": [ + { + "alg": "SHA-1", + "content": "939188993bbdabcd7bcdabedd1728ae6c474cffd" + }, + { + "alg": "SHA-256", + "content": "d9efaaada6d8c2d533cfabaf29bcf27dd987a53166b7e1d447cb2656f47b49ea" + } + ] + }, + { + "bom-ref": "8a3cb5a87d8b3cc3", + "type": "file", + "name": "/usr/share/licenses/json-c/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "0cd23537e3c32497c7b87157b36f9d2eb5fca64b" + }, + { + "alg": "SHA-256", + "content": "74c1e6ca5eba76b54d0ad00d4815c8315c1b3bc45ff99de61d103dc92486284c" + } + ] + }, + { + "bom-ref": "d6e3aa97877dce2f", + "type": "file", + "name": "/usr/share/licenses/json-glib/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "e60c2e780886f95df9c9ee36992b8edabec00bcc" + }, + { + "alg": "SHA-256", + "content": "a190dc9c8043755d90f8b0a75fa66b9e42d4af4c980bf5ddc633f0124db3cee7" + } + ] + }, + { + "bom-ref": "58e69df7e0409835", + "type": "file", + "name": "/usr/share/licenses/keyutils-libs/LICENCE.LGPL", + "hashes": [ + { + "alg": "SHA-1", + "content": "1c39e1d1004475e1237555e21dc8e0a3b70d3ff1" + }, + { + "alg": "SHA-256", + "content": "0d15593e3a8ad90917f8509b5ac1e4b5e5d196434a68029aa9dc0858a4a4c521" + } + ] + }, + { + "bom-ref": "f11be3044d82d8b0", + "type": "file", + "name": "/usr/share/licenses/krb5-libs/LICENSE", + "hashes": [ + { + "alg": "SHA-1", + "content": "63254f2d180b67ee59eeaf23bbe986c939888482" + }, + { + "alg": "SHA-256", + "content": "0d5373486138cb176c063db98274b4c4ab6ef3518c4191360736384b780306c2" + } + ] + }, + { + "bom-ref": "43476dfef7297d78", + "type": "file", + "name": "/usr/share/licenses/libarchive/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "90ba482db24552fe26fffe459bbc350224a79b3a" + }, + { + "alg": "SHA-256", + "content": "b2cdf763345de2de34cebf54394df3c61a105c3b71288603c251f2fa638200ba" + } + ] + }, + { + "bom-ref": "97780ed7a4226be7", + "type": "file", + "name": "/usr/share/licenses/libassuan/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "842745cb706f8f2126506f544492f7a80dbe29b3" + }, + { + "alg": "SHA-256", + "content": "fc82ca8b6fdb18d4e3e85cfd8ab58d1bcd3f1b29abe782895abd91d64763f8e7" + } + ] + }, + { + "bom-ref": "177ad30b4dd8175d", + "type": "file", + "name": "/usr/share/licenses/libassuan/COPYING.LIB", + "hashes": [ + { + "alg": "SHA-1", + "content": "9a1929f4700d2407c70b507b3b2aaf6226a9543c" + }, + { + "alg": "SHA-256", + "content": "a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861" + } + ] + }, + { + "bom-ref": "98fcd3e601d40fd1", + "type": "file", + "name": "/usr/share/licenses/libcap-ng/COPYING.LIB", + "hashes": [ + { + "alg": "SHA-1", + "content": "3ac522f07da0f346b37b29cd73a60f79e992ffba" + }, + { + "alg": "SHA-256", + "content": "f18a0811fa0e220ccbc42f661545e77f0388631e209585ed582a1c693029c6aa" + } + ] + }, + { + "bom-ref": "1cb31a5be70c0358", + "type": "file", + "name": "/usr/share/licenses/libcap/License", + "hashes": [ + { + "alg": "SHA-1", + "content": "1f65128ca2bb6715d81ca6c60f997c997d0ac69e" + }, + { + "alg": "SHA-256", + "content": "088cabde4662b4121258d298b0b2967bc1abffa134457ed9bc4a359685ab92bc" + } + ] + }, + { + "bom-ref": "96396d4d262bdabc", + "type": "file", + "name": "/usr/share/licenses/libcom_err/NOTICE", + "hashes": [ + { + "alg": "SHA-1", + "content": "e7b0a43ab2f7a589ca3bf497fe86e52b15502355" + }, + { + "alg": "SHA-256", + "content": "5da5ef153e559c1d990d4c3eedbedd4442db892d37eae1f35fff069de8ec9020" + } + ] + }, + { + "bom-ref": "b0fa0980073d1886", + "type": "file", + "name": "/usr/share/licenses/libcurl-minimal/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "73bcd04aed1c45b611fd34aaa29e72069a49049b" + }, + { + "alg": "SHA-256", + "content": "6fd1a1c008b5ef4c4741dd188c3f8af6944c14c25afa881eb064f98fb98358e7" + } + ] + }, + { + "bom-ref": "b8f10c1a6f677c7e", + "type": "file", + "name": "/usr/share/licenses/libdnf/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "alg": "SHA-256", + "content": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "bom-ref": "9b1fc29507f6153b", + "type": "file", + "name": "/usr/share/licenses/libevent/LICENSE", + "hashes": [ + { + "alg": "SHA-1", + "content": "0f375374b877550ade2e001905a1f9c9b7128714" + }, + { + "alg": "SHA-256", + "content": "ff02effc9b331edcdac387d198691bfa3e575e7d244ad10cb826aa51ef085670" + } + ] + }, + { + "bom-ref": "1961bfa9d1198d5b", + "type": "file", + "name": "/usr/share/licenses/libffi/LICENSE", + "hashes": [ + { + "alg": "SHA-1", + "content": "bda021b14478d294f531de3766f201960a0bf274" + }, + { + "alg": "SHA-256", + "content": "a61d06e8f7be57928e71e800eb9273b05cb8868c484108afe41e4305bb320dde" + } + ] + }, + { + "bom-ref": "ce9138e160be5543", + "type": "file", + "name": "/usr/share/licenses/libgcc/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "68c94ffc34f8ad2d7bfae3f5a6b996409211c1b1" + }, + { + "alg": "SHA-256", + "content": "231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c" + } + ] + }, + { + "bom-ref": "b82a899b41957e3f", + "type": "file", + "name": "/usr/share/licenses/libgcc/COPYING.LIB", + "hashes": [ + { + "alg": "SHA-1", + "content": "597bf5f9c0904bd6c48ac3a3527685818d11246d" + }, + { + "alg": "SHA-256", + "content": "32434afcc8666ba060e111d715bfdb6c2d5dd8a35fa4d3ab8ad67d8f850d2f2b" + } + ] + }, + { + "bom-ref": "f374ebc3b3ace9d7", + "type": "file", + "name": "/usr/share/licenses/libgcc/COPYING.RUNTIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "c0ad296b24f96e7c77ce564cad2fa1a4f76024d8" + }, + { + "alg": "SHA-256", + "content": "9d6b43ce4d8de0c878bf16b54d8e7a10d9bd42b75178153e3af6a815bdc90f74" + } + ] + }, + { + "bom-ref": "d57ed1f4490e2301", + "type": "file", + "name": "/usr/share/licenses/libgcc/COPYING3", + "hashes": [ + { + "alg": "SHA-1", + "content": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "alg": "SHA-256", + "content": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ] + }, + { + "bom-ref": "220d69e3f8293bbd", + "type": "file", + "name": "/usr/share/licenses/libgcc/COPYING3.LIB", + "hashes": [ + { + "alg": "SHA-1", + "content": "e7d563f52bf5295e6dba1d67ac23e9f6a160fab9" + }, + { + "alg": "SHA-256", + "content": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + } + ] + }, + { + "bom-ref": "afa1339ce3d11f25", + "type": "file", + "name": "/usr/share/licenses/libgcrypt/COPYING.LIB", + "hashes": [ + { + "alg": "SHA-1", + "content": "0bf81afbc585fd8fa3a9267d33498831f5a5c9c2" + }, + { + "alg": "SHA-256", + "content": "ca0061fc1381a3ab242310e4b3f56389f28e3d460eb2fd822ed7a21c6f030532" + } + ] + }, + { + "bom-ref": "cc8e1d8350367ddf", + "type": "file", + "name": "/usr/share/licenses/libgpg-error/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "68c94ffc34f8ad2d7bfae3f5a6b996409211c1b1" + }, + { + "alg": "SHA-256", + "content": "231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c" + } + ] + }, + { + "bom-ref": "14d8cebc04906f0a", + "type": "file", + "name": "/usr/share/licenses/libgpg-error/COPYING.LIB", + "hashes": [ + { + "alg": "SHA-1", + "content": "9a1929f4700d2407c70b507b3b2aaf6226a9543c" + }, + { + "alg": "SHA-256", + "content": "a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861" + } + ] + }, + { + "bom-ref": "b8438551fa0dad99", + "type": "file", + "name": "/usr/share/licenses/libidn2/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "f134eeebdc065e961a7935729cd6fd8fee3a50f2" + }, + { + "alg": "SHA-256", + "content": "73483f797a83373fca1b968c11785b98c4fc4803cdc7d3210811ca8b075d6d76" + } + ] + }, + { + "bom-ref": "8394e4bdb23fc3ec", + "type": "file", + "name": "/usr/share/licenses/libidn2/COPYING.LESSERv3", + "hashes": [ + { + "alg": "SHA-1", + "content": "f45ee1c765646813b442ca58de72e20a64a7ddba" + }, + { + "alg": "SHA-256", + "content": "da7eabb7bafdf7d3ae5e9f223aa5bdc1eece45ac569dc21b3b037520b4464768" + } + ] + }, + { + "bom-ref": "9216d49d4ce2eff9", + "type": "file", + "name": "/usr/share/licenses/libidn2/COPYING.unicode", + "hashes": [ + { + "alg": "SHA-1", + "content": "33ad3570b2dc646e18e97171233bfceda6f7f088" + }, + { + "alg": "SHA-256", + "content": "01d621eef165cf4d3d3dbb737aa0699178d94c6f18cf87e9dde6db3ca7790f46" + } + ] + }, + { + "bom-ref": "1d089c70e8b5b492", + "type": "file", + "name": "/usr/share/licenses/libidn2/COPYINGv2", + "hashes": [ + { + "alg": "SHA-1", + "content": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "alg": "SHA-256", + "content": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "bom-ref": "ab7413a242ae644a", + "type": "file", + "name": "/usr/share/licenses/libksba/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "767d6751e4be6cc860d77a9a8229faae2f25b8cf" + }, + { + "alg": "SHA-256", + "content": "6197b98c6bf69838c624809c509d84333de1bc847155168c0e84527446a27076" + } + ] + }, + { + "bom-ref": "025702a1e5b63e69", + "type": "file", + "name": "/usr/share/licenses/libksba/COPYING.GPLv2", + "hashes": [ + { + "alg": "SHA-1", + "content": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "alg": "SHA-256", + "content": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "bom-ref": "50368cb4892a7855", + "type": "file", + "name": "/usr/share/licenses/libksba/COPYING.GPLv3", + "hashes": [ + { + "alg": "SHA-1", + "content": "e31db874e5b375f0592b02e3e450c9e94086e661" + }, + { + "alg": "SHA-256", + "content": "0abbff814cd00e2b0b6d08395af2b419c1a92026c4b4adacbb65ccda45fa58cf" + } + ] + }, + { + "bom-ref": "1e41d52c1fd496c7", + "type": "file", + "name": "/usr/share/licenses/libksba/COPYING.LGPLv3", + "hashes": [ + { + "alg": "SHA-1", + "content": "f45ee1c765646813b442ca58de72e20a64a7ddba" + }, + { + "alg": "SHA-256", + "content": "da7eabb7bafdf7d3ae5e9f223aa5bdc1eece45ac569dc21b3b037520b4464768" + } + ] + }, + { + "bom-ref": "df99bd0ce5d10c31", + "type": "file", + "name": "/usr/share/licenses/libmodulemd/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "df8b6951986b90ed530a771fd3419725f7eaa4fb" + }, + { + "alg": "SHA-256", + "content": "40afccd95484d483800c17dd18a734518ba36e832841579a1f21dc94fb73bbdf" + } + ] + }, + { + "bom-ref": "b5f96c6e00d259b3", + "type": "file", + "name": "/usr/share/licenses/libmount/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "66319e97eda8747087e9c5292f31c8bc5153c3c8" + }, + { + "alg": "SHA-256", + "content": "5f12c2408a84be40fbff8ad7e281aa4e884fb92ee3f9a61aedf886a9503d3500" + } + ] + }, + { + "bom-ref": "ebf52dcf4e87c111", + "type": "file", + "name": "/usr/share/licenses/libmount/COPYING.LGPL-2.1-or-later", + "hashes": [ + { + "alg": "SHA-1", + "content": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "alg": "SHA-256", + "content": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "bom-ref": "1848dc41d7411a55", + "type": "file", + "name": "/usr/share/licenses/libnghttp2/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "7f6f3c0c08925232459e499d66231cb5da01d811" + }, + { + "alg": "SHA-256", + "content": "6b94f3abc1aabd0c72a7c7d92a77f79dda7c8a0cb3df839a97890b4116a2de2a" + } + ] + }, + { + "bom-ref": "8238f8f0844d48b1", + "type": "file", + "name": "/usr/share/licenses/libpeas/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "3704f4680301a60004b20f94e0b5b8c7ff1484a9" + }, + { + "alg": "SHA-256", + "content": "592987e8510228d546540b84a22444bde98e48d03078d3b2eefcd889bec5ce8c" + } + ] + }, + { + "bom-ref": "bc06f97c1cdad90e", + "type": "file", + "name": "/usr/share/licenses/librepo/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "alg": "SHA-256", + "content": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "bom-ref": "4fa97c5130dd81dc", + "type": "file", + "name": "/usr/share/licenses/librhsm/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "alg": "SHA-256", + "content": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "bom-ref": "f41eeeb12e786c07", + "type": "file", + "name": "/usr/share/licenses/libselinux/LICENSE", + "hashes": [ + { + "alg": "SHA-1", + "content": "16900937e2ec3e0e96dee637f81ad8ef9265605f" + }, + { + "alg": "SHA-256", + "content": "86657b4c0fe868d7cbd977cb04c63b6c667e08fa51595a7bc846ad4bed8fc364" + } + ] + }, + { + "bom-ref": "ba5945950e24531a", + "type": "file", + "name": "/usr/share/licenses/libsemanage/LICENSE", + "hashes": [ + { + "alg": "SHA-1", + "content": "545f380fb332eb41236596500913ff8d582e3ead" + }, + { + "alg": "SHA-256", + "content": "6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3" + } + ] + }, + { + "bom-ref": "de37ebc778a4b974", + "type": "file", + "name": "/usr/share/licenses/libsepol/LICENSE", + "hashes": [ + { + "alg": "SHA-1", + "content": "545f380fb332eb41236596500913ff8d582e3ead" + }, + { + "alg": "SHA-256", + "content": "6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3" + } + ] + }, + { + "bom-ref": "8c8375028cffb497", + "type": "file", + "name": "/usr/share/licenses/libsigsegv/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "c481619eb74665fe9da7bef63c644e302c904459" + }, + { + "alg": "SHA-256", + "content": "8f2983e9a940367f48999881c14775db725ee643bce1e2f1ba195eb629a33cde" + } + ] + }, + { + "bom-ref": "3c0ea2891a5411af", + "type": "file", + "name": "/usr/share/licenses/libsmartcols/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "93e45afdb0d7c3fdd6dfcc951b8a3421660f2811" + }, + { + "alg": "SHA-256", + "content": "f03b01c1251bc3bfee959aea99ed7906a0b08a2ff132d55a1ece18ee573a52a1" + } + ] + }, + { + "bom-ref": "1bc7f120ce61e78d", + "type": "file", + "name": "/usr/share/licenses/libsmartcols/COPYING.LGPL-2.1-or-later", + "hashes": [ + { + "alg": "SHA-1", + "content": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "alg": "SHA-256", + "content": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "bom-ref": "49c83cbafb892a3c", + "type": "file", + "name": "/usr/share/licenses/libsolv/LICENSE.BSD", + "hashes": [ + { + "alg": "SHA-1", + "content": "b965854f0ddcbff41631dee1f018ba72e2f248ff" + }, + { + "alg": "SHA-256", + "content": "57f15acfb29fbef7749779e096a5885c60b716633e34484a21bb717554c0198f" + } + ] + }, + { + "bom-ref": "88e2e21ed60c85a1", + "type": "file", + "name": "/usr/share/licenses/libtasn1/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "alg": "SHA-256", + "content": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ] + }, + { + "bom-ref": "14d6b8c8ff89b95e", + "type": "file", + "name": "/usr/share/licenses/libtasn1/COPYING.LESSER", + "hashes": [ + { + "alg": "SHA-1", + "content": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "alg": "SHA-256", + "content": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "bom-ref": "d00550d0a2acf914", + "type": "file", + "name": "/usr/share/licenses/libtasn1/LICENSE", + "hashes": [ + { + "alg": "SHA-1", + "content": "42d6b117e9e1eee10eb77f99b640d1667417b19e" + }, + { + "alg": "SHA-256", + "content": "7446831f659f7ebfd8d497acc7f05dfa8e31c6cb6ba1b45df33d4895ab80f5a6" + } + ] + }, + { + "bom-ref": "d43cff324ed877ee", + "type": "file", + "name": "/usr/share/licenses/libunistring/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "alg": "SHA-256", + "content": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ] + }, + { + "bom-ref": "bf3b33b89a3fbb84", + "type": "file", + "name": "/usr/share/licenses/libunistring/COPYING.LIB", + "hashes": [ + { + "alg": "SHA-1", + "content": "e7d563f52bf5295e6dba1d67ac23e9f6a160fab9" + }, + { + "alg": "SHA-256", + "content": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + } + ] + }, + { + "bom-ref": "fd14e35ef9e39d9a", + "type": "file", + "name": "/usr/share/licenses/libusbx/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "caeb68c46fa36651acf592771d09de7937926bb3" + }, + { + "alg": "SHA-256", + "content": "5df07007198989c622f5d41de8d703e7bef3d0e79d62e24332ee739a452af62a" + } + ] + }, + { + "bom-ref": "d57093f10f5ee2d8", + "type": "file", + "name": "/usr/share/licenses/libuuid/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "0f9bab778ad683b9046a4c2a69e12fcc1e0144e1" + }, + { + "alg": "SHA-256", + "content": "5068749ee9c2f2c545af4a4de9fde3c39dc8d90af47cc0b3a42700116f9b7e71" + } + ] + }, + { + "bom-ref": "5788a17f6149e070", + "type": "file", + "name": "/usr/share/licenses/libuuid/COPYING.BSD-3-Clause", + "hashes": [ + { + "alg": "SHA-1", + "content": "e5c9f3867b9251dcd2d97a4d1dffaa38afe6625d" + }, + { + "alg": "SHA-256", + "content": "9b718a9460fed5952466421235bc79eb49d4e9eacc920d7a9dd6285ab8fd6c6d" + } + ] + }, + { + "bom-ref": "6bd46b35ec7e0e19", + "type": "file", + "name": "/usr/share/licenses/libverto/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "4178c9d72828ce9f35fa1e7e6756d66ced8caef3" + }, + { + "alg": "SHA-256", + "content": "ee2f49235ed5947ace182dcb3aba92655aeafab4f3a33c98a9c6d75a6a238480" + } + ] + }, + { + "bom-ref": "0b17479f01b63ffd", + "type": "file", + "name": "/usr/share/licenses/libxcrypt/AUTHORS", + "hashes": [ + { + "alg": "SHA-1", + "content": "a8337508003a9e67120868b03893f75b57287d35" + }, + { + "alg": "SHA-256", + "content": "6d1e45c055b6d9e9bf4e9521419eb3dee4ca42a02dd4d824beaaad476dacfdca" + } + ] + }, + { + "bom-ref": "1f2e76756034330a", + "type": "file", + "name": "/usr/share/licenses/libxcrypt/COPYING.LIB", + "hashes": [ + { + "alg": "SHA-1", + "content": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "alg": "SHA-256", + "content": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "bom-ref": "64898a35c1ce7274", + "type": "file", + "name": "/usr/share/licenses/libxcrypt/LICENSING", + "hashes": [ + { + "alg": "SHA-1", + "content": "0ad959fc0079aa1dd3ec87113680c7fce48f19f9" + }, + { + "alg": "SHA-256", + "content": "f8198fcc4f002bf54512bac2e68e1e3f04af7d105f4f4f98d7d22cb110e04715" + } + ] + }, + { + "bom-ref": "a568d61394aed97b", + "type": "file", + "name": "/usr/share/licenses/libxml2/Copyright", + "hashes": [ + { + "alg": "SHA-1", + "content": "3c21506a45e8d0171fc92fd4ff6903c13adde660" + }, + { + "alg": "SHA-256", + "content": "c5c63674f8a83c4d2e385d96d1c670a03cb871ba2927755467017317878574bd" + } + ] + }, + { + "bom-ref": "05062048799b19bf", + "type": "file", + "name": "/usr/share/licenses/libyaml/License", + "hashes": [ + { + "alg": "SHA-1", + "content": "e99e74d048726c39136dc992f1fb5998972e3b4e" + }, + { + "alg": "SHA-256", + "content": "c40112449f254b9753045925248313e9270efa36d226b22d82d4cc6c43c57f29" + } + ] + }, + { + "bom-ref": "282764f7cd534318", + "type": "file", + "name": "/usr/share/licenses/microdnf/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "alg": "SHA-256", + "content": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "bom-ref": "929c01b4e14e02b9", + "type": "file", + "name": "/usr/share/licenses/mpfr/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "alg": "SHA-256", + "content": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ] + }, + { + "bom-ref": "3159c5c8e6dbee23", + "type": "file", + "name": "/usr/share/licenses/mpfr/COPYING.LESSER", + "hashes": [ + { + "alg": "SHA-1", + "content": "a8a12e6867d7ee39c21d9b11a984066099b6fb6b" + }, + { + "alg": "SHA-256", + "content": "e3a994d82e644b03a792a930f574002658412f62407f5fee083f2555c5f23118" + } + ] + }, + { + "bom-ref": "5b03fcebec1ce207", + "type": "file", + "name": "/usr/share/licenses/ncurses-base/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "6fa46ec6c9af4633d29bdc2bf91e56c93c6431e3" + }, + { + "alg": "SHA-256", + "content": "87a4c4442337b8968ef956031c406b74f9cb7149b7ba87311bdaba534816201c" + } + ] + }, + { + "bom-ref": "ee2836613968619b", + "type": "file", + "name": "/usr/share/licenses/npth/COPYING.LIB", + "hashes": [ + { + "alg": "SHA-1", + "content": "2c378b484c6da96db8f05f9bd795fcf5ddad0205" + }, + { + "alg": "SHA-256", + "content": "ce64d5f7b49ea6d80fdb6d4cdee6839d1a94274f7493dc797c3b55b65ec8e9ed" + } + ] + }, + { + "bom-ref": "99f0b08099ad078a", + "type": "file", + "name": "/usr/share/licenses/p11-kit/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "6745330da3e7bde244b20b96a42eae659644e731" + }, + { + "alg": "SHA-256", + "content": "2e1ba993904df807a10c3eda1e5c272338edc35674b679773a8b3ad460731054" + } + ] + }, + { + "bom-ref": "86721dcc9a419b3e", + "type": "file", + "name": "/usr/share/licenses/pcre/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "495a1e12b07adcc0ff0eb6fad218539bb9fc805d" + }, + { + "alg": "SHA-256", + "content": "17abe1dbb92b21ab173cf9757dd57b0b15cd8d863b2ccdef635fdbef03077fb0" + } + ] + }, + { + "bom-ref": "a0aff6935cc99500", + "type": "file", + "name": "/usr/share/licenses/pcre/LICENCE", + "hashes": [ + { + "alg": "SHA-1", + "content": "11ff082389982b8168263850db69199065f2028d" + }, + { + "alg": "SHA-256", + "content": "0dd9c13864dbb9ee4d77a1557e96be29b2d719fb6584192ee36611aae264c4a3" + } + ] + }, + { + "bom-ref": "058a5272ca28051a", + "type": "file", + "name": "/usr/share/licenses/pcre2-syntax/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "13294eaa0d7dc726a2fa73eef7a4a140cd9630f4" + }, + { + "alg": "SHA-256", + "content": "99272c55f3dcfa07a8a7e15a5c1a33096e4727de74241d65fa049fccfdd59507" + } + ] + }, + { + "bom-ref": "95b49113891e48c8", + "type": "file", + "name": "/usr/share/licenses/pcre2-syntax/LICENCE", + "hashes": [ + { + "alg": "SHA-1", + "content": "1e8d975c810890664d6ed3700fa41e135563bda6" + }, + { + "alg": "SHA-256", + "content": "87d884eceb7fc54611470ce9f74280d28612b0c877adfc767e9676892a638987" + } + ] + }, + { + "bom-ref": "f36b0135a6b24d42", + "type": "file", + "name": "/usr/share/licenses/popt/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "61bb7a8ea669080cfc9e7dbf37079eae70b535fb" + }, + { + "alg": "SHA-256", + "content": "518d4f2a05064cb9a8ec0ea02e86408af4feed6916f78ef42171465db8b383c5" + } + ] + }, + { + "bom-ref": "877484d5d72064a0", + "type": "file", + "name": "/usr/share/licenses/readline/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "alg": "SHA-256", + "content": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ] + }, + { + "bom-ref": "5a61db40e1e1ecca", + "type": "file", + "name": "/usr/share/licenses/readline/USAGE", + "hashes": [ + { + "alg": "SHA-1", + "content": "246e63b4576f6b9d3d78dcc61552641fe6316cc4" + }, + { + "alg": "SHA-256", + "content": "0759c74d61889b687f33cb03899630d8ecc09c5ebe7cedd2dd2e17eeef193f93" + } + ] + }, + { + "bom-ref": "78dfd94ad0b5da76", + "type": "file", + "name": "/usr/share/licenses/rpm/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "588760a9f446cebfc4b61485cd09cd768908337f" + }, + { + "alg": "SHA-256", + "content": "171d94d9f1641316bff7f157a903237dc69cdb5fca405fed8c832c76ed8370f9" + } + ] + }, + { + "bom-ref": "9d448763622f504d", + "type": "file", + "name": "/usr/share/licenses/sed/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "0dd432edfab90223f22e49c02e2124f87d6f0a56" + }, + { + "alg": "SHA-256", + "content": "e79e9c8a0c85d735ff98185918ec94ed7d175efc377012787aebcf3b80f0d90b" + } + ] + }, + { + "bom-ref": "5b9e86a686ed2319", + "type": "file", + "name": "/usr/share/licenses/setup/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "205c331ae337b00f56204126f4e3195adba32c7b" + }, + { + "alg": "SHA-256", + "content": "628095e1ef656bbe9034cf5bfa3c220880a16cd0ceea25b17cd2198ea3503e03" + } + ] + }, + { + "bom-ref": "f94fae61ddaf4f6c", + "type": "file", + "name": "/usr/share/licenses/systemd/LICENSE.LGPL2.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "alg": "SHA-256", + "content": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "bom-ref": "d1548084e38b4f04", + "type": "file", + "name": "/usr/share/licenses/xz-libs/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "66933e63e70616b43f1dc60340491f8e050eedfd" + }, + { + "alg": "SHA-256", + "content": "bcb02973ef6e87ea73d331b3a80df7748407f17efdb784b61b47e0e610d3bb5c" + } + ] + }, + { + "bom-ref": "c41400570a0ae433", + "type": "file", + "name": "/usr/share/licenses/zlib/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "e1e1b075ae4ad6d628468e7dd40d9ec512ff9d10" + }, + { + "alg": "SHA-256", + "content": "7960b6b1cc63e619abb77acaea5427159605afee8c8b362664f4effc7d7f7d15" + } + ] + }, + { + "bom-ref": "e98ab666782456f4", + "type": "file", + "name": "/usr/share/metainfo/org.fedoraproject.LangPack-Core-Font-en.metainfo.xml", + "hashes": [ + { + "alg": "SHA-1", + "content": "6494351e87c01b3e4409e333e7c8e87b5f950732" + }, + { + "alg": "SHA-256", + "content": "be64c7e7cca4e95d49d067a22b0bc30622349d798696271a15759b7008f08fde" + } + ] + }, + { + "bom-ref": "c3b61ebf351721f4", + "type": "file", + "name": "/usr/share/metainfo/org.fedoraproject.LangPack-Core-en.metainfo.xml", + "hashes": [ + { + "alg": "SHA-1", + "content": "bbbd19e285d8d567a19b58c9267ed68f04abf5d0" + }, + { + "alg": "SHA-256", + "content": "d0ba061c715c73b91d2be66ab40adfab510ed4e69cf5d40970733e211de38ce6" + } + ] + }, + { + "bom-ref": "66e657ce713db75b", + "type": "file", + "name": "/usr/share/metainfo/org.fedoraproject.LangPack-en.metainfo.xml", + "hashes": [ + { + "alg": "SHA-1", + "content": "3898c0c6353d8d4871e89dbb04f05e5bdb11fa4c" + }, + { + "alg": "SHA-256", + "content": "3d8d5f74443d23b5a2d5f36ffa1937389d8960cdc748a1a1a88d061fd0e6e13b" + } + ] + }, + { + "bom-ref": "be8b1ad0cdc10508", + "type": "file", + "name": "/usr/share/metainfo/org.fedoraproject.dejavu-sans-fonts.metainfo.xml", + "hashes": [ + { + "alg": "SHA-1", + "content": "43b7e5d1ba4b65989a5bfbaed80e762da82b7883" + }, + { + "alg": "SHA-256", + "content": "32c72364ee554c4809cb06a4e4550d8cb5670b50648f0f3981a94dbfbb79efce" + } + ] + }, + { + "bom-ref": "42849d310597b27b", + "type": "file", + "name": "/usr/share/misc/magic", + "hashes": [ + { + "alg": "SHA-1", + "content": "0c15e6f907cc38c8aeaabc907639717d9ab2caaf" + }, + { + "alg": "SHA-256", + "content": "61779c6b6e4d51b0d16cc256bac9eb5b2f19bdf06b718e95778509c92b7b569d" + } + ] + }, + { + "bom-ref": "b8d036a3b338b686", + "type": "file", + "name": "/usr/share/misc/magic.mgc", + "hashes": [ + { + "alg": "SHA-1", + "content": "251b1c0acb6ee1b8025186460dacfc73f9be8e7a" + }, + { + "alg": "SHA-256", + "content": "56fece27ef5fb57bbec05f9b0964ad3af68723e85d4271cf4dc7b489038b6b2a" + } + ] + }, + { + "bom-ref": "e99e8977d610e2df", + "type": "file", + "name": "/usr/share/p11-kit/modules/p11-kit-trust.module", + "hashes": [ + { + "alg": "SHA-1", + "content": "4e42aebedeb09380a0dee0d9520dfe5a1f3f1e44" + }, + { + "alg": "SHA-256", + "content": "c9bcaa8b0366e2bef1e89fb6af4f084932d53c76da846100824015f89ff75b31" + } + ] + }, + { + "bom-ref": "3647d85aef6052d4", + "type": "file", + "name": "/var/lib/rpm/.rpm.lock" + }, + { + "bom-ref": "3bc0077c49d2950e", + "type": "file", + "name": "/etc/default/useradd", + "hashes": [ + { + "alg": "SHA-1", + "content": "6f1f531b22afb49512a303bfb127274372543352" + }, + { + "alg": "SHA-256", + "content": "b121fd1b90c1a2fb6081a137dd7b441c7e7fec61bc17ca60db401a952d7b8825" + } + ] + }, + { + "bom-ref": "3aa1742f2e3585c3", + "type": "file", + "name": "/etc/dnf/protected.d/redhat-release.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "058cfa312d9fd6a38756cea360ad03dbd6f2fcdd" + }, + { + "alg": "SHA-256", + "content": "942298c770f9afd8303dffda64d89fb57c8d06e8a37fcc285951682afc5a88b7" + } + ] + }, + { + "bom-ref": "e797ce9f0d1cdb1c", + "type": "file", + "name": "/etc/issue", + "hashes": [ + { + "alg": "SHA-1", + "content": "5c76e3b565c91e21bee303f15c728c71e6b39540" + }, + { + "alg": "SHA-256", + "content": "188029a4a5fc320b6157195899bf6d424610d385949a857a811d992602fa48c9" + } + ] + }, + { + "bom-ref": "402ed8348f10e3ff", + "type": "file", + "name": "/etc/issue.net", + "hashes": [ + { + "alg": "SHA-1", + "content": "95fee903a60d67d0bc0f1c11b909ec0527c2b39d" + }, + { + "alg": "SHA-256", + "content": "17657f4ee63966a9c7687e97028b9ca514f6e9bcbefec4b7f4e81ac861eb3483" + } + ] + }, + { + "bom-ref": "485cebdb5c8d2a32", + "type": "file", + "name": "/etc/krb5.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "1e0f9955d21eebb477f02328e9789d5ab53d643e" + }, + { + "alg": "SHA-256", + "content": "87fa5619a6494774d5ea569df972a95691974cfed439f1e0f0e8dcb54cac5cb4" + } + ] + }, + { + "bom-ref": "ce2591a5f235263b", + "type": "file", + "name": "/etc/libaudit.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "f86b14eb6371b0d99b968dabc1b853b99530cb8a" + }, + { + "alg": "SHA-256", + "content": "d48318c90620fde96cb6a8e6eb1eb64663b21200f9d1d053f9e3b4fce24a2543" + } + ] + }, + { + "bom-ref": "4bbbca48a63a9a75", + "type": "file", + "name": "/etc/login.defs", + "hashes": [ + { + "alg": "SHA-1", + "content": "2daf6aa2130e0d1585d2f4336a65275adf67d9c3" + }, + { + "alg": "SHA-256", + "content": "b8caab091c2b4a4b8194a438ff5df718d3c469362ac92a1901dc308eeac5a91e" + } + ] + }, + { + "bom-ref": "bf8b332a7275c03b", + "type": "file", + "name": "/etc/openldap/ldap.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "767578de65b6f21acb7d5299881e9e00b6cad314" + }, + { + "alg": "SHA-256", + "content": "3bea281bbd267ed31c02249d9ce4c7659d764c6c36b0f0c81a39e4c810236eb2" + } + ] + }, + { + "bom-ref": "cc1dd49bb25490aa", + "type": "file", + "name": "/etc/pki/ca-trust/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "4c0ea7b4623886d2246b9b113fafd1670ba42cb1" + }, + { + "alg": "SHA-256", + "content": "6c7b9287c41c171c64b358fc7331b8a9ae969fc2d00d997d88bcbf4da0de598a" + } + ] + }, + { + "bom-ref": "59abd7dfd624e787", + "type": "file", + "name": "/etc/pki/ca-trust/ca-legacy.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "b28450f457cc833ecf7af7dbe4d6c1feb0ec4208" + }, + { + "alg": "SHA-256", + "content": "400b96da374503fa6b6350a867347082d0c90e05ba4d02cc6b51b11229199c4d" + } + ] + }, + { + "bom-ref": "91b647bbbba6deb5", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "3c68219ad0bbe17c9773c5701ab34ad4d08a01a6" + }, + { + "alg": "SHA-256", + "content": "146ff96c60a8ee32bbcf2da59d624d6ecfbab7ef7442529d46d8d63064d8ca58" + } + ] + }, + { + "bom-ref": "9fa29831a822e32d", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/edk2/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "751dd2582a3cc4bbb46f9ea1145bd8e3f59c6e6f" + }, + { + "alg": "SHA-256", + "content": "757c28eddb0634b74e6482d16324193be27eee41864c1f96c447020dae14b44f" + } + ] + }, + { + "bom-ref": "0015d10e62088f4c", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/edk2/cacerts.bin", + "hashes": [ + { + "alg": "SHA-1", + "content": "932b7df8a8175341fdceda0ad888ce8cbf3ed356" + }, + { + "alg": "SHA-256", + "content": "10d123f5c252a9b611aeda90281aca0dcf1b6c63698e6a5ae7080fe36ff83801" + } + ] + }, + { + "bom-ref": "0b4db8d1d6ef42ec", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/java/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "6f501ecef2660fe2ad027b83a8165fbfce71ea27" + }, + { + "alg": "SHA-256", + "content": "7bb8781320fb3ff84e76c7e7e4a9c3813879c4f1943710a3b0140b31efacfd32" + } + ] + }, + { + "bom-ref": "32c35a9235c07703", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/java/cacerts", + "hashes": [ + { + "alg": "SHA-1", + "content": "12e619fb3488b917f364d5baed4ce3df0b481dcc" + }, + { + "alg": "SHA-256", + "content": "ac3d53042f3cb667a779807a09226c3be396ceeb9d11943ade3208d5a6058b07" + } + ] + }, + { + "bom-ref": "c75545382b15487f", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/openssl/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "1b007d0cde2d4791df3363c6fa6a22f0263031a4" + }, + { + "alg": "SHA-256", + "content": "6c812d1ec8ce5bde2216cc42be33021d6345fbea05c14f50c52191a38c175ea9" + } + ] + }, + { + "bom-ref": "1927e8c59b24fe60", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt", + "hashes": [ + { + "alg": "SHA-1", + "content": "55e15e632fb262a4a6d9850a764aceaabc47ab9c" + }, + { + "alg": "SHA-256", + "content": "5a8e566a20336ec17ea7c0d71b8749f03b29f9ddf77ff733dfaf6782c28c56e6" + } + ] + }, + { + "bom-ref": "7d7490fa611754ad", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "2e9c850350cb6adc069c023f9a619d08377bdcbd" + }, + { + "alg": "SHA-256", + "content": "27362e773c8b6bb065a455a66badb05e2652720bab8ade9ab91f0404cf827dab" + } + ] + }, + { + "bom-ref": "e89e0020249dd0a9", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/ACCVRAIZ1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "620fa298774c61bc147e4766753252267a4d9c9d" + }, + { + "alg": "SHA-256", + "content": "04846f73d9d0421c60076fd02bad7f0a81a3f11a028d653b0de53290e41dcead" + } + ] + }, + { + "bom-ref": "ae69d9be7bd46a62", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/AC_RAIZ_FNMT-RCM.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "ceb43c8ebea65e461729f071ad2f4ef62a831ba1" + }, + { + "alg": "SHA-256", + "content": "aa18ea4c9a8441a461bb436a1c90beb994ac841980b8fd62c72de9a62ddf8ae3" + } + ] + }, + { + "bom-ref": "a1ad3775f61392a3", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f6fa356c7ad3ab1ddee68e9d4a43d76aebed253" + }, + { + "alg": "SHA-256", + "content": "8e3f237813d3f3e2f5767bc2a694a7557f84bb79fd60ef1adc25afd0c1fc5ef6" + } + ] + }, + { + "bom-ref": "d361bb2407bda534", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/ANF_Secure_Server_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "86c697b354c67874c5fffdadca5d70896d23730c" + }, + { + "alg": "SHA-256", + "content": "efb2df6e0075fa74e448077e402d171851b2ffe4668a614adc00dcbc75633afd" + } + ] + }, + { + "bom-ref": "0582c63d360ee85d", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Actalis_Authentication_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "511ca95607022a99ed8e68bd63f136c4854cefcb" + }, + { + "alg": "SHA-256", + "content": "c6d25347727f267774611677588d76f8a54a6e14d3e99dd69ef2c20612ed87c5" + } + ] + }, + { + "bom-ref": "8ec53f46a05edb5f", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Commercial.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "31629611efda355cdc62783bd61e91aa0ba20aa6" + }, + { + "alg": "SHA-256", + "content": "7108110fdaf19e3e5a7ed8fa38557248e79fe78bb2e9eefe7a0bb801cbfd2db7" + } + ] + }, + { + "bom-ref": "182fdfb202e298d5", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Networking.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "87a9857563967d59ccbe51e4a8fc2ba2fda1e919" + }, + { + "alg": "SHA-256", + "content": "b68109f50ba0abed3b938afebd2ab42a2f5089062c59e9fc74425e2742d894bc" + } + ] + }, + { + "bom-ref": "71894ac0e3522f7c", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Premium.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "2a47bba1a7198f3b61b179239dadc8b6d9555887" + }, + { + "alg": "SHA-256", + "content": "94c88202bf2c13c68b90d124f93f62374f36776b0bfbc110c6d06f829290b580" + } + ] + }, + { + "bom-ref": "744baa7aa5e8d192", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Premium_ECC.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "4078832c8e87e1552a61d2f27e38917f143c8919" + }, + { + "alg": "SHA-256", + "content": "42f0e946149ae0e0c6a1fb0e33150ce863479b2ef7b3c700161102ad1dcb34c1" + } + ] + }, + { + "bom-ref": "09545d087772de76", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "f0d2d251ef5ee84b8e05d8012056a1495fcf34b3" + }, + { + "alg": "SHA-256", + "content": "2c43952ee9e000ff2acc4e2ed0897c0a72ad5fa72c3d934e81741cbd54f05bd1" + } + ] + }, + { + "bom-ref": "b94eaca0dedd811c", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "323b7b4a10c0d8da198a3e8c059c9bec24f4932d" + }, + { + "alg": "SHA-256", + "content": "a3a7fe25439d9a9b50f60af43684444d798a4c869305bf615881e5c84a44c1a2" + } + ] + }, + { + "bom-ref": "62810776df7db742", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_3.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "2e7153a81fb98a0fbb508b3b93829e4e9eda5d23" + }, + { + "alg": "SHA-256", + "content": "3eb7c3258f4af9222033dc1bb3dd2c7cfa0982b98e39fb8e9dc095cfeb38126c" + } + ] + }, + { + "bom-ref": "aa7d9b28187b65d2", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_4.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "d9ac8e9773360d16d95225747626873e81aa9fd6" + }, + { + "alg": "SHA-256", + "content": "b0b7961120481e33670315b2f843e643c42f693c7a1010eb9555e06ddc730214" + } + ] + }, + { + "bom-ref": "561baef31372130f", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Atos_TrustedRoot_2011.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "3e7bf149a7cd32271ef18328a22c766bdb192c76" + }, + { + "alg": "SHA-256", + "content": "79e9f88ab505186e36f440c88bc37e103e1a9369a0ebe382c4a04bd70b91c027" + } + ] + }, + { + "bom-ref": "78447ed4edd2842a", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "21d7491620f569f125ea6750fbc51e0d68865eaf" + }, + { + "alg": "SHA-256", + "content": "970d70366b2f8c29ac71c8f71689ddd8fd321208a5ededbb2d784af33799a0f6" + } + ] + }, + { + "bom-ref": "50a066f8ec10e833", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "8943e4a8481b0339e69f0e7cd54c324eb3cbb03f" + }, + { + "alg": "SHA-256", + "content": "980dc408dd2def2d7930bec10c48e256d115f636c403b631ffb93558dacf5571" + } + ] + }, + { + "bom-ref": "14f7f0a29e08b2ce", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "d0cd024f9827c0b9834235e9517e932ce76009a0" + }, + { + "alg": "SHA-256", + "content": "a618213c5dd7cbb59b3154de7241d7255333a0619cf434329becae876ce6e331" + } + ] + }, + { + "bom-ref": "d158af0f907a075a", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/BJCA_Global_Root_CA1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "22841f1345277d606ed6dd3c42565e0ca907cc76" + }, + { + "alg": "SHA-256", + "content": "08e1a8115accf7ce400a3f98fc31dbab522a3ed3644ca48389b4899e2d794f1a" + } + ] + }, + { + "bom-ref": "cb569fa58f58ac94", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/BJCA_Global_Root_CA2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "ba8137e853314ecd084532bfa3e5d63c79a3ec29" + }, + { + "alg": "SHA-256", + "content": "6c58125f88a4ff83d40e6b58c5532ea905be4daf1ec7da7f4542af3d34855340" + } + ] + }, + { + "bom-ref": "d49d21277e12004a", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Buypass_Class_2_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "0a3e41e74e9a4137036525f0c2fd6d8edfdc7c39" + }, + { + "alg": "SHA-256", + "content": "9c2a7510e01aec2c9b8cc2c9d03b16576858a93863a6d0a31a2ac05f47f5dbe1" + } + ] + }, + { + "bom-ref": "85bd2ba5b1ebf7e9", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Buypass_Class_3_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "5b889430b7dd1517c94f87b77175c5af957b15a4" + }, + { + "alg": "SHA-256", + "content": "8db5b7c8f058c56a8d033c2443d34fdfd3656150eaa73fe63c65161e7063ce99" + } + ] + }, + { + "bom-ref": "e7307252140f3444", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/CA_Disig_Root_R2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "71a23868abee32d53d2573dc73b82e0b77d76fb8" + }, + { + "alg": "SHA-256", + "content": "8adefca890c92e6d0877fdcba07655296852217da657026aea69ee547642528c" + } + ] + }, + { + "bom-ref": "73f4503d64a66d9a", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/CFCA_EV_ROOT.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "96828202bc5c8db6f4f56b4d81a2553c108ce23a" + }, + { + "alg": "SHA-256", + "content": "94e4ab21333740d7ed0f2b5007744e5cf6792c0ddf4c6bdfb3ce8333010e7306" + } + ] + }, + { + "bom-ref": "940ffac4f8480d15", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/COMODO_Certification_Authority.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "b4b9dc9cf470c66b1e9e53c3029a07a941898185" + }, + { + "alg": "SHA-256", + "content": "e273097c7c57cb7cbb908057991ae1774d4e1e8c6a062fb6be9e6645b32fb431" + } + ] + }, + { + "bom-ref": "d65a8a096859eeaa", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/COMODO_ECC_Certification_Authority.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "e99968bdee964aeabd2f025ccabe1d1085b2f88c" + }, + { + "alg": "SHA-256", + "content": "d69f7b57250536f57ffba92cffe82a8bbcb16e03a9a2607ec967f362ce83f9ce" + } + ] + }, + { + "bom-ref": "68df5c1193377790", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/COMODO_RSA_Certification_Authority.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "f406946f4a9b379d4af9847451ca01dc40cfb968" + }, + { + "alg": "SHA-256", + "content": "24b0d4292dacb02efc38542838e378bc35f040dcd21bebfddbc82dc7feb2876d" + } + ] + }, + { + "bom-ref": "23b3a0ffd6f381af", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certainly_Root_E1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "bcbe678ccaafd4dafae76ff27858163acdad7d0a" + }, + { + "alg": "SHA-256", + "content": "1b28a5568648fef0d3faeb916cb7bdb054724cb3b5a00c6bfd3d8a2fba7a8bba" + } + ] + }, + { + "bom-ref": "2af87fae7d870d72", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certainly_Root_R1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "f2a61f2c7fcc32cf79611fdc2e1a1a774922dfc7" + }, + { + "alg": "SHA-256", + "content": "0c78902126532fde9eed4b2d8b6a2c9bbaa8b3abc59f233c45c6cb5514a9f808" + } + ] + }, + { + "bom-ref": "ee1f4013048d2e22", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certigna.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "fe5df407c4cba70f49928410bf55df03d1e2732f" + }, + { + "alg": "SHA-256", + "content": "d1e1969cdbc656bb4c568116fe2d9b4f8b02b170dc20193b86a26c046f4b35a7" + } + ] + }, + { + "bom-ref": "b0bfd10354716753", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certigna_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "55d0638baee7a6144b8e3c028c24ee1127202c3c" + }, + { + "alg": "SHA-256", + "content": "fe3b44c18182e167121a2c645cecc4817441d469dc00633e60fe8476f9e1ad96" + } + ] + }, + { + "bom-ref": "656c280d47bd952e", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certum_EC-384_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "22dbd35fe494149e558aa745ec3114396ce7788a" + }, + { + "alg": "SHA-256", + "content": "c4a426fe57a7e4e6966e2103f2941eb7263e7c35727dd0f412bd593467304999" + } + ] + }, + { + "bom-ref": "a4045bf2b74d58b0", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certum_Trusted_Network_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "76c3afd5eaf8d5cbf250f08b923fbf9085c6793e" + }, + { + "alg": "SHA-256", + "content": "43f1bade6454349c258017cc99113f8b6a5712e3807e82ad9371348d52d60190" + } + ] + }, + { + "bom-ref": "6eb5b07c16b5c623", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certum_Trusted_Network_CA_2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "164db231827f86d73012dc6680fb6be777f205ac" + }, + { + "alg": "SHA-256", + "content": "9dd4cbb6d2c29cbb3ca98da02c042a690c0ef4c0521d98aae37e0a704c4bf210" + } + ] + }, + { + "bom-ref": "1a3ccf2e951b28df", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certum_Trusted_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "224c9274d5af21d3cee7eb1b143d471be19e1b4d" + }, + { + "alg": "SHA-256", + "content": "e6c62d3f63ba03f4dac458b7dac6c09eb4d71cc3c6621769c3883ed51677c01c" + } + ] + }, + { + "bom-ref": "b03b81b90f9917f2", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_ECC_Root-01.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "37575d65f82284bd61f2bfce0820c8c3a7da69a3" + }, + { + "alg": "SHA-256", + "content": "a5e66a87e60e17b9aac2d825c9b898ce4bb635dd6e8a137c0dd2ca761b6165ce" + } + ] + }, + { + "bom-ref": "2394e5f517192d0e", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_ECC_Root-02.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "bbdb4d47a7949fa7542f754f329b7602064fff8c" + }, + { + "alg": "SHA-256", + "content": "80eda3bc1316bbb2c18df887c7a30a40ace97146471337e06bfdd46337a688c3" + } + ] + }, + { + "bom-ref": "27274b78fdb5b66a", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_RSA_Root-01.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "e6d40ed9e062ff5e9fc2c14c5a5dff81fea212f3" + }, + { + "alg": "SHA-256", + "content": "ee459c64139faa1fb8d90a9195022aaca51808c62bb374afa2a26b50875346b1" + } + ] + }, + { + "bom-ref": "9d9e9158a6244e83", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_RSA_Root-02.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "749aa8aa41aa221ac66106efb8d60e0705945fb1" + }, + { + "alg": "SHA-256", + "content": "fed2654034ede8dc7677c5e06d4b583bcb0ae352f03cd16111d34c854bbffbbc" + } + ] + }, + { + "bom-ref": "7bc3fbae8531dfa6", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_BR_Root_CA_1_2020.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "90be8e8f64cca12962624e98b8d9174373ee0e89" + }, + { + "alg": "SHA-256", + "content": "ae927c01e73470cfc89943b5cd8f26e481d55c833517c1017f3fef404a38a317" + } + ] + }, + { + "bom-ref": "671ef7876e00725f", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_BR_Root_CA_2_2023.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "0071016c046d1407424d80aa71c640a0e3d3db17" + }, + { + "alg": "SHA-256", + "content": "2754e50d3377d6613e95df6d7a40150bb3a1fa1ae35382af96c7be58cdcbeb14" + } + ] + }, + { + "bom-ref": "d968bac0a3f46c58", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_EV_Root_CA_1_2020.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "9751a120d60bb07072c400729f0245903faab22b" + }, + { + "alg": "SHA-256", + "content": "0b83e3ece7c33128cc31ac97595ce1bdb524db3f924623093b64e6a96ffb4b9b" + } + ] + }, + { + "bom-ref": "b14405cc33922027", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_EV_Root_CA_2_2023.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "59f7fa35fd3098f51913b9213729a30e92964735" + }, + { + "alg": "SHA-256", + "content": "268e32f39fb4f9316d0680fde4eb479bbe8c4093193551c4b388f703ada60eca" + } + ] + }, + { + "bom-ref": "37231c1c1b691ada", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_Root_Class_3_CA_2_2009.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "0955eda0b9f35d8915cfc5decba0fdeffa307a15" + }, + { + "alg": "SHA-256", + "content": "a00b8aa918457f5e7e58457b5e2f80d640fa77cc290572aaab1ae7b4734a9528" + } + ] + }, + { + "bom-ref": "1e18b66e6564af0a", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_Root_Class_3_CA_2_EV_2009.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "9b3af04c571ba2783543c5ab5193aa279398fa76" + }, + { + "alg": "SHA-256", + "content": "f81ceeaf6341513ef391ab3ea3302e8b2fb2c1527752797bba9b20ca22048b3c" + } + ] + }, + { + "bom-ref": "1f640a80eae5d75b", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Assured_ID_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "d636a2396e29b4e91e00106a183938a6d746f716" + }, + { + "alg": "SHA-256", + "content": "b52fae9cd8dcf49285f0337cd815deca13fedd31f653bf07f61579451517e18c" + } + ] + }, + { + "bom-ref": "f53cc7a5ec5dce3e", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Assured_ID_Root_G2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "9662d04625b183655fdb0304f644865a28a2af7c" + }, + { + "alg": "SHA-256", + "content": "660b5aa96668c5162f4af6b0a01241d8527aef8fa8a5307a7033b83c3de4a72d" + } + ] + }, + { + "bom-ref": "f54bda09b2c311df", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Assured_ID_Root_G3.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "07683ac24e071f61794b8ef1d77fa9096b8d6a90" + }, + { + "alg": "SHA-256", + "content": "c4fa4cc30be6aee0a4c0dff81f28768eedd83e8d4934a42f82179cbfa61f13ad" + } + ] + }, + { + "bom-ref": "91233860774a931b", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Global_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "4418290c0af661843b28c70f4eb728f4cc462960" + }, + { + "alg": "SHA-256", + "content": "39fdcf28aeffe08d03251fccaf645e3c5de19fa4ebbafc89b4ede2a422148bab" + } + ] + }, + { + "bom-ref": "81c2c135a68d29f4", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Global_Root_G2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "bcd60f07008eed3bd1d16a974fff0b93ce68110b" + }, + { + "alg": "SHA-256", + "content": "5d550643b6400d4341550a9b14aedd0b4fac33ae5deb7d8247b6b4f799c13306" + } + ] + }, + { + "bom-ref": "c6f78a73469f9f35", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Global_Root_G3.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "ee09b75a1fb80f76354f45dace36fa5174d96bb0" + }, + { + "alg": "SHA-256", + "content": "1914cd2d4cde263315f9e32c7683fc0e1b921919ad12b256d49bf782011c03cc" + } + ] + }, + { + "bom-ref": "8e9fafe6e242e811", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_High_Assurance_EV_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "ff242a82d695ca1e476ec5a465cb44f0747edb58" + }, + { + "alg": "SHA-256", + "content": "d98f681c3a7dce812b90bf7c68046827f3bf5607357f1e4918c5dc813b359bf1" + } + ] + }, + { + "bom-ref": "530a86f1b4192055", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_TLS_ECC_P384_Root_G5.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "02326c81a98c8914ec59c4be2817b6f2177e8033" + }, + { + "alg": "SHA-256", + "content": "05161ad2ac04a0df956ef803e127aa877cc5131e0a727ed8e5de43f02e8868c4" + } + ] + }, + { + "bom-ref": "5ae379d9c156a3ef", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_TLS_RSA4096_Root_G5.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "b6c7cf76bffe105afc7255951b70fa1b140c452e" + }, + { + "alg": "SHA-256", + "content": "fe64d4b3ae749db5ec57b04ed9203c748fff446f57b9665fad988435d89c9e43" + } + ] + }, + { + "bom-ref": "bdc8668c4b51e731", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Trusted_Root_G4.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "e18e58c72171c631853f21ddeeef0f3eddff113c" + }, + { + "alg": "SHA-256", + "content": "ce7d6b44f5d510391be98c8d76b18709400a30cd87659bfebe1c6f97ff5181ee" + } + ] + }, + { + "bom-ref": "4075c56de1d4abc7", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Entrust_Root_Certification_Authority.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "84c2702946b6895ac09e25fc4eccd685129a2e27" + }, + { + "alg": "SHA-256", + "content": "745bd29be45667514b4000e9cdb70cdecad0f02c78232ed722f64f7f80436e35" + } + ] + }, + { + "bom-ref": "413fb225936be2cf", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Entrust_Root_Certification_Authority_-_EC1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "bec0efa7b5d94664b6427d0bdc22e77ae6ed1d6b" + }, + { + "alg": "SHA-256", + "content": "a0d7e56b32b767e076bd7d05ce1779dbe3656d0a02a9abe711fc79640b9f7fbe" + } + ] + }, + { + "bom-ref": "e633bee8f313f043", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Entrust_Root_Certification_Authority_-_G2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "6030dacb6bb4c3acd58b528313a6b417cddbcdb8" + }, + { + "alg": "SHA-256", + "content": "646db48fa7794bcab4581f264ff3fad4cff7bbd24f5e8bb170d4f602b6caf828" + } + ] + }, + { + "bom-ref": "a6a99cfab1fecb9b", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/FIRMAPROFESIONAL_CA_ROOT-A_WEB.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "e5f6f17a920cdad0d8c904f0705f94e58964e7e6" + }, + { + "alg": "SHA-256", + "content": "9f9228cfb1ba0c6c9cd1c7b35437272b5fad8259e5205e6af57ab50edeb22e2d" + } + ] + }, + { + "bom-ref": "d4c5db59ee201691", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/GDCA_TrustAUTH_R5_ROOT.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "276ef0193f9ff2a5ee437acaa4069c8d4c41851e" + }, + { + "alg": "SHA-256", + "content": "b0bf3a444f89d8be7db120bfecaa2f94d9e49ede21f680d674c1e8d839d8a9a2" + } + ] + }, + { + "bom-ref": "6d32fab6df045544", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/GLOBALTRUST_2020.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "4996eba7b2b212547bffe74e8cf38cb9e03411b6" + }, + { + "alg": "SHA-256", + "content": "b3bcd05e1b177130f6888fcc1cff4e01cff44ef8e6b0d035f04ad6a71dd0879c" + } + ] + }, + { + "bom-ref": "0f1557987e632aa7", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "5aab042e2987dbf2849f05194800ee162c6a5fd7" + }, + { + "alg": "SHA-256", + "content": "4195ea007a7ef8d3e2d338e8d9ff0083198e36bfa025442ddf41bb5213904fc2" + } + ] + }, + { + "bom-ref": "b83f8e631682a492", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "299af0bfcb2f6fde42b5cb1eaf9d6c07a44e9b14" + }, + { + "alg": "SHA-256", + "content": "1a49076630e489e4b1056804fb6c768397a9de52b236609aaf6ec5b94ce508ec" + } + ] + }, + { + "bom-ref": "3de4fa7dcd29bf21", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R3.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "953c8337aa79ca983beabb59e85a75a7f35f310e" + }, + { + "alg": "SHA-256", + "content": "39238e09bb7d30e39fbf87746ceac206f7ec206cff3d73c743e3f818ca2ec54f" + } + ] + }, + { + "bom-ref": "a7d187c4307ab11e", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R4.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "54b519a7faeeae1f2d777d3fa2ce998d6a31d9ac" + }, + { + "alg": "SHA-256", + "content": "7e8b80d078d3dd77d3ed2108dd2b33412c12d7d72cb0965741c70708691776a2" + } + ] + }, + { + "bom-ref": "79585666e0964d2e", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_ECC_Root_CA_-_R4.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "d62a5e3304792e3f8c9f9bd5eaa74cf3a4b37961" + }, + { + "alg": "SHA-256", + "content": "d1b69887f73444c0fc0a6f22a2fe961c2423275f9c38ba7d50da2a4ba75394f1" + } + ] + }, + { + "bom-ref": "d9444c634712dee5", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_ECC_Root_CA_-_R5.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "b5303a6a94db2ee51ce9b07ce05700a6839c4d0c" + }, + { + "alg": "SHA-256", + "content": "80eeafa5039f282345129a81ace7e1c1e1d4fd826f1eb3391a4ea56f38a6e3d8" + } + ] + }, + { + "bom-ref": "9bf39454af476ddf", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_CA_-_R3.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "1b094f057de5fa44d7958268d93ed5f4d6c5dbdc" + }, + { + "alg": "SHA-256", + "content": "6bdc59f897631af7811e3201cbc58e5999de2600ae8667454a34514eecfd8381" + } + ] + }, + { + "bom-ref": "0ac3ffc119e413fa", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_CA_-_R6.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "a5f84689d3eeeb0c0cf67dd0bcfa7e873b3553b3" + }, + { + "alg": "SHA-256", + "content": "5ff8425be71c1805446bf10601ce3cb9619889866766fc9285583ca5a4a7de94" + } + ] + }, + { + "bom-ref": "62bdfcdf58cd874c", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_E46.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "00097313addec897465681955d57c936f62fc8c3" + }, + { + "alg": "SHA-256", + "content": "5bd16128d0934629c2e1713140a6f97c9828dbb5429ab5797b2573efc71de1a1" + } + ] + }, + { + "bom-ref": "2c52da743358feab", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_R46.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "d72a96202dd7467dcffc0a7772ca7c4a8c4c1cbc" + }, + { + "alg": "SHA-256", + "content": "dcc1a6246e13880ca5b73ef547e082dd0401e4d8837b6d211be82f7be791ac65" + } + ] + }, + { + "bom-ref": "3952cf141f7a7988", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Go_Daddy_Root_Certificate_Authority_-_G2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "760fbb36cfb55a67c71cac3dcf0d368ea9f98ee7" + }, + { + "alg": "SHA-256", + "content": "500329abac100a953a7396b54b36be57d333022f17401bc948248ea179cf1784" + } + ] + }, + { + "bom-ref": "7b1cb270c9065cd2", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/HARICA_TLS_ECC_Root_CA_2021.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "7e50045e60b63c8690a29d8f434f9a740f926120" + }, + { + "alg": "SHA-256", + "content": "c6dc63e98b3a5e6a595c7d583a9c47c5efb6d316957466fd16c785b423eacf37" + } + ] + }, + { + "bom-ref": "591a41db9b79af5d", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/HARICA_TLS_RSA_Root_CA_2021.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "a551003c7ed1fee9ad3015fbaa3139a856d28174" + }, + { + "alg": "SHA-256", + "content": "05e0ebf9643197ccf8036cdd86a2ee14292c2a077dbe06435ed30369b8762564" + } + ] + }, + { + "bom-ref": "a1ff587af407dfb7", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "fc2c55eb2428f256ff55b96c2123a828e98f1a66" + }, + { + "alg": "SHA-256", + "content": "1cdd90d42b48cced8f5ecbff087c49da56b224f0272e4b5074e63b82fff5fb16" + } + ] + }, + { + "bom-ref": "13f76655123400bf", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "22d9fe83302ff06ae25e6efb8cc1fa21dfaf0e72" + }, + { + "alg": "SHA-256", + "content": "677160e6297b48b87ede98ab7b4f2be55894491776f6191937ea397d01a6fb4b" + } + ] + }, + { + "bom-ref": "48be61ae1c21cf77", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/HiPKI_Root_CA_-_G1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "f9c9b3d9baa557bf26ce840730a726c74aa721f9" + }, + { + "alg": "SHA-256", + "content": "c3f06f635f1939ebeb125e5c1f030e329b63dd808d3ce803b1b1794bc78b253a" + } + ] + }, + { + "bom-ref": "efa0302dda182d8b", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Hongkong_Post_Root_CA_3.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "d5c78ce39f6d7ca7b589017ebb57a6da21fa8fca" + }, + { + "alg": "SHA-256", + "content": "1fd9801787f30a4ab835b1462afc3f71473a5eacc74c0a22ed392bc3da9362f3" + } + ] + }, + { + "bom-ref": "4ae49a9e734148b6", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/ISRG_Root_X1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "4de9627fe9ace4acce27eaa1a0837cd3db55704b" + }, + { + "alg": "SHA-256", + "content": "22b557a27055b33606b6559f37703928d3e4ad79f110b407d04986e1843543d1" + } + ] + }, + { + "bom-ref": "079c21d9907f9cfd", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/ISRG_Root_X2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "bd49d42c1fbb733120cd260418ac892a6954d54c" + }, + { + "alg": "SHA-256", + "content": "a13d881e11fe6df181b53841f9fa738a2d7ca9ae7be3d53c866f722b4242b013" + } + ] + }, + { + "bom-ref": "6dfd0beaa799ad0e", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/IdenTrust_Commercial_Root_CA_1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "4fa701bf556b8d2fb78fa8f47643a212523f1a77" + }, + { + "alg": "SHA-256", + "content": "1d03b965511ce50d0a0bae1b549ed7048c783cfcba9aa40ea11d355b1889657c" + } + ] + }, + { + "bom-ref": "07a27c099fae9123", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/IdenTrust_Public_Sector_Root_CA_1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "b613bb3a6dcc2ee7ac62d0951e0ea9bcbd48ff8c" + }, + { + "alg": "SHA-256", + "content": "9b4282f5a402e19016c4874a52df3367eabccf05be851ad03039f777a602d30a" + } + ] + }, + { + "bom-ref": "193a2581250f135d", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Izenpe.com.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "19e6885c728173659551480ce51ddd2680c6805b" + }, + { + "alg": "SHA-256", + "content": "1d37341b099afc610bf4feb387096577a0dc61bb8fd09444f1a199a1b1b117e3" + } + ] + }, + { + "bom-ref": "16cb119ab1193d7c", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Microsec_e-Szigno_Root_CA_2009.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "d8616f439458366e6a5a94d2c72713c0c8ffcd3b" + }, + { + "alg": "SHA-256", + "content": "4f670affee7b14140a6d20937db6e991102d5f8bac1d2562ebf20a1afda94d73" + } + ] + }, + { + "bom-ref": "2f1754af535cdc5d", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Microsoft_ECC_Root_Certificate_Authority_2017.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "69d23ec7c71994b1b2ccbad0fda4c17db22541d2" + }, + { + "alg": "SHA-256", + "content": "b4ee8ed700b7abe4836d119c8113bc8b717f4f1568abd7edd81f2526c5836983" + } + ] + }, + { + "bom-ref": "353e4439f2dd7f41", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Microsoft_RSA_Root_Certificate_Authority_2017.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "f644c114129ef405b4b513787f189e78f398f0e9" + }, + { + "alg": "SHA-256", + "content": "626d330f6a8944fa4245f02f9795668e25a40b29b4cc5206bee73337b7dcd4d5" + } + ] + }, + { + "bom-ref": "dc13bf6b2a6e2b69", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/NAVER_Global_Root_Certification_Authority.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "3319083d34cb6e52c0df4d4cdbebfb065c6b8b4f" + }, + { + "alg": "SHA-256", + "content": "9848c94859f83e48defe0b25a0f4347480b56ea2bb3336fe6d4dcf00d0d6031d" + } + ] + }, + { + "bom-ref": "39143e0586bda8fb", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "3c1c0175e7f82dfa6aa6f6cc32aaed15ac50f42d" + }, + { + "alg": "SHA-256", + "content": "40f60f2e2f83fb6c63ddefeba7939a7852b2d468183ea939cc4dcac8fe4cc87d" + } + ] + }, + { + "bom-ref": "227a51e35002cabe", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/OISTE_WISeKey_Global_Root_GB_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "fce2c0dc059c1ad3ac93d416b6baaebb5e97b75f" + }, + { + "alg": "SHA-256", + "content": "2dc52d373089ff5173ac392a464746dd066aaa3b7d1b3494a473c96686666fce" + } + ] + }, + { + "bom-ref": "4970fec0edea6086", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/OISTE_WISeKey_Global_Root_GC_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "b3dcfd843dff566af4ef0a483e6579ffb512cc37" + }, + { + "alg": "SHA-256", + "content": "17b98c4d832e8349ecb55f1f90e41dfc7bcd9410d1e925ccd06612cd3b9b9a54" + } + ] + }, + { + "bom-ref": "c954bd9a6a034eae", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_1_G3.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "77445cf9c00088588d0e7c3306625389c30ff4be" + }, + { + "alg": "SHA-256", + "content": "4db45324410a01a7023b038e5da7d7274d3cfd392565c351cf3d297fd7664c73" + } + ] + }, + { + "bom-ref": "677e7b3acd57270a", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "1c8d7a40a564fb59ea180802042d8b82a8aeda38" + }, + { + "alg": "SHA-256", + "content": "8c4220477ed85355fa380466aa8f559106d8a39fc90d3e0c121749e19444064f" + } + ] + }, + { + "bom-ref": "ee0231f8dab414d5", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_2_G3.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f3fde19cf8ffc60385575b98975644b7b7ff031" + }, + { + "alg": "SHA-256", + "content": "825c67f5583131425c4e33275cc8e5c9dfd02cd190c6d71e1d335621e82965a8" + } + ] + }, + { + "bom-ref": "17b9d60e0e1b35df", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_3.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "c85dd47ad4764e2aaf33e28b676fb5038c0568a8" + }, + { + "alg": "SHA-256", + "content": "a2ae0b4ec9d2a4c4e150756a3defabd15bcaa75ee2b599e722b27c6a2998d00b" + } + ] + }, + { + "bom-ref": "47f5221ea947fdb1", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_3_G3.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "7c769d9fdb4df4d743ac9db8fd263763e1e9e49e" + }, + { + "alg": "SHA-256", + "content": "198cfe560c191a800cbe923ceca0a4e4f3d5a0d7ff9316b47998765fdc0897be" + } + ] + }, + { + "bom-ref": "ce2bebc2a583aca5", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_EV_Root_Certification_Authority_ECC.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "c3d015aa3924c34077dbe7f578d6ce389b919d71" + }, + { + "alg": "SHA-256", + "content": "662d60a283f416d888ff18831009e2cba95c61377f648beeed91a3dea12ac286" + } + ] + }, + { + "bom-ref": "1e55eed924243527", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_EV_Root_Certification_Authority_RSA_R2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "2c4144422efd3d778cf5f3c280724e612ed89b29" + }, + { + "alg": "SHA-256", + "content": "a0681f1a11d5c02760bcb68b61b0d332f6c197e239c4b30dc47f91a79a73282b" + } + ] + }, + { + "bom-ref": "30ef2bfd0f1a0e58", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_Root_Certification_Authority_ECC.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "d0f278d2129baf0d1be707831136f5ce16dec98e" + }, + { + "alg": "SHA-256", + "content": "b68d02ce35bd02123cf5fcd329bdd33640214715dae0442a97782a4471e9b292" + } + ] + }, + { + "bom-ref": "98bc80b97ed6f71e", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_Root_Certification_Authority_RSA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "7bff96214a4f9251fe6af524ce5e9b2a4216144e" + }, + { + "alg": "SHA-256", + "content": "2e368debd3626ea9c5d94c582d80050a530b505aa77ba231eb13e4d208c36d67" + } + ] + }, + { + "bom-ref": "5d8a2d8699ed9ee4", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_TLS_ECC_Root_CA_2022.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "6c37f0f346f759c198895674e9ffc53193e2423d" + }, + { + "alg": "SHA-256", + "content": "cf03adad817ae999648c5182ac996fc0682aeda4329c783756aa1c5c3d92eff9" + } + ] + }, + { + "bom-ref": "a56ebf7e9a40fb59", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_TLS_RSA_Root_CA_2022.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "82fb99b1b29e3e21da6a144496831bf9ed5b250f" + }, + { + "alg": "SHA-256", + "content": "e1c93696d4de9125e49f6a12b97a1cbcf8ce7331bc8268f1fe7b6ab447cc14cf" + } + ] + }, + { + "bom-ref": "c7ae26ddbcb34411", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/SZAFIR_ROOT_CA2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "03d3c9a01229ecce2908287bc53f5f8b2cfa36e2" + }, + { + "alg": "SHA-256", + "content": "cbe8a1eec737c93d1c1cc54e31421f81bf358aa43fbc1ac763d80ce61a17fce0" + } + ] + }, + { + "bom-ref": "c2d37f13fff878bb", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Sectigo_Public_Server_Authentication_Root_E46.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "323c21e30628ec823ce32209214a1526cce65e22" + }, + { + "alg": "SHA-256", + "content": "808130157f570b7640069852c88e256738007811a64c3aa9a4c31038347dc19c" + } + ] + }, + { + "bom-ref": "1d227a39ec963bc2", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Sectigo_Public_Server_Authentication_Root_R46.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "fb39baf23f5d3ab1f981ec407992211a3d2518ba" + }, + { + "alg": "SHA-256", + "content": "7eaaf8c5047d5dbb4f3d7f173318ee936b09da4f0ceb5f3beb45c277480836eb" + } + ] + }, + { + "bom-ref": "dc3665da59955d9a", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/SecureSign_Root_CA12.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "72f425a92ba7123ac007c3fc631b63e12bb745c4" + }, + { + "alg": "SHA-256", + "content": "74e98caeaa30bc2828e7610aef3fbbe845a715367011598b4bec5fa65d9af0db" + } + ] + }, + { + "bom-ref": "a3595503d07fec00", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/SecureSign_Root_CA14.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "63c5444db460856bd137353481114907fd2853b7" + }, + { + "alg": "SHA-256", + "content": "1ad476fd9bf167e89bf98f13e9aec59a03443cf6e3d6645b1210fb1e7c702f88" + } + ] + }, + { + "bom-ref": "642256529f0ff6ab", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/SecureSign_Root_CA15.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "ff5f5d95c4a822783ba1041e2f90c2c24d534fae" + }, + { + "alg": "SHA-256", + "content": "6198c864eaffa477ee9cf9aa10b534f022230e3129f99168962dc06358b4c9af" + } + ] + }, + { + "bom-ref": "edfdbd6d1f4c0ab6", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/SecureTrust_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "627699850d19c89f6e0cb7494d77cb0c6c2b81ce" + }, + { + "alg": "SHA-256", + "content": "a3e70af2c4b48562b61fe858d9d30f073f2cf2136f2af01ab5a966673e70af4b" + } + ] + }, + { + "bom-ref": "45839436149b96de", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Secure_Global_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "86aed091506a5bd64805bd433054905c39a42c10" + }, + { + "alg": "SHA-256", + "content": "7ee52fb3a5afacd55a7a2e00f057f7f64776ea0d536036f54c57694961e25179" + } + ] + }, + { + "bom-ref": "bd5228ada8121d91", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Security_Communication_ECC_RootCA1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "375dabb1d954f8e0411289425ddf969da3bd6a7b" + }, + { + "alg": "SHA-256", + "content": "ef94d474067b306c482dfd066130f04855f50faecd461cee2964ce6c7260000e" + } + ] + }, + { + "bom-ref": "17d06a4ad7f9687a", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Security_Communication_RootCA2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "68510d0792e95592dcfe3ead230a58096cf4df7e" + }, + { + "alg": "SHA-256", + "content": "39ad3110b8f84821ca22cfbd995914f2149521d27ce576e743de6a00dc39d9db" + } + ] + }, + { + "bom-ref": "0ba8180fa6f35a3e", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Starfield_Root_Certificate_Authority_-_G2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "6594be3a70dfaa9cbb9b486dbc6e0271647fb61a" + }, + { + "alg": "SHA-256", + "content": "ca3760ba63bf0a2c5dd0dc7fe897838cc58f12a386b4ee53d2065229848e96a3" + } + ] + }, + { + "bom-ref": "f64ff4bd865c88b8", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Starfield_Services_Root_Certificate_Authority_-_G2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "29091b76a08e520486579e758ac6c4a09ea0fe0e" + }, + { + "alg": "SHA-256", + "content": "870f56d009d8aeb95b716b0e7b0020225d542c4b283b9ed896edf97428d6712e" + } + ] + }, + { + "bom-ref": "e413eb82e4aedb71", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/SwissSign_Gold_CA_-_G2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "5bb45a16db10a4908960e5127689313fff442208" + }, + { + "alg": "SHA-256", + "content": "0ebb1a5d93b86ad9dcbd294413f272817fe3bb8ba46f4ec8192b3b805f2fa8ae" + } + ] + }, + { + "bom-ref": "e4e29ef2803ed609", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/SwissSign_RSA_TLS_Root_CA_2022_-_1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "ab11381efea715809db63b99349e38e036a027c0" + }, + { + "alg": "SHA-256", + "content": "d7a20d19e788235a092dcbd33831c59280ea01a9a7a7f663a8c41bf753df2c71" + } + ] + }, + { + "bom-ref": "fa50ef55337074f9", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/T-TeleSec_GlobalRoot_Class_2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "7f1b1e428ac6d2cce6ea3ee106cddd6d5686eeee" + }, + { + "alg": "SHA-256", + "content": "b30989fd9e45c74bf417df74d1da639d1f04d4fd0900be813a2d6a031a56c845" + } + ] + }, + { + "bom-ref": "70d5705ef7765b89", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/T-TeleSec_GlobalRoot_Class_3.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "2a83caf5351d413d44bff9b7ea3e06cf6240eee4" + }, + { + "alg": "SHA-256", + "content": "1cb130a113f4e8502517a679808a98bf076d59bdb223bfc61cd224b8e1abda49" + } + ] + }, + { + "bom-ref": "49990674bf8a8995", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "205ecf6e40d8f9dc700b932ce6a3a26836994652" + }, + { + "alg": "SHA-256", + "content": "c6904218e180fbfb0ed91d81e892c2dd983c4a3404617cb36aeb3a434c3b9df0" + } + ] + }, + { + "bom-ref": "d72a35ab6edac53b", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/TWCA_CYBER_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "e6b4f879a7ed34e42b54d759a12fc9ba067fc9f6" + }, + { + "alg": "SHA-256", + "content": "68a5f526d2e08c363444536b22a8d4ebfff72d7810ba26dc47711bb6cbc39d50" + } + ] + }, + { + "bom-ref": "f534115f859e6e48", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/TWCA_Global_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "387f72838755cd50ba19d2fb29c1f03803776ed8" + }, + { + "alg": "SHA-256", + "content": "5dadc31b57074a3168d1df23bb8b6b920acae1d426bf2288fc2de53cdd571089" + } + ] + }, + { + "bom-ref": "7753c8e8ea6b2b66", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/TWCA_Root_Certification_Authority.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "60c33e855789106bf75a3c97696fdd2d58890467" + }, + { + "alg": "SHA-256", + "content": "b69a59344e58615a691fa9567d55ad6337f09b57647a389242cbf43716575559" + } + ] + }, + { + "bom-ref": "2cd277574bf2ef9e", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Telekom_Security_TLS_ECC_Root_2020.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "621ba40b628552f82543e4af88de8c084e0fd860" + }, + { + "alg": "SHA-256", + "content": "a5ea4e7d6673e4d8cebbcbee010cce2f97b720ed2691abb35a119227c5dc0135" + } + ] + }, + { + "bom-ref": "c89156f9c954187b", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Telekom_Security_TLS_RSA_Root_2023.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "7aef4f441e0bcb1c26731cebff6d3717b83577e8" + }, + { + "alg": "SHA-256", + "content": "899d7d6cc867b2bdf51250f88c9ab9e1e96aac5d59b51c93b3b0c69e96792b7c" + } + ] + }, + { + "bom-ref": "6a975a110e918ef8", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/TeliaSonera_Root_CA_v1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "a2219a7fd0a77be7422a02049b8d27805c0250ba" + }, + { + "alg": "SHA-256", + "content": "303c346ece82ca4f6713ac176164285d0469f326b6f12a787e11f5d702529277" + } + ] + }, + { + "bom-ref": "81eb54b3f8a738b9", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Telia_Root_CA_v2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "049de12dad62e4a31318fe6b024a88b645830daa" + }, + { + "alg": "SHA-256", + "content": "bf3bd189c3dd33bc81635d60284461f0d937c2c1d51cc4d7851c13466419fcb0" + } + ] + }, + { + "bom-ref": "16f766edb35bbce4", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_Global_Root_CA_G3.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "629795d39048cd6b1935e43ef4f116e38914dad8" + }, + { + "alg": "SHA-256", + "content": "d729fda98d8a3bf0d657b93fe0f70e22437359ef0de4ac5b4abcf3ef3667613a" + } + ] + }, + { + "bom-ref": "afc79d5859e4f1d4", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_Global_Root_CA_G4.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "50260e64112522593a87b32ec81c2a850b915878" + }, + { + "alg": "SHA-256", + "content": "fc9662ebcadeb2c0a804bdb6503d0c23976c638cf73ff95ffafd33ead680e73d" + } + ] + }, + { + "bom-ref": "cbca403cefeaf0aa", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_TLS_ECC_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "b7f6405d86b918a47392233b4050bad2a57cf9d3" + }, + { + "alg": "SHA-256", + "content": "4e68d469799a26c10aea3f2ff350af434033d4a2914ba6aaccc27a34fe24005e" + } + ] + }, + { + "bom-ref": "bdced0d08b9f3b29", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_TLS_RSA_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "49d03150fceed000d89a6af305412d999e7b25ec" + }, + { + "alg": "SHA-256", + "content": "76ae2d0df1228b565cf3533a7c22d59fc3683f240ce7192201072260fc6f0e27" + } + ] + }, + { + "bom-ref": "ab7f88149ec866dc", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Trustwave_Global_Certification_Authority.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "8747f89bcc06ba119cac723e990ffdb2ead7a6ac" + }, + { + "alg": "SHA-256", + "content": "0c7ffc481084cad9ccd3402eba9401b0f5abea0917d985e9ce401c8efbad4b04" + } + ] + }, + { + "bom-ref": "65cf00dde68b5145", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Trustwave_Global_ECC_P256_Certification_Authority.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "a2ac2145ffcc590d436350abc22ea825f15e3b9f" + }, + { + "alg": "SHA-256", + "content": "f08c4d2b700f7cd5da4dc1b60f4c57090fdc692cde8a7221f35b70abb4cec363" + } + ] + }, + { + "bom-ref": "a8c2e1a2264357bd", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/Trustwave_Global_ECC_P384_Certification_Authority.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "364fbd20e4805c74239f70e46e8f4a3ecde50386" + }, + { + "alg": "SHA-256", + "content": "a83c5b6097b03509711c9cd8de59def7ecf99ed72b4076dc33f5b2e35545b3b3" + } + ] + }, + { + "bom-ref": "89aa76251ced5286", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/TunTrust_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f7b67a59f43b598f0cfcb0cbf495358b8485b28" + }, + { + "alg": "SHA-256", + "content": "8a852f7182753cb0193299c6cb2b4a106b1c38a789217b5eb380d736c5cc0081" + } + ] + }, + { + "bom-ref": "ebbd0474709b5396", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/UCA_Extended_Validation_Root.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "736c6d8fa36e3487b463b5c148dd6a0a8b39a99c" + }, + { + "alg": "SHA-256", + "content": "eaa3be600a842e5b603316ed14e9ae11a43003f68a8317f0f2c01a516da4e586" + } + ] + }, + { + "bom-ref": "74985de09ec98764", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/UCA_Global_G2_Root.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "140c027384371f293098c5c93c9388d9fde22595" + }, + { + "alg": "SHA-256", + "content": "de2e7b1bc7a2aed4e5866d3655d1041206c27caf376ee81bfc4012e8225e0e7c" + } + ] + }, + { + "bom-ref": "a814f6702809f1e3", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/USERTrust_ECC_Certification_Authority.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "d9ce0ff56c71bb4091388ea38e01d97565a7557f" + }, + { + "alg": "SHA-256", + "content": "08fb40ba4144166f6ae80c7ab60be23e97e5083836d45fa85a33a5d0bfec10f8" + } + ] + }, + { + "bom-ref": "ea3e1340c08ef25b", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/USERTrust_RSA_Certification_Authority.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "2f2380685be0ea8c1be1e1a8496ff9f220c4f61c" + }, + { + "alg": "SHA-256", + "content": "8a3dbcb92ab1c6277647fe2ab8536b5c982abbfdb1f1df5728e01b906aba953a" + } + ] + }, + { + "bom-ref": "cf78c0304a8231d0", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/certSIGN_ROOT_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "37268bb31073e1fb5d7e3221c203d27033886e72" + }, + { + "alg": "SHA-256", + "content": "cf339eae15268aff66148f3bcdf112a7700eafded3edcb3f86c60133b10e03f8" + } + ] + }, + { + "bom-ref": "51636301020480a2", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/certSIGN_Root_CA_G2.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "2ef9f1bb072e0524043c63a27e6ff39da6a6bd32" + }, + { + "alg": "SHA-256", + "content": "80eee369aa5b29931209226fcb4b014ba31daa7f630d44a196817c1bb6b334f1" + } + ] + }, + { + "bom-ref": "fe69c5fb98d90ec5", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/e-Szigno_Root_CA_2017.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "0eec6464c1065a3b1e5866580e2fdcd47494c870" + }, + { + "alg": "SHA-256", + "content": "8c1306d5c64b43ce6c189b8450f27160aaff3f504211ca6819af6035ae1a7d73" + } + ] + }, + { + "bom-ref": "150c1fcead3a7969", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/ePKI_Root_Certification_Authority.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "ba48acec12fa6a0e8a29ad8801825c6d0a2b85e9" + }, + { + "alg": "SHA-256", + "content": "d22b235421616835f68d15801d82b44e7c463433f8bbdcc92f9c023fafcb2bf2" + } + ] + }, + { + "bom-ref": "3e0c91ae1e25cc84", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/emSign_ECC_Root_CA_-_C3.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "cd8b037030f190cb1312b8747f3cd1841586abb2" + }, + { + "alg": "SHA-256", + "content": "b1d0ac5a261e857409cc921acb515796538b48847722f0a00ddccbf60bccec81" + } + ] + }, + { + "bom-ref": "4a0e3fa71c05dd54", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/emSign_ECC_Root_CA_-_G3.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "3f5b8aa141a7ca8dae71d86b7074790717ffbe76" + }, + { + "alg": "SHA-256", + "content": "36e68e205b53c67c7a013894e0d5c8583063468118d1ce78ecbc2200d1dd185c" + } + ] + }, + { + "bom-ref": "f0e1ebbf7474881e", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/emSign_Root_CA_-_C1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "99b8162c32f3ecf05806112baa77ab7230e998d5" + }, + { + "alg": "SHA-256", + "content": "fb98230f8746d60429c20f8ce04254384337b479a77698939f7041d0c0eb4289" + } + ] + }, + { + "bom-ref": "d6f8ea519d12a481", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/emSign_Root_CA_-_G1.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "6f86ddb585d2f516b028fa21958f09abe463b8cc" + }, + { + "alg": "SHA-256", + "content": "8d390d4c54f6a4a040b04413f1f002192027c66a2a835741f78a152074584a27" + } + ] + }, + { + "bom-ref": "1fe092df0653a342", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/vTrus_ECC_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "05320440f6f2b0315ac23191bc6f7ef427e2f673" + }, + { + "alg": "SHA-256", + "content": "2ce349e2da9df497cc62aca37b009a2c3261ccdbe06a4c4a063f8105da40eb5d" + } + ] + }, + { + "bom-ref": "3cbd859f9017a22b", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/directory-hash/vTrus_Root_CA.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "c9204a1166c493bf25596573a2206d808c5b154f" + }, + { + "alg": "SHA-256", + "content": "8cc726cf62c554561e89e1237495bea3026b1709ba7153fed3401fcd489b5aaf" + } + ] + }, + { + "bom-ref": "decd17b619f52264", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "5911289576a01c2d470059d497fada90f8a04487" + }, + { + "alg": "SHA-256", + "content": "2f2d6a53cb9542ceeccf82a2ffa7d53c24043b75b43f1623ff1266806583d1ca" + } + ] + }, + { + "bom-ref": "b9b3c747a4031e46", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "3517fefcd7d440000f627d78a35356c3922bd404" + }, + { + "alg": "SHA-256", + "content": "4d96c990d2089ccdf288c5c1fd759a58216d7257d43b929e82bbd32126307357" + } + ] + }, + { + "bom-ref": "a9b76305742edafb", + "type": "file", + "name": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "f447b81237b8976f13fc8ab4e3c9c8f8a937c502" + }, + { + "alg": "SHA-256", + "content": "00411c197b16f659945fba3c2f970a26030f56eef5d445c913cb59a089c813b9" + } + ] + }, + { + "bom-ref": "bdf32f5d5416ab16", + "type": "file", + "name": "/etc/pki/ca-trust/source/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "1b475ca8d961e4afc37af6483ff75322cdf28692" + }, + { + "alg": "SHA-256", + "content": "86184318d451bec55d70c84e618cbfe10c8adb7dc893964ce4aaecff99d83433" + } + ] + }, + { + "bom-ref": "2460ffdfcb2fe6c9", + "type": "file", + "name": "/etc/pki/product-default/479.pem", + "hashes": [ + { + "alg": "SHA-1", + "content": "560764b8b286afc7ad61727e30af467dc536fb06" + }, + { + "alg": "SHA-256", + "content": "fa4cf63de35ddc6f097442d33226c5ae7ca2c90496af26d9db3d84133a7f855c" + } + ] + }, + { + "bom-ref": "cc275f3ce8421483", + "type": "file", + "name": "/etc/pki/rpm-gpg/ISV-Container-signing-key", + "hashes": [ + { + "alg": "SHA-1", + "content": "03c3761c23c90492c6cfc9d707440bf7241f374a" + }, + { + "alg": "SHA-256", + "content": "ce344c927483de60ed60bf4956aaee0dfa7e9433e0f43c58ce64378d761bf724" + } + ] + }, + { + "bom-ref": "02b145a905282982", + "type": "file", + "name": "/etc/pki/rpm-gpg/RPM-GPG-KEY-PQC-redhat-release", + "hashes": [ + { + "alg": "SHA-1", + "content": "4034db2f50bc28c3cca21cb8af1c04b25ea2ba5f" + }, + { + "alg": "SHA-256", + "content": "c876fba00febd04b3cef2a1815031775dcad550e5a8276b4d8474aa0b67239ba" + } + ] + }, + { + "bom-ref": "1bdf5fe48c4bd4d0", + "type": "file", + "name": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "hashes": [ + { + "alg": "SHA-1", + "content": "a72daf8585b41529269cdffcca3a0b3d4e2f21cd" + }, + { + "alg": "SHA-256", + "content": "3f8644b35db4197e7689d0a034bdef2039d92e330e6b22217abfa6b86a1fc0fa" + } + ] + }, + { + "bom-ref": "a6efd6855e2f7c11", + "type": "file", + "name": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "hashes": [ + { + "alg": "SHA-1", + "content": "9333c0a06770787f21a1fe9f7c17484cfbd3a818" + }, + { + "alg": "SHA-256", + "content": "0db3dc1b6228f29d60f37c5ad91d9f4cd3547895e8ebedb242469b1c0a0cdf08" + } + ] + }, + { + "bom-ref": "21294e0d0b121cda", + "type": "file", + "name": "/etc/pki/tls/ct_log_list.cnf", + "hashes": [ + { + "alg": "SHA-1", + "content": "a2587c4e97408b64274e5e052b74e3754892c13a" + }, + { + "alg": "SHA-256", + "content": "f1c1803d13d1d0b755b13b23c28bd4e20e07baf9f2b744c9337ba5866aa0ec3b" + } + ] + }, + { + "bom-ref": "a07cb8e47e12414f", + "type": "file", + "name": "/etc/pki/tls/openssl.cnf", + "hashes": [ + { + "alg": "SHA-1", + "content": "b58b0cc147105bc23e24ed71b1cd9ebc21f51616" + }, + { + "alg": "SHA-256", + "content": "34108f65c3c759083f6b2d8ff8c509e3504aa78e5180b197827d90827ddc663f" + } + ] + }, + { + "bom-ref": "17eac59ecc5bec3f", + "type": "file", + "name": "/etc/redhat-release", + "hashes": [ + { + "alg": "SHA-1", + "content": "10c591ed64070058c93b341b45fc722bbe0cc984" + }, + { + "alg": "SHA-256", + "content": "7305823adb43789c44b57edeaf463a39acbdd12646d60140f2b251c28f2a966c" + } + ] + }, + { + "bom-ref": "23ff64af82c9eae7", + "type": "file", + "name": "/etc/selinux/semanage.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "818de80347135853e805039d17b17f8a8641add6" + }, + { + "alg": "SHA-256", + "content": "8ba0df9a109dd136f1e8827343806ced9a0652c670c2572b4dd8642c67c27734" + } + ] + }, + { + "bom-ref": "62536104a97be853", + "type": "file", + "name": "/etc/system-release-cpe", + "hashes": [ + { + "alg": "SHA-1", + "content": "8a5a439873e6ead211cbdd78589eaafa1d4260e3" + }, + { + "alg": "SHA-256", + "content": "ab138ea78c1167ddf9cd17736d43f89283e66c20ed4ff63183bfd2989bc7259a" + } + ] + }, + { + "bom-ref": "0f394e0e6d66cadc", + "type": "file", + "name": "/usr/bin/[", + "hashes": [ + { + "alg": "SHA-1", + "content": "9fdbd59f16ee61048ffd33b74dbecbe2fcecd4b8" + }, + { + "alg": "SHA-256", + "content": "afd97bbd643bfe1473794af167cd5c6f44fe449681033e3584b40b836f624b4b" + } + ] + }, + { + "bom-ref": "c15a9f36bca77f3f", + "type": "file", + "name": "/usr/bin/arch", + "hashes": [ + { + "alg": "SHA-1", + "content": "8f9ffc9622acba141d93e11c0073ce5be588966f" + }, + { + "alg": "SHA-256", + "content": "209bae4071910ef54b4a3bd302059bf7e00870d8bacffcd7c5489425f37ed16f" + } + ] + }, + { + "bom-ref": "c5e667d66df5bd48", + "type": "file", + "name": "/usr/bin/b2sum", + "hashes": [ + { + "alg": "SHA-1", + "content": "575e3e627b7a9b8b421c41f8fd02cb2503345b3a" + }, + { + "alg": "SHA-256", + "content": "9116333c88eee22e55e30db1ad088483f52a3024b624356416873bc14fad9359" + } + ] + }, + { + "bom-ref": "3a804ac96191b8e8", + "type": "file", + "name": "/usr/bin/base32", + "hashes": [ + { + "alg": "SHA-1", + "content": "7a044297eb52cd4ed2b571bb07c6492b9fbbbc7a" + }, + { + "alg": "SHA-256", + "content": "ff10172686b6db691ae57530dff6cd14b980cbba7ed81a8dcf81bd42dd7bb23b" + } + ] + }, + { + "bom-ref": "fcb63864518bbdb3", + "type": "file", + "name": "/usr/bin/base64", + "hashes": [ + { + "alg": "SHA-1", + "content": "085d34b2ef36dca0183f79506543f5b905edf6c8" + }, + { + "alg": "SHA-256", + "content": "fed1b291454a61812e605fd06b04f915ef7e5436cfc1ee17f96523f56c2fbebf" + } + ] + }, + { + "bom-ref": "08d5dce244fc18f7", + "type": "file", + "name": "/usr/bin/basename", + "hashes": [ + { + "alg": "SHA-1", + "content": "af27f068e0edd9bacddc2f0c0bea723169c28272" + }, + { + "alg": "SHA-256", + "content": "9a1e6804fef8ca36d39b008210b187dc4a82c456919574e61e17ab40c033589c" + } + ] + }, + { + "bom-ref": "9f1055e6d4762493", + "type": "file", + "name": "/usr/bin/basenc", + "hashes": [ + { + "alg": "SHA-1", + "content": "116a0e1d7760f311c3476e9a1f579a60fd25c4b4" + }, + { + "alg": "SHA-256", + "content": "cd8a131e0af4133b97da4adcca84ae61cc24c898d8d0e2b6aabac6d2d7a34094" + } + ] + }, + { + "bom-ref": "ef27b9cf22a1df17", + "type": "file", + "name": "/usr/bin/ca-legacy", + "hashes": [ + { + "alg": "SHA-1", + "content": "9a11df6846fd8f2c8a0c3eb7fc1eeae076b88903" + }, + { + "alg": "SHA-256", + "content": "48f9c9bd7473d45f2f2e30d5c723cf58d7175be9e3f19573a67049cbac35330a" + } + ] + }, + { + "bom-ref": "668fe15830d11a98", + "type": "file", + "name": "/usr/bin/cat", + "hashes": [ + { + "alg": "SHA-1", + "content": "1ff499e53c0920255403ee2ef06afa0873013e40" + }, + { + "alg": "SHA-256", + "content": "c6138c9502337f42763d627e4b665dd4fd66f26a987891d0a7e8313783f689ad" + } + ] + }, + { + "bom-ref": "7ac217344c32a4d0", + "type": "file", + "name": "/usr/bin/catchsegv", + "hashes": [ + { + "alg": "SHA-1", + "content": "532b497ffd1c7d46417c1bee8fec87e0e5168a97" + }, + { + "alg": "SHA-256", + "content": "6968647a65cbe670136c5657540debd96b257b168c2688dd8d34669b31e02111" + } + ] + }, + { + "bom-ref": "ccd7ed3375247fe5", + "type": "file", + "name": "/usr/bin/chage", + "hashes": [ + { + "alg": "SHA-1", + "content": "e8451b96bcf1302cbe7d03896cd13239a205c3b0" + }, + { + "alg": "SHA-256", + "content": "326a4bba3ca2a8525c683bee311803427177b8e375b50ae4000c653114d6a119" + } + ] + }, + { + "bom-ref": "a58763c7570727c9", + "type": "file", + "name": "/usr/bin/chcon", + "hashes": [ + { + "alg": "SHA-1", + "content": "d16aa25fe4ed9eea2748e986aff5bfdad423838a" + }, + { + "alg": "SHA-256", + "content": "c191edddab15fd046170527d27f5f2a864684e118020ae3cab9a8c4ce7e6cc8f" + } + ] + }, + { + "bom-ref": "dd8cd37050122d84", + "type": "file", + "name": "/usr/bin/chgrp", + "hashes": [ + { + "alg": "SHA-1", + "content": "1402a8f010532c6f0bd76d0a91c908979fdf8bb7" + }, + { + "alg": "SHA-256", + "content": "e1d37a0d06d1d5db7180b10eb367365214de3c458a356efa32960312dabf9bde" + } + ] + }, + { + "bom-ref": "88a6c97c9d25b4c6", + "type": "file", + "name": "/usr/bin/chmod", + "hashes": [ + { + "alg": "SHA-1", + "content": "2dcb6e1e404323760e13dc1e5b805421878fc585" + }, + { + "alg": "SHA-256", + "content": "8ee704ee6e399f29d23b37223b4c80a1a5a39fd0752c6d913d9bcb176b4bb930" + } + ] + }, + { + "bom-ref": "0c56734d7fa5e5cc", + "type": "file", + "name": "/usr/bin/chown", + "hashes": [ + { + "alg": "SHA-1", + "content": "29dcc6262461574c88126133c57f4f5318eb8420" + }, + { + "alg": "SHA-256", + "content": "497a658c90080afd7bba33da8297fdb1be37cf36a3465a344164a8cb14390b53" + } + ] + }, + { + "bom-ref": "6f704900967b5d77", + "type": "file", + "name": "/usr/bin/cksum", + "hashes": [ + { + "alg": "SHA-1", + "content": "8299d2a22b65a2ed645906053bcd57a46c0f3cbd" + }, + { + "alg": "SHA-256", + "content": "09eada4c0374c3c565ebe1f8965bce9943eb7c2790ef031d7b638b3f191b5592" + } + ] + }, + { + "bom-ref": "ab85920cb956969e", + "type": "file", + "name": "/usr/bin/comm", + "hashes": [ + { + "alg": "SHA-1", + "content": "02bcebd4816b8bf09099e6e86044c3b7b105d531" + }, + { + "alg": "SHA-256", + "content": "7449de734af6ab89331fc34dabfd40d10fa799369a52fd9df7c3829ded1d0261" + } + ] + }, + { + "bom-ref": "754a39ec4d130e17", + "type": "file", + "name": "/usr/bin/coreutils", + "hashes": [ + { + "alg": "SHA-1", + "content": "59dc61c3cc1fa2966a0517c382d70a8e173a6395" + }, + { + "alg": "SHA-256", + "content": "61bca8e2323b76b8f423568f4631d265a26a88cb309c31ffbb066b925a52ccc2" + } + ] + }, + { + "bom-ref": "18d4b98cd33be63a", + "type": "file", + "name": "/usr/bin/cp", + "hashes": [ + { + "alg": "SHA-1", + "content": "a50e277b33a29f26b5b825ce041ac8e48df2280c" + }, + { + "alg": "SHA-256", + "content": "79c39d67b7969b943045e80485f9dc3202a11ddfc5c9f7fdb4287216d0255a90" + } + ] + }, + { + "bom-ref": "9e37c41b16242727", + "type": "file", + "name": "/usr/bin/csplit", + "hashes": [ + { + "alg": "SHA-1", + "content": "1e8b4a2d9443a650ebf84e483c92a30d14b06036" + }, + { + "alg": "SHA-256", + "content": "406a678a5b17869b4d148ad1924dd9ff3f2496e6f8b1dde6572edb355ded6316" + } + ] + }, + { + "bom-ref": "f8133b91a4a284c4", + "type": "file", + "name": "/usr/bin/curl", + "hashes": [ + { + "alg": "SHA-1", + "content": "7c864a33ce4ab0cee5741dec892fc24678e7638a" + }, + { + "alg": "SHA-256", + "content": "1f3e81d92f297b50d421749fa71c004569064ac27ecfcd1445137f4c41652878" + } + ] + }, + { + "bom-ref": "ff21bbd88cf7b191", + "type": "file", + "name": "/usr/bin/cut", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f7c6de6de871fc09ae32642219cb90ddea137e6" + }, + { + "alg": "SHA-256", + "content": "7448d9549e82dc4aa8917fc2bc2c49ad3f99e85e0c4f9a0957926a1f33c60421" + } + ] + }, + { + "bom-ref": "ac8c81ddb4590392", + "type": "file", + "name": "/usr/bin/cyrusbdb2current", + "hashes": [ + { + "alg": "SHA-1", + "content": "dbb5b22a8077d59ec7a6cba77116206844c526ad" + }, + { + "alg": "SHA-256", + "content": "1fbdbf8d6354ee8477b04f1d5f7b13af20c704c55e55b59d88ee3e3cfbc02c90" + } + ] + }, + { + "bom-ref": "6818434c95393f5e", + "type": "file", + "name": "/usr/bin/date", + "hashes": [ + { + "alg": "SHA-1", + "content": "89a318bcea62a81b9328c0fa46d05dcb7e20c566" + }, + { + "alg": "SHA-256", + "content": "71fb38657d2a08ad7fa8a7d6d44b54b4a63b2b0ca654e7865c0993443fe36608" + } + ] + }, + { + "bom-ref": "e9bd0e2c33303c2f", + "type": "file", + "name": "/usr/bin/dd", + "hashes": [ + { + "alg": "SHA-1", + "content": "672fcb22508cfc162a7682100480856ada9263d7" + }, + { + "alg": "SHA-256", + "content": "afc84e0b7f78721d72cc70e5207c0a948889401b1ae985f88fe5557010898d16" + } + ] + }, + { + "bom-ref": "744b5a4693813695", + "type": "file", + "name": "/usr/bin/df", + "hashes": [ + { + "alg": "SHA-1", + "content": "0f09ab63fa4ba2d4c24f32dd99e6d173e25d6625" + }, + { + "alg": "SHA-256", + "content": "7140d87bcfc96e33d0e40e746734dfa02fb2973428059a83f267f490acf2924c" + } + ] + }, + { + "bom-ref": "056f2a85423da82f", + "type": "file", + "name": "/usr/bin/dir", + "hashes": [ + { + "alg": "SHA-1", + "content": "ee83b454e9faf9324e59bc11bd72d8ff79b8fb33" + }, + { + "alg": "SHA-256", + "content": "9dfc129738cbf6c04a0a6bce388f6cabe0212abfb4f7011997477d657c552b2f" + } + ] + }, + { + "bom-ref": "3808baf814d3a75c", + "type": "file", + "name": "/usr/bin/dircolors", + "hashes": [ + { + "alg": "SHA-1", + "content": "527fc023104da8e34cb2b883a48fb4d9a0563f10" + }, + { + "alg": "SHA-256", + "content": "db0b3071d1896d4cb925e2539b959071d3dd028501e989ae051a7cc2923a131d" + } + ] + }, + { + "bom-ref": "d3dfe363c4518619", + "type": "file", + "name": "/usr/bin/dirname", + "hashes": [ + { + "alg": "SHA-1", + "content": "dc3de909d1832ff6748cb739026407460280ca22" + }, + { + "alg": "SHA-256", + "content": "79eb20166b1c6e3c720bbd9d1b7093dba753747f4a9c86c20efd24cfa1b7cd02" + } + ] + }, + { + "bom-ref": "0d4ca6c562d852f9", + "type": "file", + "name": "/usr/bin/du", + "hashes": [ + { + "alg": "SHA-1", + "content": "89891569832c12c079cdf123b5ab43ecafb72e28" + }, + { + "alg": "SHA-256", + "content": "4f987dcb68ff9790a7da315f18dba495258e0689c9c145cba4ae33bbf1153ef1" + } + ] + }, + { + "bom-ref": "bea301c1054368b7", + "type": "file", + "name": "/usr/bin/echo", + "hashes": [ + { + "alg": "SHA-1", + "content": "0f7c8d46f52cf0f9319631541c308471113cf022" + }, + { + "alg": "SHA-256", + "content": "5e2e65807f2d7416260cc04c62a37b6aa14c3336632709406a6eb5e20a25676e" + } + ] + }, + { + "bom-ref": "544b26d2152532b2", + "type": "file", + "name": "/usr/bin/env", + "hashes": [ + { + "alg": "SHA-1", + "content": "b84d0d2d85f4a9d818c4f9e8f61af524d7994601" + }, + { + "alg": "SHA-256", + "content": "3164957405d820d74c59ce94cbe8e20eafa4d25366f53e4de9e3f4a149a9576c" + } + ] + }, + { + "bom-ref": "fe9db330a6ced29d", + "type": "file", + "name": "/usr/bin/expand", + "hashes": [ + { + "alg": "SHA-1", + "content": "7c94424e1096ee9016cbf4ccf67affa7f001ddf2" + }, + { + "alg": "SHA-256", + "content": "b2f2c111df45d87cb069e96a9152847d31a40d2357e770d4c943d04afe6e1acd" + } + ] + }, + { + "bom-ref": "461b28a03c440a0d", + "type": "file", + "name": "/usr/bin/expr", + "hashes": [ + { + "alg": "SHA-1", + "content": "ef6ef0b52f22bfce633811b04704bb0dc2ea60cb" + }, + { + "alg": "SHA-256", + "content": "27afd110fdd08ce37ae374cdb19348dc82db58b2a299d601b1a202e524ffad7c" + } + ] + }, + { + "bom-ref": "8174a59113d54fa2", + "type": "file", + "name": "/usr/bin/factor", + "hashes": [ + { + "alg": "SHA-1", + "content": "521757b7c3e1d1196a16227c8ae85150f94fe043" + }, + { + "alg": "SHA-256", + "content": "ee9ee5a137e0591cd9cb7c833ea6d132715452b6e8ec15a521d5656825600a51" + } + ] + }, + { + "bom-ref": "dfad1fe2d91edeb0", + "type": "file", + "name": "/usr/bin/false", + "hashes": [ + { + "alg": "SHA-1", + "content": "6a29a4f85de079ff81b73fb9662e691dbd36c313" + }, + { + "alg": "SHA-256", + "content": "deeb84f2992538f7fadfc6946e4e34ce8b491c5d15aac723f2545fc53423609e" + } + ] + }, + { + "bom-ref": "f60c8826d1355380", + "type": "file", + "name": "/usr/bin/find", + "hashes": [ + { + "alg": "SHA-1", + "content": "287c69debabeca01b282eac451ea0935562fe352" + }, + { + "alg": "SHA-256", + "content": "a12f7a245a3366f9a79e6780a71c769716452dbedf6d0b1d5d854743ff3eb902" + } + ] + }, + { + "bom-ref": "3e0a0208162355ef", + "type": "file", + "name": "/usr/bin/fmt", + "hashes": [ + { + "alg": "SHA-1", + "content": "1dfbeba5c1b0e1c8ad8f0ec9b9d744320998baa9" + }, + { + "alg": "SHA-256", + "content": "64eb499e5fcea80a3132b009285321317b2660173d3052ca3dc9c3871f07e0e8" + } + ] + }, + { + "bom-ref": "ceacea456c269068", + "type": "file", + "name": "/usr/bin/fold", + "hashes": [ + { + "alg": "SHA-1", + "content": "9599458a301ca99670389aa530baaf134a8a7814" + }, + { + "alg": "SHA-256", + "content": "1af788b3e940772d2d061a2868af5e034faf977d2d7158cbefa3e56a05304049" + } + ] + }, + { + "bom-ref": "06db0aac5cdcba72", + "type": "file", + "name": "/usr/bin/gapplication", + "hashes": [ + { + "alg": "SHA-1", + "content": "ecc9fd34b7770f2d80c2abeff6f72d932a4860f0" + }, + { + "alg": "SHA-256", + "content": "97f5cf2aebfcb29af00de68077e098b06957a1730154eeab0298a76ad73ffda0" + } + ] + }, + { + "bom-ref": "8b573813f1675648", + "type": "file", + "name": "/usr/bin/gdbus", + "hashes": [ + { + "alg": "SHA-1", + "content": "3e897b7af3ebc2b7a7a6ff1f996cdcf7420e3ecf" + }, + { + "alg": "SHA-256", + "content": "6340348726aba9d85dfdc91574d48d94a21f810803f5bc72a33db106edf22c1c" + } + ] + }, + { + "bom-ref": "fc282208ed48aa6f", + "type": "file", + "name": "/usr/bin/gencat", + "hashes": [ + { + "alg": "SHA-1", + "content": "de3b0472194bc82921baba526d5c182d5002d8be" + }, + { + "alg": "SHA-256", + "content": "2d4fd18b1b005445e1b63f5bf3ddef52a4cdc7eec37dc01090d6de08e9df8cd0" + } + ] + }, + { + "bom-ref": "64fe31773eb4999e", + "type": "file", + "name": "/usr/bin/getconf", + "hashes": [ + { + "alg": "SHA-1", + "content": "81140d839d18f2761b00df07b72c3fef8a43c11a" + }, + { + "alg": "SHA-256", + "content": "f01154b2747461aa3011213d2a2d018d04bf4241ebc0649822a28b9d863eb370" + } + ] + }, + { + "bom-ref": "402379cda2734cb1", + "type": "file", + "name": "/usr/bin/getent", + "hashes": [ + { + "alg": "SHA-1", + "content": "6031c6974cd56cbb19dd3a8cc33ae95793b021a0" + }, + { + "alg": "SHA-256", + "content": "3e8afb78f9ec759e5a62dd385aa092844fbbc5f1d01e9c56484bbde799a099b0" + } + ] + }, + { + "bom-ref": "11302a785a1ce540", + "type": "file", + "name": "/usr/bin/gio", + "hashes": [ + { + "alg": "SHA-1", + "content": "03f0ec9c91e77256b87f4aaa30e5c72d2bc035e8" + }, + { + "alg": "SHA-256", + "content": "1504f592d1a21398522ab3eacafc8fae1726985a54543a725d531368c1f8bd52" + } + ] + }, + { + "bom-ref": "f7346e98a83a716a", + "type": "file", + "name": "/usr/bin/gio-querymodules-64", + "hashes": [ + { + "alg": "SHA-1", + "content": "9a4464b948f9f53efab98861f5f7578db32ba0a0" + }, + { + "alg": "SHA-256", + "content": "968a25d1c83d5e2d6d975689858d586be554e70263952199bd9d3286be7d9c50" + } + ] + }, + { + "bom-ref": "d6f141d5e13b0ae0", + "type": "file", + "name": "/usr/bin/glib-compile-schemas", + "hashes": [ + { + "alg": "SHA-1", + "content": "82ef59c46063d516b9f061077c95ac946b0e11e4" + }, + { + "alg": "SHA-256", + "content": "1807e7b02c847294dd8536791843a6a1d8997dac3b741329258431b037f1c736" + } + ] + }, + { + "bom-ref": "ec72e729f0fd3a67", + "type": "file", + "name": "/usr/bin/gpasswd", + "hashes": [ + { + "alg": "SHA-1", + "content": "70ac5047bb92a3a300ebe9e13c24d3a137e509a7" + }, + { + "alg": "SHA-256", + "content": "1b9c0ff43bcc29c7a7d1a59c12c4373b52d80f82a4f2438a4a24f746ff9ae0b0" + } + ] + }, + { + "bom-ref": "9d343b0c0a3dc26b", + "type": "file", + "name": "/usr/bin/groups", + "hashes": [ + { + "alg": "SHA-1", + "content": "d687c82683c0a3df72e335fd33938476a6abb3c5" + }, + { + "alg": "SHA-256", + "content": "80c0a1f602b5a30973ef4aff1549ab8f0c57415f1a1269c60fd463e51bc599f5" + } + ] + }, + { + "bom-ref": "9a640bfc7a35e27b", + "type": "file", + "name": "/usr/bin/gsettings", + "hashes": [ + { + "alg": "SHA-1", + "content": "a8394a4daa8d8e540dd3d78bbeba25829e59e931" + }, + { + "alg": "SHA-256", + "content": "c1fb6c8163c88547292c2ab8713903ff491531350d2c08763033c01d6b18318f" + } + ] + }, + { + "bom-ref": "6a36f3048b5f9e23", + "type": "file", + "name": "/usr/bin/head", + "hashes": [ + { + "alg": "SHA-1", + "content": "b91a8a58197c97c537e2c6de70888b7ef72279c5" + }, + { + "alg": "SHA-256", + "content": "d9265e0e806df2362b9e6b476b8b16cef39979c6e1ec9f51aae90f202b94a6d4" + } + ] + }, + { + "bom-ref": "b9ef157d7a552dc5", + "type": "file", + "name": "/usr/bin/hostid", + "hashes": [ + { + "alg": "SHA-1", + "content": "5e0ed73ba60f5bd2f9ade65c6ac229a5da8c0e06" + }, + { + "alg": "SHA-256", + "content": "a755dbdf0e3c215642c5dad5c02c6b69f1c533fc253aa5206e634cae9a601fff" + } + ] + }, + { + "bom-ref": "75601b8758c5c606", + "type": "file", + "name": "/usr/bin/iconv", + "hashes": [ + { + "alg": "SHA-1", + "content": "9d6b7c9d2b6bbd00fa4d7e9ea514ee4976207447" + }, + { + "alg": "SHA-256", + "content": "9df92fd65adc5a01b5c74c505b6e8bdae87a32df88745f6259941933f773ba29" + } + ] + }, + { + "bom-ref": "33fcc6393c0ff3b9", + "type": "file", + "name": "/usr/bin/id", + "hashes": [ + { + "alg": "SHA-1", + "content": "f9612c5a18e927cd54d137e938233210f0e7b6f9" + }, + { + "alg": "SHA-256", + "content": "44cd8c4e4d7c0abda1cf8f4d3cb8c3eaa3a099e3583226a71b7b2717862293d3" + } + ] + }, + { + "bom-ref": "8da665206da2605c", + "type": "file", + "name": "/usr/bin/install", + "hashes": [ + { + "alg": "SHA-1", + "content": "b3d17f305f320fefe148784928cb2d37c0314ae2" + }, + { + "alg": "SHA-256", + "content": "a1e9d54276f52269bf3f3c4787159a8582d093acb918026a389bb03ae886424b" + } + ] + }, + { + "bom-ref": "1d7f2b7ddde30ecf", + "type": "file", + "name": "/usr/bin/join", + "hashes": [ + { + "alg": "SHA-1", + "content": "b410ff0dde7f8d3c9b8a0c73d0171f9fb43ae8aa" + }, + { + "alg": "SHA-256", + "content": "9b4380b504cfba01d655f9102279abc3fa6105a4e107aa409912de8407ce7514" + } + ] + }, + { + "bom-ref": "d4005ba7fec7534c", + "type": "file", + "name": "/usr/bin/lastlog", + "hashes": [ + { + "alg": "SHA-1", + "content": "eed1c2a36e967a81f4ab333e62c46bd9d49ce073" + }, + { + "alg": "SHA-256", + "content": "203580c2537f42b4efd7d1067b1d9d678d5ee3353b5a139bcf7214eaa1f87f40" + } + ] + }, + { + "bom-ref": "ab68aceb1603e266", + "type": "file", + "name": "/usr/bin/ldd", + "hashes": [ + { + "alg": "SHA-1", + "content": "45557090d4ddf6fe984027a45c6fbc193d21a649" + }, + { + "alg": "SHA-256", + "content": "2e332feed7fe0d65afca81d83d07f997917c07d5c1f1fd5564e98330e78aa0b5" + } + ] + }, + { + "bom-ref": "2c9b2ae407d86fc3", + "type": "file", + "name": "/usr/bin/link", + "hashes": [ + { + "alg": "SHA-1", + "content": "0e33c18f86779f212affcefe9135769856c836ec" + }, + { + "alg": "SHA-256", + "content": "821714203f91ff6532c52ae3f871e0130435b6ba1f1f08d2d1f7bbc6693c0caf" + } + ] + }, + { + "bom-ref": "7997369f78b8711f", + "type": "file", + "name": "/usr/bin/ln", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f14c273cb9fc438b0917982131cf345049e3965" + }, + { + "alg": "SHA-256", + "content": "085d5f728f31abf16f2e2b6f848b10e987c2ddcf160cb9a8f12378de2b6c6657" + } + ] + }, + { + "bom-ref": "9c64a140bb800cff", + "type": "file", + "name": "/usr/bin/locale", + "hashes": [ + { + "alg": "SHA-1", + "content": "4c77ddfab62739bbe158470438b00ea1224ca4c1" + }, + { + "alg": "SHA-256", + "content": "826d99ca59ea56a0df2a4415176ce2554c6a53ea199700314ddaf1f5b2fe4cfd" + } + ] + }, + { + "bom-ref": "fb7925b2ec23b7e9", + "type": "file", + "name": "/usr/bin/localedef", + "hashes": [ + { + "alg": "SHA-1", + "content": "fd2ab90872a1d1ac9b528655aa84764ecf8e1c24" + }, + { + "alg": "SHA-256", + "content": "6ce825bf92f8a07b4921430a093cd0410a7ded09004c81a10866ec2bf9b764a5" + } + ] + }, + { + "bom-ref": "c08b9f0c72a8631c", + "type": "file", + "name": "/usr/bin/logname", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad619b65f76115eaa2fbae63f2be1f6f8d44ae05" + }, + { + "alg": "SHA-256", + "content": "55fbba98b8cf7ccc3d0920e6630b525360603b1db4c72c955e6d3a09f8602b68" + } + ] + }, + { + "bom-ref": "6028286556616715", + "type": "file", + "name": "/usr/bin/ls", + "hashes": [ + { + "alg": "SHA-1", + "content": "27e9d6b6d89b0769569189f37f15b6389071d09c" + }, + { + "alg": "SHA-256", + "content": "309b3c9a3246361ec0338641aed3c14e7f91e23e7cf10de000c75135ba99fddd" + } + ] + }, + { + "bom-ref": "8ee41d4c6e9953ef", + "type": "file", + "name": "/usr/bin/make-dummy-cert", + "hashes": [ + { + "alg": "SHA-1", + "content": "47a0a71176443e0fddbc421f957c15fc18f900db" + }, + { + "alg": "SHA-256", + "content": "cfd4277160871e6446e2b6d61f2f66d76ee5598584d2323376fbed1f57a00127" + } + ] + }, + { + "bom-ref": "df0d483d6d8698cc", + "type": "file", + "name": "/usr/bin/md5sum", + "hashes": [ + { + "alg": "SHA-1", + "content": "59f153e6b32f1ec4d67cfb47bd3cde9c94edf86a" + }, + { + "alg": "SHA-256", + "content": "ec74d410b372b48ef2b522cb903d48184f299c9290e5fa430fda73009e1ba468" + } + ] + }, + { + "bom-ref": "e3c4434cb39b0d8d", + "type": "file", + "name": "/usr/bin/mkdir", + "hashes": [ + { + "alg": "SHA-1", + "content": "2f38e605397a87ba40254f1e643fd42aa484cabc" + }, + { + "alg": "SHA-256", + "content": "3d79925b34d75033957c123dcdb7d9d74bbdf2135ae401aeecd1c7fdbec0541b" + } + ] + }, + { + "bom-ref": "88f4bc5e0bfe84ef", + "type": "file", + "name": "/usr/bin/mkfifo", + "hashes": [ + { + "alg": "SHA-1", + "content": "32970bbb076f05e95d6d841a1659c621ccc84bcb" + }, + { + "alg": "SHA-256", + "content": "3abebd9dd438dfffcd6f958488172a3b403dfa0eac1ac0e1b8c26e94b61472c4" + } + ] + }, + { + "bom-ref": "a8f59c988de64619", + "type": "file", + "name": "/usr/bin/mknod", + "hashes": [ + { + "alg": "SHA-1", + "content": "a2838bb5f1c76580efd23567ea42b7eaabd3afcc" + }, + { + "alg": "SHA-256", + "content": "e0aea7b102cdd165cf69e86c9b72bf9f1610f063a41379ff98e6abd7767a0f0c" + } + ] + }, + { + "bom-ref": "f922a4af4b958b54", + "type": "file", + "name": "/usr/bin/mktemp", + "hashes": [ + { + "alg": "SHA-1", + "content": "96190da1106c4247f1b8e043862d44e0d254e90b" + }, + { + "alg": "SHA-256", + "content": "79dab18e96e909ca19e901731bd14bbd182327ed34050ad15d3c22186c112601" + } + ] + }, + { + "bom-ref": "b315a3fe6e89f6af", + "type": "file", + "name": "/usr/bin/mv", + "hashes": [ + { + "alg": "SHA-1", + "content": "0e78f29dce6a6f93c05910f19530574452f774d7" + }, + { + "alg": "SHA-256", + "content": "6ee04af6a9560da8304d298561d76ecc42ce167cd37496cbbee5f7975b2b6c83" + } + ] + }, + { + "bom-ref": "cee3d27dbb7a4d8c", + "type": "file", + "name": "/usr/bin/newgidmap", + "hashes": [ + { + "alg": "SHA-1", + "content": "03e027b2a3afe4ed1e54cea5f8b4f12b6d3add5d" + }, + { + "alg": "SHA-256", + "content": "960116f9e9adc30ffbad051a78119196b3567d477680db5143c91467c410d465" + } + ] + }, + { + "bom-ref": "931f29023ddf6706", + "type": "file", + "name": "/usr/bin/newgrp", + "hashes": [ + { + "alg": "SHA-1", + "content": "0859805debe1d7dcb99599aad45ba40545cfb4f3" + }, + { + "alg": "SHA-256", + "content": "b1c7720e7c518bea3aa6a171846e8a089446e5e386e377bbfc162bcfd3d2ba49" + } + ] + }, + { + "bom-ref": "2c3538d1f4b313d8", + "type": "file", + "name": "/usr/bin/newuidmap", + "hashes": [ + { + "alg": "SHA-1", + "content": "5c9a308d5e04374e9f98000b62b5825db2e0d482" + }, + { + "alg": "SHA-256", + "content": "d796755c9b01ee87a2a0cbe88e6d4f145b1d1afbba42172bb6ed05e52c836b15" + } + ] + }, + { + "bom-ref": "d467c883214fdfaf", + "type": "file", + "name": "/usr/bin/nice", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f2dcd17b39ad2ffa17e0e92ee766266f55abf9f" + }, + { + "alg": "SHA-256", + "content": "05dd64c5d88a6308828a66bdf10fe43a1d762bdf9867eddd1613ed95abcd9eb8" + } + ] + }, + { + "bom-ref": "8ca713d9ce28c6c8", + "type": "file", + "name": "/usr/bin/nl", + "hashes": [ + { + "alg": "SHA-1", + "content": "e4eaac987f6b05b44e3bf898f549135dddef0aa0" + }, + { + "alg": "SHA-256", + "content": "9cebdddb5c913efd5a2e2056790c58a4b1f0ea753ab776209f620c8aefaa88d4" + } + ] + }, + { + "bom-ref": "88c5c7b7b7f31d92", + "type": "file", + "name": "/usr/bin/nohup", + "hashes": [ + { + "alg": "SHA-1", + "content": "0a9e175d7640c094ac4992dccc3c60707b31b5d1" + }, + { + "alg": "SHA-256", + "content": "1d120028b00ffd10dc5d2bdb8725cccd994206809a17897b7dfa7d9852b4a109" + } + ] + }, + { + "bom-ref": "941b8b9c01250526", + "type": "file", + "name": "/usr/bin/nproc", + "hashes": [ + { + "alg": "SHA-1", + "content": "9de95968bee11e95d7431aaf61c83ba2a4468e75" + }, + { + "alg": "SHA-256", + "content": "802d57a2bb4a148ce86b5987d42de833613df533033939621c98af7c83ed10a9" + } + ] + }, + { + "bom-ref": "b9c731f240f51940", + "type": "file", + "name": "/usr/bin/numfmt", + "hashes": [ + { + "alg": "SHA-1", + "content": "466de75850dd7c132427b2d022d06cdd095df214" + }, + { + "alg": "SHA-256", + "content": "a2d0a24b66f7e706d20cdbf400f0fb170c9737de1f33707639ac83b0c6eb1fe7" + } + ] + }, + { + "bom-ref": "7728a96ffaeb0a44", + "type": "file", + "name": "/usr/bin/od", + "hashes": [ + { + "alg": "SHA-1", + "content": "5fc21e046850c4dea847d10cf48de31df3e8a996" + }, + { + "alg": "SHA-256", + "content": "28cee197c00cc74e4020bc2c63ef4a47269bfc42a0514e8ac39b93d1c9fb5c79" + } + ] + }, + { + "bom-ref": "bd9492321caa4c92", + "type": "file", + "name": "/usr/bin/openssl", + "hashes": [ + { + "alg": "SHA-1", + "content": "802b32ff8791cd5276b9537fe68463de0c0690c1" + }, + { + "alg": "SHA-256", + "content": "567921353e959d24997de445494075b780c7faacc1583c18a23f85d09c88bdc7" + } + ] + }, + { + "bom-ref": "d9e693836ef87035", + "type": "file", + "name": "/usr/bin/paste", + "hashes": [ + { + "alg": "SHA-1", + "content": "6d14aa0f379322bc2099e2572dd5e69d74f3c9a9" + }, + { + "alg": "SHA-256", + "content": "8bc3ecc3066cf717ff77c775897786c7ffbc96d8b4e7bf74ac0d1b1429840cbb" + } + ] + }, + { + "bom-ref": "bc17b45a7346d4d6", + "type": "file", + "name": "/usr/bin/pathchk", + "hashes": [ + { + "alg": "SHA-1", + "content": "4a12dc81e91b470ee653874d8a16cbf0b77a847e" + }, + { + "alg": "SHA-256", + "content": "c75cdb9159c70035a4fb0c266c75b7046a5e0c65770f1abd3955169ee84495cc" + } + ] + }, + { + "bom-ref": "8e68499e4c58f652", + "type": "file", + "name": "/usr/bin/pinky", + "hashes": [ + { + "alg": "SHA-1", + "content": "9d5fbfd3630dab9361c7ba1360d0f57685c5cf21" + }, + { + "alg": "SHA-256", + "content": "99376200da341d1d415806ebe99b80bdab70f8e9fecc9faf16b97dd9a0038062" + } + ] + }, + { + "bom-ref": "c71625ca0ae03d90", + "type": "file", + "name": "/usr/bin/pldd", + "hashes": [ + { + "alg": "SHA-1", + "content": "0047c37c4b686a8d73eb8c806f0c10a8ecbf8a09" + }, + { + "alg": "SHA-256", + "content": "8ce9b7397fb7661f8fbc87dfc2d12b4d44555425d20f6771e90880283084d4cc" + } + ] + }, + { + "bom-ref": "25c8cb45e6ef8bc8", + "type": "file", + "name": "/usr/bin/pr", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f81df2310ad8fa8a25291552d2223c7caa1b38f" + }, + { + "alg": "SHA-256", + "content": "a01cee18df2195a84845ab441c0860ccd2e60fe8420165a46450c4215759c2a4" + } + ] + }, + { + "bom-ref": "71b77256524029a4", + "type": "file", + "name": "/usr/bin/printenv", + "hashes": [ + { + "alg": "SHA-1", + "content": "e34f63c0fd760b82fdc2fb423a0ac9d86326ca74" + }, + { + "alg": "SHA-256", + "content": "d28a352be84024a34f072b7c6a26b94aa87a2e76b90f437107d9b7eeebd0053c" + } + ] + }, + { + "bom-ref": "078a87259774791f", + "type": "file", + "name": "/usr/bin/printf", + "hashes": [ + { + "alg": "SHA-1", + "content": "72fe02a8bc6fb958c4181f15fbd7d821fb9d69ab" + }, + { + "alg": "SHA-256", + "content": "129f7bcc2ae4d017b79e41c979ebfa18fc9052d4186538c25d736bfd2e397280" + } + ] + }, + { + "bom-ref": "dea9371d2e47745d", + "type": "file", + "name": "/usr/bin/ptx", + "hashes": [ + { + "alg": "SHA-1", + "content": "cbad420a1f8db2821352f3a1b23cc9076fe064db" + }, + { + "alg": "SHA-256", + "content": "4d3ecca846d94b352b5ba97887e413980af43df47f393f860ed07ed3af0ef681" + } + ] + }, + { + "bom-ref": "4356d92199f25d2e", + "type": "file", + "name": "/usr/bin/pwd", + "hashes": [ + { + "alg": "SHA-1", + "content": "48594a8abb7f13c85be045d8659a64a6fabad41e" + }, + { + "alg": "SHA-256", + "content": "efabc0b34ff064d6a99456f5f74490573f8b9db6d1bf9450ad2e0aae0402b89c" + } + ] + }, + { + "bom-ref": "265ca13d36eb9a9f", + "type": "file", + "name": "/usr/bin/readlink", + "hashes": [ + { + "alg": "SHA-1", + "content": "720b77521af81b3ec5738f6983fe5df2bd6e9358" + }, + { + "alg": "SHA-256", + "content": "b84234996da12c81e5762285b91ae7681342e012612df920b94ae0bd1557884f" + } + ] + }, + { + "bom-ref": "1f88fb5719c35c4f", + "type": "file", + "name": "/usr/bin/realpath", + "hashes": [ + { + "alg": "SHA-1", + "content": "4fbfcc77e12dcebef21b16a83af48201abb92c7e" + }, + { + "alg": "SHA-256", + "content": "504d523de86fa1463b8d96abf3cdd7ec8e85571593bc95650130c83ee8ff20cf" + } + ] + }, + { + "bom-ref": "80a60d7b813a682b", + "type": "file", + "name": "/usr/bin/renew-dummy-cert", + "hashes": [ + { + "alg": "SHA-1", + "content": "b7184bf7749e8cd85cb6c69d7ea08a47036a7e77" + }, + { + "alg": "SHA-256", + "content": "628d284ecb0d1abc737d58e771d1f7cab172c31df228699305eac299517fb5be" + } + ] + }, + { + "bom-ref": "b8f0751fbb447dc8", + "type": "file", + "name": "/usr/bin/rm", + "hashes": [ + { + "alg": "SHA-1", + "content": "903a4aa5e26a0e53254b945e6ed66d1d6f6d11bb" + }, + { + "alg": "SHA-256", + "content": "c909af3f4c8ae30d059b96a9cf7b097db39159d161622b95190d60d25a5db776" + } + ] + }, + { + "bom-ref": "ead172520b1e7e9b", + "type": "file", + "name": "/usr/bin/rmdir", + "hashes": [ + { + "alg": "SHA-1", + "content": "7b6258ad372f3433582b24e8ea4d0bb5576aa3a0" + }, + { + "alg": "SHA-256", + "content": "6e999e3d0c2ccfeb001f513f6a6f51c5121327894ea279e2682b4b8272c4bca8" + } + ] + }, + { + "bom-ref": "f8dfa8c598243359", + "type": "file", + "name": "/usr/bin/rpm", + "hashes": [ + { + "alg": "SHA-1", + "content": "f8f3bc53a77750ef8092992f855def815b966a5a" + }, + { + "alg": "SHA-256", + "content": "4a07f33c47a60ec3c1ceaea8b3d8455f2ff24931f9910aa7c524c2b87749d407" + } + ] + }, + { + "bom-ref": "c0694eb564b439d2", + "type": "file", + "name": "/usr/bin/rpm2archive", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f830416a71f253f8992389550b1b21bdd0b03a0" + }, + { + "alg": "SHA-256", + "content": "5657992744d9b4c57748a77f2fea99c773186d74debb393127567923cfdaeeca" + } + ] + }, + { + "bom-ref": "28a09a6d00e432e5", + "type": "file", + "name": "/usr/bin/rpm2cpio", + "hashes": [ + { + "alg": "SHA-1", + "content": "524d1e35b17f25ce71d42d995c07bae662606560" + }, + { + "alg": "SHA-256", + "content": "2611d94df5ed29e72bd8f51feeaa527cfd2b04f07ed96adf1c11c75f5c86bbe4" + } + ] + }, + { + "bom-ref": "ca069608975818cd", + "type": "file", + "name": "/usr/bin/rpmdb", + "hashes": [ + { + "alg": "SHA-1", + "content": "6bee17ff4f853b65e85ac6e0a1f7a5d1954eb071" + }, + { + "alg": "SHA-256", + "content": "e024162a018ebbec2d2e6aed8a70e6b939135332016ffd29884091e0dce76213" + } + ] + }, + { + "bom-ref": "5060c67d3dd6ce6e", + "type": "file", + "name": "/usr/bin/rpmkeys", + "hashes": [ + { + "alg": "SHA-1", + "content": "5abcd6b01d7c0d18ce43176efcea9fe0a57e2650" + }, + { + "alg": "SHA-256", + "content": "4cc743d879ac8fa5d9c4e13a43eb24ab130516e776c52ab669a426692f867820" + } + ] + }, + { + "bom-ref": "cb618c4b8c037138", + "type": "file", + "name": "/usr/bin/runcon", + "hashes": [ + { + "alg": "SHA-1", + "content": "f0b74a6c7103b76887fd753be504ae3a16e2b9b5" + }, + { + "alg": "SHA-256", + "content": "7ee2793317816a3898f317c53f3ae9324f9e245e52e9df7014553daeaf99b9f8" + } + ] + }, + { + "bom-ref": "5c1ca5b1d84a25fe", + "type": "file", + "name": "/usr/bin/seq", + "hashes": [ + { + "alg": "SHA-1", + "content": "3ac2fb84bf15e169527d7bdf55ad8b5e228af851" + }, + { + "alg": "SHA-256", + "content": "bb11a10b8a0f5c8e974b844f2fb6c94f81d50ed2508f4583235d4cbe8bc0fbc6" + } + ] + }, + { + "bom-ref": "06db0d5547f53281", + "type": "file", + "name": "/usr/bin/sha1sum", + "hashes": [ + { + "alg": "SHA-1", + "content": "bc8e4e25974ed24d035a193b9d73bfee54958003" + }, + { + "alg": "SHA-256", + "content": "c5e5033951d2d051b6a8412aab455294f2ec529aec279e2bc1600d21dd242a7d" + } + ] + }, + { + "bom-ref": "bc40c98387d40c0b", + "type": "file", + "name": "/usr/bin/sha224sum", + "hashes": [ + { + "alg": "SHA-1", + "content": "7310a416702b8dc0c2af27d0750aa4916d1bd335" + }, + { + "alg": "SHA-256", + "content": "7737b55fb338ea353ae400752f720edbcf38ef09b84ef9be9985195853a62d0d" + } + ] + }, + { + "bom-ref": "82c2f6b68752383b", + "type": "file", + "name": "/usr/bin/sha256sum", + "hashes": [ + { + "alg": "SHA-1", + "content": "f207dbd127187de6590a9b245b25982fcf241ccc" + }, + { + "alg": "SHA-256", + "content": "377e96d9304a3e91119a58155becca958b4dc286c203ea2917ebeadba183db1c" + } + ] + }, + { + "bom-ref": "2f7824beeae17415", + "type": "file", + "name": "/usr/bin/sha384sum", + "hashes": [ + { + "alg": "SHA-1", + "content": "f93e81d3e93639913be9d934040e76471a2aca07" + }, + { + "alg": "SHA-256", + "content": "94e88e0dcf5ee93b44fed867bf4e42e737dfac9ca957247489264bbf1b2f6ec7" + } + ] + }, + { + "bom-ref": "2e22b86fe576d2fc", + "type": "file", + "name": "/usr/bin/sha512sum", + "hashes": [ + { + "alg": "SHA-1", + "content": "1ed28781164c4b0598f64edd9c9b68b8accff86b" + }, + { + "alg": "SHA-256", + "content": "23809accfe32a32da5b0fdb65f6d638f96f3c48be4fa59c41a04067677daec6e" + } + ] + }, + { + "bom-ref": "78c64b29850751ed", + "type": "file", + "name": "/usr/bin/shred", + "hashes": [ + { + "alg": "SHA-1", + "content": "1b6acb6267be464343dfde0809bc5ac5685484d1" + }, + { + "alg": "SHA-256", + "content": "b06cd470398f9e5505b962475935ce2922ad8b8f24d469e55ca398c6a4c840fe" + } + ] + }, + { + "bom-ref": "6551339451ed4e59", + "type": "file", + "name": "/usr/bin/shuf", + "hashes": [ + { + "alg": "SHA-1", + "content": "bb2127fd4acf163e24acae97369b20591a0ade64" + }, + { + "alg": "SHA-256", + "content": "76918b2e6df2cd31f4e6812766b003fb4a037507d12e089e4a513f8f13c312e1" + } + ] + }, + { + "bom-ref": "9020f49b86409025", + "type": "file", + "name": "/usr/bin/sleep", + "hashes": [ + { + "alg": "SHA-1", + "content": "a7d45326d7045b85cfe5eed8b7e5f6c3dd44078d" + }, + { + "alg": "SHA-256", + "content": "96f0366d3535f1556981c0ccc68c160328eb6f2757971e15642d585b2cd1f344" + } + ] + }, + { + "bom-ref": "73eba117e1b20f85", + "type": "file", + "name": "/usr/bin/sort", + "hashes": [ + { + "alg": "SHA-1", + "content": "cc55a192535438eecadeff31fc3a73f8a4050061" + }, + { + "alg": "SHA-256", + "content": "7db440f4b4270d53050569407160d7f7c23fd7832394ce9bfbbc0b1d6e7e7dac" + } + ] + }, + { + "bom-ref": "da6893d8b64d3642", + "type": "file", + "name": "/usr/bin/sotruss", + "hashes": [ + { + "alg": "SHA-1", + "content": "bb4d462d733966a97a40eabeb9094d98b68b0e69" + }, + { + "alg": "SHA-256", + "content": "a01e33a22e131e727a069bfe82faeda8f58fede0dd4966f88300fe9ec1fa8496" + } + ] + }, + { + "bom-ref": "8e0bbaa4e4ba02c6", + "type": "file", + "name": "/usr/bin/split", + "hashes": [ + { + "alg": "SHA-1", + "content": "996fd666370fba16add476d7d329273a3adbb2d9" + }, + { + "alg": "SHA-256", + "content": "9b963841b57f729c71909fe9d4c5f1644aea4260b736b37050b35f18ab82b4ab" + } + ] + }, + { + "bom-ref": "01e3295cf525038a", + "type": "file", + "name": "/usr/bin/sprof", + "hashes": [ + { + "alg": "SHA-1", + "content": "293c4ddaba343a81373e3edfd0733b770994dbda" + }, + { + "alg": "SHA-256", + "content": "97f497f325859d13de6c5d1f1e0489ef6ea892e299da344d1fa7f01286dfd39b" + } + ] + }, + { + "bom-ref": "aa95fe9a066fd0be", + "type": "file", + "name": "/usr/bin/stat", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f69f0ff28c5130a1f6456a67c0fc313250c074d" + }, + { + "alg": "SHA-256", + "content": "9f6ffbf89d8463633790130b1d79999e1f5ef72fa63ac128eefc19101116b4d3" + } + ] + }, + { + "bom-ref": "f411654f922fadee", + "type": "file", + "name": "/usr/bin/stdbuf", + "hashes": [ + { + "alg": "SHA-1", + "content": "9b3c7d4a67bbd37a222afa34fe7aa5cf5c23e92f" + }, + { + "alg": "SHA-256", + "content": "64ca8854673bbe7597c0be2ebc1ea1248e16a022e07216fe5ff2af5af1408cd7" + } + ] + }, + { + "bom-ref": "9e82d0c55444d9af", + "type": "file", + "name": "/usr/bin/stty", + "hashes": [ + { + "alg": "SHA-1", + "content": "9307c56df9cb966f76a634c0746d42d5f8ce2ebe" + }, + { + "alg": "SHA-256", + "content": "347183bf373a494eb701af0b8f2c2c7d296a6ac1a90fad3cfe4745d236bd0dc9" + } + ] + }, + { + "bom-ref": "9fd078013bce73a3", + "type": "file", + "name": "/usr/bin/sum", + "hashes": [ + { + "alg": "SHA-1", + "content": "9bdfc613fdc7339e6ea8e9810331beda4d794977" + }, + { + "alg": "SHA-256", + "content": "4f443e4c6d5063c4affc2b9d12852eab4c4eb675e323603441b0cc96fb9c2389" + } + ] + }, + { + "bom-ref": "27557935309fffaf", + "type": "file", + "name": "/usr/bin/sync", + "hashes": [ + { + "alg": "SHA-1", + "content": "6ba9e0a1e2eed62ac07cb1a96debd492597c648b" + }, + { + "alg": "SHA-256", + "content": "5f3ecf316cc8d0461cdc69e55f97c575a2c37f250e77461ac6241d049d65b177" + } + ] + }, + { + "bom-ref": "045839e332bd074b", + "type": "file", + "name": "/usr/bin/tac", + "hashes": [ + { + "alg": "SHA-1", + "content": "989e56cc65e99a8f17cd6c8c864301dce35682e8" + }, + { + "alg": "SHA-256", + "content": "054324a3bf86ff8d7de940b38abfea90434de3f7e6dbfb68c28fef13ab194a4b" + } + ] + }, + { + "bom-ref": "2957aae07091a3ba", + "type": "file", + "name": "/usr/bin/tail", + "hashes": [ + { + "alg": "SHA-1", + "content": "7268458ab70a426daf11cdaabe465db2f35d3eef" + }, + { + "alg": "SHA-256", + "content": "c84b690e840c9297566787aa939370f9b2e181e01c91b727e77ae07865f06c1a" + } + ] + }, + { + "bom-ref": "1636a85d52c489d5", + "type": "file", + "name": "/usr/bin/tee", + "hashes": [ + { + "alg": "SHA-1", + "content": "0da9a1b60462925e9afc05f3176c0a273623380f" + }, + { + "alg": "SHA-256", + "content": "97a3eca66552d324751b1e8e5af6ca4295328b98fa57bc43f1f81cc0a53e197e" + } + ] + }, + { + "bom-ref": "40060b01d4e80f69", + "type": "file", + "name": "/usr/bin/test", + "hashes": [ + { + "alg": "SHA-1", + "content": "be4c44bcf58a961241b8bed1dc43d5439b104e2d" + }, + { + "alg": "SHA-256", + "content": "12f025e9fc03f2dde8653295c2c685c1a010120b768a5becc53f61a652469005" + } + ] + }, + { + "bom-ref": "1be594e56e910cf5", + "type": "file", + "name": "/usr/bin/timeout", + "hashes": [ + { + "alg": "SHA-1", + "content": "935c4f99d23fb446cae51887710191f291b21619" + }, + { + "alg": "SHA-256", + "content": "a58c5c3de98fedf0d7199e4e51e6d241169678259b99c21c75e5bbc17b885662" + } + ] + }, + { + "bom-ref": "7be78d5770955fa8", + "type": "file", + "name": "/usr/bin/touch", + "hashes": [ + { + "alg": "SHA-1", + "content": "5cfa434bfcb822d6b1251c802ba40f787c6f76da" + }, + { + "alg": "SHA-256", + "content": "cc4165b10af3012c31ff266d74ec268c5f0ebf0521faf2596141d1b33b9c1309" + } + ] + }, + { + "bom-ref": "26fb773c19e548c0", + "type": "file", + "name": "/usr/bin/tr", + "hashes": [ + { + "alg": "SHA-1", + "content": "d0d23cc713deb1776203813369bdfb2e33873bbd" + }, + { + "alg": "SHA-256", + "content": "e3bb9a0ff998a6452a2652ad9fe93913ed17426812718c0618b769c0a45859be" + } + ] + }, + { + "bom-ref": "10e9321605ed3b26", + "type": "file", + "name": "/usr/bin/true", + "hashes": [ + { + "alg": "SHA-1", + "content": "c1722a4b217bfb26dc2196fbc12c772744d3f486" + }, + { + "alg": "SHA-256", + "content": "c73afb60197c9c64805d2b4ab95efdee8646f8248ff800de2575a11eed8f9f08" + } + ] + }, + { + "bom-ref": "25202def2b28cd94", + "type": "file", + "name": "/usr/bin/truncate", + "hashes": [ + { + "alg": "SHA-1", + "content": "75e44a6f34c669cc3dc19093cd26ec9994d46f94" + }, + { + "alg": "SHA-256", + "content": "e58155261499fd6ba41e6f6cf6b696529f929b2ea82d710b8d0467e28f9eb6b8" + } + ] + }, + { + "bom-ref": "06cf40470ae4ac57", + "type": "file", + "name": "/usr/bin/tsort", + "hashes": [ + { + "alg": "SHA-1", + "content": "6a9933ff7c80153280caf8be59ab896a8cbe957f" + }, + { + "alg": "SHA-256", + "content": "f93ec3a790a5f9283da66b22aa307a9289ba40a6a9f413c74dbb18d243c71da2" + } + ] + }, + { + "bom-ref": "a7684040d49bc8e4", + "type": "file", + "name": "/usr/bin/tty", + "hashes": [ + { + "alg": "SHA-1", + "content": "ee1e0cedda425d84a7bf9819fc6fa3f1e7334059" + }, + { + "alg": "SHA-256", + "content": "47fb87400000912b988e1a8708d99287751c976b942ffb5dacc21316d07fd6d0" + } + ] + }, + { + "bom-ref": "b436ec625d3e4637", + "type": "file", + "name": "/usr/bin/tzselect", + "hashes": [ + { + "alg": "SHA-1", + "content": "bc409f72d805f31ce7b181e73ffa505ec6cd78f2" + }, + { + "alg": "SHA-256", + "content": "895808da0dad628436ef6de05465978b7929fe017d186d7d626c2074e5c345b9" + } + ] + }, + { + "bom-ref": "a19b4b04eca0119a", + "type": "file", + "name": "/usr/bin/uname", + "hashes": [ + { + "alg": "SHA-1", + "content": "67099ab009d2df7d42908c0f5b5688ed8af384a5" + }, + { + "alg": "SHA-256", + "content": "050964cc46affadcf00d817106c47a6bde087fc483fa0643e168a816b76de608" + } + ] + }, + { + "bom-ref": "071dc954e7781a30", + "type": "file", + "name": "/usr/bin/unexpand", + "hashes": [ + { + "alg": "SHA-1", + "content": "0aadcf2c42c2d9e737adcf5a3cedd84d81d0c9ab" + }, + { + "alg": "SHA-256", + "content": "9dd5e2f796993334c5d66b9d2258c48d447fcdc2762a6aa0987590f5384552cb" + } + ] + }, + { + "bom-ref": "492ba4e8343fe476", + "type": "file", + "name": "/usr/bin/uniq", + "hashes": [ + { + "alg": "SHA-1", + "content": "1597d09bb83163173a908ef4f7184537cb9d09aa" + }, + { + "alg": "SHA-256", + "content": "2e91d5ac599019cb960094ed9a9b9973d7c1980b209dcba3de2f1549e85a0cd2" + } + ] + }, + { + "bom-ref": "9558b322aefc819c", + "type": "file", + "name": "/usr/bin/unlink", + "hashes": [ + { + "alg": "SHA-1", + "content": "3f7e0a28583528e29da3ad65b9f5da7f7e913bd0" + }, + { + "alg": "SHA-256", + "content": "d9a4afe24003912290d8a8fed7781afeeee64bb88a53cfd5b2f820ab6df355c2" + } + ] + }, + { + "bom-ref": "5ee359e70fde1643", + "type": "file", + "name": "/usr/bin/update-ca-trust", + "hashes": [ + { + "alg": "SHA-1", + "content": "0e1e5bf388ae30d164c54f402522af2025e2312c" + }, + { + "alg": "SHA-256", + "content": "4c5515dcbdcdde3140164b1ec731873cd98c8b346359ef4b033cfbf9f82bb6bc" + } + ] + }, + { + "bom-ref": "18bdae839efdebc0", + "type": "file", + "name": "/usr/bin/users", + "hashes": [ + { + "alg": "SHA-1", + "content": "effbe20ec87e9e7676eaff14227b4ef2ef27d938" + }, + { + "alg": "SHA-256", + "content": "d8f7ba3fd846a96259a17e8785a172d653fdfb03c1507f95aeeb8d5461407b5c" + } + ] + }, + { + "bom-ref": "9f99ca58212d2c01", + "type": "file", + "name": "/usr/bin/vdir", + "hashes": [ + { + "alg": "SHA-1", + "content": "b92e6ce604508591ce94d0e78057b7373d5c7f16" + }, + { + "alg": "SHA-256", + "content": "fff208202d47a5ff1daec8820f11555149ec8d9d9b39235e14555c3a14bd8572" + } + ] + }, + { + "bom-ref": "f99398e3fee4fde9", + "type": "file", + "name": "/usr/bin/wc", + "hashes": [ + { + "alg": "SHA-1", + "content": "5a675dff97cb212b7152fc080f8cb378ac3c98a9" + }, + { + "alg": "SHA-256", + "content": "709f6b9228d11ea5bf6298c953c98a3d11ec89a50916646494661aca8c32a775" + } + ] + }, + { + "bom-ref": "aca89e9d60961302", + "type": "file", + "name": "/usr/bin/who", + "hashes": [ + { + "alg": "SHA-1", + "content": "11316248c3582e03e77e2fa2d20a44a0f889838c" + }, + { + "alg": "SHA-256", + "content": "5f2f1a73f39388b45a8ee56e44abe0a084d6849ba4c432130f9ef04bc6a58e4e" + } + ] + }, + { + "bom-ref": "0165175e69387e89", + "type": "file", + "name": "/usr/bin/whoami", + "hashes": [ + { + "alg": "SHA-1", + "content": "36eb9262edf87f57d85e9b1dd1ee3ff2870451ea" + }, + { + "alg": "SHA-256", + "content": "112e9bdfc8975c4413bb940c0ab36034902d0037b2b25d24f2d1b4f93a32bd6a" + } + ] + }, + { + "bom-ref": "cb344590729d5a35", + "type": "file", + "name": "/usr/bin/xargs", + "hashes": [ + { + "alg": "SHA-1", + "content": "b34b1cc2048d25c50ad2b6fdd154cec24822cb8e" + }, + { + "alg": "SHA-256", + "content": "e2c3ecbf697414f8d7ac9e61c296d9c817e2f8fd0eb1ba0eeef7d5e804f8aa6c" + } + ] + }, + { + "bom-ref": "dda0ae07e7341f9a", + "type": "file", + "name": "/usr/bin/xmlcatalog", + "hashes": [ + { + "alg": "SHA-1", + "content": "c04310900e7a5b96c158ed8d4f5605dcecc8961c" + }, + { + "alg": "SHA-256", + "content": "59edd482ec6b1015f014afb2dfbfbffe906ca8e3b6b3968f3276794b6d0af500" + } + ] + }, + { + "bom-ref": "5673356a70c66fd3", + "type": "file", + "name": "/usr/bin/xmllint", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad42762fa4a83508fba33e369b6d13eacb23e739" + }, + { + "alg": "SHA-256", + "content": "d81629a128f77765908733a1a0eda0cf97353cd81e19a3269c4e56ce16c23b55" + } + ] + }, + { + "bom-ref": "52eab4688d6b3751", + "type": "file", + "name": "/usr/bin/yes", + "hashes": [ + { + "alg": "SHA-1", + "content": "0525fa3a805dcd1bf37ded7fc36ef84f80521847" + }, + { + "alg": "SHA-256", + "content": "614d5aab2a46b047fb5160018dd4f1c7655f792a467dcb8abea75cbec5579b08" + } + ] + }, + { + "bom-ref": "a9dcf0efdca030d9", + "type": "file", + "name": "/usr/bin/zdump", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f017d1f00be7397fcf8e0da72e57f54b2385dcc" + }, + { + "alg": "SHA-256", + "content": "5743f6d41afed780f5d47b1211fdf7bba618cf6f9af8698ba8393dd6758e04df" + } + ] + }, + { + "bom-ref": "3a77f0eb2f121f92", + "type": "file", + "name": "/usr/lib/locale/C.utf8/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "12d0e0600557e0dcb3c64e56894b81230e2eaa72" + }, + { + "alg": "SHA-256", + "content": "26e2800affab801cb36d4ff9625a95c3abceeda2b6553a7aecd0cfcf34c98099" + } + ] + }, + { + "bom-ref": "5a3f08ff2ba7eb83", + "type": "file", + "name": "/usr/lib/locale/C.utf8/LC_COLLATE", + "hashes": [ + { + "alg": "SHA-1", + "content": "f245e3207984879d0b736c9aa42f4268e27221b9" + }, + { + "alg": "SHA-256", + "content": "47a5f5359a8f324abc39d69a7f6241a2ac0e2fbbeae5b9c3a756e682b75d087b" + } + ] + }, + { + "bom-ref": "74a5b79731824b85", + "type": "file", + "name": "/usr/lib/locale/C.utf8/LC_CTYPE", + "hashes": [ + { + "alg": "SHA-1", + "content": "2ef33b106c27612ac5a4864f3ba35db0c9a1d130" + }, + { + "alg": "SHA-256", + "content": "2cb901c95a9fa81466d7878f81aa8eb52620df6f4420a0e219943ee6491c9334" + } + ] + }, + { + "bom-ref": "923c136f4c5de86a", + "type": "file", + "name": "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "1eeec3b2cb259530d76ef717e24af0fd34d94624" + }, + { + "alg": "SHA-256", + "content": "38a1d8e5271c86f48910d9c684f64271955335736e71cec35eeac942f90eb091" + } + ] + }, + { + "bom-ref": "cbd26163fa70927c", + "type": "file", + "name": "/usr/lib/locale/C.utf8/LC_MEASUREMENT", + "hashes": [ + { + "alg": "SHA-1", + "content": "0a7d0d264f9ded94057020e807bfaa13a7573821" + }, + { + "alg": "SHA-256", + "content": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + } + ] + }, + { + "bom-ref": "6492c40f18325b8f", + "type": "file", + "name": "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "hashes": [ + { + "alg": "SHA-1", + "content": "574d7e92bedf1373ec9506859b0d55ee7babbf20" + }, + { + "alg": "SHA-256", + "content": "f9ad02f1d8eba721d4cbd50c365b5c681c39aec008f90bfc2be2dc80bfbaddcb" + } + ] + }, + { + "bom-ref": "cc81a1d8e7798571", + "type": "file", + "name": "/usr/lib/locale/C.utf8/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "110ed47e32d65c61ab8240202faa2114d025a009" + }, + { + "alg": "SHA-256", + "content": "bfd9e9975443b834582493fe9a8d7aefcd989376789c17470a1e548aee76fd55" + } + ] + }, + { + "bom-ref": "44461ef359eebd22", + "type": "file", + "name": "/usr/lib/locale/C.utf8/LC_NAME", + "hashes": [ + { + "alg": "SHA-1", + "content": "b5d16f1042c3c1c4bef85766aa2c20c1b0d8cff6" + }, + { + "alg": "SHA-256", + "content": "14507aad9f806112e464b9ca94c93b2e4d759ddc612b5f87922d7cac7170697d" + } + ] + }, + { + "bom-ref": "ab10c6584b53de9d", + "type": "file", + "name": "/usr/lib/locale/C.utf8/LC_NUMERIC", + "hashes": [ + { + "alg": "SHA-1", + "content": "1bd2f3db04022b8cfe5cd7a7f90176f191e19425" + }, + { + "alg": "SHA-256", + "content": "f5976e6b3e6b24dfe03caad6a5b98d894d8110d8bd15507e690fd60fd3e04ab2" + } + ] + }, + { + "bom-ref": "24b7a789ea1de86d", + "type": "file", + "name": "/usr/lib/locale/C.utf8/LC_PAPER", + "hashes": [ + { + "alg": "SHA-1", + "content": "567aaf639393135b76e22e72aaee1df95764e990" + }, + { + "alg": "SHA-256", + "content": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + } + ] + }, + { + "bom-ref": "c0765b8dd9f14fd4", + "type": "file", + "name": "/usr/lib/locale/C.utf8/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "3316c99e183186c5cad97a71674ef7431c3da845" + }, + { + "alg": "SHA-256", + "content": "f4caf0d12844219b65ba42edc7ec2f5ac1b2fc36a3c88c28887457275daca1ee" + } + ] + }, + { + "bom-ref": "bc498e83cc41964a", + "type": "file", + "name": "/usr/lib/locale/C.utf8/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "e619a4db877e0b54fa14b8a3992da2b561b3239b" + }, + { + "alg": "SHA-256", + "content": "0910b595d1d5d4e52cc0f415bbb1ff07c015d6860d34aae02505dd9973a63154" + } + ] + }, + { + "bom-ref": "5736fecaa205a84a", + "type": "file", + "name": "/usr/lib/locale/en_AG/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "de46924fd6db68ab627292c487de86cabb72dbd6" + }, + { + "alg": "SHA-256", + "content": "5978e9281ccc79389007f970fc8ab5d2aea6d44520d177c4771762ca3bb4dd19" + } + ] + }, + { + "bom-ref": "b7fdb8e1cc4478ff", + "type": "file", + "name": "/usr/lib/locale/en_AG/LC_COLLATE", + "hashes": [ + { + "alg": "SHA-1", + "content": "62729daa665129c7cf74f746439d696d5bc0b41b" + }, + { + "alg": "SHA-256", + "content": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + } + ] + }, + { + "bom-ref": "6250bcdea8ac266f", + "type": "file", + "name": "/usr/lib/locale/en_AG/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "efef7d7bdd2b96aa090c7a82d72f4da30535f3c1" + }, + { + "alg": "SHA-256", + "content": "5c2126bf3dc5336ef02b099601ebb73f376a02028f704f545fedcfe06b3f03ad" + } + ] + }, + { + "bom-ref": "76c4882206ff7296", + "type": "file", + "name": "/usr/lib/locale/en_AG/LC_MEASUREMENT", + "hashes": [ + { + "alg": "SHA-1", + "content": "0a7d0d264f9ded94057020e807bfaa13a7573821" + }, + { + "alg": "SHA-256", + "content": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + } + ] + }, + { + "bom-ref": "d567e3219baf5464", + "type": "file", + "name": "/usr/lib/locale/en_AG/LC_MESSAGES/SYS_LC_MESSAGES", + "hashes": [ + { + "alg": "SHA-1", + "content": "7597a7a6f7e3c6ce06533debe24130833112ac3a" + }, + { + "alg": "SHA-256", + "content": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + } + ] + }, + { + "bom-ref": "4aa127ec7276729a", + "type": "file", + "name": "/usr/lib/locale/en_AG/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "eeb2e5ec25ea11368f1947ba883a9f21a842bf29" + }, + { + "alg": "SHA-256", + "content": "459e7bdad4cb9088a80be523db455df3ceb6de9996adb2143e10f9f924771b40" + } + ] + }, + { + "bom-ref": "c0f9fe8472cd70dd", + "type": "file", + "name": "/usr/lib/locale/en_AG/LC_NAME", + "hashes": [ + { + "alg": "SHA-1", + "content": "a1a2eabc4a2a2da47d7a90d36b4d0826aac03c73" + }, + { + "alg": "SHA-256", + "content": "2d776e660519a0af4e766d36c0698101f73e1aed52c30b14588205ee5d76adf1" + } + ] + }, + { + "bom-ref": "6da63bba4b634c31", + "type": "file", + "name": "/usr/lib/locale/en_AG/LC_NUMERIC", + "hashes": [ + { + "alg": "SHA-1", + "content": "b97e5b9eaf9f831350ab5e5c8c9dbffb43703ffb" + }, + { + "alg": "SHA-256", + "content": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + } + ] + }, + { + "bom-ref": "0dc3369aa146566b", + "type": "file", + "name": "/usr/lib/locale/en_AG/LC_PAPER", + "hashes": [ + { + "alg": "SHA-1", + "content": "567aaf639393135b76e22e72aaee1df95764e990" + }, + { + "alg": "SHA-256", + "content": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + } + ] + }, + { + "bom-ref": "8f4f44e4835c3a73", + "type": "file", + "name": "/usr/lib/locale/en_AG/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "1dfde2e71e968eb0595bdb978b362520186096d1" + }, + { + "alg": "SHA-256", + "content": "116b926988a5c927fdf45e4f447714e7f1c4c590ed01a38f420c72e44ae44646" + } + ] + }, + { + "bom-ref": "c2f201c1032e0240", + "type": "file", + "name": "/usr/lib/locale/en_AG/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "4366a7c64516bc16f14abbad607de613cad3124e" + }, + { + "alg": "SHA-256", + "content": "fc81b0ea5617a8015c1803e5ad4482b7775fa384e39056a193fd8af4fc587009" + } + ] + }, + { + "bom-ref": "d3b5eec6478e6b93", + "type": "file", + "name": "/usr/lib/locale/en_AU.utf8/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "b56c621f00f1ef2426b5ea8338b3052094692e94" + }, + { + "alg": "SHA-256", + "content": "516d74b4d116466da833bfa0b69772028d1d025b34b44c1fda5461de3449c95e" + } + ] + }, + { + "bom-ref": "bfea4ce3ba74bdeb", + "type": "file", + "name": "/usr/lib/locale/en_AU.utf8/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "fbe5bad893f69db5d06319d9da9eb3afacda87fe" + }, + { + "alg": "SHA-256", + "content": "5334b303404cb4d6d372c4f2330e258f1b811135179d87f92e14bc88cbea9719" + } + ] + }, + { + "bom-ref": "974130794f3b583f", + "type": "file", + "name": "/usr/lib/locale/en_AU.utf8/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "f3c9533b5d436a28d5be2e9a32eaee90f28a4a78" + }, + { + "alg": "SHA-256", + "content": "6e3ae2ce05e3ca1f190b189850b5b13f1e6654e969d847aeb5cf56cd810de14c" + } + ] + }, + { + "bom-ref": "680d915f9f7beadd", + "type": "file", + "name": "/usr/lib/locale/en_AU.utf8/LC_NAME", + "hashes": [ + { + "alg": "SHA-1", + "content": "cdd7dd12c655114a21aaf32f6d44c5ad8d36cc69" + }, + { + "alg": "SHA-256", + "content": "710d69ab9ac421f7da9a54bcc5a6cca6ce07f1a3a52840a2fd86879d9417a961" + } + ] + }, + { + "bom-ref": "1f464d6eeb356353", + "type": "file", + "name": "/usr/lib/locale/en_AU.utf8/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "4b74b54bbbb664dbbf3b9b7f7dbeca35b31a4109" + }, + { + "alg": "SHA-256", + "content": "dc0473765b4eaea165a30bc7503edf05bf8a05216f883b4038bdb8ed2d69c98d" + } + ] + }, + { + "bom-ref": "5eb6f052fdcfeb64", + "type": "file", + "name": "/usr/lib/locale/en_AU.utf8/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "d748a532533418f2be13f9459be0ed2dcf143161" + }, + { + "alg": "SHA-256", + "content": "51d1e09aa1fdda7f181ed2a5a336b000333dde888f80bb1bb40c216c36bb9cc8" + } + ] + }, + { + "bom-ref": "4579654fe5e2062d", + "type": "file", + "name": "/usr/lib/locale/en_AU/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "8d1d8bb28afef3ed8996eeea2ec513d784d9bde6" + }, + { + "alg": "SHA-256", + "content": "ad7c9c1a9dbde81c1d117f245303c42e11758ec204657765728fc77b75ee4e31" + } + ] + }, + { + "bom-ref": "e30f4ca4aab12940", + "type": "file", + "name": "/usr/lib/locale/en_AU/LC_COLLATE", + "hashes": [ + { + "alg": "SHA-1", + "content": "3aa7a0c0ebac6fbf2bb1245c7e672dbab536f285" + }, + { + "alg": "SHA-256", + "content": "c2228135bc5d8d23e511af634953113a89e4d50cbd0d8375a60b3da879f457ba" + } + ] + }, + { + "bom-ref": "f3334cd6d5a4e692", + "type": "file", + "name": "/usr/lib/locale/en_AU/LC_CTYPE", + "hashes": [ + { + "alg": "SHA-1", + "content": "629597526f45e697043011633831202f37e1c577" + }, + { + "alg": "SHA-256", + "content": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + } + ] + }, + { + "bom-ref": "622ce1883f901aaa", + "type": "file", + "name": "/usr/lib/locale/en_AU/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "7f8f9559e4fdc215c115095dd805628cd017763f" + }, + { + "alg": "SHA-256", + "content": "5988c4157eb89d3ebb4263815443bb541f25f75897b8f7a52b65b17ef925f14a" + } + ] + }, + { + "bom-ref": "3f4b0a2e212ca8f0", + "type": "file", + "name": "/usr/lib/locale/en_AU/LC_MEASUREMENT", + "hashes": [ + { + "alg": "SHA-1", + "content": "c47199c7301f82ae3137ba58f8583b5ab9c73387" + }, + { + "alg": "SHA-256", + "content": "e471915853f417071f841415994bc4a0befb771b3ab2ca07e705b9c9d7aa9569" + } + ] + }, + { + "bom-ref": "782ac26529b02d79", + "type": "file", + "name": "/usr/lib/locale/en_AU/LC_MESSAGES/SYS_LC_MESSAGES", + "hashes": [ + { + "alg": "SHA-1", + "content": "b2a0ca9b75cdf8b58da75521b70dd002fa3c6d10" + }, + { + "alg": "SHA-256", + "content": "092c1b236815302e33b5dafaa68163b77cc7f5fc13618724ef2bf3b99dbb11c0" + } + ] + }, + { + "bom-ref": "c1e5d83ac54e0817", + "type": "file", + "name": "/usr/lib/locale/en_AU/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "db16eda02a89798822d19cb1adbbd94adc3d829d" + }, + { + "alg": "SHA-256", + "content": "af66cf344e56185a2a01ab9c6a5c704cc7c09ddaf71ca2fb59a5eb3570247f13" + } + ] + }, + { + "bom-ref": "4cc2957527bb1e76", + "type": "file", + "name": "/usr/lib/locale/en_AU/LC_NAME", + "hashes": [ + { + "alg": "SHA-1", + "content": "269ac7bd9612418f348d662029e2363f7c2c8d59" + }, + { + "alg": "SHA-256", + "content": "4f76a728f941c8c60545a5a351b84e0e8d5fc2cfd2d58b57ef7df68bf9ff0b2c" + } + ] + }, + { + "bom-ref": "9782bb361b4231ac", + "type": "file", + "name": "/usr/lib/locale/en_AU/LC_NUMERIC", + "hashes": [ + { + "alg": "SHA-1", + "content": "34948c970ba6163c41da1dd9b56f94236727e4c1" + }, + { + "alg": "SHA-256", + "content": "82c765bea6a0c5f953d22b2241ec3bf5b2b5f8566d64301314fc1eb8777ff2c2" + } + ] + }, + { + "bom-ref": "02257acfd818616a", + "type": "file", + "name": "/usr/lib/locale/en_AU/LC_PAPER", + "hashes": [ + { + "alg": "SHA-1", + "content": "92eea24d1994d4060f246974a71136540580bfc0" + }, + { + "alg": "SHA-256", + "content": "7a0be06f05dea974a4ad8b2b2d4a7fa2703bc25e45198fdda5b8f4507c5b881b" + } + ] + }, + { + "bom-ref": "dccacb9cf76e809c", + "type": "file", + "name": "/usr/lib/locale/en_AU/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "fed428006cb0265bfc42947f3c90c6c7846d296d" + }, + { + "alg": "SHA-256", + "content": "dd878a170db9b554d67b558d603d9b1d8ee9ec1769acd723267b2c65af6b97f1" + } + ] + }, + { + "bom-ref": "3fa74a4ea1c7fe73", + "type": "file", + "name": "/usr/lib/locale/en_AU/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "d5c66104a714e363214af6bbc12fa29154a901a5" + }, + { + "alg": "SHA-256", + "content": "bf82d3292127f262668eaef86f1cd112889c11218778e6b61449aa740f888e73" + } + ] + }, + { + "bom-ref": "4165522a6a93fb52", + "type": "file", + "name": "/usr/lib/locale/en_BW.utf8/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "268f16d8d7f5e2770b29fad4ff3dcc990ebb7895" + }, + { + "alg": "SHA-256", + "content": "64324d4177a468f0ae88a84791c150c1df229162e029f582e90665c3e48b6e99" + } + ] + }, + { + "bom-ref": "385eb7ca2b5df1db", + "type": "file", + "name": "/usr/lib/locale/en_BW.utf8/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "dc49c5b921ad9e122724a2ab3badc50cc2dd798c" + }, + { + "alg": "SHA-256", + "content": "6e32bd5c935dc5428e51e4662e79d60f2a2bc8e0629e890ff8428deb9a06661f" + } + ] + }, + { + "bom-ref": "68c2a41d3a42213a", + "type": "file", + "name": "/usr/lib/locale/en_BW.utf8/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "9c7adfef227563f9d8133a214334c635efea217b" + }, + { + "alg": "SHA-256", + "content": "d4b9df2ec1f6da0a70a0ebe19bfd87b6889e4b7f236c47ff4fe1ec5cebd078fd" + } + ] + }, + { + "bom-ref": "ef62cd45a6099251", + "type": "file", + "name": "/usr/lib/locale/en_BW.utf8/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "c4b38499c76fe9081cd7f61b234c1a8317e3ef2a" + }, + { + "alg": "SHA-256", + "content": "b84e8cfa9c5d06d2e577630db71bc359313bfffb07220b5572f4da7a979d12c7" + } + ] + }, + { + "bom-ref": "bfaf25a4fb40dc8f", + "type": "file", + "name": "/usr/lib/locale/en_BW.utf8/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "16299b0f6bc007e5f463114d927011189c2060f4" + }, + { + "alg": "SHA-256", + "content": "cb557c98fea141e7ae22af68357d162d6f103823dbdc5cbf0a2c8ab16dcf9cd8" + } + ] + }, + { + "bom-ref": "d530bfc779b8307b", + "type": "file", + "name": "/usr/lib/locale/en_BW/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "778cc8c620174fbb7f5ea272ed98d19b37dda1ae" + }, + { + "alg": "SHA-256", + "content": "b5ce1187470139c1a321b087b50248f6ed4a29e15f2bef2ea6afd02c3696e66d" + } + ] + }, + { + "bom-ref": "d6bbe8bd06422fa4", + "type": "file", + "name": "/usr/lib/locale/en_BW/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "e462a6d44591faca274b30b5c8f7456c8fc91522" + }, + { + "alg": "SHA-256", + "content": "25b6bce71e4fe49c8fff65074006ccc6bb07eba77f618149558f35ed3294b8c0" + } + ] + }, + { + "bom-ref": "6dcc0570c216e03b", + "type": "file", + "name": "/usr/lib/locale/en_BW/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "c2105ba573af6374bada1b62d7cbaec9b29f5f8e" + }, + { + "alg": "SHA-256", + "content": "6d7d95c6fc1dbf725a5ad7202f0225d8c1a0872fa2a9d71e0e390fabef66a80d" + } + ] + }, + { + "bom-ref": "46a2402991369690", + "type": "file", + "name": "/usr/lib/locale/en_BW/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "ed6a216f03a47495db1a06a3c989aa9710610ea2" + }, + { + "alg": "SHA-256", + "content": "1511760e00244ac5bee008dc6013b344c01047702ea6612e023163bb2331800e" + } + ] + }, + { + "bom-ref": "6504c999649c2c74", + "type": "file", + "name": "/usr/lib/locale/en_BW/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "e45c6ce5b1e68bf9aa18baf27a57197a19af7f05" + }, + { + "alg": "SHA-256", + "content": "25b3eac7018ba833f187bc03601ede03feb3d58edb992b5742105534055d0df7" + } + ] + }, + { + "bom-ref": "1e13f4e55de245d4", + "type": "file", + "name": "/usr/lib/locale/en_CA.utf8/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "8f44a0ba84a4ddd00ea9185fd6c198633a220286" + }, + { + "alg": "SHA-256", + "content": "9beb276898ada74bfdb3e58010ad50d848dab826831ffde8172987b15da7609f" + } + ] + }, + { + "bom-ref": "9c6cdd46d7063a23", + "type": "file", + "name": "/usr/lib/locale/en_CA.utf8/LC_COLLATE", + "hashes": [ + { + "alg": "SHA-1", + "content": "5026ef0ad708abeb0ed50485ff0ad324503b0397" + }, + { + "alg": "SHA-256", + "content": "df5373daa0bc801de7dac8b3bac56bf41f7c33a8103115604bbd4a6d5759988a" + } + ] + }, + { + "bom-ref": "8591b67cf420ee02", + "type": "file", + "name": "/usr/lib/locale/en_CA.utf8/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa278e204b99c96682cd538ba2f1ca00363eeee2" + }, + { + "alg": "SHA-256", + "content": "a0f759b1e390a27af7043b36afdee6ab1a5e0fe3edb0522b95d027c323559a9f" + } + ] + }, + { + "bom-ref": "88501f138668e3e3", + "type": "file", + "name": "/usr/lib/locale/en_CA.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "hashes": [ + { + "alg": "SHA-1", + "content": "4df66b7aee63c0a6aeaf74153723425afb46eb6a" + }, + { + "alg": "SHA-256", + "content": "278a4c06b0844aec3784d927e60a27fc477a8f1259e5d4ecfaddff635b9f13f1" + } + ] + }, + { + "bom-ref": "0534dc3d0fb74b3b", + "type": "file", + "name": "/usr/lib/locale/en_CA.utf8/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "3cd11f954628b5c7881aab191cae64625628afb3" + }, + { + "alg": "SHA-256", + "content": "113ab7fce8ea21d471f6f99dbff4b194f106b065d16a8d28cc244ab3dcc29298" + } + ] + }, + { + "bom-ref": "bae8bf6c7a730366", + "type": "file", + "name": "/usr/lib/locale/en_CA.utf8/LC_PAPER", + "hashes": [ + { + "alg": "SHA-1", + "content": "ff8c7709fb6223661b805361b36d4419cdf46b5c" + }, + { + "alg": "SHA-256", + "content": "b4b7da39151376fdb0e8f7c35d0dc2335d2f1149fdb23882143ac1604c3f8a43" + } + ] + }, + { + "bom-ref": "fd5ce8b428ca3c7e", + "type": "file", + "name": "/usr/lib/locale/en_CA.utf8/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "cf5c9cb31270a2a8e8bc66f24aa4aeae3f2ad8c1" + }, + { + "alg": "SHA-256", + "content": "d7452927e255ed08d63ce210fffcff32bae9df2efa0d8400751b9466bd768711" + } + ] + }, + { + "bom-ref": "4e0b9ca36bc71db2", + "type": "file", + "name": "/usr/lib/locale/en_CA/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "3274c941bfd98e0615875ffcd7bba084f87748ee" + }, + { + "alg": "SHA-256", + "content": "fecd709136dd8aa0b0922433f514200bde9bb639af593f8a368fa32221118bd7" + } + ] + }, + { + "bom-ref": "e68b7ef714eb5304", + "type": "file", + "name": "/usr/lib/locale/en_CA/LC_COLLATE", + "hashes": [ + { + "alg": "SHA-1", + "content": "77e5a0cce995729dae3a3da3deae99345bc06fd9" + }, + { + "alg": "SHA-256", + "content": "86ce39ae32705e44d59e0f08ad3eca7e988303700ac14dca60588ea6c395fe00" + } + ] + }, + { + "bom-ref": "5e906942ffbc22ef", + "type": "file", + "name": "/usr/lib/locale/en_CA/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "8fcaf4cf52ae26b0715c53a2bed332b9dea1524e" + }, + { + "alg": "SHA-256", + "content": "4c9872dc999eb8518f51b21464ad5f880c0551d99315595bbe5e924f42cdb9ef" + } + ] + }, + { + "bom-ref": "11ad1e501ff5a517", + "type": "file", + "name": "/usr/lib/locale/en_CA/LC_MESSAGES/SYS_LC_MESSAGES", + "hashes": [ + { + "alg": "SHA-1", + "content": "cea2e8987f2b04dc22cb3fabe3a38b1c687429e0" + }, + { + "alg": "SHA-256", + "content": "d5d24009a728487d62b12d1db7da6851f1d44dfebd102d038ebdfcf047c2a525" + } + ] + }, + { + "bom-ref": "c86ca3a145e632c3", + "type": "file", + "name": "/usr/lib/locale/en_CA/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "a450ef07053f369bb82a9ebda0bfa1eb593bf90d" + }, + { + "alg": "SHA-256", + "content": "a957adbbd6baf3d5a9c9a49df0d7afd2a63552a335a5b80b0e37950cb4b8010e" + } + ] + }, + { + "bom-ref": "50fae05699f85bc0", + "type": "file", + "name": "/usr/lib/locale/en_CA/LC_PAPER", + "hashes": [ + { + "alg": "SHA-1", + "content": "a523a0d5fc351a68d989832d4725a3c53aad1eef" + }, + { + "alg": "SHA-256", + "content": "9178bbf7f3d7895e793966adce6029bb27624950e84c3de39a8fe249a7edc57c" + } + ] + }, + { + "bom-ref": "3b774200efaaa5a3", + "type": "file", + "name": "/usr/lib/locale/en_CA/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "e3984fef1a0da61f561afaf0eef4991a9c592bf2" + }, + { + "alg": "SHA-256", + "content": "a52a419ef416e12318ffd938dc5abd44787b7fe7a3cc914dd5862f17fe63dbe2" + } + ] + }, + { + "bom-ref": "0d602d287c631d2a", + "type": "file", + "name": "/usr/lib/locale/en_CA/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "1b318133f81289bbced5d0626e184bc521a585d1" + }, + { + "alg": "SHA-256", + "content": "ae8d5b2abf057f12a8c71a610743521e3c3df976d397eda967853a140254d9ef" + } + ] + }, + { + "bom-ref": "47048e5e680f4587", + "type": "file", + "name": "/usr/lib/locale/en_DK.utf8/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "e88b2309b15df8a0e8d8030a12407ec16946d5e8" + }, + { + "alg": "SHA-256", + "content": "8797ca35c1a1b0a8830b137326a07bfa876b6ebc04fd4f41dea9345366be0eae" + } + ] + }, + { + "bom-ref": "19819003d8ead48e", + "type": "file", + "name": "/usr/lib/locale/en_DK.utf8/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "3824525c0836311f485a3c7cf9691ca51099dd21" + }, + { + "alg": "SHA-256", + "content": "cf27d8073b982c657c1a4935355e5f3b7ceb11d1f4aa75dba946cbe1fc69cca9" + } + ] + }, + { + "bom-ref": "5767a909fb45a626", + "type": "file", + "name": "/usr/lib/locale/en_DK.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "hashes": [ + { + "alg": "SHA-1", + "content": "d4e64af0f7e9907788f8500b9c7c439b9d8ba1fe" + }, + { + "alg": "SHA-256", + "content": "449dd6201f0ceba37162899a31cf7e940fbc6b3cb4e55727df73731214da411b" + } + ] + }, + { + "bom-ref": "16a3dbb47e4b6133", + "type": "file", + "name": "/usr/lib/locale/en_DK.utf8/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "7d30c7879543240454948d23b9bdb2b3f2e40021" + }, + { + "alg": "SHA-256", + "content": "2869f9f858a6dea39b6760fdd37b83f35a44bd7c3bf549be66b85c9f5b84aca1" + } + ] + }, + { + "bom-ref": "69116ebb76b98b3e", + "type": "file", + "name": "/usr/lib/locale/en_DK.utf8/LC_NUMERIC", + "hashes": [ + { + "alg": "SHA-1", + "content": "155febbaf8a258400c858e027761db0161a77f28" + }, + { + "alg": "SHA-256", + "content": "e74bd3fa29aab46175b94c0729a46cefe6568d61e41d03ac62485a88c5bf904e" + } + ] + }, + { + "bom-ref": "f6c24750a9f85cd6", + "type": "file", + "name": "/usr/lib/locale/en_DK.utf8/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "62727b2f59b5ee0f8139a4db26601654ead0116c" + }, + { + "alg": "SHA-256", + "content": "1b322d54185175a6f99c0f200e75f45748a5dc24e81cf9deceeb3b4b08125df9" + } + ] + }, + { + "bom-ref": "648b8f4491ceb0cf", + "type": "file", + "name": "/usr/lib/locale/en_DK.utf8/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "b12bca67a7418a9c0751ba50551ab4d65ff49975" + }, + { + "alg": "SHA-256", + "content": "77650f06b37ea464e1521af5d88e085fabd266d1fa6dbe61c6395422ee8e9f00" + } + ] + }, + { + "bom-ref": "763253821f540b9a", + "type": "file", + "name": "/usr/lib/locale/en_DK/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "26a51733f5bd5f3bc2a3ae2bd5936e0314ac546d" + }, + { + "alg": "SHA-256", + "content": "c49028ffbcfe8a613e1c3106eda1a5b3e04bcd3df29777f38f4a654c84831b11" + } + ] + }, + { + "bom-ref": "d4ba241ccd0a78e0", + "type": "file", + "name": "/usr/lib/locale/en_DK/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "43ca7d532ef9da811f2ed309f6d907b7b8dc9296" + }, + { + "alg": "SHA-256", + "content": "bbfde7324ac2582b5158a8fac1b1743a4e2d061cea38aacd11e8303b07843c1e" + } + ] + }, + { + "bom-ref": "43377cb0de103532", + "type": "file", + "name": "/usr/lib/locale/en_DK/LC_MESSAGES/SYS_LC_MESSAGES", + "hashes": [ + { + "alg": "SHA-1", + "content": "20ba0e19b6d7f02ba81ce94c9956d60ad0b07e3a" + }, + { + "alg": "SHA-256", + "content": "c8041aabc69941a829c4d685307dfadaf2b75229dfaaf9cd14dc45c4a6b06781" + } + ] + }, + { + "bom-ref": "f18f06f51704cd09", + "type": "file", + "name": "/usr/lib/locale/en_DK/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "5492c6c8f3b805ba3350c01fc98d964827e5e3e3" + }, + { + "alg": "SHA-256", + "content": "8e95a180d06b5bd2bba38b325ed25248d34e33b7105469df33f9f2cf97be70f7" + } + ] + }, + { + "bom-ref": "1564dba6a452deef", + "type": "file", + "name": "/usr/lib/locale/en_DK/LC_NUMERIC", + "hashes": [ + { + "alg": "SHA-1", + "content": "53edecfe47d3868b14eedd4c88afcb25414869ab" + }, + { + "alg": "SHA-256", + "content": "39785e9425c73fd1a0b47d9d4610f9c9f8b692a9d02caf7994ddad249bf53f98" + } + ] + }, + { + "bom-ref": "9a4111aa70462d0a", + "type": "file", + "name": "/usr/lib/locale/en_DK/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "b76a686c848e05d06b7b443aedfa9072c253571d" + }, + { + "alg": "SHA-256", + "content": "2cb7fcb60f7531b60b34084774a136579f72b70e9fa4f6de01bac9808b4b3fed" + } + ] + }, + { + "bom-ref": "5dc58b5b9c05615e", + "type": "file", + "name": "/usr/lib/locale/en_DK/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "35af5ef8f67cb333257156feda0962c1c14ee194" + }, + { + "alg": "SHA-256", + "content": "74aa1c90a38fed0476594f2013385a79dd53e02b157db3384d324cb0dc2ed49b" + } + ] + }, + { + "bom-ref": "e26d1e58e38fc335", + "type": "file", + "name": "/usr/lib/locale/en_GB.iso885915/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "5de8962a7b6475f531f69fce76c598ab8992b100" + }, + { + "alg": "SHA-256", + "content": "4f94a6e36ab13c81ebcc9e7a5d7f6a7ea171d5107990df0af1cb76475704f0fc" + } + ] + }, + { + "bom-ref": "d81fac72cfcec764", + "type": "file", + "name": "/usr/lib/locale/en_GB.iso885915/LC_COLLATE", + "hashes": [ + { + "alg": "SHA-1", + "content": "6fad093c0839f20c7594060506ab33894a72aa70" + }, + { + "alg": "SHA-256", + "content": "0fdeeec6c7d3489ec0693a457d3fbd8e01af07cb5ad6cfdc159777e291298c97" + } + ] + }, + { + "bom-ref": "a17169af35cc9326", + "type": "file", + "name": "/usr/lib/locale/en_GB.iso885915/LC_CTYPE", + "hashes": [ + { + "alg": "SHA-1", + "content": "5c0f45be1a8f4a4418105e71739c4dab7e854610" + }, + { + "alg": "SHA-256", + "content": "b1ebddb48ccb5dca8a73bb3f3bb731de3ce8b0ba3e3c347c67ab8c251d834d3f" + } + ] + }, + { + "bom-ref": "0be7d3b586c46105", + "type": "file", + "name": "/usr/lib/locale/en_GB.iso885915/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "ee34e8cc8d8f60cc489ecee1f5cb95ada479c09a" + }, + { + "alg": "SHA-256", + "content": "512a4fe4f25b06b8f3ec49f398c9ee9ac0213a95e547398d1afd028dd53999b1" + } + ] + }, + { + "bom-ref": "d12bc318303a114d", + "type": "file", + "name": "/usr/lib/locale/en_GB.iso885915/LC_MEASUREMENT", + "hashes": [ + { + "alg": "SHA-1", + "content": "2f801db13adfd7061ad9ccc2ed6208d4e854b7f0" + }, + { + "alg": "SHA-256", + "content": "a1a6dad67e57c0d5614d6b645dcb8edb4a8afed90012486420810087b6a4bde7" + } + ] + }, + { + "bom-ref": "95dc35df297b0e5a", + "type": "file", + "name": "/usr/lib/locale/en_GB.iso885915/LC_MESSAGES/SYS_LC_MESSAGES", + "hashes": [ + { + "alg": "SHA-1", + "content": "4bc55f4f1952b0298e0d80572d3fa72a863c463b" + }, + { + "alg": "SHA-256", + "content": "d7c9ce656ce7e1007a62b9922885d2b14588754249d01a2c492bd82e4a122ec0" + } + ] + }, + { + "bom-ref": "ac0f215e0c0a19f5", + "type": "file", + "name": "/usr/lib/locale/en_GB.iso885915/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "71f29d62764a90169c15b92e00efb6789a2f74f0" + }, + { + "alg": "SHA-256", + "content": "95e6e76420dfadb08ef4ab7e4f0cb799a32012d2716fffe150661cce3a37ad7c" + } + ] + }, + { + "bom-ref": "6b33d60371bcefe8", + "type": "file", + "name": "/usr/lib/locale/en_GB.iso885915/LC_NAME", + "hashes": [ + { + "alg": "SHA-1", + "content": "85d10e19fc2bd184d33501e092c5773068c881e4" + }, + { + "alg": "SHA-256", + "content": "ff2e587e65da8c310a5c5185daa5dc054a8e1cbea759f33641d04684411643fb" + } + ] + }, + { + "bom-ref": "6f957c50a76c70a2", + "type": "file", + "name": "/usr/lib/locale/en_GB.iso885915/LC_NUMERIC", + "hashes": [ + { + "alg": "SHA-1", + "content": "48422415ca5c01a425c3277eadf5c7670f6c3425" + }, + { + "alg": "SHA-256", + "content": "cf7d9da93c5845e8a870aee4fe9729bc250b129f7a43d248412c33ca722137f5" + } + ] + }, + { + "bom-ref": "bfda0b536a3e99ef", + "type": "file", + "name": "/usr/lib/locale/en_GB.iso885915/LC_PAPER", + "hashes": [ + { + "alg": "SHA-1", + "content": "0548b89d28a2ae258c0decb57b03685577fc76e0" + }, + { + "alg": "SHA-256", + "content": "ca81b12c9d87f73225573bd671577d39e5f21a2b8a487774f01e6e8b04e32290" + } + ] + }, + { + "bom-ref": "131228cffbc275be", + "type": "file", + "name": "/usr/lib/locale/en_GB.iso885915/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "a82b184606fbae45f5023834c47cbfe5f9f173c7" + }, + { + "alg": "SHA-256", + "content": "873bc0fed6082d2b8ddd1788cb60d768e8ceabb906c9e2c79c91cbfa97b8ee40" + } + ] + }, + { + "bom-ref": "5256e0f5d831158a", + "type": "file", + "name": "/usr/lib/locale/en_GB.iso885915/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "78896e7febca21b2737300eec0cadee8e4c2326b" + }, + { + "alg": "SHA-256", + "content": "dfbca84cfa9f63e766ec0b9cc0b77cfe29b023e07394b9bfd9015a171d8050a5" + } + ] + }, + { + "bom-ref": "b311c3d3b34dcedf", + "type": "file", + "name": "/usr/lib/locale/en_GB.utf8/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa7a5b80b2d442e9c5bc8e3504ebd56e7bd1a3a4" + }, + { + "alg": "SHA-256", + "content": "2e79e6fa009a80c248f350fdc58299e2f3b849253fbe934905f24e257bb02c60" + } + ] + }, + { + "bom-ref": "3c3157b9737f6049", + "type": "file", + "name": "/usr/lib/locale/en_GB.utf8/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "a6b33426e90246729a695afa8ddf500a8e7897f4" + }, + { + "alg": "SHA-256", + "content": "51a3b8400e0cc2ff5443f7d77d95c56f9ea47e027f0f85ec7fa5d02058aeac99" + } + ] + }, + { + "bom-ref": "7e55c4da2785d9b9", + "type": "file", + "name": "/usr/lib/locale/en_GB.utf8/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "0af6de9b5a9511797f6d36d0b1afa9fc24fd8e87" + }, + { + "alg": "SHA-256", + "content": "f2e9ad7ed04a6eb972c30acb5433f4b530464a8882f57cb9d3391d34633c31a2" + } + ] + }, + { + "bom-ref": "38223e6d17b74cc4", + "type": "file", + "name": "/usr/lib/locale/en_GB.utf8/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "f203008edebd8ac0994206bef79fd9537bef104a" + }, + { + "alg": "SHA-256", + "content": "ddb8c313bd9008bceb65ca9142715400e5d6ad11bdd5079044e21a88996a31b9" + } + ] + }, + { + "bom-ref": "7a8af1ed46dd9f8c", + "type": "file", + "name": "/usr/lib/locale/en_GB.utf8/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "82cc9ff693e207ca17c80c9b40de3dc8f0346565" + }, + { + "alg": "SHA-256", + "content": "24545b905165763a1f998fdd5d945dae7bf3364cf9d2dfd4281e34695d2d40ac" + } + ] + }, + { + "bom-ref": "9cb0c3f864e39d7d", + "type": "file", + "name": "/usr/lib/locale/en_GB/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "1ef488daf4dbbcac459031c632fa9b9680537801" + }, + { + "alg": "SHA-256", + "content": "291964c94077552e0b6d15ae3e5c152244c76734e88b5ac10066eae889c81d07" + } + ] + }, + { + "bom-ref": "803e68723aa983bc", + "type": "file", + "name": "/usr/lib/locale/en_GB/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "fce5d65397ba6cfa93be90bf1f7e30a8f614234c" + }, + { + "alg": "SHA-256", + "content": "20c9f7e0af4824b9e1acc2a929df97e995a799afde8496b90e2f7712e618cd7d" + } + ] + }, + { + "bom-ref": "087a30a47e7d2808", + "type": "file", + "name": "/usr/lib/locale/en_GB/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "26cd120d6eed5b8ef33beb6d49b015e879de53e4" + }, + { + "alg": "SHA-256", + "content": "40aed2f7b350ba3a4310a1717205280143ebdc72ef379734924b2973acb8c5ba" + } + ] + }, + { + "bom-ref": "660be2e6c4fdd627", + "type": "file", + "name": "/usr/lib/locale/en_GB/LC_NAME", + "hashes": [ + { + "alg": "SHA-1", + "content": "4425cad4353b6304714640f75521b93da1174fdd" + }, + { + "alg": "SHA-256", + "content": "389ae37e836db8f0dfc79b1f2b8d232c335b39118c831b48c6bb4abf87accb61" + } + ] + }, + { + "bom-ref": "6789fad1f0696709", + "type": "file", + "name": "/usr/lib/locale/en_GB/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "259176b5f2d85b96c15cbdd1b2f042158c43cdf1" + }, + { + "alg": "SHA-256", + "content": "45e005598e46ee7b1cd54cfd31a21c60d17f31a5667d581e4cd17e4c506f2d14" + } + ] + }, + { + "bom-ref": "687713fa2fab73f4", + "type": "file", + "name": "/usr/lib/locale/en_GB/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "b58d767fe0d77adb7dba55fd0dfd317408ed4768" + }, + { + "alg": "SHA-256", + "content": "0cb878b7be7f6a99b63cf3100b41879da70f8937daf961f459e42f6e6261fbfb" + } + ] + }, + { + "bom-ref": "a2ba436862b4c3c9", + "type": "file", + "name": "/usr/lib/locale/en_HK.utf8/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "502bf78d07fd1432a50e02a6fe7ef1df60e226e8" + }, + { + "alg": "SHA-256", + "content": "f2dc97f9b335d44f0e42781b321385a4a71ec2d12bb950ee9bcf72775149cfad" + } + ] + }, + { + "bom-ref": "a41b1715d686046c", + "type": "file", + "name": "/usr/lib/locale/en_HK.utf8/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "cf65263906b35d585f248c239947dc0a0cd6c025" + }, + { + "alg": "SHA-256", + "content": "6594c23c2de52aa17628a61b95b4c041ae7a482bf354da59281d13e2a6ccc6cd" + } + ] + }, + { + "bom-ref": "3cd8731281643bb5", + "type": "file", + "name": "/usr/lib/locale/en_HK.utf8/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "7e55d38b395c7279d1c166325dfe177066111ff2" + }, + { + "alg": "SHA-256", + "content": "f4a5bb46bd61b69dab850b550f5700e35c2755ffcd667cb74549ccf854987ad5" + } + ] + }, + { + "bom-ref": "9c721d319e583619", + "type": "file", + "name": "/usr/lib/locale/en_HK.utf8/LC_NAME", + "hashes": [ + { + "alg": "SHA-1", + "content": "df37f9af70c2248ebc34c50862f4d121b3994793" + }, + { + "alg": "SHA-256", + "content": "f3823b4d715e6b888119094a185041e3f8b4165b50408984d104618dc7afeed4" + } + ] + }, + { + "bom-ref": "f079b2527f88b717", + "type": "file", + "name": "/usr/lib/locale/en_HK.utf8/LC_NUMERIC", + "hashes": [ + { + "alg": "SHA-1", + "content": "06336090b14f253421dbcdc0f98677a4f0ab3b64" + }, + { + "alg": "SHA-256", + "content": "5172617c05a37b20bf980ca047b35da4ccc281be9672df40b267dbc0a7d69c09" + } + ] + }, + { + "bom-ref": "087d554a60a9e9a2", + "type": "file", + "name": "/usr/lib/locale/en_HK.utf8/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "e3fd3d7b81e0ca0e4288f101b9adda70f9af47f0" + }, + { + "alg": "SHA-256", + "content": "6e3c2f01f599ca8f1077f500f68da6acf19737b1c58c2480ce27f7ce2e999f2a" + } + ] + }, + { + "bom-ref": "bef7f4538e099681", + "type": "file", + "name": "/usr/lib/locale/en_HK.utf8/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "1744aae507bfc1be4ddcd2cfeefadd26d3374e51" + }, + { + "alg": "SHA-256", + "content": "cebd2385796377658b8160e4c4cb8ba525d2bc3d968e4daae20ce6cab1afe2c5" + } + ] + }, + { + "bom-ref": "9147bdfb83baaa78", + "type": "file", + "name": "/usr/lib/locale/en_HK/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "dc5b628a89cc0fe37023187e3dd9a523ef4c0c83" + }, + { + "alg": "SHA-256", + "content": "85ef03913f22c15ca19e194ebc4a0e36fe2321bb37895d4f09db97b17b79a362" + } + ] + }, + { + "bom-ref": "f1903afcd8474e29", + "type": "file", + "name": "/usr/lib/locale/en_HK/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "f798b118e2baad52662e835bdf6a0f89fdf83f95" + }, + { + "alg": "SHA-256", + "content": "69fdb3b1eb3184fc07fe585ebcba517c0f8899dc1734ad8c0afcb87a04157019" + } + ] + }, + { + "bom-ref": "d6412a0d6661438e", + "type": "file", + "name": "/usr/lib/locale/en_HK/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "242c5bf42b63d141155b58026a9ebb15b766869e" + }, + { + "alg": "SHA-256", + "content": "c0137e48e5022922ade0bf1685183f5dbf5d05cd77beb0f0318cd193527648b5" + } + ] + }, + { + "bom-ref": "4fad18e9f1f34949", + "type": "file", + "name": "/usr/lib/locale/en_HK/LC_NAME", + "hashes": [ + { + "alg": "SHA-1", + "content": "b65824e63132af3fc6d4b3014bee425658621844" + }, + { + "alg": "SHA-256", + "content": "4fdb2bdbbdae73c1a31fe08f7e1bd008754a35bb3fd399c6cb1df3d9bbb32aa4" + } + ] + }, + { + "bom-ref": "6e606d6a2b91f0ad", + "type": "file", + "name": "/usr/lib/locale/en_HK/LC_NUMERIC", + "hashes": [ + { + "alg": "SHA-1", + "content": "7f4049717dc8dc2e4feeef5bc58d73bca969001e" + }, + { + "alg": "SHA-256", + "content": "0f5496ab7b0a7d93b66d802ab6410c4ab07efa8e85b71692bb40207cb8a9397f" + } + ] + }, + { + "bom-ref": "016345ea3b4fbc1e", + "type": "file", + "name": "/usr/lib/locale/en_HK/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "41da8977300a68f794b6e42ff15865af106c73fe" + }, + { + "alg": "SHA-256", + "content": "677e406878326f8bb70332f80aac524139ecf0eaea0fa47d4a608994b5ee75d8" + } + ] + }, + { + "bom-ref": "c831e9a251cf8488", + "type": "file", + "name": "/usr/lib/locale/en_HK/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "d63c8bd64f338fb7b52cb8a441f6aa394ae1fd35" + }, + { + "alg": "SHA-256", + "content": "60d3ed792af65235e691f97a936ecf68d784e5d6b40cde41eea03da7000907e1" + } + ] + }, + { + "bom-ref": "8b33184254ae6925", + "type": "file", + "name": "/usr/lib/locale/en_IE.utf8/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "641e8b0d8c5858a4548c6b75637dabf768ec3349" + }, + { + "alg": "SHA-256", + "content": "afba6685620272060f18ab4ff8391994dad024229f09c84aa94f66dbfec6d5bf" + } + ] + }, + { + "bom-ref": "8f90cf55604a5833", + "type": "file", + "name": "/usr/lib/locale/en_IE.utf8/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "852b49ff29f11512a583448c8a6b9b683b5000ee" + }, + { + "alg": "SHA-256", + "content": "3982aa6febb1137e50ea814298e9a5cee5bb8a17bab574be346d2b92f1f13cd0" + } + ] + }, + { + "bom-ref": "e4e3ef91e2d6537d", + "type": "file", + "name": "/usr/lib/locale/en_IE.utf8/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "938938dcc2733f1ed94a9cfbb8fffcb81ba643e3" + }, + { + "alg": "SHA-256", + "content": "a9d8a91b113acd62cb95ff336285f3ef21bc1e95375f4e5de4dab8adab8b1bcc" + } + ] + }, + { + "bom-ref": "9427f51900d8d63a", + "type": "file", + "name": "/usr/lib/locale/en_IE.utf8/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "7ff2a971f2707a50982b6eb377492e8b8f03dcdd" + }, + { + "alg": "SHA-256", + "content": "5fa846f4a692d9c1ed30ba5b53f419c4967f1925178aa102da09ce75780a18ca" + } + ] + }, + { + "bom-ref": "6e41a6411c90aee3", + "type": "file", + "name": "/usr/lib/locale/en_IE.utf8/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "61768444ab0c3e40fb53fb34352ee94d707efa7d" + }, + { + "alg": "SHA-256", + "content": "b50dd0a6bc80f6bc7718b06c9119c1ed0cef013002f606709acc2596a27cf1d5" + } + ] + }, + { + "bom-ref": "a657e0e2c72e745a", + "type": "file", + "name": "/usr/lib/locale/en_IE/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "ef41e320c6ccf69e8d731876a96db0495a52b439" + }, + { + "alg": "SHA-256", + "content": "9578d6f0fc0768b3e09e8118bb369342e3d4b7fa95f05ea226847658c0dead3b" + } + ] + }, + { + "bom-ref": "3481bc602338f6bc", + "type": "file", + "name": "/usr/lib/locale/en_IE/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "9d42f14af0d0e9bf04b44ac0f27b5fb2fc0ad30f" + }, + { + "alg": "SHA-256", + "content": "d8ebe38e45b6d6a5335dc80b1ed15b9b0672fd41d846c49ac506c07622e02ae0" + } + ] + }, + { + "bom-ref": "3a971696e0257f4b", + "type": "file", + "name": "/usr/lib/locale/en_IE/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "6144944af118c9c1e075f2642bdd54c27daae8dc" + }, + { + "alg": "SHA-256", + "content": "3b551ba69af8f09b18d96849d5d4668573352e05d65c2c4e051cab43a8e7a0bb" + } + ] + }, + { + "bom-ref": "e2e8cbd2f42860b0", + "type": "file", + "name": "/usr/lib/locale/en_IE/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "ef140786dcb9ac4d17b4b4129a4a270db2a99d1d" + }, + { + "alg": "SHA-256", + "content": "601efdc587d6d29de3dc6dc23d308a7bb764b4e0f817276a7d055c37c09600f9" + } + ] + }, + { + "bom-ref": "e73c68dea9ebd6c3", + "type": "file", + "name": "/usr/lib/locale/en_IE/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "e95b2becb45755494f229af65d822772d55324ac" + }, + { + "alg": "SHA-256", + "content": "314cd9b6f0ac4fabb741538d4f23c827e340e3fa313e3d3f5073a0ca6a9a2f9a" + } + ] + }, + { + "bom-ref": "7c2897b0b8b017d7", + "type": "file", + "name": "/usr/lib/locale/en_IE@euro/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "768887a04882cb7c13f211e933439c1af0d1d6ae" + }, + { + "alg": "SHA-256", + "content": "7de0f6f4a639779bb70c9371568323f73144150f648940efa4b7c4be4db16d91" + } + ] + }, + { + "bom-ref": "40007b730202332e", + "type": "file", + "name": "/usr/lib/locale/en_IE@euro/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "dd03d1906789b53fd8517dbd1aa43ee45c449210" + }, + { + "alg": "SHA-256", + "content": "51ea5c74ca943af16be679948957027318f0685c4c81bddb47e29ee9032bf9f3" + } + ] + }, + { + "bom-ref": "07257989d347eea8", + "type": "file", + "name": "/usr/lib/locale/en_IE@euro/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "6e6160c9d7b488a9e8f485dd1da7ba4fdf48e892" + }, + { + "alg": "SHA-256", + "content": "35a500937035ecfb3117443209a29e6045956d45af1ce8fcdcd4b64d609c049f" + } + ] + }, + { + "bom-ref": "0bedf070662f6eed", + "type": "file", + "name": "/usr/lib/locale/en_IE@euro/LC_NAME", + "hashes": [ + { + "alg": "SHA-1", + "content": "1a206ece817e239da208279277b4405a6a9f32dc" + }, + { + "alg": "SHA-256", + "content": "a2877b465ad99b3e67c675eb6e73491eec3f1e7c362cf6b6773bd0f312f0c2f5" + } + ] + }, + { + "bom-ref": "809dd48a69e97c62", + "type": "file", + "name": "/usr/lib/locale/en_IE@euro/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "88aadb63af2ca75b60aff42ee397fc2d010c27d2" + }, + { + "alg": "SHA-256", + "content": "5d95eb5f24c57d2344a46edd509a15b382dd03edc457d299ab89c2b8ef526489" + } + ] + }, + { + "bom-ref": "14542e0fa508d94c", + "type": "file", + "name": "/usr/lib/locale/en_IE@euro/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "5e309931ceccdfa54f1e9144790ff423975f00b4" + }, + { + "alg": "SHA-256", + "content": "15dd19e0d67c1e8f3906cdcc944c268cc3c3ceb0f558c08f1fe03c2cddeee748" + } + ] + }, + { + "bom-ref": "53a775065e12e26e", + "type": "file", + "name": "/usr/lib/locale/en_IL/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "899a2d0bc4396bbcdbfc749b14b0e07c39d36bfc" + }, + { + "alg": "SHA-256", + "content": "b2b6d1ce3e3bdf8fc22261ac3cb2c7c0a072c4916327e4a2063fad386b5da8a7" + } + ] + }, + { + "bom-ref": "69516bff7e8fe0b1", + "type": "file", + "name": "/usr/lib/locale/en_IL/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "5686cde189d555c18e466b629c7435e6c465c2e3" + }, + { + "alg": "SHA-256", + "content": "858942221aaa1a1f9c9d6672a02cda2067c4e6fbc68dcd6a7627457429d9f77e" + } + ] + }, + { + "bom-ref": "f470afd6fecb1c57", + "type": "file", + "name": "/usr/lib/locale/en_IL/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "96d093d880bda6f54243fdd825cca308f1b63f68" + }, + { + "alg": "SHA-256", + "content": "58c940021b43f466bd9c693dc7057fb9cf42942062c7139650cbb89ad2e4f336" + } + ] + }, + { + "bom-ref": "ea26208b08f108be", + "type": "file", + "name": "/usr/lib/locale/en_IL/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "beafc690b5d62fc9dee1d241a844d3337818e610" + }, + { + "alg": "SHA-256", + "content": "e2f5faf52d54076c1e6266ef4c23665704c85258839818e37ee37a9f37c6edfd" + } + ] + }, + { + "bom-ref": "72f8044f4347f883", + "type": "file", + "name": "/usr/lib/locale/en_IL/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "f610c879d12456c392a9afc915a1c38e04217957" + }, + { + "alg": "SHA-256", + "content": "c0122e62acccf2f67ed1eff86b306f59497c099564822023955864f5eb2150e2" + } + ] + }, + { + "bom-ref": "0c56452f190f5e2a", + "type": "file", + "name": "/usr/lib/locale/en_IN/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "f5b54be19ecd6c4ca59dca8fddd8810a96dc54bc" + }, + { + "alg": "SHA-256", + "content": "b1657d241862c96091ccf9f6664d235b8bfdc12e3fbe2d1fb8017db2841bcf2b" + } + ] + }, + { + "bom-ref": "96936d9ae77b6b26", + "type": "file", + "name": "/usr/lib/locale/en_IN/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "48ab68fb30beefee31842bb25673373c61409c24" + }, + { + "alg": "SHA-256", + "content": "35dbeb9a2bd857f95fba54fb322e6e0a5fa5c7a93e206132bf9960088b399ab3" + } + ] + }, + { + "bom-ref": "8946a994e6c14dd9", + "type": "file", + "name": "/usr/lib/locale/en_IN/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "bd0f0702484cd46a6789fba18ec668706bbcc4ca" + }, + { + "alg": "SHA-256", + "content": "61a320a6571b954eaa6f39ef9c6f06f19b4121ea638c850f002a9af8a58039f6" + } + ] + }, + { + "bom-ref": "6f7db9001d123721", + "type": "file", + "name": "/usr/lib/locale/en_IN/LC_NUMERIC", + "hashes": [ + { + "alg": "SHA-1", + "content": "41223ecc14927d649a4f16ac2c10d7baadfb7671" + }, + { + "alg": "SHA-256", + "content": "28696c445198df18662f64fe5300a1b762077efda709fbd85c4d006dbb89cdff" + } + ] + }, + { + "bom-ref": "6fa5d65ad06c31be", + "type": "file", + "name": "/usr/lib/locale/en_IN/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "2541d0f24fa8558f8fe0cb63dcb6e3e8b373f44b" + }, + { + "alg": "SHA-256", + "content": "580b6e7771ceea7eb460ef02ab74fe0c9af2506f8e12a9fba38424550db10131" + } + ] + }, + { + "bom-ref": "e55a1736aab009ee", + "type": "file", + "name": "/usr/lib/locale/en_IN/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "58218f8516c1d5c78a643b7461d8ef66c127bbaa" + }, + { + "alg": "SHA-256", + "content": "c9c45b2923c4e065f3c2836a5eb7ca9d5ae55fddf5799004553a8fe30574a3be" + } + ] + }, + { + "bom-ref": "d5da6b7330821348", + "type": "file", + "name": "/usr/lib/locale/en_NG/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "2e2635a2e20ff4245deb8eab5dce3d3bc03232b2" + }, + { + "alg": "SHA-256", + "content": "317371a6d0e5bec610496599512b78fb29665dbe112e4490000b0e19128a6d46" + } + ] + }, + { + "bom-ref": "0ed734304b626d51", + "type": "file", + "name": "/usr/lib/locale/en_NG/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "2517f824c3ab8f3c4020bfbe2bf2e2c494defefe" + }, + { + "alg": "SHA-256", + "content": "2f8297c7958830546d126a6f4d25b08e510f7fcea9e02ab7411fe8d966b41dc3" + } + ] + }, + { + "bom-ref": "affc307a88d5ffb0", + "type": "file", + "name": "/usr/lib/locale/en_NG/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "e1dbecc58a788a172a7cb1064fe2885be0e2e51f" + }, + { + "alg": "SHA-256", + "content": "77389baab2204640b3710c73692750a699358516bd656938f4c200192e44ce0b" + } + ] + }, + { + "bom-ref": "6dd9f48f9cc7324a", + "type": "file", + "name": "/usr/lib/locale/en_NG/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "95176449d300eea19ac43e683939970c034eb81d" + }, + { + "alg": "SHA-256", + "content": "db478f53f42c264b025f04250d885f182f1f70fdbba458bfc000e3d484528e80" + } + ] + }, + { + "bom-ref": "974cb428e9efd99c", + "type": "file", + "name": "/usr/lib/locale/en_NG/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "768002e0be470dc45f443e12c53f7ef6e542960c" + }, + { + "alg": "SHA-256", + "content": "f83e0b2ad02560b99ed3c5ce7cf5cef41f9d23e6a510eee373d8aefada460023" + } + ] + }, + { + "bom-ref": "c99cb163821c1258", + "type": "file", + "name": "/usr/lib/locale/en_NZ.utf8/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "da6d8a720df1b2c640ce53a9611d97558ee979fe" + }, + { + "alg": "SHA-256", + "content": "67c85262cd9a21211fc91f17da55362c9574e770dbcda7e12636d16687b10767" + } + ] + }, + { + "bom-ref": "4030524a87104fd1", + "type": "file", + "name": "/usr/lib/locale/en_NZ.utf8/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "e2ab0101909999fd98ecfeb549351080dab71bae" + }, + { + "alg": "SHA-256", + "content": "573081226607e7e0971c76649d1768c00fa99604311449bd32faaecae6012e28" + } + ] + }, + { + "bom-ref": "26db2509eb130a1d", + "type": "file", + "name": "/usr/lib/locale/en_NZ.utf8/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "cfd8a4ac0c2f9e5e36a4a918a3c3bf77f7a6b9a6" + }, + { + "alg": "SHA-256", + "content": "7a3fb3e7a7c07f722382ed26cbd37ac489328897ef9aaa742f0b455628414a7c" + } + ] + }, + { + "bom-ref": "07ef2d1b3dfe929b", + "type": "file", + "name": "/usr/lib/locale/en_NZ.utf8/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "532d561ecba3e63517d24c328fa73be6cb1da11b" + }, + { + "alg": "SHA-256", + "content": "b5055638d155060f11adcfd6bc4fdb7ccd07bb0772c6f65c497c859584a31ac0" + } + ] + }, + { + "bom-ref": "84346be3b5ef9b58", + "type": "file", + "name": "/usr/lib/locale/en_NZ/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "669a04045dcb42fa86c3d24afd6059082d26a2be" + }, + { + "alg": "SHA-256", + "content": "3cc04632ab4258ad1386a6bc792dfb3a45740df630e83b3982e23769851e96a0" + } + ] + }, + { + "bom-ref": "b6a8d8476886d50c", + "type": "file", + "name": "/usr/lib/locale/en_NZ/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "9028fece74a4ba2bb56c9dd0c0c8710dc18729a9" + }, + { + "alg": "SHA-256", + "content": "7abbec363cf20a90b7c25b812660dee897fc6e0c69a5aca7449b6ec48ab1409b" + } + ] + }, + { + "bom-ref": "41102a2b1e61867a", + "type": "file", + "name": "/usr/lib/locale/en_NZ/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "b6fbe02b5a6befc9a2041ce03e90784929dbf6df" + }, + { + "alg": "SHA-256", + "content": "d047a750661932b9ed03ce9ccff640aff34b5ac69e31e6f2200cd782810d2c68" + } + ] + }, + { + "bom-ref": "6d52427e28cb797b", + "type": "file", + "name": "/usr/lib/locale/en_NZ/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "8cec44f9de86384cf89a239f956e04c9d4af956d" + }, + { + "alg": "SHA-256", + "content": "034ff6820110188b7ee334d4e38f9eeb321f795ee2294a6256616777ee3a5db0" + } + ] + }, + { + "bom-ref": "0894711dce7ba59b", + "type": "file", + "name": "/usr/lib/locale/en_PH.utf8/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "8d07338dd493cdb6be1f48202889250f925559d2" + }, + { + "alg": "SHA-256", + "content": "d162b7314d73090a42ed3e3e40c890a9c29179a2c78b5eede6ff88ebd82415fb" + } + ] + }, + { + "bom-ref": "768f1f699be33ce4", + "type": "file", + "name": "/usr/lib/locale/en_PH.utf8/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "7bf0b5b977ce3cb80b8eb2a152757e9d6eb49402" + }, + { + "alg": "SHA-256", + "content": "cf13bfc57a37a421c4832454cfdbe7911e02d46d416560a3a853e14e2a19e8dd" + } + ] + }, + { + "bom-ref": "a9e5728cddaab742", + "type": "file", + "name": "/usr/lib/locale/en_PH.utf8/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "c23299ce575cca205a54f7261457b4f173e2088a" + }, + { + "alg": "SHA-256", + "content": "c1fbe0c7987b4023d4222ba46059f01892bd36bef404ba7fd36174f046e8e3b9" + } + ] + }, + { + "bom-ref": "8a27c11a8a706d8a", + "type": "file", + "name": "/usr/lib/locale/en_PH.utf8/LC_NAME", + "hashes": [ + { + "alg": "SHA-1", + "content": "c31f00e1aa4d6ce08083b6a85a0cedbbf36afa94" + }, + { + "alg": "SHA-256", + "content": "60e56627dc90cc2e87f82a471c516a6f8775064b0c67fce22ab4586fc7caf2d7" + } + ] + }, + { + "bom-ref": "1716f766099ad74e", + "type": "file", + "name": "/usr/lib/locale/en_PH.utf8/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "1068ca207ae6107e679e2085fdc8c6b74c28706f" + }, + { + "alg": "SHA-256", + "content": "2f2ca9411835619abacd5a3a4698e1de399dc36bebb6f28b1681b70b2528477c" + } + ] + }, + { + "bom-ref": "5cc21ea06b49b59b", + "type": "file", + "name": "/usr/lib/locale/en_PH.utf8/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "6f5072f319b1d977f89ffc04a3c467d4526e40c7" + }, + { + "alg": "SHA-256", + "content": "98aceae2484f58615f564e8a3d326ae0c6104bc9327a577b3e74725537de0b18" + } + ] + }, + { + "bom-ref": "70681bb5f4f5447d", + "type": "file", + "name": "/usr/lib/locale/en_PH/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "2ea05675357354dcb8a74ebfbed25e637bdc9c15" + }, + { + "alg": "SHA-256", + "content": "af435ccccee9f23a895dcb40577d667c1f5d1b4d81d9811379837ed8bf471352" + } + ] + }, + { + "bom-ref": "75f6b1f3c8801c49", + "type": "file", + "name": "/usr/lib/locale/en_PH/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "f04f22dd35e2101c59966cce59521dc6b0897e48" + }, + { + "alg": "SHA-256", + "content": "b224f33330d0fd89f42b5ba4723f88e943d21c6bc5cc2471f8accc433f3dc160" + } + ] + }, + { + "bom-ref": "0a30e333053051f6", + "type": "file", + "name": "/usr/lib/locale/en_PH/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "5da00194702068bbb6073a767798a974ac4cf80c" + }, + { + "alg": "SHA-256", + "content": "2458bae97e741ecdd15a9b075ef039fed6e2a1b701de434b7a002534d572eefe" + } + ] + }, + { + "bom-ref": "881f30e3fe440357", + "type": "file", + "name": "/usr/lib/locale/en_PH/LC_NAME", + "hashes": [ + { + "alg": "SHA-1", + "content": "6b7d97faab66f7544cffecbc9b9d95a482ef0570" + }, + { + "alg": "SHA-256", + "content": "4dd542ea728b2f2f95cb0b6cdc53ede87b3fec7cbf79425e1f9a62d90fd2d948" + } + ] + }, + { + "bom-ref": "e02fb9f51f91e081", + "type": "file", + "name": "/usr/lib/locale/en_PH/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "9ba61dd290a554c96a1e96f1e7d78d918c780cc3" + }, + { + "alg": "SHA-256", + "content": "01b590c55ec707b5a67641e73bde823094387ce59139541f6a714216744c152c" + } + ] + }, + { + "bom-ref": "f0545fa0cad8c392", + "type": "file", + "name": "/usr/lib/locale/en_PH/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "c9489350afec9558e13793b988c35a2df3bf20d7" + }, + { + "alg": "SHA-256", + "content": "68c8c2a4797f69746163ba5b79f8b102370baf3dc397db7a2eddac8499daf67b" + } + ] + }, + { + "bom-ref": "a4934c5939380028", + "type": "file", + "name": "/usr/lib/locale/en_SC.utf8/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "ca8339cd4ca6ccdc9ea3d5dcc0abef7f87c62861" + }, + { + "alg": "SHA-256", + "content": "e9f4cade75a1468cac72ccc9209941841a20683e6479d21894121bb11ac5ea1f" + } + ] + }, + { + "bom-ref": "1e4c3c1d973b97f9", + "type": "file", + "name": "/usr/lib/locale/en_SC.utf8/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "3dae6fe68dba535d0e6ab64087df3a98efa4f849" + }, + { + "alg": "SHA-256", + "content": "85cc42ca23ece68cfc5978e9c484f6e5be1d00f5c5a0397fb054ee703edde586" + } + ] + }, + { + "bom-ref": "2c8f934a6186475f", + "type": "file", + "name": "/usr/lib/locale/en_SC.utf8/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "7f113b92741088f2f4465a051ec0ca6469d74055" + }, + { + "alg": "SHA-256", + "content": "6cce27edfd96ee366dfcdf5985ba52073c1e81a0641cc606f3b2ceb0f853da91" + } + ] + }, + { + "bom-ref": "63ebf25a5df506e5", + "type": "file", + "name": "/usr/lib/locale/en_SC.utf8/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "605218cf2cd2ead116f4349a64acddb4ed1998e1" + }, + { + "alg": "SHA-256", + "content": "3977c5cd62d44d646332bfeeea42245b9ee1deb46b89e32eb88a7d603fc23b43" + } + ] + }, + { + "bom-ref": "2cb886fdfb3311d8", + "type": "file", + "name": "/usr/lib/locale/en_SG.utf8/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "c3c093590f458b7fb1232d4ec7ef678832ad9ed3" + }, + { + "alg": "SHA-256", + "content": "82ace6e4940d0a3724c810cf34f5361407cdd22fa937be8ca04188cb26891ac9" + } + ] + }, + { + "bom-ref": "a737b8e0cb054ea5", + "type": "file", + "name": "/usr/lib/locale/en_SG.utf8/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "6ca6144e2bc75b0b88a381c9ee81c439e86d7809" + }, + { + "alg": "SHA-256", + "content": "601e65c2d5013b728988746377f64ebf7e07b5966aa07d7ce201e0e6abf8f216" + } + ] + }, + { + "bom-ref": "f75c76c71ceede8c", + "type": "file", + "name": "/usr/lib/locale/en_SG.utf8/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "c13060cd8b6b201109d8c84a92db19520887c1eb" + }, + { + "alg": "SHA-256", + "content": "9bf4afcd8241e6e3c30b8f9718e3689bda5dcf6f36da9aa72fcf9fa59e05ad4b" + } + ] + }, + { + "bom-ref": "83a4c7883cb4c2ba", + "type": "file", + "name": "/usr/lib/locale/en_SG.utf8/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "20398845be8cf207d82d58e7b3912d38b22ba15a" + }, + { + "alg": "SHA-256", + "content": "d288d087c09405e74f85c7542d093280a92ea18a344642d4f77263582dbc9d22" + } + ] + }, + { + "bom-ref": "e1a4cdd347d804d0", + "type": "file", + "name": "/usr/lib/locale/en_SG.utf8/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "d9b144633fc7bfc74c57844ba207dc1b80282e26" + }, + { + "alg": "SHA-256", + "content": "93a053ac74b7776995f1981a4f89cc4d3d0e8ae1bc367f24c05d39b5d6789a2f" + } + ] + }, + { + "bom-ref": "72f7d7071b21f622", + "type": "file", + "name": "/usr/lib/locale/en_SG/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "758f93afea7eed3530a6297bb3c61a55a3bc19d8" + }, + { + "alg": "SHA-256", + "content": "433c5f2842f19de24597d213b1181e2374315c6688230c05e6855533e0001f48" + } + ] + }, + { + "bom-ref": "07d997f9a0fe5fe4", + "type": "file", + "name": "/usr/lib/locale/en_SG/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "007dfe76377ad8889d099453b09863ca3e3e74c5" + }, + { + "alg": "SHA-256", + "content": "adfb5f03ef5d127016ecf68a72276c68eca381b5ddd992019bb4dcfe9ccf464b" + } + ] + }, + { + "bom-ref": "45bb161855a3bc8a", + "type": "file", + "name": "/usr/lib/locale/en_SG/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "d1ecb076e581b5c1be3bb6c48aeaadebe7a3dd8a" + }, + { + "alg": "SHA-256", + "content": "ff584067bab43f7a84b44cc7f0d1761c65ba09dbfa97ae6c6e4a9700950a541a" + } + ] + }, + { + "bom-ref": "b08038c6338b8aaf", + "type": "file", + "name": "/usr/lib/locale/en_SG/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "0efb012eb81eb5740301bd54f2574cfe5a2b1598" + }, + { + "alg": "SHA-256", + "content": "8a232d9599e3c135da14f785a3a76150e1a9f1aea40a3eac8c6b64de6567a8ca" + } + ] + }, + { + "bom-ref": "6528a473bcf2bdad", + "type": "file", + "name": "/usr/lib/locale/en_SG/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "9e87da5f0ccef25fa38ca4f6617c2e4a6c08d86e" + }, + { + "alg": "SHA-256", + "content": "fb76a7e7bca9ddac0c62808564b07a507a80f3aacf7e14a499abd6ea07c586bb" + } + ] + }, + { + "bom-ref": "da911527e3f13369", + "type": "file", + "name": "/usr/lib/locale/en_US.iso885915/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "3a9ca04a52327bba3adeebba30d0f85b00c89eba" + }, + { + "alg": "SHA-256", + "content": "fed2012e2dee8bfebe132e5f28c6f511a7305756fa9f92eb43431efeea3267aa" + } + ] + }, + { + "bom-ref": "c1473b99cc79f35d", + "type": "file", + "name": "/usr/lib/locale/en_US.iso885915/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "94bdbf3cac4bf04222916f52a724c26c9023693b" + }, + { + "alg": "SHA-256", + "content": "5e0c0e0d2d8666722d03d46c7b8f6d2d746e610f5eb26331d74f646a7f9fc268" + } + ] + }, + { + "bom-ref": "8a8b42f36b9b8207", + "type": "file", + "name": "/usr/lib/locale/en_US.iso885915/LC_MEASUREMENT", + "hashes": [ + { + "alg": "SHA-1", + "content": "4d76ed8b0e77bce585ea89a683cd299127764b8f" + }, + { + "alg": "SHA-256", + "content": "e1b8ef3d3829b1d9b5d38d6fc04d247884b297cf6e574c69c6dbdf9d84bdf5a3" + } + ] + }, + { + "bom-ref": "94a7ade69d58bff6", + "type": "file", + "name": "/usr/lib/locale/en_US.iso885915/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "e6614b9dccc3bedae6e79787cdd4e1dbedfc44aa" + }, + { + "alg": "SHA-256", + "content": "df89655e9ce3ee1151d4efd47108ed8d084c45cd185d979e900ed4da9ddcbd6f" + } + ] + }, + { + "bom-ref": "0ed8db47d526c931", + "type": "file", + "name": "/usr/lib/locale/en_US.iso885915/LC_PAPER", + "hashes": [ + { + "alg": "SHA-1", + "content": "25103e6c2b8db16c6968807fade1718fb2a85584" + }, + { + "alg": "SHA-256", + "content": "dddd62f89df122c966c002d59401fb8eeae27940d4e7d39d7d095b0de8661954" + } + ] + }, + { + "bom-ref": "443e0595cd752ddb", + "type": "file", + "name": "/usr/lib/locale/en_US.iso885915/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "141ff599b16c96ac520736f0e628f7ff48626170" + }, + { + "alg": "SHA-256", + "content": "0ea01b1a39c5f0b2581572108880f3669484acdac303d63265a1a54c8584ec52" + } + ] + }, + { + "bom-ref": "8b4ee97f654cfb3c", + "type": "file", + "name": "/usr/lib/locale/en_US.iso885915/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "0d4c633c947180eee655861008a87f625519174d" + }, + { + "alg": "SHA-256", + "content": "9e1c499a2ad90f84709c23ba502d342332c4236a1f4187ce89475bd61e3fabd5" + } + ] + }, + { + "bom-ref": "f261aef256ecbb61", + "type": "file", + "name": "/usr/lib/locale/en_US.utf8/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "aa5248b0ac085665477b2feb1266205b3bed557d" + }, + { + "alg": "SHA-256", + "content": "c39329bc8f9fd0a7bd7faa9256cf3b8e39ec91ff989662066f243466269cc164" + } + ] + }, + { + "bom-ref": "f0ae05c7c5252d2e", + "type": "file", + "name": "/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "fc6c342729603b4463663c48f3c2491ab6199405" + }, + { + "alg": "SHA-256", + "content": "2dfac9ea94abf72ba888bcbe5ba582a99fbca1b7c6a2598e80b1028d12a71ecf" + } + ] + }, + { + "bom-ref": "bc8f80fad7ae69a1", + "type": "file", + "name": "/usr/lib/locale/en_US.utf8/LC_MEASUREMENT", + "hashes": [ + { + "alg": "SHA-1", + "content": "86db16a6c73e1eb6f5fe9113d933e2cb093471ec" + }, + { + "alg": "SHA-256", + "content": "c2200fc75f8f268d9e8d71072064f64d94497e5abd58abd5ab1506c3a40dbd1a" + } + ] + }, + { + "bom-ref": "4501793c1c85d97e", + "type": "file", + "name": "/usr/lib/locale/en_US.utf8/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "987e15618ea98718060788944871a3d9c2fa0a41" + }, + { + "alg": "SHA-256", + "content": "31d62ce6350e6ead9fd019cb4d0083364a2c587d2f1f7ed5f7e213e7d73fb1ec" + } + ] + }, + { + "bom-ref": "1dd0186f52f33e01", + "type": "file", + "name": "/usr/lib/locale/en_US.utf8/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "ce7bb5df7eec8dc0dc51d64b0ce336a074ccceb3" + }, + { + "alg": "SHA-256", + "content": "30b9a5f08480a634e2f016e1e2af957ae34e7bc849600376b8ac6ce2c9d536a6" + } + ] + }, + { + "bom-ref": "f3bec4ff8fe53568", + "type": "file", + "name": "/usr/lib/locale/en_US.utf8/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "d23b845672503ae7a96bb5c286285a5756eb43de" + }, + { + "alg": "SHA-256", + "content": "9bcdb29af2d6244ad5bffc068fe5bec91bb2daf8a7bdebb1faf95b906c665f0c" + } + ] + }, + { + "bom-ref": "3efb6f9baf7aa9bc", + "type": "file", + "name": "/usr/lib/locale/en_US/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "24ba64726344ead8a316f1e45b188c41467dfe1b" + }, + { + "alg": "SHA-256", + "content": "41d9917d2ae05249d16711596736e9b1d45453f5020876b4444f61772da266a8" + } + ] + }, + { + "bom-ref": "5e00798fd370e07c", + "type": "file", + "name": "/usr/lib/locale/en_US/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "8c47010f5c7042acd399040da15f324259b16f6b" + }, + { + "alg": "SHA-256", + "content": "59751eac8c60078e5d919ccc3deef9aaa8d207b496023513352671e3ed334cb1" + } + ] + }, + { + "bom-ref": "84ef38a699af04be", + "type": "file", + "name": "/usr/lib/locale/en_US/LC_MEASUREMENT", + "hashes": [ + { + "alg": "SHA-1", + "content": "0f84f6dddc28ac2a28687c9eb79cc064f7053fab" + }, + { + "alg": "SHA-256", + "content": "2aae1e834b1ba9795f38125f84c06211a201832dfcd1814e5c5c1716d945deb5" + } + ] + }, + { + "bom-ref": "a13db4d8922902a7", + "type": "file", + "name": "/usr/lib/locale/en_US/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "f0dad6d35af71b2b3d48632942310c018fe74a3c" + }, + { + "alg": "SHA-256", + "content": "f487ae1faffded41234af617460737e21fd2f96d59d41b3d49e2e6bdc49b60ae" + } + ] + }, + { + "bom-ref": "5cbf057679313401", + "type": "file", + "name": "/usr/lib/locale/en_US/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "2af8e0c178e01ecf720e055bddb29f3b300e46d5" + }, + { + "alg": "SHA-256", + "content": "44b30e113bee1acd4f02c811422cb2d9c873c51f85f52087d4d62c532c41025a" + } + ] + }, + { + "bom-ref": "ce57b3ad6cf33a38", + "type": "file", + "name": "/usr/lib/locale/en_US/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "97f4e303bba85e8039e6de87522b499e1a12c4f5" + }, + { + "alg": "SHA-256", + "content": "2fbeb060d70ddcf233e263c7810e143d719cd7e431f0e991166378d6bd16dc68" + } + ] + }, + { + "bom-ref": "dc3dd19625a60d97", + "type": "file", + "name": "/usr/lib/locale/en_ZA.utf8/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "632773926d3031be1dd07900f0cec179c0c783cb" + }, + { + "alg": "SHA-256", + "content": "94745c5cd36512e659920b041128048e7fb609a0eb42bf1321b3551b2372150f" + } + ] + }, + { + "bom-ref": "676a0168a2d88433", + "type": "file", + "name": "/usr/lib/locale/en_ZA.utf8/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "fc889b2bb99d4d5c8adcfbd9714b2710b2850fba" + }, + { + "alg": "SHA-256", + "content": "932aa6107031d823fda0ffd7d5954fee7f007cbb9f6f512b911080a72b8ea17e" + } + ] + }, + { + "bom-ref": "84e242430eb68221", + "type": "file", + "name": "/usr/lib/locale/en_ZA.utf8/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "bd3e6df90ac53ff7cdaca2d57a27a8e9d66c74e8" + }, + { + "alg": "SHA-256", + "content": "d7630e3914cbaadde18d3bf26d806490377ca761ba595d711f6c2ed148df6636" + } + ] + }, + { + "bom-ref": "4b970ae23ba68900", + "type": "file", + "name": "/usr/lib/locale/en_ZA.utf8/LC_NAME", + "hashes": [ + { + "alg": "SHA-1", + "content": "f0dd8a9ca415381f3d0108bf702c5653c8c4da16" + }, + { + "alg": "SHA-256", + "content": "58672646ba335323eaf0c16503b1efccbabcf382f768d53fa8cad2292098bc64" + } + ] + }, + { + "bom-ref": "89ef152397566e74", + "type": "file", + "name": "/usr/lib/locale/en_ZA.utf8/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "2a0aa872bb8e58408bfc7d3e5da7bbfd4a88ad6f" + }, + { + "alg": "SHA-256", + "content": "f338558b3eecbed3ad24bb3dc1244f33b164fe9709b2bddc13f988ea8906b1bd" + } + ] + }, + { + "bom-ref": "259d2fc8e938cfdc", + "type": "file", + "name": "/usr/lib/locale/en_ZA/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "c0f63c82109c9d7604ef70bea60c4a5ef43b8eb6" + }, + { + "alg": "SHA-256", + "content": "7352417bf06b6d7e5073e96fe48ae89cebb3a2dd8dc964a51a20c4e8c0549585" + } + ] + }, + { + "bom-ref": "5f6ea0b28b89f843", + "type": "file", + "name": "/usr/lib/locale/en_ZA/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "5ab527753f08946e6d0bfa5d26eb741d0a8b3400" + }, + { + "alg": "SHA-256", + "content": "f81b56ee7b02f06d292d0d964ddc2c0aab6b92a56b4794e9b80e272a8eb9d05e" + } + ] + }, + { + "bom-ref": "18560ae915b36da4", + "type": "file", + "name": "/usr/lib/locale/en_ZA/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "0acaafe1896ee0c6a95e0d7d7b318f6abc87875c" + }, + { + "alg": "SHA-256", + "content": "7a89a374454abd4b900e1343c46113055873e3522392f7512a896400faa7e2c6" + } + ] + }, + { + "bom-ref": "a876f6dda47cbcc0", + "type": "file", + "name": "/usr/lib/locale/en_ZA/LC_NAME", + "hashes": [ + { + "alg": "SHA-1", + "content": "4fa85ea402137c045cab228fe37ffec498d49dd3" + }, + { + "alg": "SHA-256", + "content": "414aae01ed42d09178b5d6e582d661724d31af59acaac55f49fbed6bacce3f7b" + } + ] + }, + { + "bom-ref": "485db2c8d2fb8138", + "type": "file", + "name": "/usr/lib/locale/en_ZA/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "454940dd28eb4fd1b6d2dea93d18c025455b9d66" + }, + { + "alg": "SHA-256", + "content": "2eb3d873983762dba78b9d65f27bbd54a1393c22cf0277b3c39a003a00102e69" + } + ] + }, + { + "bom-ref": "9981640786333366", + "type": "file", + "name": "/usr/lib/locale/en_ZM/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "8f513067e4c43025457831cf6999031a5f677b90" + }, + { + "alg": "SHA-256", + "content": "7963b9acf9e63e3abb868b73b5712ddacb2071b4332e37043c8e029bd9ae2a97" + } + ] + }, + { + "bom-ref": "14bc4f957f460b86", + "type": "file", + "name": "/usr/lib/locale/en_ZM/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "6b57cfe554b7156876b8838f42812c94f523281e" + }, + { + "alg": "SHA-256", + "content": "a7c4495021cb046b41cd5de0bfbecb1fc3ce4282881062bff818e95d847dbd1a" + } + ] + }, + { + "bom-ref": "b707b4d2a6ef1129", + "type": "file", + "name": "/usr/lib/locale/en_ZM/LC_MESSAGES/SYS_LC_MESSAGES", + "hashes": [ + { + "alg": "SHA-1", + "content": "5384d8bd4a303fd02f3aafc153cb871dd024e251" + }, + { + "alg": "SHA-256", + "content": "99c935198ae0b0574dd7dbecdd770c2d8967561b16f61666a667e53d4fef6750" + } + ] + }, + { + "bom-ref": "a2a19081abee02b8", + "type": "file", + "name": "/usr/lib/locale/en_ZM/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "6a924879306098a0264f2ebeb2a06131f2396a91" + }, + { + "alg": "SHA-256", + "content": "ed93db66eb27d8afef413d439947cb9203e4732b284832da510b6d73238afc46" + } + ] + }, + { + "bom-ref": "ae9324f13db8978d", + "type": "file", + "name": "/usr/lib/locale/en_ZM/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "08210adec31b2c9e78bfc59985aa8fa92506d797" + }, + { + "alg": "SHA-256", + "content": "973b17e6ad3dc2abf01b4f7cbe69a842fbf3d01927ae74158bacd5dbdff7efb7" + } + ] + }, + { + "bom-ref": "a96471caf25b4001", + "type": "file", + "name": "/usr/lib/locale/en_ZM/LC_TIME", + "hashes": [ + { + "alg": "SHA-1", + "content": "427249016393b1ce079ab7dde0a726324def57ae" + }, + { + "alg": "SHA-256", + "content": "0db65fb9d674d9a37b244487c1a06cb9fa0276cf8a1f8b6043abc8d29c4a5832" + } + ] + }, + { + "bom-ref": "884bc5fb76a01df8", + "type": "file", + "name": "/usr/lib/locale/en_ZW.utf8/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "59cd5517905f5b07d10043078341585c2dcb0882" + }, + { + "alg": "SHA-256", + "content": "ad4766639d0a699edee8d19763aae77e0ce14ebb9e86cd7aad4a5f3020d05f9b" + } + ] + }, + { + "bom-ref": "736190675d602bfa", + "type": "file", + "name": "/usr/lib/locale/en_ZW.utf8/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "df7eacca7916ebfa30e45e51192295fe622509bb" + }, + { + "alg": "SHA-256", + "content": "038801f691090ea183d1e6b4fda673f54a152037123cf286d410ace422498322" + } + ] + }, + { + "bom-ref": "926d6657b61c9339", + "type": "file", + "name": "/usr/lib/locale/en_ZW.utf8/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "4a85135caa4a05493d450c98abea0dcf8fe2d67b" + }, + { + "alg": "SHA-256", + "content": "47584a5d4e331a361e0c346fadaae9a24a311f421e69e31611ad40677b857f77" + } + ] + }, + { + "bom-ref": "bde3bec97649a8ef", + "type": "file", + "name": "/usr/lib/locale/en_ZW.utf8/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "c30e817a21686c7f02de9f1b48429f2fdb815c25" + }, + { + "alg": "SHA-256", + "content": "62309ee7f6cfb6baec604a05333156829a85e559fc4a2d58d54604e4db968de1" + } + ] + }, + { + "bom-ref": "20b5a44a773db525", + "type": "file", + "name": "/usr/lib/locale/en_ZW/LC_ADDRESS", + "hashes": [ + { + "alg": "SHA-1", + "content": "81850d47e29a7b920bd3d4309faddb1b28b0ae47" + }, + { + "alg": "SHA-256", + "content": "df62393f2154a95f9c91847df0e922ffb433d4d8287ee72de1b256b7d602fd1b" + } + ] + }, + { + "bom-ref": "72605f986b13ca3d", + "type": "file", + "name": "/usr/lib/locale/en_ZW/LC_IDENTIFICATION", + "hashes": [ + { + "alg": "SHA-1", + "content": "8534290e6cabdf6e3fd427e05ef15a977053f48a" + }, + { + "alg": "SHA-256", + "content": "efc083175f7acb4e1121f07b78868cd7f66044b343aae14010a505f99bbc2268" + } + ] + }, + { + "bom-ref": "399b97a713de04e5", + "type": "file", + "name": "/usr/lib/locale/en_ZW/LC_MONETARY", + "hashes": [ + { + "alg": "SHA-1", + "content": "7d194b99affa4ce95623571a5b4373c60afe24c7" + }, + { + "alg": "SHA-256", + "content": "6cc16424351d357ca59e0677c64715d7d782577f13cc2db4592a19b9d39cc70f" + } + ] + }, + { + "bom-ref": "547f2986d3ed7982", + "type": "file", + "name": "/usr/lib/locale/en_ZW/LC_TELEPHONE", + "hashes": [ + { + "alg": "SHA-1", + "content": "49a816503d51bc684020aba202b883dc43997149" + }, + { + "alg": "SHA-256", + "content": "d2f9b2cf1cc9de0b17de99db6cb2ffaa4eb1d19423645805e603e63b0ea808ca" + } + ] + }, + { + "bom-ref": "39590e9e4490af42", + "type": "file", + "name": "/usr/lib/os-release", + "hashes": [ + { + "alg": "SHA-1", + "content": "8fc333eb5654f80b26adef8d5e73fd04ca48b354" + }, + { + "alg": "SHA-256", + "content": "a4f4ab7d5b06a1a2bfafea65c7e27b45e9d79c54756d297856f6d380d3934442" + } + ] + }, + { + "bom-ref": "58a9573d6a5680b7", + "type": "file", + "name": "/usr/lib/rpm/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "e2f5721f1c8999fe310b008ce59005de812228c9" + }, + { + "alg": "SHA-256", + "content": "84f8073df8232bdda2963c03d69ec1f9148d309bda00d9758f9c6009890132f0" + } + ] + }, + { + "bom-ref": "99c1b98e096be416", + "type": "file", + "name": "/usr/lib/rpm/macros.d/macros.dist", + "hashes": [ + { + "alg": "SHA-1", + "content": "1d668745eebeec90036ed155e3ec36991ee9c35b" + }, + { + "alg": "SHA-256", + "content": "5aeba8391625e61164053c0b44aa9e13f636987fe1962fecce23c8fc49fbc763" + } + ] + }, + { + "bom-ref": "01af87c9c3234fd9", + "type": "file", + "name": "/usr/lib/rpm/platform/aarch64-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "a3b9109a29d6ca5c3b51e9813e4c163ee61babc1" + }, + { + "alg": "SHA-256", + "content": "e9979f1f0d907ebe964a265951636df49fd37a0b76c04af7e7f75123af12284a" + } + ] + }, + { + "bom-ref": "f4d41badd69d9d18", + "type": "file", + "name": "/usr/lib/rpm/platform/alpha-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "633825933453acce49de7b319a0608d89a10d1df" + }, + { + "alg": "SHA-256", + "content": "fcb9be52ae9e388a39b0710ef536709a3328ed2ad44eea2e9cd6a94c856ab545" + } + ] + }, + { + "bom-ref": "7a845028b5bae0d1", + "type": "file", + "name": "/usr/lib/rpm/platform/alphaev5-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "fc48b6273806371c2508d3355d8b125285c2401e" + }, + { + "alg": "SHA-256", + "content": "2e7480507b2fcd088552c2f56c3329923ebe288454f208df803996d51715558e" + } + ] + }, + { + "bom-ref": "4ce658f7dd104e72", + "type": "file", + "name": "/usr/lib/rpm/platform/alphaev56-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "e024d2fc363220d42f3d1ff495bf49b2c0fb3196" + }, + { + "alg": "SHA-256", + "content": "344a1274a6a0445aed33fb710249aa640300546f07495cc043c9c5d1a0c80552" + } + ] + }, + { + "bom-ref": "3e134d92deb588cf", + "type": "file", + "name": "/usr/lib/rpm/platform/alphaev6-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "4aa63bcbb3059a183ac25c35735c58b05776dadc" + }, + { + "alg": "SHA-256", + "content": "be6c8cb0b6e43d1dfb197d3a525fd975bdd82cd51498a5a43dbe8c8c0ac553a2" + } + ] + }, + { + "bom-ref": "22f163cb88120aae", + "type": "file", + "name": "/usr/lib/rpm/platform/alphaev67-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad28e95c6d280207d2418924839be802ab8b1db1" + }, + { + "alg": "SHA-256", + "content": "c5ecf912a5b732420be13c0f7cb6b0ad7dfb3ac4942d67b1cd63f1f68b6ec180" + } + ] + }, + { + "bom-ref": "04748987cd664b77", + "type": "file", + "name": "/usr/lib/rpm/platform/alphapca56-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "0b1d394c10d22e2ff1384e9acb7e76ffaeae048b" + }, + { + "alg": "SHA-256", + "content": "27650482eb4bb98ff95b3126bd6f4c656ba070ae00bc0a44ecd69b3a73505109" + } + ] + }, + { + "bom-ref": "e53bc700ab48c604", + "type": "file", + "name": "/usr/lib/rpm/platform/amd64-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "561006caa231531660ea8eb37cf1757417b500e1" + }, + { + "alg": "SHA-256", + "content": "92db1b683d4178016d645ee5a912e572ddaa62d281caec616677c75da1d115e7" + } + ] + }, + { + "bom-ref": "c5b4b4c9ca497091", + "type": "file", + "name": "/usr/lib/rpm/platform/armv3l-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "b87dd114797fa4d304be76ec8dd8274dc84b83f3" + }, + { + "alg": "SHA-256", + "content": "cfa832717aa4a424f70afd5cc1ec5fd00362a252f8c868fc6cd923047bc9e333" + } + ] + }, + { + "bom-ref": "835a22ca7f6e2af6", + "type": "file", + "name": "/usr/lib/rpm/platform/armv4b-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "bda9f34db246aac4cc3902bc80664617d6cc3afe" + }, + { + "alg": "SHA-256", + "content": "e4b4302c5e3675ccc30bc4f472e689829ea9690f609de124852767ce16808ee2" + } + ] + }, + { + "bom-ref": "f93d74998c6599d7", + "type": "file", + "name": "/usr/lib/rpm/platform/armv4l-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "ffba8ef482c6fa101ac484ea36fc3f14ad2ef492" + }, + { + "alg": "SHA-256", + "content": "cdd7b657577a08213e6a043d6cef2d2f843d3d1d57f65dcec2a5464f11bc21cb" + } + ] + }, + { + "bom-ref": "9a358b3dc9139fab", + "type": "file", + "name": "/usr/lib/rpm/platform/armv5tejl-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "d8d174612cf077fd73c23edd0f58f02013406e62" + }, + { + "alg": "SHA-256", + "content": "eac04b909005f33327381ddda9fd8b35818edc2111a7c04946fe64183f37daff" + } + ] + }, + { + "bom-ref": "7b0dc52e202d93a3", + "type": "file", + "name": "/usr/lib/rpm/platform/armv5tel-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "92943031a645715e1614eef5e7778fd109995842" + }, + { + "alg": "SHA-256", + "content": "bbe8af9dc2d3fc81ba53ff0a0efea4741d26746c9ef85ee6511e2b15546dc6cf" + } + ] + }, + { + "bom-ref": "e6b76fb248e9f89d", + "type": "file", + "name": "/usr/lib/rpm/platform/armv5tl-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "94bbc58f5cba91a348bd5ff2f60ae8c5937af7f7" + }, + { + "alg": "SHA-256", + "content": "e85a4f638200896b97eaecf0b89f4bcf5ed38a570d26553e98f25f200912afde" + } + ] + }, + { + "bom-ref": "48ede018fe652204", + "type": "file", + "name": "/usr/lib/rpm/platform/armv6hl-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "65e0ed9b373329a3b243607fc9a0c8040c1b3bfd" + }, + { + "alg": "SHA-256", + "content": "c595b2cfc088d9808bb9e447d555b8f85aff9adf170a1d1b1a64ca60d61cb7e8" + } + ] + }, + { + "bom-ref": "6eb3a51250acad08", + "type": "file", + "name": "/usr/lib/rpm/platform/armv6l-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "6890c8695a378b97d4af18bc0a0db9fd639a803c" + }, + { + "alg": "SHA-256", + "content": "3c38ebe1a1d94d2963c4b1001e41bf717c5ba9ccae65bb2f8aa745862515e4ae" + } + ] + }, + { + "bom-ref": "8668e791af9c87d4", + "type": "file", + "name": "/usr/lib/rpm/platform/armv7hl-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "56b90f7c2ae1e0caca4443014c3fc97885796c94" + }, + { + "alg": "SHA-256", + "content": "1a1c0b1b020cb3d8931f83727485371b317cc91ca13e3d5b38d675516b9bb109" + } + ] + }, + { + "bom-ref": "0948aa0248ac39c0", + "type": "file", + "name": "/usr/lib/rpm/platform/armv7hnl-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "a73322b59957c4d986820f62b7f92a432146a0f3" + }, + { + "alg": "SHA-256", + "content": "5a7f304fcf688f776d7e5348a12b156f0a8604b72b27fe0a55c4f0e9f9a2b385" + } + ] + }, + { + "bom-ref": "c6ff9f920ab2b11a", + "type": "file", + "name": "/usr/lib/rpm/platform/armv7l-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "1af6a5bb0b635fc0e073199b8ffab17dcc217964" + }, + { + "alg": "SHA-256", + "content": "0a9e22bb32d414a09fc5405cc36825bb3079e46e1e9eb96254d7c2646e9f7bcc" + } + ] + }, + { + "bom-ref": "b3e0fcdc8aede938", + "type": "file", + "name": "/usr/lib/rpm/platform/armv8hl-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "ba87659afcc7ae7d9c1cf86a1a7a17955f2e5959" + }, + { + "alg": "SHA-256", + "content": "60109d6da0ca8240fff89d78aa6062eade7f24fbaa1ce79f8737817606883653" + } + ] + }, + { + "bom-ref": "a191e74827a4d174", + "type": "file", + "name": "/usr/lib/rpm/platform/armv8l-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "538ab7144255deba9a3735da3b1a82f6d18f7ccc" + }, + { + "alg": "SHA-256", + "content": "3a78b8f99c930d30a77330f508aa7788d1dd2de38e42691355699a15a0fcc469" + } + ] + }, + { + "bom-ref": "777fc75ff71407e0", + "type": "file", + "name": "/usr/lib/rpm/platform/athlon-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "a02dc69c8e8c7539c0b692d8d69e1df21c1668df" + }, + { + "alg": "SHA-256", + "content": "b56fb31a5b4abd30095b763125d65080b8da884dd345c1a99364abd83ab639a9" + } + ] + }, + { + "bom-ref": "19f0134bc73caf69", + "type": "file", + "name": "/usr/lib/rpm/platform/geode-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "9cdc3db4e02a41c3518f2a102283b954659ad1cb" + }, + { + "alg": "SHA-256", + "content": "7385479124a71b3a6b8513903ccf551e59938bf223b3804a7e9dfaef482d0773" + } + ] + }, + { + "bom-ref": "1c6f39b2f2e1a424", + "type": "file", + "name": "/usr/lib/rpm/platform/i386-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "36f138443b4d60263409a8427a38a4d5352d32be" + }, + { + "alg": "SHA-256", + "content": "96b3be805f7dfa90c0f423e51775a1e3084cefb7d725376722481e48d618387c" + } + ] + }, + { + "bom-ref": "b26a6304c1ef0500", + "type": "file", + "name": "/usr/lib/rpm/platform/i486-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "96230ac3f97a372d28463427de4e4e1df0c536ea" + }, + { + "alg": "SHA-256", + "content": "47523d6c86ccf10cb22ab2a07f165509c78d41b9e0fec95948e5175304ae414c" + } + ] + }, + { + "bom-ref": "d56bf495cf13bf7f", + "type": "file", + "name": "/usr/lib/rpm/platform/i586-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "cc8f65372f1e3159edd28f45838e7fc201e9d7f5" + }, + { + "alg": "SHA-256", + "content": "d527a1a88ec214db33a457c1ea639cb06983972632b5b93ac6ec3bbf992e11eb" + } + ] + }, + { + "bom-ref": "0cdf4ec6c911c167", + "type": "file", + "name": "/usr/lib/rpm/platform/i686-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "50776a8351c82449eb1ca7f49689c255a7a7ba47" + }, + { + "alg": "SHA-256", + "content": "527d29d008bdf883e5b2393ff56bad61a5df3c174b38c7e9c48f6155789adcb7" + } + ] + }, + { + "bom-ref": "c8721f07ccd27587", + "type": "file", + "name": "/usr/lib/rpm/platform/ia32e-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "561006caa231531660ea8eb37cf1757417b500e1" + }, + { + "alg": "SHA-256", + "content": "92db1b683d4178016d645ee5a912e572ddaa62d281caec616677c75da1d115e7" + } + ] + }, + { + "bom-ref": "b2d20e1e334c8352", + "type": "file", + "name": "/usr/lib/rpm/platform/ia64-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "5bddd2af72b9bf9eea0cc1c7890d8996b6998050" + }, + { + "alg": "SHA-256", + "content": "7e0e58ad423cab85dc8069017dc23f52d3c228451276044b93e3344e74656e13" + } + ] + }, + { + "bom-ref": "f0b4bee997df3a24", + "type": "file", + "name": "/usr/lib/rpm/platform/m68k-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "cbc023b51d19d0ae9c78e2231c9115952c76f0e2" + }, + { + "alg": "SHA-256", + "content": "1860ff9d0b8aef32aff71a21fec705494bed6604bdf4f17a1fe25e83988b2059" + } + ] + }, + { + "bom-ref": "24395998c3835017", + "type": "file", + "name": "/usr/lib/rpm/platform/mips-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "0279f6d2989adc31e214e84aa76ac25e6ca9977d" + }, + { + "alg": "SHA-256", + "content": "0d2d6747650470793bc16576fcef2e6374f10e25434e26b9c521fb53bdc14dd0" + } + ] + }, + { + "bom-ref": "8b391ec87ce7b62d", + "type": "file", + "name": "/usr/lib/rpm/platform/mips64-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "cf179b04c606125c336edbc1018011d41690346b" + }, + { + "alg": "SHA-256", + "content": "e9880366106224efe768d2f78ccfb7edce79537b1e66e95f3a29490e11591e35" + } + ] + }, + { + "bom-ref": "7867fc44f8e31937", + "type": "file", + "name": "/usr/lib/rpm/platform/mips64el-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "7fe31c1382286844425cf7b7761d74191fe2cb72" + }, + { + "alg": "SHA-256", + "content": "5185dd10bf849735cbe826eff2c21f647c146b1920763e94f4fa0be1c4cace33" + } + ] + }, + { + "bom-ref": "9bac7949c43d359d", + "type": "file", + "name": "/usr/lib/rpm/platform/mips64r6-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "23650ae11068d662dbf9e12d8303ceda54d203d4" + }, + { + "alg": "SHA-256", + "content": "6498ce5ad885ac61b7a50adfb9475110bf4eec8bf4e89c921d66f2937620bbca" + } + ] + }, + { + "bom-ref": "a7befdb346e36827", + "type": "file", + "name": "/usr/lib/rpm/platform/mips64r6el-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "bb40fff63fbb2cc6c3565a0abef97485456441d3" + }, + { + "alg": "SHA-256", + "content": "c9a1015920f5777ece70cbdf73aee3efe2ac46a1b52fb0bc58141948a2889827" + } + ] + }, + { + "bom-ref": "b76704d083cdc036", + "type": "file", + "name": "/usr/lib/rpm/platform/mipsel-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "9241a8eb3bfa1d036bb3dd58c73b79ab547a427c" + }, + { + "alg": "SHA-256", + "content": "bb286398caf5a1ccc57432d5ead5ffe3bd893f309225379f80fbe7e4b5cbe647" + } + ] + }, + { + "bom-ref": "cc0097a1fbc291ca", + "type": "file", + "name": "/usr/lib/rpm/platform/mipsr6-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "8cf2fe2338ce9db34913915cf85f099bb37bb417" + }, + { + "alg": "SHA-256", + "content": "d7fb42f30e4bfbedcb3eb7969eb37d773e2911368a68f6570336cd8f0e7c9ad9" + } + ] + }, + { + "bom-ref": "72c27738e94dc409", + "type": "file", + "name": "/usr/lib/rpm/platform/mipsr6el-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "376c30be30b54f17ef72de54088cd3ac7541f14f" + }, + { + "alg": "SHA-256", + "content": "201ed9ce13d524ce184761201e0c64aa1611d360ef17e299c2324818cd14ee31" + } + ] + }, + { + "bom-ref": "8a7fa34a163d0e10", + "type": "file", + "name": "/usr/lib/rpm/platform/noarch-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "4ad0b3c0cca2cc9131abf885077b3ae21639c79f" + }, + { + "alg": "SHA-256", + "content": "d353f17840c886992e03bd579bc27ccec781b1d640c74ffff2523936b0f8184d" + } + ] + }, + { + "bom-ref": "619f55068291b7e3", + "type": "file", + "name": "/usr/lib/rpm/platform/pentium3-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "16dea024f48188f4aa01ad612e594cff6b473d43" + }, + { + "alg": "SHA-256", + "content": "c0732b433a4d16783498d5fa7c3217d341ed73247182b87b76e76117c9493559" + } + ] + }, + { + "bom-ref": "bed470dfb0bbe7a6", + "type": "file", + "name": "/usr/lib/rpm/platform/pentium4-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "073e2c458840c5ddf4876e1dc0361cc0088ad284" + }, + { + "alg": "SHA-256", + "content": "4344a74a9046dc612088e8d168d97d9e43d12a023e78a40f158f3f58e8130947" + } + ] + }, + { + "bom-ref": "07c5e413293f46fb", + "type": "file", + "name": "/usr/lib/rpm/platform/ppc-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "alg": "SHA-256", + "content": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ] + }, + { + "bom-ref": "42c3a29c5226055c", + "type": "file", + "name": "/usr/lib/rpm/platform/ppc32dy4-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "alg": "SHA-256", + "content": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ] + }, + { + "bom-ref": "bd62974511ef530e", + "type": "file", + "name": "/usr/lib/rpm/platform/ppc64-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "1449cf65dfb629ada5ba97de6e499ff07e009a87" + }, + { + "alg": "SHA-256", + "content": "c101aa4377bec072c2f4165356c65190e341ffae135a05554f7f168dba151530" + } + ] + }, + { + "bom-ref": "00af1ed07291d251", + "type": "file", + "name": "/usr/lib/rpm/platform/ppc64iseries-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "90e08d29fbebbb52451c59d76702972b8723ddc9" + }, + { + "alg": "SHA-256", + "content": "cdea48e7cf9f9427a9b9b1b8ddf604f6443864222a8abc8acbbe8ebea020f9b5" + } + ] + }, + { + "bom-ref": "bcd59c395dbe89c5", + "type": "file", + "name": "/usr/lib/rpm/platform/ppc64le-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "65b79e4caa0faabbee2448bfd88d5e776d5d526c" + }, + { + "alg": "SHA-256", + "content": "cd127be1c73cf78b66619cb6bc91c153ee77b1c37efe950250766f0b25ef1dbd" + } + ] + }, + { + "bom-ref": "f003e31ecf7ad578", + "type": "file", + "name": "/usr/lib/rpm/platform/ppc64p7-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "39de17d201e0eac7961414db5dc994b0e96865a1" + }, + { + "alg": "SHA-256", + "content": "0e6a26819f8ba99a8af658a1dd28e418f48a261363c2e7e0a3b1b6dcca08ca63" + } + ] + }, + { + "bom-ref": "11b67fdacd5bd84b", + "type": "file", + "name": "/usr/lib/rpm/platform/ppc64pseries-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "90e08d29fbebbb52451c59d76702972b8723ddc9" + }, + { + "alg": "SHA-256", + "content": "cdea48e7cf9f9427a9b9b1b8ddf604f6443864222a8abc8acbbe8ebea020f9b5" + } + ] + }, + { + "bom-ref": "4d3fbd7f2e338bf8", + "type": "file", + "name": "/usr/lib/rpm/platform/ppc8260-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "alg": "SHA-256", + "content": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ] + }, + { + "bom-ref": "d1aa45670f4ecf3f", + "type": "file", + "name": "/usr/lib/rpm/platform/ppc8560-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "alg": "SHA-256", + "content": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ] + }, + { + "bom-ref": "72c84a7592207973", + "type": "file", + "name": "/usr/lib/rpm/platform/ppciseries-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "alg": "SHA-256", + "content": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ] + }, + { + "bom-ref": "fe23acc7f29f87b0", + "type": "file", + "name": "/usr/lib/rpm/platform/ppcpseries-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "alg": "SHA-256", + "content": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ] + }, + { + "bom-ref": "123eb4726fd7bb4f", + "type": "file", + "name": "/usr/lib/rpm/platform/riscv64-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "61c44e56cb3bbafac9f76e9d470b4161c9a0a7af" + }, + { + "alg": "SHA-256", + "content": "8459c664f1b74307f8997a51a866994de2f9878535ad03e0b33d2555ca8a6a82" + } + ] + }, + { + "bom-ref": "9e87c4f4f5dd7f9d", + "type": "file", + "name": "/usr/lib/rpm/platform/s390-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "5bfd031c538813400cafd029edc0c42b16b5ea69" + }, + { + "alg": "SHA-256", + "content": "907abae595f1ad1c0454ecd5701143f0ddef5d9e3cae4cd59e4ffea503e48383" + } + ] + }, + { + "bom-ref": "a49c7cc8554394e4", + "type": "file", + "name": "/usr/lib/rpm/platform/s390x-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "29789a9eb19e091232733ea50fd93bdb32db6c0c" + }, + { + "alg": "SHA-256", + "content": "54ce0879d7063edc4911145ab7013c355dd91d4f1e4cefc73176d982f9ead05e" + } + ] + }, + { + "bom-ref": "c9c46e2fd50b9998", + "type": "file", + "name": "/usr/lib/rpm/platform/sh-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "5630a3a3e4da8cc75361ba46fde82d33d271e3a9" + }, + { + "alg": "SHA-256", + "content": "647808e04766e4243c1b2a1d9ed0ad3bbe81de31b5243dae8c02bb5c07493852" + } + ] + }, + { + "bom-ref": "e7e92d3264e62f48", + "type": "file", + "name": "/usr/lib/rpm/platform/sh3-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "69e724f668db99cb3d09dcc6add5d0a9d179370e" + }, + { + "alg": "SHA-256", + "content": "44a103b488cd5934b5e18e34998eccc43c86463558c6cf1f54402bdc26deaac3" + } + ] + }, + { + "bom-ref": "60cda47c3612fb98", + "type": "file", + "name": "/usr/lib/rpm/platform/sh4-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "6e4c31bddf33a2e4701f85ec40f7c58bdab21964" + }, + { + "alg": "SHA-256", + "content": "0325b105e93df85c946909fdeb8ec7412df99be3d311d0222745764bcb707fb0" + } + ] + }, + { + "bom-ref": "d31e7007a922c92f", + "type": "file", + "name": "/usr/lib/rpm/platform/sh4a-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "4321e3542c72da2e0f9a464dca3b723dda394314" + }, + { + "alg": "SHA-256", + "content": "3818e64c0441e5db247356e8b0bcc3b33f9b308a1d71f7a5061a2e9fc57aed59" + } + ] + }, + { + "bom-ref": "b9040db32c3f5e83", + "type": "file", + "name": "/usr/lib/rpm/platform/sparc-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "a858e0beccd990689bc5117057b3b53073035866" + }, + { + "alg": "SHA-256", + "content": "6437bc458ca7170aa14cf3f8172270236b72d2a32728a9ec89eb03a49720544c" + } + ] + }, + { + "bom-ref": "71a974a45dfc01c1", + "type": "file", + "name": "/usr/lib/rpm/platform/sparc64-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "4ea3f624c000220861511178b856f774e4ea51fc" + }, + { + "alg": "SHA-256", + "content": "95676b8042844423a2cee2ae9c5186c3fa17f82dc17ca73a1c9613714b67b161" + } + ] + }, + { + "bom-ref": "e0f6dc1403a7fc83", + "type": "file", + "name": "/usr/lib/rpm/platform/sparc64v-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "39c2957b57896a69ad9f789725f7efdaf55839de" + }, + { + "alg": "SHA-256", + "content": "8a2275952bd5c1635bceb9382bbf73547b05502d96bc0360c7cbb64c8a2e15cf" + } + ] + }, + { + "bom-ref": "a22a3cb85a3df386", + "type": "file", + "name": "/usr/lib/rpm/platform/sparcv8-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "0c5dc51c492271a5541c6e4f258f336e7449f240" + }, + { + "alg": "SHA-256", + "content": "091a4bb25ce60367d5b97600cdca92e695960de54e6e70ca596df95057d634d6" + } + ] + }, + { + "bom-ref": "71149ce0d4fa13e8", + "type": "file", + "name": "/usr/lib/rpm/platform/sparcv9-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "a858e0beccd990689bc5117057b3b53073035866" + }, + { + "alg": "SHA-256", + "content": "6437bc458ca7170aa14cf3f8172270236b72d2a32728a9ec89eb03a49720544c" + } + ] + }, + { + "bom-ref": "dc644502f7b052c1", + "type": "file", + "name": "/usr/lib/rpm/platform/sparcv9v-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "c7d766e25950f8e73d1dca7113c3d8f476c8fd09" + }, + { + "alg": "SHA-256", + "content": "486d438b82a0fc17f7934fc60dc2cb369c993fb2b52778c4e4a44c06bca056c4" + } + ] + }, + { + "bom-ref": "0d7c62d8d6903a19", + "type": "file", + "name": "/usr/lib/rpm/platform/x86_64-linux/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "561006caa231531660ea8eb37cf1757417b500e1" + }, + { + "alg": "SHA-256", + "content": "92db1b683d4178016d645ee5a912e572ddaa62d281caec616677c75da1d115e7" + } + ] + }, + { + "bom-ref": "06f279013c2ddb0d", + "type": "file", + "name": "/usr/lib/rpm/rpm.daily", + "hashes": [ + { + "alg": "SHA-1", + "content": "eaa218dba53c38043c757407c824fb199cd8e0ff" + }, + { + "alg": "SHA-256", + "content": "b98748f664b3245cb7f3d22927b541ee659c221094df7e4d7e5950b6d73eb37d" + } + ] + }, + { + "bom-ref": "d2e455bcbb756676", + "type": "file", + "name": "/usr/lib/rpm/rpm2cpio.sh", + "hashes": [ + { + "alg": "SHA-1", + "content": "764bdbd8b22ee603b69dce104939e6a542510247" + }, + { + "alg": "SHA-256", + "content": "e23cd42e7200d3ac193d2d299ecf0fadda19f2306a9a232be71147be0c3cb31b" + } + ] + }, + { + "bom-ref": "ce9dbdde35edfecd", + "type": "file", + "name": "/usr/lib/rpm/rpmpopt-4.16.1.3", + "hashes": [ + { + "alg": "SHA-1", + "content": "2ce2612ca730924fe2e23dcf51b1a1594dd09926" + }, + { + "alg": "SHA-256", + "content": "00071b0002402da148d4338cb3578b994a1b248510f79e6d52d8e647b27a5b59" + } + ] + }, + { + "bom-ref": "c8315aa5258a6107", + "type": "file", + "name": "/usr/lib/rpm/rpmrc", + "hashes": [ + { + "alg": "SHA-1", + "content": "0663b885793778464c96e10365079fba0876a748" + }, + { + "alg": "SHA-256", + "content": "5d9a1c85de3205a6423a2bf71025d71d11e4cbbc1da9318cb72a0f0789baa437" + } + ] + }, + { + "bom-ref": "436b1621020334c0", + "type": "file", + "name": "/usr/lib/swidtag/redhat.com/com.redhat.RHEL-9.7-x86_64.swidtag", + "hashes": [ + { + "alg": "SHA-1", + "content": "b275cf42974b0e28617e06d85ce02ed8554f1732" + }, + { + "alg": "SHA-256", + "content": "1d004d3a5edd36b8efc6b61635112f69016dd9f29e60f2a00bd74521a5f7b4b2" + } + ] + }, + { + "bom-ref": "ff6a3189201331ec", + "type": "file", + "name": "/usr/lib/sysctl.d/50-redhat.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "d2656a46572e258b17c5703dd96f61f9338b2885" + }, + { + "alg": "SHA-256", + "content": "cff0531af9151667207f590615894598494081fb3d6c4db0728fecfb41fbce92" + } + ] + }, + { + "bom-ref": "5fc131a7cd3b5997", + "type": "file", + "name": "/usr/lib/systemd/system-preset/85-display-manager.preset", + "hashes": [ + { + "alg": "SHA-1", + "content": "75c04345a5c262bae5f12b29c968e68a0dfbefad" + }, + { + "alg": "SHA-256", + "content": "037ee720a5c511d7b257216cc81b55b5ebeb09775426288f2d46d614594d9e56" + } + ] + }, + { + "bom-ref": "093ca300cfa0cb3e", + "type": "file", + "name": "/usr/lib/systemd/system-preset/90-default.preset", + "hashes": [ + { + "alg": "SHA-1", + "content": "8b89ae75968a8da59c2fca9d25dc4122c6cedbe1" + }, + { + "alg": "SHA-256", + "content": "e627a4caddb0968721f934b58785d883ea01a977144750f9d39ad838e922f19a" + } + ] + }, + { + "bom-ref": "aab8806f5eb00d9d", + "type": "file", + "name": "/usr/lib/systemd/system-preset/99-default-disable.preset", + "hashes": [ + { + "alg": "SHA-1", + "content": "b442ebba4890435070a7e468358b191883a71374" + }, + { + "alg": "SHA-256", + "content": "3127b197b9eae62eb84eeed69b0413419612238332006183e36a3fba89578378" + } + ] + }, + { + "bom-ref": "a4781691b8b11ddb", + "type": "file", + "name": "/usr/lib/systemd/system/rpmdb-rebuild.service", + "hashes": [ + { + "alg": "SHA-1", + "content": "d3cbdc5e141313c587cf9fd2428fc6aaebff1364" + }, + { + "alg": "SHA-256", + "content": "4ec87c1c7fcdc16d7799fe781fa6a2042cf0ed0c3f641c4c7721e78989749a5b" + } + ] + }, + { + "bom-ref": "74da127c15a13fa0", + "type": "file", + "name": "/usr/lib/systemd/user-preset/90-default-user.preset", + "hashes": [ + { + "alg": "SHA-1", + "content": "8379013fe884529a5adde637f5ae2bffe8cb2976" + }, + { + "alg": "SHA-256", + "content": "ba8ff51494b993c5dd3fe73b82cb12abd2ff2212303c0929d879c990d2d85ec1" + } + ] + }, + { + "bom-ref": "71df7a257a3f5f8b", + "type": "file", + "name": "/usr/lib/systemd/user-preset/99-default-disable.preset", + "hashes": [ + { + "alg": "SHA-1", + "content": "b442ebba4890435070a7e468358b191883a71374" + }, + { + "alg": "SHA-256", + "content": "3127b197b9eae62eb84eeed69b0413419612238332006183e36a3fba89578378" + } + ] + }, + { + "bom-ref": "87bcdfdfb15d3488", + "type": "file", + "name": "/usr/lib/tmpfiles.d/libselinux.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "9115ba504c1790e26dc1078d4f549fb6f9c5a184" + }, + { + "alg": "SHA-256", + "content": "afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc" + } + ] + }, + { + "bom-ref": "a3ec0861f75a8a31", + "type": "file", + "name": "/usr/lib/tmpfiles.d/rootfiles.conf", + "hashes": [ + { + "alg": "SHA-1", + "content": "fced9b9b3f40a2333459deafdbfd48f6e8b7ded2" + }, + { + "alg": "SHA-256", + "content": "b2858a8e0ae109193e28d96f7fd8a8cfa1b42aad1766f5932814321dd821b7c8" + } + ] + }, + { + "bom-ref": "7846d632fac88d93", + "type": "file", + "name": "/usr/lib64/.libgnutls.so.30.37.1.hmac", + "hashes": [ + { + "alg": "SHA-1", + "content": "ee602a75ec9735274fb703b94eb93095c89d1deb" + }, + { + "alg": "SHA-256", + "content": "a9c51246fda5f0075b12d888c918478a7257f53b79ef477474dbb8ff0b853937" + } + ] + }, + { + "bom-ref": "eb67df499c22e945", + "type": "file", + "name": "/usr/lib64/.libhogweed.so.6.10.hmac", + "hashes": [ + { + "alg": "SHA-1", + "content": "1f313ee78e096a3560379be7f609ab26e7bf83f6" + }, + { + "alg": "SHA-256", + "content": "68415d666e8e68c53314e166e58224b00d7e509642ae3a639892317d21bf7bdf" + } + ] + }, + { + "bom-ref": "baeb2ef9e81c6f00", + "type": "file", + "name": "/usr/lib64/.libnettle.so.8.10.hmac", + "hashes": [ + { + "alg": "SHA-1", + "content": "7923662b51197c040e769a7ec699af02ad52563c" + }, + { + "alg": "SHA-256", + "content": "de1a92dfae5ba529c92fdcf4c9eeb9e679fd25519cd43b83db042f37fdee3262" + } + ] + }, + { + "bom-ref": "99df092f7bb8222f", + "type": "file", + "name": "/usr/lib64/audit/sotruss-lib.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "4090959f8a636606947f62c1cf7e9b8dbfa018eb" + }, + { + "alg": "SHA-256", + "content": "b8532209ffbc6571d6f9ac43d5eba4011cb296f48e2019496e8d98c7cbe1904e" + } + ] + }, + { + "bom-ref": "c302ae351fd4cf79", + "type": "file", + "name": "/usr/lib64/engines-3/afalg.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "7fa2d7d068a0dee88f2b0fcca411b1e6df2a85e2" + }, + { + "alg": "SHA-256", + "content": "54eafc93c9df8c45a2fd558969f12dbb805b2dacbf424fbce915abebfb441575" + } + ] + }, + { + "bom-ref": "112e864d5ac992aa", + "type": "file", + "name": "/usr/lib64/engines-3/capi.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "d4f4062e905e3ab4518277ae8e297bd651458039" + }, + { + "alg": "SHA-256", + "content": "bae170b889544162be76613fcfc2d8115ab0aeac72f9419d3016c567bd28089f" + } + ] + }, + { + "bom-ref": "27b4483b3942a858", + "type": "file", + "name": "/usr/lib64/engines-3/loader_attic.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "4c9e82c8f4a5392d36fec495a5d4911c9c03f1d0" + }, + { + "alg": "SHA-256", + "content": "15280e86932817dd875496788a9bca4f96a0b2cfe1c32deec3ec41aff17ca25c" + } + ] + }, + { + "bom-ref": "d32171e48673fb5e", + "type": "file", + "name": "/usr/lib64/engines-3/padlock.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "d1406dacafa61dc6a7e24cf5a853da985f2c672b" + }, + { + "alg": "SHA-256", + "content": "01c52ed53ca72f536ec290b68c2a86717fa48e1e34393399cc623fb183e488ea" + } + ] + }, + { + "bom-ref": "10db71b631af3760", + "type": "file", + "name": "/usr/lib64/gconv/ANSI_X3.110.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "d6de4f4e8dcd18d24aba7144c04fd5e21f7a517b" + }, + { + "alg": "SHA-256", + "content": "1644c0be67e4481de99e2d9f95c850443c7b030f483753f622ec4fbf99db6760" + } + ] + }, + { + "bom-ref": "e71a752222ab1cf0", + "type": "file", + "name": "/usr/lib64/gconv/CP1252.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "95bf40787e83666dfb66392a63430dbf51fe6105" + }, + { + "alg": "SHA-256", + "content": "563b2c39b815b92da2db23382673650ca68552c6485101b457b1bef8821d48bb" + } + ] + }, + { + "bom-ref": "367d12ccb8f871f1", + "type": "file", + "name": "/usr/lib64/gconv/ISO8859-1.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "c31b278454755b4b56a1bb5df5c5f7859b46d12c" + }, + { + "alg": "SHA-256", + "content": "376744f1ba07d1feaffad5cbb2c4bf68e3ff2ff9cd0e0ccfb288405824a48e14" + } + ] + }, + { + "bom-ref": "9679b18dcdd53e17", + "type": "file", + "name": "/usr/lib64/gconv/ISO8859-15.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "72f6c1850f62d43d36b9f6e95e66145bc824070e" + }, + { + "alg": "SHA-256", + "content": "9a5470d2aff600ca1ea7fed177a456e599239614f48a43e8c3e1d623b1af78d0" + } + ] + }, + { + "bom-ref": "2990c286d4a80ee1", + "type": "file", + "name": "/usr/lib64/gconv/UNICODE.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "a218f9db19f889674d5406f95dcdef4efbf5aff4" + }, + { + "alg": "SHA-256", + "content": "1f6e20b20180e844c8fb780312973b847cc34c607b86480b6790abf50b5023a5" + } + ] + }, + { + "bom-ref": "6e1ba648d2b11550", + "type": "file", + "name": "/usr/lib64/gconv/UTF-16.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "c59c57dd1392dc92b5e584847d915fcc2f08b226" + }, + { + "alg": "SHA-256", + "content": "437fab3ea8ee82f9660d5fd20742af56b720019cf20b10e72754e2f1c0270ef7" + } + ] + }, + { + "bom-ref": "3d05d8fb200663bd", + "type": "file", + "name": "/usr/lib64/gconv/UTF-32.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "a2ed303e93945ebfe7fc69438004f77f3b032d33" + }, + { + "alg": "SHA-256", + "content": "df2bf0182e2017d41c5d284641d9cda62a3c3141bf6280385bad5a604ac67428" + } + ] + }, + { + "bom-ref": "148a25b1c2d99bc2", + "type": "file", + "name": "/usr/lib64/gconv/UTF-7.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "d43ebbb8e1bceb0828c191d0c05babab730af79c" + }, + { + "alg": "SHA-256", + "content": "a3bd3ef13845da8d804473bc6cb04749e1de48a5db46304043ba20d9251614d8" + } + ] + }, + { + "bom-ref": "ac52326c6010ee90", + "type": "file", + "name": "/usr/lib64/gconv/gconv-modules", + "hashes": [ + { + "alg": "SHA-1", + "content": "ab6ec0f61e3c8d08fa9ad986790557b78568138f" + }, + { + "alg": "SHA-256", + "content": "9976193fd6fb671112a0f10486e50ad3bfb79e9a08429544c820365cdd3bfd35" + } + ] + }, + { + "bom-ref": "a536ab71c04de1d4", + "type": "file", + "name": "/usr/lib64/gconv/gconv-modules.cache", + "hashes": [ + { + "alg": "SHA-1", + "content": "422a05b8691abab797d08753f682060d0fd5fbff" + }, + { + "alg": "SHA-256", + "content": "32be69bf0c00481b7279aeb8c0d7920f3da4d95f0743924c0c9cf63a20b9c9b1" + } + ] + }, + { + "bom-ref": "d36ea61b0f7b6a70", + "type": "file", + "name": "/usr/lib64/krb5/plugins/preauth/spake.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "21acf8b6cd1e7ecb531ed9cd0abb9985b0d965df" + }, + { + "alg": "SHA-256", + "content": "178de7b6dae35770616b6a7d7501681813bf42a38fbad7c58a20b7df0bec3824" + } + ] + }, + { + "bom-ref": "001812e01c9af599", + "type": "file", + "name": "/usr/lib64/krb5/plugins/tls/k5tls.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "622f9e6902e23963c9ca73dddb556b1d61c77c20" + }, + { + "alg": "SHA-256", + "content": "fdf92bb3901e721908772b7981abe5646e43233c5ed73e7ac6598e75e80b0734" + } + ] + }, + { + "bom-ref": "9195ac6a4e9b45d6", + "type": "file", + "name": "/usr/lib64/ld-linux-x86-64.so.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "16169962915c36355293ecba579047d880f45bad" + }, + { + "alg": "SHA-256", + "content": "5c3f5bb169dc33a7d4b31e51eb40020e993e35cda989c24a3313c2fe9cdc2376" + } + ] + }, + { + "bom-ref": "13a9f52f69916435", + "type": "file", + "name": "/usr/lib64/libBrokenLocale.so.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "9a685e1184299e88526e9c007c1bd69b9b313e3c" + }, + { + "alg": "SHA-256", + "content": "7edfeb32d0c6e94b6278c8dbc45e44f5a3da9c0aff4a0ba6e0921c84c512c121" + } + ] + }, + { + "bom-ref": "8dcdbc2daec313fa", + "type": "file", + "name": "/usr/lib64/libSegFault.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "491d8e11683f0b8b2121c897ae870fcdff2cc565" + }, + { + "alg": "SHA-256", + "content": "d1977600b89705a3667d947fa34f184a2956c2f0b0b9418339cd730c78127930" + } + ] + }, + { + "bom-ref": "a6f9568da893cbea", + "type": "file", + "name": "/usr/lib64/libanl.so.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "c6a76807d9b4b6067ca80ad6f887545939b4b349" + }, + { + "alg": "SHA-256", + "content": "59881a9701e9bc254b407ec15f61234107f3e35ca9904fafbc6a03ef87818e83" + } + ] + }, + { + "bom-ref": "9b76edb27d874f0d", + "type": "file", + "name": "/usr/lib64/libarchive.so.13.5.3", + "hashes": [ + { + "alg": "SHA-1", + "content": "1f3fafeaee91f5c8e142ade2263bc53f245fa4d1" + }, + { + "alg": "SHA-256", + "content": "0370762f3d8750f029a50990bee15b28b5c2550cf956e02803b5a0f011d2c846" + } + ] + }, + { + "bom-ref": "3c3792c46b7bdb52", + "type": "file", + "name": "/usr/lib64/libaudit.so.1.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "4b7ccff67115924baba546d181ff92f1856d0f13" + }, + { + "alg": "SHA-256", + "content": "fb35b66ad1159789ac4cca877af8866c4134763506773135d392009bcb598bb4" + } + ] + }, + { + "bom-ref": "aa0cee721cb7084a", + "type": "file", + "name": "/usr/lib64/libauparse.so.0.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "f5cc86f3991a87e486daac74bed5f1c8d9f56277" + }, + { + "alg": "SHA-256", + "content": "1e642599409fbfa95199c90cc97fcade6e65d3dd5ee81bf8c39cae4ebab93f3e" + } + ] + }, + { + "bom-ref": "b3bce0528aee3419", + "type": "file", + "name": "/usr/lib64/libblkid.so.1.1.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "b64d59d10011d6e50b2a3b350cb615143be87e11" + }, + { + "alg": "SHA-256", + "content": "cced98d63ab6db38442f52670a605af3dd36f1caafe19f86e1fd2ee850655206" + } + ] + }, + { + "bom-ref": "898c7000b5881f61", + "type": "file", + "name": "/usr/lib64/libc.so.6", + "hashes": [ + { + "alg": "SHA-1", + "content": "93f346879e34d35b0c96c6f6be965af2ef03a86a" + }, + { + "alg": "SHA-256", + "content": "e3b8bd13af7d81fed68c43d2ed3ea54db6e23a44499519d783e77edf8022581c" + } + ] + }, + { + "bom-ref": "7907305384f2540e", + "type": "file", + "name": "/usr/lib64/libc_malloc_debug.so.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "58ea847984b2c59164b7e8301b5405920c7a6edc" + }, + { + "alg": "SHA-256", + "content": "e34fd1525218ce9f30738a4ac10d1261745d8ccd83f36126eecc59e511d4d71e" + } + ] + }, + { + "bom-ref": "7b4d7d0f77ce8dc2", + "type": "file", + "name": "/usr/lib64/libcap.so.2.48", + "hashes": [ + { + "alg": "SHA-1", + "content": "2df0c3605badc228ba578e14c3477b1b0d1abe67" + }, + { + "alg": "SHA-256", + "content": "29a6c106d86e91a4f3c6cbbe4645a2e08fc792522849ae21dcb1e605fa17144a" + } + ] + }, + { + "bom-ref": "3aa74c97ee3ced19", + "type": "file", + "name": "/usr/lib64/libcom_err.so.2.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "d8d22c28a0ded2cbcedc056bad3ca7a1b4a01eb4" + }, + { + "alg": "SHA-256", + "content": "e21a880da89989009a63efb976c7c9c50980724b168099b310939aad5a16057f" + } + ] + }, + { + "bom-ref": "c1f88b3854213579", + "type": "file", + "name": "/usr/lib64/libcrypto.so.3.5.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "771f24202922592d78bd91e48c697ee840b766e8" + }, + { + "alg": "SHA-256", + "content": "449d65e825fef0087c0c6351b8dd58895ce519e599fd57a1236cba42ccbb19c6" + } + ] + }, + { + "bom-ref": "fab1deefcb5e0964", + "type": "file", + "name": "/usr/lib64/libcurl.so.4.7.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "c7d8f88f628082db0acd6d616644e6f3740febca" + }, + { + "alg": "SHA-256", + "content": "455008f34e03dfe048eb134380c9ad2c61f4f9ed4e6033760427ef6ae37a92b9" + } + ] + }, + { + "bom-ref": "6310624b78c38417", + "type": "file", + "name": "/usr/lib64/libdl.so.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "2508120f5b29406dbfbc54090c2606bb838077ed" + }, + { + "alg": "SHA-256", + "content": "4731f911c5ae24b2428705a9b0ad77b5a5902445a55f667d8ad19066616104d1" + } + ] + }, + { + "bom-ref": "b392fb15dd7ac667", + "type": "file", + "name": "/usr/lib64/libdnf.so.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "5102b504921f005899a29173dc7ae838d85c7c3e" + }, + { + "alg": "SHA-256", + "content": "a7da408ef9d424047efa4b59f7e69272b93fb6979b956d286939fcb6292bb837" + } + ] + }, + { + "bom-ref": "92877ee769577e05", + "type": "file", + "name": "/usr/lib64/libform.so.6.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "92da432723928e257b221e41ffb32b63fccc5e95" + }, + { + "alg": "SHA-256", + "content": "4ed3ae67b980e0d0d15c16359295dbbd644e9f9d8ebaa841100d76713fbf995b" + } + ] + }, + { + "bom-ref": "620ece52533dccad", + "type": "file", + "name": "/usr/lib64/libformw.so.6.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "a54c4a2a83b10b045e7a9cbb05f73338c020fbc4" + }, + { + "alg": "SHA-256", + "content": "977d21efa2c28e36821eddf3870647c5d53c0ffeffd12ba9048773e85f858bc2" + } + ] + }, + { + "bom-ref": "56b979a8eab3398a", + "type": "file", + "name": "/usr/lib64/libgcc_s-11-20240719.so.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "61948bcbf32e52fce58d08a0f8581543583fc102" + }, + { + "alg": "SHA-256", + "content": "479b7e606457239009cff27bc79bd82eb7dbe0fe83f0df037721b102b823173c" + } + ] + }, + { + "bom-ref": "b73ccb7a63516532", + "type": "file", + "name": "/usr/lib64/libgio-2.0.so.0.6800.4", + "hashes": [ + { + "alg": "SHA-1", + "content": "45e59cc5efec21375122467c1c00f30ef6ccc7db" + }, + { + "alg": "SHA-256", + "content": "ce99afd8ea679192db041ae8f2a58d3a7e8cb0d8dd922b496ca7c3ad10f5ffb3" + } + ] + }, + { + "bom-ref": "aa17c20def3d2ed1", + "type": "file", + "name": "/usr/lib64/libglib-2.0.so.0.6800.4", + "hashes": [ + { + "alg": "SHA-1", + "content": "28d920c7432c7a71dbc07ce15a9603b99fa13596" + }, + { + "alg": "SHA-256", + "content": "8a9f544c29e2d39e26e70621121b12d3be42157b09124f18df53205ea87ba6c2" + } + ] + }, + { + "bom-ref": "1280ca8837f1e5f5", + "type": "file", + "name": "/usr/lib64/libgmodule-2.0.so.0.6800.4", + "hashes": [ + { + "alg": "SHA-1", + "content": "eefb00e05d157458fa14f81eee9c9a67d0115d73" + }, + { + "alg": "SHA-256", + "content": "e9e6029eedc9fd114d0ac05a54e2ed851f4e13093e2a01cc59e1b05fffadb3c5" + } + ] + }, + { + "bom-ref": "9664c43dc87b8ed4", + "type": "file", + "name": "/usr/lib64/libgnutls.so.30.37.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "431d9dadcd55d31546d3642efbd71fd9c0104814" + }, + { + "alg": "SHA-256", + "content": "dc8f3f4a34f9ab56be7690b75320f9855286bab6de12117df1bbd7a581ee60a2" + } + ] + }, + { + "bom-ref": "9992a8eaecbbd713", + "type": "file", + "name": "/usr/lib64/libgobject-2.0.so.0.6800.4", + "hashes": [ + { + "alg": "SHA-1", + "content": "8855ee876d49acc937fd86eae0e88d1bb8239d70" + }, + { + "alg": "SHA-256", + "content": "a07a109964b6df13008ac0355a31e002805f31b92be6670f7ca15f3f754b9ecd" + } + ] + }, + { + "bom-ref": "dab0f87cf2057742", + "type": "file", + "name": "/usr/lib64/libgssapi_krb5.so.2.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "ee04d27dd97096c829932cfa5c368057b0b242f3" + }, + { + "alg": "SHA-256", + "content": "82e569d3d5a8b53efc1818912cd391752b4bc0f425399a323818884d6f2f6783" + } + ] + }, + { + "bom-ref": "40cfbade72a94901", + "type": "file", + "name": "/usr/lib64/libgssrpc.so.4.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "54b6e59cbdcae115f03061082f133455f809de8e" + }, + { + "alg": "SHA-256", + "content": "26b095804e484decf7f5311731111c5333abb0e6ec891f07efd5a6c6057a7ea7" + } + ] + }, + { + "bom-ref": "d99f54c344ef6351", + "type": "file", + "name": "/usr/lib64/libgthread-2.0.so.0.6800.4", + "hashes": [ + { + "alg": "SHA-1", + "content": "b690ada5da2b4697523336a6b03b6297d501abcb" + }, + { + "alg": "SHA-256", + "content": "33e1f84aa7f1483707971e3adc632e5672b00aa1299bc71bf94eb082df45a25d" + } + ] + }, + { + "bom-ref": "59528e0c83849368", + "type": "file", + "name": "/usr/lib64/libhogweed.so.6.10", + "hashes": [ + { + "alg": "SHA-1", + "content": "ccf086c17f2bf1f4119abf78370a7c8dbf200c2b" + }, + { + "alg": "SHA-256", + "content": "14f31299ff681777715ecc787249d1033acd9032ea5870406014b7a13d9a8ea6" + } + ] + }, + { + "bom-ref": "e66eb4f8be4409fb", + "type": "file", + "name": "/usr/lib64/libk5crypto.so.3.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "10c6ac6819a931dd119885e6a1db5862f6ae3954" + }, + { + "alg": "SHA-256", + "content": "188823b6e7bdf0ea2f455bb6f84ca33610ca7f657a585632790325b21461dd93" + } + ] + }, + { + "bom-ref": "142bc36112f14a35", + "type": "file", + "name": "/usr/lib64/libkdb5.so.10.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "e042ea6678c360ecc0d02a5705b035a65e745468" + }, + { + "alg": "SHA-256", + "content": "a6fd5fccfaf480ec863329af3ff9bb1f42cdcb01528f0184ac7c97ae0e558d4d" + } + ] + }, + { + "bom-ref": "6a6b8cc19b094b2c", + "type": "file", + "name": "/usr/lib64/libkrad.so.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "aa6f1fc7145b5b94fce1eafdf9fb68335ecc99f9" + }, + { + "alg": "SHA-256", + "content": "3fdad8aa5aa7543e7b67155edd0cb65ca779a178db0453a7282d9d4aeecc6fbf" + } + ] + }, + { + "bom-ref": "810479e6a3eae050", + "type": "file", + "name": "/usr/lib64/libkrb5.so.3.3", + "hashes": [ + { + "alg": "SHA-1", + "content": "3504036a38ebb387b7478e859cbd5c326b414f17" + }, + { + "alg": "SHA-256", + "content": "68b134bf28e83fff5b2b5e5712d7c97c37066aa0e8046f6404f75fa19ed6cb1c" + } + ] + }, + { + "bom-ref": "65c571a404e6bbe2", + "type": "file", + "name": "/usr/lib64/libkrb5support.so.0.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "4614230f2837087cdd0e24850fdd00c6b991082e" + }, + { + "alg": "SHA-256", + "content": "2878776878909e50f19257646d0ec09e1adc75046209efff67f663912e6e6602" + } + ] + }, + { + "bom-ref": "57cbd1b8c9f3214c", + "type": "file", + "name": "/usr/lib64/liblber.so.2.0.200", + "hashes": [ + { + "alg": "SHA-1", + "content": "89913b0a7815cf52ecffd4b5157164404778c609" + }, + { + "alg": "SHA-256", + "content": "cd4dbbf1476eb6dca1416018e12a6aaea0fba10595fe8209d22f67b07b5eb280" + } + ] + }, + { + "bom-ref": "9e9bb1f6d2ddc650", + "type": "file", + "name": "/usr/lib64/libldap.so.2.0.200", + "hashes": [ + { + "alg": "SHA-1", + "content": "e7c372e56c06960fe4c5340f1c6cdba486cd1eff" + }, + { + "alg": "SHA-256", + "content": "eb1f24b4e29e3d4400220b7be5bbdd23e6207ebe9a39bf5798b2bef268c1d03f" + } + ] + }, + { + "bom-ref": "5ee50c5b622f51d8", + "type": "file", + "name": "/usr/lib64/libldap_r.so.2.0.200", + "hashes": [ + { + "alg": "SHA-1", + "content": "b443ce7c4836280e4fb8318aa1607515668f6cc1" + }, + { + "alg": "SHA-256", + "content": "52306b17c10badd3df615a0b37d84f3e8b369dd744008f0e8aa6466cb3314c0b" + } + ] + }, + { + "bom-ref": "0d3040dbb5de38e4", + "type": "file", + "name": "/usr/lib64/libltdl.so.7.3.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "a85d004047809a62591877cb0091236393cbe0d2" + }, + { + "alg": "SHA-256", + "content": "0109357682ea87d4b4f479117555f863a0b3d2959100fc31a27252fffc5b5306" + } + ] + }, + { + "bom-ref": "9c5b99a9203f7dc7", + "type": "file", + "name": "/usr/lib64/libm.so.6", + "hashes": [ + { + "alg": "SHA-1", + "content": "40491ae304c8d0a6850837e028c18d6812c6f30d" + }, + { + "alg": "SHA-256", + "content": "2d3d7de18f6db76e4fb7adb884bb1f9a3dfadd12fcbcd83748da4bbb3ec342df" + } + ] + }, + { + "bom-ref": "164c9dcdd18d1fc9", + "type": "file", + "name": "/usr/lib64/libmemusage.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "49f6d6199a79378b61d8f92bda53602109691077" + }, + { + "alg": "SHA-256", + "content": "3ccec15ee85e4f96294016eb3bbad83dc581646f819a396d1f255c023d38464d" + } + ] + }, + { + "bom-ref": "180fe3cdf9d49788", + "type": "file", + "name": "/usr/lib64/libmenu.so.6.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "eeec5cc725fe6bd9bfabb7758c6019383454fa2c" + }, + { + "alg": "SHA-256", + "content": "34513df5ec6d91e250f8a286f20065b28a785191b1e9fedaf2ce6bfe512cdebf" + } + ] + }, + { + "bom-ref": "21e1efe3fc994cb7", + "type": "file", + "name": "/usr/lib64/libmenuw.so.6.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "92183ade94603efcc5a6d9788b66fc4e740a0dd2" + }, + { + "alg": "SHA-256", + "content": "f5f6ac15283f0c5dc949db6fe0a2c1081d348e670a4508cced0a3788e67b6f5d" + } + ] + }, + { + "bom-ref": "93fe09231cb93279", + "type": "file", + "name": "/usr/lib64/libmount.so.1.1.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "e55a3e8e1a22365cc7f632b70d0d1e618256c031" + }, + { + "alg": "SHA-256", + "content": "7b81c8c9169422ad2d4270b63d1fa817479edf0575ed1fa35178f0382e04e7fb" + } + ] + }, + { + "bom-ref": "cc6fde5122ccb21c", + "type": "file", + "name": "/usr/lib64/libmvec.so.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "2187973825273dfecbec9d1757814ea1a4aeeff5" + }, + { + "alg": "SHA-256", + "content": "2ab11542d16a97109f41000260ecb3fe42db527bbf6df141de9cfb443a6eea8e" + } + ] + }, + { + "bom-ref": "abab580ee1866cde", + "type": "file", + "name": "/usr/lib64/libncurses.so.6.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "1c8f0cf657b19227886823c5eb43805e3aa49334" + }, + { + "alg": "SHA-256", + "content": "5167c013b62e1c1d80af8fcfc89259a71d9510729407994a0fef2009f31a9c7d" + } + ] + }, + { + "bom-ref": "a49ecb62b0ebac88", + "type": "file", + "name": "/usr/lib64/libncursesw.so.6.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "4d9ee876972ca2039b91c5e2491b53048c0d2311" + }, + { + "alg": "SHA-256", + "content": "a884db5dbd02cbf96325bdef4452111ecf35c657aba7543d9f9a4dad17692592" + } + ] + }, + { + "bom-ref": "e6663d1e664c7729", + "type": "file", + "name": "/usr/lib64/libnettle.so.8.10", + "hashes": [ + { + "alg": "SHA-1", + "content": "0f19b129fba547cefd4a37ba1784b92ccbe44877" + }, + { + "alg": "SHA-256", + "content": "d39fc751ef9f42edf10567fea505c55ef70dd2ebda3602c181cafd2fadc52e76" + } + ] + }, + { + "bom-ref": "076c827c3f1dc44e", + "type": "file", + "name": "/usr/lib64/libnss_compat.so.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "7bc282d508d9d82804bb97ea8ce96a41d69b72b5" + }, + { + "alg": "SHA-256", + "content": "bdbc0ab86029cc1326e82aa13d5a8d76a63845b8d9b9a43488c9d17e1e27e0d2" + } + ] + }, + { + "bom-ref": "cb11cdc4189fc7fb", + "type": "file", + "name": "/usr/lib64/libnss_dns.so.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "fd115375aecdc5255d09b788f8b975cfb11501c3" + }, + { + "alg": "SHA-256", + "content": "7e870759cab5cf5f75e64ba29cfd61918549dbb7ae4575f1272031d741d15b06" + } + ] + }, + { + "bom-ref": "640d7278e8974c51", + "type": "file", + "name": "/usr/lib64/libnss_files.so.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "1fdfa797fd34e7fb4151584d16d4fe74c7b301fd" + }, + { + "alg": "SHA-256", + "content": "33d3c38795fc9591a1be00f562485acdd4b4470388cf14a6d6ac22635c4e3a67" + } + ] + }, + { + "bom-ref": "37b798076510be9c", + "type": "file", + "name": "/usr/lib64/libnss_myhostname.so.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "d32afe106880d2d4a305832c73c15753d34a051b" + }, + { + "alg": "SHA-256", + "content": "2f7bc8428b97a496b43d0bf8a462e9e6bb9e4dfdf3992690dfbf02ffa6c52bdd" + } + ] + }, + { + "bom-ref": "a5e14019242958a4", + "type": "file", + "name": "/usr/lib64/libnss_resolve.so.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "b0d417f3234f676af07c009a8a681a446d05c9ba" + }, + { + "alg": "SHA-256", + "content": "3d1a8fb6a740b2f54a34a62fe3e22c23478e13e468f689455d3a750560fb2fa2" + } + ] + }, + { + "bom-ref": "5109f754756ed3e7", + "type": "file", + "name": "/usr/lib64/libnss_systemd.so.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "1e4674de827b41b479c078acf288f281e56245a9" + }, + { + "alg": "SHA-256", + "content": "b31efa30a02ec58c3425a8aec2f958081d96f56c3f7b1d0558b70410f8789949" + } + ] + }, + { + "bom-ref": "2669fc1c6862e336", + "type": "file", + "name": "/usr/lib64/libpanel.so.6.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "c7b8b64d10d92df2cce9b24e2b320b3c88899e1b" + }, + { + "alg": "SHA-256", + "content": "2c7538c00c9b18da60d7a1d7370557e36486597a513af8d7918d82dad73711a1" + } + ] + }, + { + "bom-ref": "61853170048c8d39", + "type": "file", + "name": "/usr/lib64/libpanelw.so.6.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "34e1efebc642f4a686b5f9c6c49d0d09a4475c47" + }, + { + "alg": "SHA-256", + "content": "a2629dcf273b9741a5bd67855fa276a0d532dd9453815246a8d3f42a229219d8" + } + ] + }, + { + "bom-ref": "023549e866ed57ef", + "type": "file", + "name": "/usr/lib64/libpcprofile.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "edd1a1364ecb26c0f0f077283a79a71ed3d5ebeb" + }, + { + "alg": "SHA-256", + "content": "75d3aebcd4c6a1d25e76e031c2ad722c607e7976f3d9d541195c3319c7580915" + } + ] + }, + { + "bom-ref": "1897bbb4f7efd63c", + "type": "file", + "name": "/usr/lib64/libpsx.so.2.48", + "hashes": [ + { + "alg": "SHA-1", + "content": "7ba1d74b1615f86d8e98d8612deca8bb8076a45e" + }, + { + "alg": "SHA-256", + "content": "8c94570f7cb8f2a90cd349009861fd26c98bd7da7ef189f18360ef44c154594e" + } + ] + }, + { + "bom-ref": "d19d670da6254e2f", + "type": "file", + "name": "/usr/lib64/libpthread.so.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "d0ba899f8539d26f0dcf32a2a9b68e535f84d68e" + }, + { + "alg": "SHA-256", + "content": "83dc268d2bc39b1bc7ea9bc47f80d2b03d584b97471e1d350ae8570c9e451080" + } + ] + }, + { + "bom-ref": "f90f9b325a9a1788", + "type": "file", + "name": "/usr/lib64/librepo.so.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "77016ea3e1a253ed36486def76e462a23e52487b" + }, + { + "alg": "SHA-256", + "content": "3702d466122ae54e25448209571edaa4588e2b77e5c301102d99240e4a4f339b" + } + ] + }, + { + "bom-ref": "664d277def349e86", + "type": "file", + "name": "/usr/lib64/libresolv.so.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "36a20966380f36dffa15dcdcea43ea896fb5af7a" + }, + { + "alg": "SHA-256", + "content": "f108336535775d00ddac47c7c663e22f38137102e8e674d9ab9a091a43473948" + } + ] + }, + { + "bom-ref": "b7a5e9efcb9b8596", + "type": "file", + "name": "/usr/lib64/librpm.so.9.1.3", + "hashes": [ + { + "alg": "SHA-1", + "content": "6c02e48748079674b08c4e220b5209cae294b0c9" + }, + { + "alg": "SHA-256", + "content": "402844cc65877b72fe5a013de4e83ac6aa3efeb0d91ec6b78dc41c911a65a58c" + } + ] + }, + { + "bom-ref": "5d732d586d21e1a2", + "type": "file", + "name": "/usr/lib64/librpmio.so.9.1.3", + "hashes": [ + { + "alg": "SHA-1", + "content": "c8d8a642abd7cbc609be7d61a6d086277d47d79b" + }, + { + "alg": "SHA-256", + "content": "414b4c6dd584b0a9ab9de230cd395bd9bd57daad6979798fe9c716140aa8a027" + } + ] + }, + { + "bom-ref": "bf18eec22303c1b8", + "type": "file", + "name": "/usr/lib64/librt.so.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "0acf5c262e7a268c89ecbe021fa658e7809ad178" + }, + { + "alg": "SHA-256", + "content": "e7739dc9abc514845ad06d7e1cff374e384f5014d04c5e60c40a1e033f8a95a9" + } + ] + }, + { + "bom-ref": "7e81ec7a8f66c3ca", + "type": "file", + "name": "/usr/lib64/libsasl2.so.3.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "5456bc1a5aa90e5534f0d3d577e202d2f16ba36f" + }, + { + "alg": "SHA-256", + "content": "2e3d8149a9cddffd1c8dc2ed69db920d15d8d620a6472906181e79ac33342c9c" + } + ] + }, + { + "bom-ref": "89115b1e9262abe4", + "type": "file", + "name": "/usr/lib64/libselinux.so.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "40711929238836e2a8ec63dfc23135c718aba5df" + }, + { + "alg": "SHA-256", + "content": "540225279c84a9ff7c668625b1987aa7f3be24215eb9480c0be73f47818df14c" + } + ] + }, + { + "bom-ref": "f4640f5ead471b71", + "type": "file", + "name": "/usr/lib64/libsemanage.so.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "b1b1b3a36aef3393cc22884dcc355446a134b261" + }, + { + "alg": "SHA-256", + "content": "f2a08e1895cf389d80fda8b76380b2d6135930d1b31789fb678711f97dbc553c" + } + ] + }, + { + "bom-ref": "840c32fd3150949d", + "type": "file", + "name": "/usr/lib64/libsepol.so.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "463ee022c64c4f6973022558376f64499bc04927" + }, + { + "alg": "SHA-256", + "content": "3b432f1a220b54f86e576e3a4b580e7ed99b1fc73e6cde52b21157c2c2271665" + } + ] + }, + { + "bom-ref": "2a65f2229e73080a", + "type": "file", + "name": "/usr/lib64/libslapi.so.2.0.200", + "hashes": [ + { + "alg": "SHA-1", + "content": "720df6f74398d5bb9935c7d3486496369f670ede" + }, + { + "alg": "SHA-256", + "content": "df9f0e4780d61d1db2d01b9b6475685031956d1cf4bd194f9d58065741fbc4d6" + } + ] + }, + { + "bom-ref": "10fc03496e85dae5", + "type": "file", + "name": "/usr/lib64/libsmartcols.so.1.1.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa7f05edc58ee16d4bece860683c2b70660a3334" + }, + { + "alg": "SHA-256", + "content": "03bf745caba1ab8438e6b8c3b1a45940a6908f95ab94f48415b6f56c85db20cf" + } + ] + }, + { + "bom-ref": "9e76aa220f9aaf91", + "type": "file", + "name": "/usr/lib64/libsqlite3.so.0.8.6", + "hashes": [ + { + "alg": "SHA-1", + "content": "3004f7bc2730c1996be0d97c0815edf7cf63296d" + }, + { + "alg": "SHA-256", + "content": "2a7040e37b57d51f6b157875e7610b37491d0cb4dd69ed5055921da43b855e8c" + } + ] + }, + { + "bom-ref": "600acfaadf45a128", + "type": "file", + "name": "/usr/lib64/libssl.so.3.5.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "92752058bec7715c5cfd1a64ea45f7ea8c14b2ea" + }, + { + "alg": "SHA-256", + "content": "a8a5b51a76acfca3aee2429f2114f47ae2f9d0e4fc912673ef82d3d18eb0c22e" + } + ] + }, + { + "bom-ref": "6de1484d06c4f0ad", + "type": "file", + "name": "/usr/lib64/libstdc++.so.6.0.29", + "hashes": [ + { + "alg": "SHA-1", + "content": "869c163d5601ff8f79f22324b0a5bb615b7f92d8" + }, + { + "alg": "SHA-256", + "content": "643060c81562d0c1bd8a0ec3888068cf5577d6ce8fa7d4aba5c509f7bb258bd9" + } + ] + }, + { + "bom-ref": "d9bf5c868eb88dae", + "type": "file", + "name": "/usr/lib64/libsystemd.so.0.35.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "84fd24d02e62e921ba0d27dc1355e55d6cc3ce1c" + }, + { + "alg": "SHA-256", + "content": "8a20a2daf7dcd24dfdb8b7ccf0c8a2a33d5251a445da3b55de0d16ca78593437" + } + ] + }, + { + "bom-ref": "a7aebe099275d13d", + "type": "file", + "name": "/usr/lib64/libtasn1.so.6.6.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "6efff212494e34ac66be2f0ec3735b0418d1cc11" + }, + { + "alg": "SHA-256", + "content": "f1e7a272c3ebc0068992ea6c098cd8ccbc79818762e67cce26647e3fb04b24dd" + } + ] + }, + { + "bom-ref": "ae3fc97113fbe7ca", + "type": "file", + "name": "/usr/lib64/libthread_db.so.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "2b8fc0fbb5bc957182c263cb57e57db69e4b872b" + }, + { + "alg": "SHA-256", + "content": "7bce176450f85680f3dfe6661359ca884fba6650c414de747be5f997d8e1596e" + } + ] + }, + { + "bom-ref": "7f4d4f7aa9afb6fb", + "type": "file", + "name": "/usr/lib64/libtic.so.6.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "7ae4f0ddfa6b940edcc1d14da97fe186d7fcbc99" + }, + { + "alg": "SHA-256", + "content": "169fd0998038aa0987f25827f8ce0fe9ee9ea82846958237c22f57bf0137209f" + } + ] + }, + { + "bom-ref": "2187328ae913998e", + "type": "file", + "name": "/usr/lib64/libtinfo.so.6.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "dba29705317e7e0b34a78fc29afe5869d1253b69" + }, + { + "alg": "SHA-256", + "content": "7f6e6b4b437315880fb459256f663fe1cf96ffd437f9bdcdddc5c5104b89c3ff" + } + ] + }, + { + "bom-ref": "6756fb3d8b92dd02", + "type": "file", + "name": "/usr/lib64/libudev.so.1.7.5", + "hashes": [ + { + "alg": "SHA-1", + "content": "013a4094b9557ae39eb17409fbba39e8879dc1f2" + }, + { + "alg": "SHA-256", + "content": "afbc80413aeb6161f62fe0947c37ed50616f280592bd12023bf3b32f80bb4b36" + } + ] + }, + { + "bom-ref": "e4935d5aa0ba62ff", + "type": "file", + "name": "/usr/lib64/libutil.so.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "25e6d9a06ab0281ce358e7ebb02cf07edbe3a19e" + }, + { + "alg": "SHA-256", + "content": "1da739d3692933ac28b1c4fd1d0f94a0976f3286c0bf8b2e5e5db49ca7e854fd" + } + ] + }, + { + "bom-ref": "2f4c1c268d776d3e", + "type": "file", + "name": "/usr/lib64/libuuid.so.1.3.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "6b6260d7fb20c57b211971d87625b83258590c55" + }, + { + "alg": "SHA-256", + "content": "529d3f74689adfa49e416bdd75385f06733568724ebaf8411a5e0de140d8621a" + } + ] + }, + { + "bom-ref": "9548eb24c8261a07", + "type": "file", + "name": "/usr/lib64/libxml2.so.2.9.13", + "hashes": [ + { + "alg": "SHA-1", + "content": "ab4be0119c30d9af379a3e12b40c11b71def465b" + }, + { + "alg": "SHA-256", + "content": "8eb25143b2fa588a7b9f4af0a8f44d580501d59ee5d7e2f20d726b2aaffab1a9" + } + ] + }, + { + "bom-ref": "cd4bf5eeea9572a1", + "type": "file", + "name": "/usr/lib64/libzstd.so.1.5.5", + "hashes": [ + { + "alg": "SHA-1", + "content": "a58e10768bd5a2a16cc7dfb5b04843ce9c4f0456" + }, + { + "alg": "SHA-256", + "content": "dc1ccdc94eea889670d6258a70ae51be922be6a4740eb44eee4f1baf012136b7" + } + ] + }, + { + "bom-ref": "67ddf331d95fbab9", + "type": "file", + "name": "/usr/lib64/ossl-modules/fips.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "64be15e12fa7a8b28d498c422f7d866fe235e5db" + }, + { + "alg": "SHA-256", + "content": "c197b6ddf74532f477bcb34e25b6e109491765d577b9fe1a4c4759239b6aae06" + } + ] + }, + { + "bom-ref": "074d9b8ca153069f", + "type": "file", + "name": "/usr/lib64/ossl-modules/legacy.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "fe7c6850a1685449f472f02e2894e4a20c2ca0d7" + }, + { + "alg": "SHA-256", + "content": "1e4dd1d9a0a9780f300331ba5d4351f9bc9cbd89130d1d6797e84bcc170c10f0" + } + ] + }, + { + "bom-ref": "86bf2ecd1788501f", + "type": "file", + "name": "/usr/lib64/sasl2/libanonymous.so.3.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "5a27a0e2b06d9a3f088b71c8bfaaafaa202e8473" + }, + { + "alg": "SHA-256", + "content": "3f5750048d1f5f2fc02a64b4c3e479d2da16049a7c262d4b3a6d620ba7a37751" + } + ] + }, + { + "bom-ref": "67d38e340f4577d3", + "type": "file", + "name": "/usr/lib64/sasl2/libsasldb.so.3.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "c5785b55310e9af50cb520d5bb31dab7e894a1f6" + }, + { + "alg": "SHA-256", + "content": "ce60ecb1bf8fbf5d898712b1fbcbc743359ce1d2f8de8e148031e5189ba48132" + } + ] + }, + { + "bom-ref": "6e696beaf5a6f45a", + "type": "file", + "name": "/usr/lib64/security/pam_cap.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "cc86b6d3fde4d80d002a814e4a2bfaed78d1848f" + }, + { + "alg": "SHA-256", + "content": "6bb873cae41c79e835c80198f456151d80e6f85d5886726ede088e5508db5307" + } + ] + }, + { + "bom-ref": "e3d3859fc36afde9", + "type": "file", + "name": "/usr/libexec/coreutils/libstdbuf.so", + "hashes": [ + { + "alg": "SHA-1", + "content": "7a395a2cd0ba62aeb989494acb47a98ef7da7d0c" + }, + { + "alg": "SHA-256", + "content": "12e5481fd926dabcd9304ad69f70ff0bdcb8f69a2a78bce13bdd432dc362ec43" + } + ] + }, + { + "bom-ref": "4e0814ecba9a840f", + "type": "file", + "name": "/usr/libexec/fips-setup-helper", + "hashes": [ + { + "alg": "SHA-1", + "content": "d4ca662c6962fc22af5ee0ffedd594be438bf8e0" + }, + { + "alg": "SHA-256", + "content": "98842d7aab2119a5258e0931c538111d4eb9099395b539b764dc6de427de8939" + } + ] + }, + { + "bom-ref": "1716d1a69e4531ec", + "type": "file", + "name": "/usr/libexec/getconf/POSIX_V6_LP64_OFF64", + "hashes": [ + { + "alg": "SHA-1", + "content": "81140d839d18f2761b00df07b72c3fef8a43c11a" + }, + { + "alg": "SHA-256", + "content": "f01154b2747461aa3011213d2a2d018d04bf4241ebc0649822a28b9d863eb370" + } + ] + }, + { + "bom-ref": "d536adb8f0ad5bbf", + "type": "file", + "name": "/usr/sbin/alternatives", + "hashes": [ + { + "alg": "SHA-1", + "content": "67c3a94eaba528d07aa2a9a07d41edb753de1b97" + }, + { + "alg": "SHA-256", + "content": "b432a2af811781d961fac005249930fea6c7510687ec377414166eeed06f8c9f" + } + ] + }, + { + "bom-ref": "34f8467e3a606deb", + "type": "file", + "name": "/usr/sbin/capsh", + "hashes": [ + { + "alg": "SHA-1", + "content": "846a33d5de64467997f0c06ef74025bdd53747e0" + }, + { + "alg": "SHA-256", + "content": "a919dce6901fcc23b1379e94c4e0ddeb160c28c805a44b13b9e7d5a64c080f8b" + } + ] + }, + { + "bom-ref": "f33afab34bceebb1", + "type": "file", + "name": "/usr/sbin/chgpasswd", + "hashes": [ + { + "alg": "SHA-1", + "content": "bbe9eacb1054c4755515620eacd5b8e58263985b" + }, + { + "alg": "SHA-256", + "content": "ecdec0e57aada7c08b4c658fe35558f9e30fe9f7e1d4360e8009fb90a9202366" + } + ] + }, + { + "bom-ref": "0318fa63a12c4a45", + "type": "file", + "name": "/usr/sbin/chpasswd", + "hashes": [ + { + "alg": "SHA-1", + "content": "9d1ec69bbb784f6c8c20c9aeadee06a6b53b66c2" + }, + { + "alg": "SHA-256", + "content": "7896f25aeef8f5f1dfcc5865a9dcb9019a7edc9b449b1e4ac9746d391ad6ba88" + } + ] + }, + { + "bom-ref": "111b65a59d05de01", + "type": "file", + "name": "/usr/sbin/chroot", + "hashes": [ + { + "alg": "SHA-1", + "content": "47f6ebfa5a2e0ac5671332f3bf3fefdde5c8ed26" + }, + { + "alg": "SHA-256", + "content": "739f7aeb037de1264e7801b4a2b01b6e98bf66b1fe81c751989241de6f878b19" + } + ] + }, + { + "bom-ref": "c1427ebe890dcc80", + "type": "file", + "name": "/usr/sbin/getcap", + "hashes": [ + { + "alg": "SHA-1", + "content": "fc72d542eb85d57677eebfa803702e4989152115" + }, + { + "alg": "SHA-256", + "content": "91059a58403b474157208979a029c3d47c12155a741200672c12b24a6ed44a37" + } + ] + }, + { + "bom-ref": "8a707565ca91434e", + "type": "file", + "name": "/usr/sbin/getpcaps", + "hashes": [ + { + "alg": "SHA-1", + "content": "304b5a9328285771328c91c9071fb761a273c117" + }, + { + "alg": "SHA-256", + "content": "452e8c8b360c1c245307cf1b826f61e539862814c3be5de1624c9913f5175c09" + } + ] + }, + { + "bom-ref": "74be897ab6c1efcb", + "type": "file", + "name": "/usr/sbin/groupadd", + "hashes": [ + { + "alg": "SHA-1", + "content": "4c67f58787c3e932d187244685ddc088f0890716" + }, + { + "alg": "SHA-256", + "content": "c212db3ba1a3d8c510d3c6ae2267f3e7c9a44a28c132c58189d60e7d57266eda" + } + ] + }, + { + "bom-ref": "2556d4cc0a065d36", + "type": "file", + "name": "/usr/sbin/groupdel", + "hashes": [ + { + "alg": "SHA-1", + "content": "b3764d3f80620dd582c6e21d16791be710733cbc" + }, + { + "alg": "SHA-256", + "content": "d217dd3a21566ac3916682b469cf9bf08fc36c09e411c004b1acf590d22ad4e1" + } + ] + }, + { + "bom-ref": "0c8befd445f256b3", + "type": "file", + "name": "/usr/sbin/groupmems", + "hashes": [ + { + "alg": "SHA-1", + "content": "0ca7b979ce118f5a870d53267cff7b7bebe141f8" + }, + { + "alg": "SHA-256", + "content": "ebd54ce8fb0a1f3d291a80c8f6837709a0d40bd8313015bb0d2d0ff47c28021f" + } + ] + }, + { + "bom-ref": "cc64b9fa91010ff6", + "type": "file", + "name": "/usr/sbin/groupmod", + "hashes": [ + { + "alg": "SHA-1", + "content": "c2c8c306b81b62d4c33b60ec28a43ccc946547ca" + }, + { + "alg": "SHA-256", + "content": "b3f14c7f5eef120c5696e583a43c973e7cab820455682fe2c20fe08473252128" + } + ] + }, + { + "bom-ref": "b6b95802760806da", + "type": "file", + "name": "/usr/sbin/grpck", + "hashes": [ + { + "alg": "SHA-1", + "content": "a5eccf1d048a2014c60d105efbff2667e349063b" + }, + { + "alg": "SHA-256", + "content": "49ac971fae50937b2867db851e690c29ea169af0dc2bc05d98a4c2c09b5030bb" + } + ] + }, + { + "bom-ref": "ab69700c9a4b85fc", + "type": "file", + "name": "/usr/sbin/grpconv", + "hashes": [ + { + "alg": "SHA-1", + "content": "2fd84a4c1daa7aa0bcac2f2e372dfebc86f9501d" + }, + { + "alg": "SHA-256", + "content": "0e17621db09d8e4aa82302048b9c9ca79e46714c9cc1a5e23557cf61a4ae8bc5" + } + ] + }, + { + "bom-ref": "c73f0ac2f71e5768", + "type": "file", + "name": "/usr/sbin/grpunconv", + "hashes": [ + { + "alg": "SHA-1", + "content": "64e887baf4a9e22e1442c6027801735b5d0b1a0e" + }, + { + "alg": "SHA-256", + "content": "5c4a66ba5ca8d17b353c9f4ea50ece515f22fe3138943c0d8981d857c9f2174f" + } + ] + }, + { + "bom-ref": "64575dd9d0be23a4", + "type": "file", + "name": "/usr/sbin/iconvconfig", + "hashes": [ + { + "alg": "SHA-1", + "content": "6bcdbf5fccc474565384b63b77d85247fc83f290" + }, + { + "alg": "SHA-256", + "content": "32a2f84bdc83abe12f1ad68520ccfff38e32f9cf199f8c701601a5faa5d8735e" + } + ] + }, + { + "bom-ref": "7536453ef2a26c46", + "type": "file", + "name": "/usr/sbin/ldconfig", + "hashes": [ + { + "alg": "SHA-1", + "content": "38654bbc8d6fa006477ef67697afc5d2040e292b" + }, + { + "alg": "SHA-256", + "content": "df210f9db42ec59cecf3a7879141cf6a43d2825b9a4764eb507dce913fd74ca3" + } + ] + }, + { + "bom-ref": "f90e01085c96de5d", + "type": "file", + "name": "/usr/sbin/newusers", + "hashes": [ + { + "alg": "SHA-1", + "content": "c48f8fbd5800aee651df63757f7b9b351310ce94" + }, + { + "alg": "SHA-256", + "content": "903936f7d3d8b3defc8e0adf429804739684b32e1b959e269df8b1c814099537" + } + ] + }, + { + "bom-ref": "3989eec5a7cefa6c", + "type": "file", + "name": "/usr/sbin/pwck", + "hashes": [ + { + "alg": "SHA-1", + "content": "4d0a350644784b26d850dd3fe28934158e161f87" + }, + { + "alg": "SHA-256", + "content": "6e334199eb49cc3ca096149f91933e40ead747da5bba47d35f534bbadfe6cf3e" + } + ] + }, + { + "bom-ref": "ec97b8fc62a55343", + "type": "file", + "name": "/usr/sbin/pwconv", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f08af5c40b65d2d5d9baffdf9bfeb044cd0627a" + }, + { + "alg": "SHA-256", + "content": "988929767fd0e92f2e070cb1a3c6c176097381e9a604a1fec4b511d145c566ed" + } + ] + }, + { + "bom-ref": "8568fb8ca2582731", + "type": "file", + "name": "/usr/sbin/pwunconv", + "hashes": [ + { + "alg": "SHA-1", + "content": "97fa431087d528da73789d941ef0872511e960d9" + }, + { + "alg": "SHA-256", + "content": "2755c539e10308a55440c2bba4e733d014c8f3c346d114514c4588808716e371" + } + ] + }, + { + "bom-ref": "a903dcfa92379f1c", + "type": "file", + "name": "/usr/sbin/sasldblistusers2", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f9bfa00aaf8df309062b99273521df28cf8f847" + }, + { + "alg": "SHA-256", + "content": "41dde1653f48b854d0b928dc3242c1ac9a7cf222925b5b7bb00e38ca2115fdbc" + } + ] + }, + { + "bom-ref": "d20220678434ab7f", + "type": "file", + "name": "/usr/sbin/saslpasswd2", + "hashes": [ + { + "alg": "SHA-1", + "content": "f6d1be27468f4c5dcd5387aff3e05ae5dcce8a2b" + }, + { + "alg": "SHA-256", + "content": "9b6cf403d1d2a816351473d85e638b94ac60d6f729d92a6b812af52de04839e1" + } + ] + }, + { + "bom-ref": "b0a10e424e7b1086", + "type": "file", + "name": "/usr/sbin/setcap", + "hashes": [ + { + "alg": "SHA-1", + "content": "6e8be06b74a7e4d47eb469f996c525accc5d4b4c" + }, + { + "alg": "SHA-256", + "content": "6ed2c35ad6d405cc7060467f52ae68db70a2b219b5840193f3eb43a6dc636293" + } + ] + }, + { + "bom-ref": "84bb3257aae64297", + "type": "file", + "name": "/usr/sbin/useradd", + "hashes": [ + { + "alg": "SHA-1", + "content": "d360104341866da1ea812f15ad4e93e9fcdb9782" + }, + { + "alg": "SHA-256", + "content": "7de0113096523518f915f2abfa1fa02a4842a3412e0acf380bf25581ef06809c" + } + ] + }, + { + "bom-ref": "687b78fb392028b5", + "type": "file", + "name": "/usr/sbin/userdel", + "hashes": [ + { + "alg": "SHA-1", + "content": "6d33f7c1e6b5b93b4acdf7e5117489df1e81c254" + }, + { + "alg": "SHA-256", + "content": "07fba687576480843c16c4e29683318f84a9ab8b514db6556691d25056583c28" + } + ] + }, + { + "bom-ref": "4848c9705b78b970", + "type": "file", + "name": "/usr/sbin/usermod", + "hashes": [ + { + "alg": "SHA-1", + "content": "2b9d099d0a0ab7cfb87939193347f3506c0a5257" + }, + { + "alg": "SHA-256", + "content": "4c7fb62ea533f122b57fd2173a023d4bf5f6f5adb859488a8dd5b89e861c7828" + } + ] + }, + { + "bom-ref": "04c372714feedfa3", + "type": "file", + "name": "/usr/sbin/vipw", + "hashes": [ + { + "alg": "SHA-1", + "content": "98b51e5cdc3658bd2210ec29437190bf5e5bae81" + }, + { + "alg": "SHA-256", + "content": "1c685db51740be4f85e13faeb3322e210468db9bced41d9d8522f914f5c96035" + } + ] + }, + { + "bom-ref": "879ec3ccb9c2d440", + "type": "file", + "name": "/usr/sbin/zic", + "hashes": [ + { + "alg": "SHA-1", + "content": "09c363206713740a91fd1b1a6042b75e8cc16d61" + }, + { + "alg": "SHA-256", + "content": "0f3d1cea614a46ced60f0d43ef21a40bb7d72c6e94a47883504fecf29b12f41b" + } + ] + }, + { + "bom-ref": "afdd73f093ebb639", + "type": "file", + "name": "/usr/share/crypto-policies/DEFAULT/bind.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "605a441522efb7132b8d48aa48458564329a6f4a" + }, + { + "alg": "SHA-256", + "content": "a58c1a9dc160a31aa185d74a96538aafa634864b8868129ffac0544e789e03e0" + } + ] + }, + { + "bom-ref": "1d7fd03128d7e4d2", + "type": "file", + "name": "/usr/share/crypto-policies/DEFAULT/gnutls.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "d89af03fbc6b90c653497d1c369daa37b1eab484" + }, + { + "alg": "SHA-256", + "content": "9658d45476815d507ec7598a09b8f32bb67f1f12b1204b0a9ecd9d165a3e8116" + } + ] + }, + { + "bom-ref": "882e9fef471425f7", + "type": "file", + "name": "/usr/share/crypto-policies/DEFAULT/java.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "8897f89dfc3de73c0c69444e45a70250245baf8d" + }, + { + "alg": "SHA-256", + "content": "21e27a8d83a44a6c1179effe601e95cb3d7373735cc7520cd47be0652dd18945" + } + ] + }, + { + "bom-ref": "a38e5ca8cef6d8f6", + "type": "file", + "name": "/usr/share/crypto-policies/DEFAULT/javasystem.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "4323cbb7ef0fe3ac978c43cda15d8d14f464150b" + }, + { + "alg": "SHA-256", + "content": "0ddb088db3d8d923e57dfe61dff5e3faadb41108c85b6eb1885b6a4838d382c3" + } + ] + }, + { + "bom-ref": "3f42f7a518ff9cd2", + "type": "file", + "name": "/usr/share/crypto-policies/DEFAULT/krb5.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "72ba20eb8d03021c3e265fab393b35d32a1b2a66" + }, + { + "alg": "SHA-256", + "content": "0c1e430ee375bf679019a42098629b7cccc6ca5a530479d787c5fde204da1cb7" + } + ] + }, + { + "bom-ref": "561140d4efe66e37", + "type": "file", + "name": "/usr/share/crypto-policies/DEFAULT/libreswan.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "ecc7a1a59913ebaf6150ae5ace344496bb7a2dc4" + }, + { + "alg": "SHA-256", + "content": "ba0a4319962f0e6a3e83a404becf46a8bb0cf7929ef2b7032fec9ee1b95dd27b" + } + ] + }, + { + "bom-ref": "86552a9b61a01a58", + "type": "file", + "name": "/usr/share/crypto-policies/DEFAULT/libssh.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "8a5b0929bfb7224052c876f632963d10bfad546f" + }, + { + "alg": "SHA-256", + "content": "4cb91562666463b60e23b6b3f0a50164959226126847ee6da1df8f7f0f071da7" + } + ] + }, + { + "bom-ref": "2065aab50b73cc76", + "type": "file", + "name": "/usr/share/crypto-policies/DEFAULT/nss.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "1e00e1c1a6d4cdbd468536af85464167006bba10" + }, + { + "alg": "SHA-256", + "content": "6e1b17a238bc9879954790db1715dfa69029b0d4e9d566263c804dfb97261d0f" + } + ] + }, + { + "bom-ref": "8711641c4e8bbd25", + "type": "file", + "name": "/usr/share/crypto-policies/DEFAULT/openssh.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "2845793a18956f0dfacee7d0127377123edce519" + }, + { + "alg": "SHA-256", + "content": "7716f34aeb67783ba9eeca7e35313fdde274231d902eea760ac4ccb58de165e4" + } + ] + }, + { + "bom-ref": "8380dd3e428b0f55", + "type": "file", + "name": "/usr/share/crypto-policies/DEFAULT/opensshserver.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "077d449b4c0798e1df2c33cebd0b436d720c2314" + }, + { + "alg": "SHA-256", + "content": "1113a9f57ae80185b59413b7a04f9cd2e5bd3bda51ef703f4f785658a25046d6" + } + ] + }, + { + "bom-ref": "fdd5ef7ec49ba6bf", + "type": "file", + "name": "/usr/share/crypto-policies/DEFAULT/openssl.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "de48e374101ef029afd15af20331bc40a7db9b62" + }, + { + "alg": "SHA-256", + "content": "14c0ac8298081902c37730227e3385e5db9bdb414fc00469a5453d9d8edbcb89" + } + ] + }, + { + "bom-ref": "da22838b523ebb31", + "type": "file", + "name": "/usr/share/crypto-policies/DEFAULT/openssl_fips.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "cc622bfbd11b46609501b48c2c995748f5f050ef" + }, + { + "alg": "SHA-256", + "content": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + } + ] + }, + { + "bom-ref": "7702c5c821e9f285", + "type": "file", + "name": "/usr/share/crypto-policies/DEFAULT/opensslcnf.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "d2e66057baf470b4c5a5dbe3f35fa55932a68322" + }, + { + "alg": "SHA-256", + "content": "5db272604fd06ed01b7bf95427e133ca891aacc5eb8158ebe5437c7ffe63db73" + } + ] + }, + { + "bom-ref": "f2121e401df4d509", + "type": "file", + "name": "/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "32efa04d4a9823c31ea308029087c33450eb5b38" + }, + { + "alg": "SHA-256", + "content": "94e0021e1dfb6a505ae320fd1a810d959f9a8196876112df0b8bd13d1819a6b1" + } + ] + }, + { + "bom-ref": "b8bc1d0869ed022a", + "type": "file", + "name": "/usr/share/crypto-policies/FIPS/bind.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "71e5c02490106a7e44c7a13d948a2ec5d0abf104" + }, + { + "alg": "SHA-256", + "content": "2d3530ededdc39742969f28ff137f88e429a5b80e55fb9dcb8ed51eabc14ed0d" + } + ] + }, + { + "bom-ref": "4ee5f68b748edff0", + "type": "file", + "name": "/usr/share/crypto-policies/FIPS/gnutls.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "ccd77eb0f502e271942b40b00fd36e53810bd01e" + }, + { + "alg": "SHA-256", + "content": "ba59572ce09550c61e75c70c5bfc0d800661c7011cbced1ad943b408bfde381c" + } + ] + }, + { + "bom-ref": "57dc34cef5fc7029", + "type": "file", + "name": "/usr/share/crypto-policies/FIPS/java.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "6e44d7916183482bdd94616bbc60e582e4e41c56" + }, + { + "alg": "SHA-256", + "content": "2545c17c559c1177239b3bc9292a2b50ca3e1400961ed515a9e50d8bc9991175" + } + ] + }, + { + "bom-ref": "f807571eba875c73", + "type": "file", + "name": "/usr/share/crypto-policies/FIPS/javasystem.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "166c6a8deb42755abcbac6ac29e82a4a2aa937f3" + }, + { + "alg": "SHA-256", + "content": "22f46a8509ac1c19bc76b9ab235820964e9a0469b9f2ba58c8be0aa8da9a8890" + } + ] + }, + { + "bom-ref": "abe5d35fd9e4b896", + "type": "file", + "name": "/usr/share/crypto-policies/FIPS/krb5.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad94e4628a6030edf463645b15033ff36ddfc9fe" + }, + { + "alg": "SHA-256", + "content": "9c1a4d25952e9ba252dfdd110c40ee363a8c69a1f57c396f9c021255f613994a" + } + ] + }, + { + "bom-ref": "9d3c270b586cf9e8", + "type": "file", + "name": "/usr/share/crypto-policies/FIPS/libreswan.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "83981746cf3d6c5bad3f550e449f03719519b5ac" + }, + { + "alg": "SHA-256", + "content": "3121515ad310fee218aececa8ba41517cb2ff38dbd7903f1cf7712979b872527" + } + ] + }, + { + "bom-ref": "60b3bbf1dc150e29", + "type": "file", + "name": "/usr/share/crypto-policies/FIPS/libssh.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "5672b8bd969dc3501cb71d6824adb72cb3a0c9aa" + }, + { + "alg": "SHA-256", + "content": "fa908a498254cbe4cbe1ee45e59896c140021fe9ff0ba6796f11784df73d713b" + } + ] + }, + { + "bom-ref": "6cff7cc34969a538", + "type": "file", + "name": "/usr/share/crypto-policies/FIPS/nss.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "2552edb2edd9ec5d747bd677063976a622050529" + }, + { + "alg": "SHA-256", + "content": "f4b387df3824b2831e6ae76c6de4661f879d63366f2737e75222eaf53fce0f76" + } + ] + }, + { + "bom-ref": "c102b34d4850f420", + "type": "file", + "name": "/usr/share/crypto-policies/FIPS/openssh.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "cb3aad188bfde60a17b1abdc5306a0d8d6c0411f" + }, + { + "alg": "SHA-256", + "content": "8606bb4030c091ffff8f8c3f154eefe322dc78953fed05921b660b91a9a1832b" + } + ] + }, + { + "bom-ref": "65edcd9856a2ba28", + "type": "file", + "name": "/usr/share/crypto-policies/FIPS/opensshserver.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "33c5a48baccde13b6de29ba101f5ffee94af2b0c" + }, + { + "alg": "SHA-256", + "content": "fc29f93c9ba35b0c98eadc4a5d535750f7ad1439eb7425b46e5fd34958b9a00d" + } + ] + }, + { + "bom-ref": "6595665567b15dfd", + "type": "file", + "name": "/usr/share/crypto-policies/FIPS/openssl.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "37d17ac5c814e574ac852f082b4c279d0a874aa6" + }, + { + "alg": "SHA-256", + "content": "eacc37ccc326fa7a92d1f3bdbe647b8b60c01ef9a2b1cba2980450cce218df54" + } + ] + }, + { + "bom-ref": "8e3c8bdb7f75bd5d", + "type": "file", + "name": "/usr/share/crypto-policies/FIPS/openssl_fips.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "cc622bfbd11b46609501b48c2c995748f5f050ef" + }, + { + "alg": "SHA-256", + "content": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + } + ] + }, + { + "bom-ref": "0522bcec26e6a026", + "type": "file", + "name": "/usr/share/crypto-policies/FIPS/opensslcnf.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "c28ee6488f7a6a0f5294f21219a0f967b84d6ce9" + }, + { + "alg": "SHA-256", + "content": "4acf50471178bbca3568561d0d48be519704b2a729d37b2594671bc7cbe38e4d" + } + ] + }, + { + "bom-ref": "878ecff90dec0cfb", + "type": "file", + "name": "/usr/share/crypto-policies/FIPS/rpm-sequoia.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "cf72297a33754b49aef76339f6a5313efbfe1f35" + }, + { + "alg": "SHA-256", + "content": "010e040a5df0846e09730544fc2ff1c8071bbe6ad50aa61fb6e10097f887ea15" + } + ] + }, + { + "bom-ref": "e70790cfb823b2ce", + "type": "file", + "name": "/usr/share/crypto-policies/FUTURE/bind.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "605a441522efb7132b8d48aa48458564329a6f4a" + }, + { + "alg": "SHA-256", + "content": "a58c1a9dc160a31aa185d74a96538aafa634864b8868129ffac0544e789e03e0" + } + ] + }, + { + "bom-ref": "df6d8ed5a12429b0", + "type": "file", + "name": "/usr/share/crypto-policies/FUTURE/gnutls.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f4d96a16eaa98cf32c80f6b2f7bfd7b88810b93" + }, + { + "alg": "SHA-256", + "content": "d68afbedf284403094b49b6fd6e164af1df71df6bfc7260ac9c2f35d0d4044a0" + } + ] + }, + { + "bom-ref": "f72f9876da0bf51a", + "type": "file", + "name": "/usr/share/crypto-policies/FUTURE/java.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "c7454d459d658c9b5b6c5964fc09307693fba82c" + }, + { + "alg": "SHA-256", + "content": "f99bfe41709855b20552f414f78b7a1aab6154ba588bdac72ded87f8d8c80ddb" + } + ] + }, + { + "bom-ref": "c5064e1c6b2b82fd", + "type": "file", + "name": "/usr/share/crypto-policies/FUTURE/javasystem.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "80c52e731c59f7608add17bed269f77991dc9bc1" + }, + { + "alg": "SHA-256", + "content": "d43f7ce398de1cd518cd0864b58d74d50a8375b800b3231db853ac86175b6d19" + } + ] + }, + { + "bom-ref": "4f619fe86f82aca9", + "type": "file", + "name": "/usr/share/crypto-policies/FUTURE/krb5.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "56dd8be43a1b39e110d976b23e051ec5f1151428" + }, + { + "alg": "SHA-256", + "content": "f7500ad5181c77fd45da469fd7a0991caf7bc29b6c2f4f10bc966c3920fa905e" + } + ] + }, + { + "bom-ref": "2cc560a83b80dd47", + "type": "file", + "name": "/usr/share/crypto-policies/FUTURE/libreswan.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "5961e83f826770433c93f8823501d3017e39efde" + }, + { + "alg": "SHA-256", + "content": "fada0c0238bc899aa3328e6f86b940a7f5a25cdef647ef28c243f89c3db67100" + } + ] + }, + { + "bom-ref": "44833f78acc30bc1", + "type": "file", + "name": "/usr/share/crypto-policies/FUTURE/libssh.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "1287e83e94e62b2b32b6f5695922f4fb2dfabc3b" + }, + { + "alg": "SHA-256", + "content": "ee3a3567708dd4b79451deef173fe5b8443614d8fb81127dd91f98fb6ff35487" + } + ] + }, + { + "bom-ref": "eb3af61ac7994eee", + "type": "file", + "name": "/usr/share/crypto-policies/FUTURE/nss.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "e036cb3c2f35142404150ee9e581f18bbd602df3" + }, + { + "alg": "SHA-256", + "content": "10a7d15cc2b678c044b2b749d7a0cf9e8706668888b94cea91866fb847588425" + } + ] + }, + { + "bom-ref": "b8d925cbba552dae", + "type": "file", + "name": "/usr/share/crypto-policies/FUTURE/openssh.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "84b1e7738c9e8f69db75e27dc13e0abb80583986" + }, + { + "alg": "SHA-256", + "content": "cdd99a01e5c7e4ff862b88e5a228f4bb4583b4039a4ff7ceb89b2869b8780059" + } + ] + }, + { + "bom-ref": "da0bddfcd645ebdf", + "type": "file", + "name": "/usr/share/crypto-policies/FUTURE/opensshserver.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "ecf62f5ba1487bc1a7776b56d3c4c092af438330" + }, + { + "alg": "SHA-256", + "content": "621a381b8c829f95a45dd56ace4b7788dd09db9be43b20897742c0d7478ef27b" + } + ] + }, + { + "bom-ref": "51a16dd2240268af", + "type": "file", + "name": "/usr/share/crypto-policies/FUTURE/openssl.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "7cd1bacf1c7e9378978c9258589dc0c9d17de607" + }, + { + "alg": "SHA-256", + "content": "37d50085b783cc65da67a6ead91da93a3dae6ac74d44004b5c6dc9ba41235496" + } + ] + }, + { + "bom-ref": "8e3c16288ba60b3a", + "type": "file", + "name": "/usr/share/crypto-policies/FUTURE/openssl_fips.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "cc622bfbd11b46609501b48c2c995748f5f050ef" + }, + { + "alg": "SHA-256", + "content": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + } + ] + }, + { + "bom-ref": "1044ecf2ad0ce2c4", + "type": "file", + "name": "/usr/share/crypto-policies/FUTURE/opensslcnf.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "8ee682d486edb1422bf8d4f2c7f870e61b19a41d" + }, + { + "alg": "SHA-256", + "content": "b8b47a18eaea88dac742a8834c0e5de7ea067974188aa796ee15099e3f216042" + } + ] + }, + { + "bom-ref": "e911694cbc73fcea", + "type": "file", + "name": "/usr/share/crypto-policies/FUTURE/rpm-sequoia.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "f12068092df36d310de8bd1308aedcf098b5f5da" + }, + { + "alg": "SHA-256", + "content": "abd2ec14c14a90c588d1180daafb98fc93537830da0eb87a8fd127e60a906f8b" + } + ] + }, + { + "bom-ref": "8bf3176e21b3abc5", + "type": "file", + "name": "/usr/share/crypto-policies/LEGACY/bind.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "c1d7811878d0056763d0d5c90dc9b7f407d84522" + }, + { + "alg": "SHA-256", + "content": "de64669cdf2f9b5074089e202ea7f0bc04c94087c1e7ee0c3eba753b8c89c692" + } + ] + }, + { + "bom-ref": "b0484622aa727260", + "type": "file", + "name": "/usr/share/crypto-policies/LEGACY/gnutls.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "39130d031006a095247af4e080708f079b5d865b" + }, + { + "alg": "SHA-256", + "content": "f1bce6a203cb2ec468342c6106f9c17db6569e19b85b6eabbcfe3b0cabb5053b" + } + ] + }, + { + "bom-ref": "d1f527359f518a57", + "type": "file", + "name": "/usr/share/crypto-policies/LEGACY/java.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "31540a551281834e6dfe9250e8d8e47dfac55666" + }, + { + "alg": "SHA-256", + "content": "3ebe7bb711949d996bd3470541c3e20a72fc9d5045a6854ef99d679d073a4c97" + } + ] + }, + { + "bom-ref": "869d689a25f2e1d8", + "type": "file", + "name": "/usr/share/crypto-policies/LEGACY/javasystem.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "4323cbb7ef0fe3ac978c43cda15d8d14f464150b" + }, + { + "alg": "SHA-256", + "content": "0ddb088db3d8d923e57dfe61dff5e3faadb41108c85b6eb1885b6a4838d382c3" + } + ] + }, + { + "bom-ref": "bb6f1a66cbc46ca9", + "type": "file", + "name": "/usr/share/crypto-policies/LEGACY/krb5.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "72ba20eb8d03021c3e265fab393b35d32a1b2a66" + }, + { + "alg": "SHA-256", + "content": "0c1e430ee375bf679019a42098629b7cccc6ca5a530479d787c5fde204da1cb7" + } + ] + }, + { + "bom-ref": "29b57084e873a85b", + "type": "file", + "name": "/usr/share/crypto-policies/LEGACY/libreswan.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "beb448d776d56b66f4f972ab0bda0b7797b7b7ae" + }, + { + "alg": "SHA-256", + "content": "ad8cfdb3cf11f8a18a8d66c5b243ac449587a735355ae1e346cf8d5aabd02ac4" + } + ] + }, + { + "bom-ref": "72c4214de7eaf7c3", + "type": "file", + "name": "/usr/share/crypto-policies/LEGACY/libssh.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "0e9e88e99ae6119d46bce76bf259b7ea68ac7191" + }, + { + "alg": "SHA-256", + "content": "9d0c42289b99760aa2079eb88be6b75fa5d5f346b6939ce4fd8cadc67cf04d9f" + } + ] + }, + { + "bom-ref": "72f663c04a0c56fc", + "type": "file", + "name": "/usr/share/crypto-policies/LEGACY/nss.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "c135b486fc928b8ff2533917f10bc3b79ae2e16e" + }, + { + "alg": "SHA-256", + "content": "2d8d23e37610b61a50e7557a4fdc86e3a4cf58599c3031e6590942eba0fe51c6" + } + ] + }, + { + "bom-ref": "b307e99b0bf1a901", + "type": "file", + "name": "/usr/share/crypto-policies/LEGACY/openssh.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "91e89d67bc23686d47b556a42db5454f53f3f068" + }, + { + "alg": "SHA-256", + "content": "9b1a630302e80162acf8e683ce6ff77262683d7e4a8d7a04553c8c38110d7ca7" + } + ] + }, + { + "bom-ref": "cfea9a73750a32b2", + "type": "file", + "name": "/usr/share/crypto-policies/LEGACY/opensshserver.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "6a01238d34b30151929f1c2929ccee78663853a6" + }, + { + "alg": "SHA-256", + "content": "2490d30ff79c21c5271d1a0845b95c56ebc29db351bce17468a0e114f9671a5e" + } + ] + }, + { + "bom-ref": "9197b3a790c9df93", + "type": "file", + "name": "/usr/share/crypto-policies/LEGACY/openssl.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "de48e374101ef029afd15af20331bc40a7db9b62" + }, + { + "alg": "SHA-256", + "content": "14c0ac8298081902c37730227e3385e5db9bdb414fc00469a5453d9d8edbcb89" + } + ] + }, + { + "bom-ref": "9672f29db1784412", + "type": "file", + "name": "/usr/share/crypto-policies/LEGACY/openssl_fips.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "cc622bfbd11b46609501b48c2c995748f5f050ef" + }, + { + "alg": "SHA-256", + "content": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + } + ] + }, + { + "bom-ref": "db84aa46836bf358", + "type": "file", + "name": "/usr/share/crypto-policies/LEGACY/opensslcnf.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "70af93215efde42382828e704f30f60120ec156a" + }, + { + "alg": "SHA-256", + "content": "dcb4cfdc6b5b7566f33964a8517b55aa03607ea0f985bdb9e8ec815dc740b76c" + } + ] + }, + { + "bom-ref": "053bcf254f43a96f", + "type": "file", + "name": "/usr/share/crypto-policies/LEGACY/rpm-sequoia.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "32efa04d4a9823c31ea308029087c33450eb5b38" + }, + { + "alg": "SHA-256", + "content": "94e0021e1dfb6a505ae320fd1a810d959f9a8196876112df0b8bd13d1819a6b1" + } + ] + }, + { + "bom-ref": "913208470fae46ec", + "type": "file", + "name": "/usr/share/crypto-policies/default-config", + "hashes": [ + { + "alg": "SHA-1", + "content": "856da16030f51b488d6c93cd20b8674b578d233a" + }, + { + "alg": "SHA-256", + "content": "2f6b44a5d39b9b62dfd5602a979abb7a6547e5662f7ae89934e53079b9bef24d" + } + ] + }, + { + "bom-ref": "b80049f0c6041e3f", + "type": "file", + "name": "/usr/share/crypto-policies/policies/DEFAULT.pol", + "hashes": [ + { + "alg": "SHA-1", + "content": "6ddfd7835c3fd297e3c123be014a6ecfde1e567f" + }, + { + "alg": "SHA-256", + "content": "6abb1869ab38cbfe389436d2c0edc135bff11eaa26d45f950676fcfa53e09501" + } + ] + }, + { + "bom-ref": "9133809489ed5bd0", + "type": "file", + "name": "/usr/share/crypto-policies/policies/EMPTY.pol", + "hashes": [ + { + "alg": "SHA-1", + "content": "11a373bb26f1088fab6c02691fcf455c91433d64" + }, + { + "alg": "SHA-256", + "content": "17348db5605b98f88f38704b2de8c0eb91a066be19c4c993d2ed0d8dbf411ddd" + } + ] + }, + { + "bom-ref": "90ab5cddee596df7", + "type": "file", + "name": "/usr/share/crypto-policies/policies/FIPS.pol", + "hashes": [ + { + "alg": "SHA-1", + "content": "237284c26a9b8fe12579dc0a2cbee68183801303" + }, + { + "alg": "SHA-256", + "content": "453ebba9bf853cc9351d8568bce931c594337a178f27978a80fba5cedac24f64" + } + ] + }, + { + "bom-ref": "a392553ad2d8f3f6", + "type": "file", + "name": "/usr/share/crypto-policies/policies/FUTURE.pol", + "hashes": [ + { + "alg": "SHA-1", + "content": "1b66f17a3efeb6c11975e182debdfdf35cf31c6d" + }, + { + "alg": "SHA-256", + "content": "84731b8aa062979ae374fe22a15beb2cbf2944d972d10bac119ce9627c6a69dc" + } + ] + }, + { + "bom-ref": "410c97f05ec8cc4e", + "type": "file", + "name": "/usr/share/crypto-policies/policies/LEGACY.pol", + "hashes": [ + { + "alg": "SHA-1", + "content": "303cc51b569f67ab45fe1f2fe7074b2c8829ecef" + }, + { + "alg": "SHA-256", + "content": "ed1cb209664939c3eec280015e9a322d59c0ae067f6a9514fb70f5bc19476b92" + } + ] + }, + { + "bom-ref": "888b6b58afbd2377", + "type": "file", + "name": "/usr/share/crypto-policies/policies/modules/AD-SUPPORT-LEGACY.pmod", + "hashes": [ + { + "alg": "SHA-1", + "content": "a7677874e757a5c9ea2f298c04e237358d0c2c28" + }, + { + "alg": "SHA-256", + "content": "edf8c78bdc5ee2c2b72d63d9c5f8ea662174400fc55b5f59d37b8fbcfb053092" + } + ] + }, + { + "bom-ref": "d876baa9427407a2", + "type": "file", + "name": "/usr/share/crypto-policies/policies/modules/AD-SUPPORT.pmod", + "hashes": [ + { + "alg": "SHA-1", + "content": "1b30ef4624e4d518222a086172bdcb6828214966" + }, + { + "alg": "SHA-256", + "content": "c101584cf373bd622b9060f30c0003d5d085273d628eb2ac64b53e4ef84da589" + } + ] + }, + { + "bom-ref": "5d0c649679feae87", + "type": "file", + "name": "/usr/share/crypto-policies/policies/modules/ECDHE-ONLY.pmod", + "hashes": [ + { + "alg": "SHA-1", + "content": "9362e76e330ccf7317cc06c23beae559962e45be" + }, + { + "alg": "SHA-256", + "content": "661c008361be79add5c086db6aed9e84f7c7b569057023cb548911bb0cec1ee0" + } + ] + }, + { + "bom-ref": "5903baac62ef6626", + "type": "file", + "name": "/usr/share/crypto-policies/policies/modules/NO-ENFORCE-EMS.pmod", + "hashes": [ + { + "alg": "SHA-1", + "content": "355dfb5e956ffcc098c3bbe10e6abd3ecd01ffe8" + }, + { + "alg": "SHA-256", + "content": "304f4728eb3a09a2ec15eedaeffd1ddad83f0afc3bce911538082e74a9e26776" + } + ] + }, + { + "bom-ref": "14f5ce0d98a90b87", + "type": "file", + "name": "/usr/share/crypto-policies/policies/modules/NO-SHA1.pmod", + "hashes": [ + { + "alg": "SHA-1", + "content": "3f272d4e7be4b45af30327905198e5da22bb2b4d" + }, + { + "alg": "SHA-256", + "content": "2c36639722c6bf74ff296a606d65fd806e54dd1a2af26871efd139efc208c588" + } + ] + }, + { + "bom-ref": "6e35e39585ba7d79", + "type": "file", + "name": "/usr/share/crypto-policies/policies/modules/OSPP.pmod", + "hashes": [ + { + "alg": "SHA-1", + "content": "f776e2b162bd4978450a8d26858173371b140a45" + }, + { + "alg": "SHA-256", + "content": "f642d2f8eb25c837335c3e634af670d9c56a27539797d072f751d30e70776569" + } + ] + }, + { + "bom-ref": "38ecd8c72b7eea92", + "type": "file", + "name": "/usr/share/crypto-policies/policies/modules/PQ.pmod", + "hashes": [ + { + "alg": "SHA-1", + "content": "a8281ec2917d520cb7d70b53adff21f6aef29a4a" + }, + { + "alg": "SHA-256", + "content": "a33e31d844a8b8ab138284609b6184a1110d017f61b9f681f8e73989f8a6096c" + } + ] + }, + { + "bom-ref": "5e724ac7dc6c5896", + "type": "file", + "name": "/usr/share/crypto-policies/policies/modules/SHA1.pmod", + "hashes": [ + { + "alg": "SHA-1", + "content": "64dad1fb09f3cd4dc67cd6151c933c499f9d0643" + }, + { + "alg": "SHA-256", + "content": "926673bbc7ee7b5c81945f10d103178a8cd5c4a309efbf898a7433e7a4ae49fd" + } + ] + }, + { + "bom-ref": "2db41ac88cdf8431", + "type": "file", + "name": "/usr/share/crypto-policies/reload-cmds.sh", + "hashes": [ + { + "alg": "SHA-1", + "content": "a8c2aa59a511c5073192253e154a743bd0ce7d80" + }, + { + "alg": "SHA-256", + "content": "69121b6719a4a96cb77bf2372cb58a389b08726e4448b1037b70ec9950af1048" + } + ] + }, + { + "bom-ref": "a2f54b1b196c86e0", + "type": "file", + "name": "/usr/share/doc/cyrus-sasl-lib/AUTHORS", + "hashes": [ + { + "alg": "SHA-1", + "content": "6abcb830b2a3083de47e32c6acfb6d0d175b3e26" + }, + { + "alg": "SHA-256", + "content": "4b5d24c7d184e16bddad18caf7860f62ffff62d74e07b279d5bcdaa9b18b730a" + } + ] + }, + { + "bom-ref": "3ba77e6bd881631f", + "type": "file", + "name": "/usr/share/doc/cyrus-sasl-lib/developer.html", + "hashes": [ + { + "alg": "SHA-1", + "content": "e8aed45c2da52231a7c6845eb51955fd328b7cb5" + }, + { + "alg": "SHA-256", + "content": "48a54e0f2da15462dfc331373dffae4f6657d578a5efb934d9764dbc5948c542" + } + ] + }, + { + "bom-ref": "636f619f9c1536be", + "type": "file", + "name": "/usr/share/doc/cyrus-sasl-lib/download.html", + "hashes": [ + { + "alg": "SHA-1", + "content": "5019a386935f6796301259d9e170a2342b2aee44" + }, + { + "alg": "SHA-256", + "content": "a5be4ab6e56563267cc4dd25e99bd1eeb88e55a953d04a03544803cb2ffdc9cf" + } + ] + }, + { + "bom-ref": "9e66ce4e0a6eb3cb", + "type": "file", + "name": "/usr/share/doc/cyrus-sasl-lib/genindex.html", + "hashes": [ + { + "alg": "SHA-1", + "content": "d7e7bb23d60da618f26648e9ea453b9234719dcf" + }, + { + "alg": "SHA-256", + "content": "eeb25bd49929d57a75e84f9c4c75f6fa51640627730f691141da8b09d181a7dd" + } + ] + }, + { + "bom-ref": "d92702dbbda7e1c4", + "type": "file", + "name": "/usr/share/doc/cyrus-sasl-lib/getsasl.html", + "hashes": [ + { + "alg": "SHA-1", + "content": "7445a2e70d7b3edba1972838eddcad6fa151f9a2" + }, + { + "alg": "SHA-256", + "content": "3c4eb23173434a69427ede084884d26089d805d56119aadae336bb97872cf45c" + } + ] + }, + { + "bom-ref": "b50526e63108f8d2", + "type": "file", + "name": "/usr/share/doc/cyrus-sasl-lib/index.html", + "hashes": [ + { + "alg": "SHA-1", + "content": "08c41ec9f5d0cdadd0b2d4a97191c589966c84a9" + }, + { + "alg": "SHA-256", + "content": "7013183e505fee223d6eee95ee75d8675d367e60b65f71bf4dcdd33232afe9fa" + } + ] + }, + { + "bom-ref": "e5fec12d1cea722f", + "type": "file", + "name": "/usr/share/doc/cyrus-sasl-lib/operations.html", + "hashes": [ + { + "alg": "SHA-1", + "content": "c1b60e44a0a224691e79be31e69d430252fcb086" + }, + { + "alg": "SHA-256", + "content": "087f6f07ec6b8dd36e98840d961ceff3f9c0c4816a35ee31b8109f981c66a53d" + } + ] + }, + { + "bom-ref": "c2da83b6c923127b", + "type": "file", + "name": "/usr/share/doc/cyrus-sasl-lib/packager.html", + "hashes": [ + { + "alg": "SHA-1", + "content": "88da744c8a62476bbf99c530ffe6dce7ba60443c" + }, + { + "alg": "SHA-256", + "content": "8eaa2b504007fce395ae3cd9f6d3e5e5f732e6c58b761c85d43db434ea25236b" + } + ] + }, + { + "bom-ref": "479cbc92a7a36509", + "type": "file", + "name": "/usr/share/doc/cyrus-sasl-lib/search.html", + "hashes": [ + { + "alg": "SHA-1", + "content": "90196c41de1a7de3c26d0209429d821c7ebaabe5" + }, + { + "alg": "SHA-256", + "content": "001df4ff29c794af8c409e16fa2ddc195cce1247474dd701eb530c0187a58476" + } + ] + }, + { + "bom-ref": "14a117e88aabf24b", + "type": "file", + "name": "/usr/share/doc/cyrus-sasl-lib/setup.html", + "hashes": [ + { + "alg": "SHA-1", + "content": "5be0a629828746c9baef4aaf7b54a3e8378ad5dd" + }, + { + "alg": "SHA-256", + "content": "0c2a3935f247f3b31c8c666f6b27a62b8b49e211bad56f48b54e06ce621773c8" + } + ] + }, + { + "bom-ref": "348d1f812826c9f4", + "type": "file", + "name": "/usr/share/doc/cyrus-sasl-lib/support.html", + "hashes": [ + { + "alg": "SHA-1", + "content": "81d7dd17ec92c63555ce4696828571cce1710618" + }, + { + "alg": "SHA-256", + "content": "ae3c8fa1e231022f55cd93f11007725d896c0682aeaecee6586f0535e80d8625" + } + ] + }, + { + "bom-ref": "f2a10369c567f48e", + "type": "file", + "name": "/usr/share/doc/dnf/AUTHORS", + "hashes": [ + { + "alg": "SHA-1", + "content": "562a628ffa7f5c29af93854c74b19c9e0680aa46" + }, + { + "alg": "SHA-256", + "content": "5db00f039c2585bde1ff9d1aeb6f8a34d15a0977757a634886f07a3825a0c785" + } + ] + }, + { + "bom-ref": "e45b53ec2f0ac0a0", + "type": "file", + "name": "/usr/share/doc/dnf/README.rst", + "hashes": [ + { + "alg": "SHA-1", + "content": "c008c0a210b781f0fc1a11e790b4ebb5771b15b3" + }, + { + "alg": "SHA-256", + "content": "5f8f14bf713fb23e2a644902b815db6204d71e63bdcfac50703242f834a02119" + } + ] + }, + { + "bom-ref": "2b831b50af534f2b", + "type": "file", + "name": "/usr/share/doc/findutils/AUTHORS", + "hashes": [ + { + "alg": "SHA-1", + "content": "7ea9914f4209e103b0bd1ecf5ad0ba69fe20ece8" + }, + { + "alg": "SHA-256", + "content": "a406e80dc71aabaf208eaf4f8514ff99c296bb07e28cffa426c0f71eaf5c09f7" + } + ] + }, + { + "bom-ref": "c29277a285f11a54", + "type": "file", + "name": "/usr/share/doc/findutils/NEWS", + "hashes": [ + { + "alg": "SHA-1", + "content": "80742e9e29deea23b382ec1fcf8a4853750bda64" + }, + { + "alg": "SHA-256", + "content": "c48bc9776cf09d9c71244d741f5938b578b83ee68800ef786c7f3575266a46cc" + } + ] + }, + { + "bom-ref": "a2321d70af729a09", + "type": "file", + "name": "/usr/share/doc/findutils/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "36813ee3b13390b210c05c4acdb11db721101bbc" + }, + { + "alg": "SHA-256", + "content": "9e69d7c33f690071c03fd778e60bbc8dfce80efee098b81c79b3d3018303ffd2" + } + ] + }, + { + "bom-ref": "a222427dafd590d6", + "type": "file", + "name": "/usr/share/doc/findutils/THANKS", + "hashes": [ + { + "alg": "SHA-1", + "content": "2a38c0a3e07ef3a20d82b16eb8d59f051e99f427" + }, + { + "alg": "SHA-256", + "content": "9b1acdf8723ab6183c0f191b4e5076c0a6daf88e80136ac05197369041a96616" + } + ] + }, + { + "bom-ref": "7e256dc3c07e3bbf", + "type": "file", + "name": "/usr/share/doc/findutils/TODO", + "hashes": [ + { + "alg": "SHA-1", + "content": "a50629512060bae5e4f384ab80baf92f6e6d88ce" + }, + { + "alg": "SHA-256", + "content": "4ecd8ead14e114067b4edb4c3279dc81c2383e2491f91bb12d8ca377878496d2" + } + ] + }, + { + "bom-ref": "b92d7f889edab03c", + "type": "file", + "name": "/usr/share/doc/glib2/AUTHORS", + "hashes": [ + { + "alg": "SHA-1", + "content": "d33d419446f08f11602192b63a5669123206fedb" + }, + { + "alg": "SHA-256", + "content": "52ca4a84d8dc412ead87bc3223c2ec2ac819938337cabecb2bd1994e979d1171" + } + ] + }, + { + "bom-ref": "09b75c7c7656032e", + "type": "file", + "name": "/usr/share/doc/glib2/NEWS", + "hashes": [ + { + "alg": "SHA-1", + "content": "f39d69a01132975efdeb83b97ec5d3236bf907d2" + }, + { + "alg": "SHA-256", + "content": "d9d372c412fac473f5ae7cbb9ccf0f535c203dba5a54d3d49a24c17f66e2fe45" + } + ] + }, + { + "bom-ref": "832a99d51bcc976c", + "type": "file", + "name": "/usr/share/doc/glib2/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "75216795763abba850397d42a95c8059cc62b42d" + }, + { + "alg": "SHA-256", + "content": "3debe734c777df09c3c762cadd0fea1bebdb857c55243d605dc5b09211895bf3" + } + ] + }, + { + "bom-ref": "09778ad4d5c0d6cc", + "type": "file", + "name": "/usr/share/doc/gnutls/AUTHORS", + "hashes": [ + { + "alg": "SHA-1", + "content": "c9ad6f40606f8bc589be4b8e5fca174e0b71e2cd" + }, + { + "alg": "SHA-256", + "content": "a13baf7a36ec910b8c5b752c475aa8e1c0e24a60fd08bdae8506c9cdb53711b1" + } + ] + }, + { + "bom-ref": "72fed51334ae231b", + "type": "file", + "name": "/usr/share/doc/gnutls/NEWS", + "hashes": [ + { + "alg": "SHA-1", + "content": "3321bdd18d25f24c6ef468c2e6834b2af6ac05d7" + }, + { + "alg": "SHA-256", + "content": "f1c48c1f0587d909d08764fc379dcc647935680297a293ba000606811a7a5209" + } + ] + }, + { + "bom-ref": "58756d9f36396527", + "type": "file", + "name": "/usr/share/doc/gnutls/README.md", + "hashes": [ + { + "alg": "SHA-1", + "content": "f49f88f544dac452f0e8fb3b11ca32fea1eb14ef" + }, + { + "alg": "SHA-256", + "content": "b5bc4c00d2004fd1088ab3f1523576a32c3dcf6612f5ab485479e37f89756e91" + } + ] + }, + { + "bom-ref": "a04110cf28fb5340", + "type": "file", + "name": "/usr/share/doc/gnutls/THANKS", + "hashes": [ + { + "alg": "SHA-1", + "content": "0484d82a5b452924b5f5c8c867896091a123b272" + }, + { + "alg": "SHA-256", + "content": "0795315b015c1b92beab235ce9b843e8bae9d89f47a599e5bed8fd578f35a8e3" + } + ] + }, + { + "bom-ref": "a123f7eee70c72eb", + "type": "file", + "name": "/usr/share/doc/krb5-libs/NOTICE", + "hashes": [ + { + "alg": "SHA-1", + "content": "63254f2d180b67ee59eeaf23bbe986c939888482" + }, + { + "alg": "SHA-256", + "content": "0d5373486138cb176c063db98274b4c4ab6ef3518c4191360736384b780306c2" + } + ] + }, + { + "bom-ref": "bfcafeb6183520a2", + "type": "file", + "name": "/usr/share/doc/krb5-libs/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "d4b6ebeedbc90de39434a56323a90fec6ecb5558" + }, + { + "alg": "SHA-256", + "content": "8f61caf687d0ec6fa67fe96187f581fd80bf71faf1463929d0017faa5d29f1cc" + } + ] + }, + { + "bom-ref": "f244dcf2fc44b61b", + "type": "file", + "name": "/usr/share/doc/libarchive/NEWS", + "hashes": [ + { + "alg": "SHA-1", + "content": "cfccfe9002fcbeb8d5504a92c0bd040812bd9d69" + }, + { + "alg": "SHA-256", + "content": "a2b619bb37a6bdc592c11974f4924677612195c6da72132081f24cb73e13ffaf" + } + ] + }, + { + "bom-ref": "d445ce13fbbc3dfd", + "type": "file", + "name": "/usr/share/doc/libarchive/README.md", + "hashes": [ + { + "alg": "SHA-1", + "content": "b3d673c8e1937e93a63bfc029ccd55573326f44d" + }, + { + "alg": "SHA-256", + "content": "8ea8f1b994736b8319f72d290ea18edee9da1ec8095c42cc44292ce961965fe4" + } + ] + }, + { + "bom-ref": "6c3fe7be3bf29827", + "type": "file", + "name": "/usr/share/doc/libblkid/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "93e45afdb0d7c3fdd6dfcc951b8a3421660f2811" + }, + { + "alg": "SHA-256", + "content": "f03b01c1251bc3bfee959aea99ed7906a0b08a2ff132d55a1ece18ee573a52a1" + } + ] + }, + { + "bom-ref": "0f0ce024c81213be", + "type": "file", + "name": "/usr/share/doc/libcap/capability.notes", + "hashes": [ + { + "alg": "SHA-1", + "content": "dfc01dec23013354ea56dff88baa0254c0d87f07" + }, + { + "alg": "SHA-256", + "content": "1da6f6022ce14b9877f4f5929aafa5d4f1cb88b8a87e5c3eeb3d6f0371a7beb9" + } + ] + }, + { + "bom-ref": "5cf0045bda65895b", + "type": "file", + "name": "/usr/share/doc/libdnf/AUTHORS", + "hashes": [ + { + "alg": "SHA-1", + "content": "eef667365b106e5e2bf0737e1df3e735af221ee9" + }, + { + "alg": "SHA-256", + "content": "31d97c50072e6fa08fbfd81d27f7a4640be7b69ba11f74d6497e2d2b47ab2efb" + } + ] + }, + { + "bom-ref": "2f93b603c0f10ccc", + "type": "file", + "name": "/usr/share/doc/libdnf/README.md", + "hashes": [ + { + "alg": "SHA-1", + "content": "e9af3d04907fccb5fd3fa22df3a6a8c0fb70badd" + }, + { + "alg": "SHA-256", + "content": "568c897e8db9ba48829b56c74ec080a43a67a9000b8c604df98c98bfb9fd4388" + } + ] + }, + { + "bom-ref": "e47abad8b54b40c6", + "type": "file", + "name": "/usr/share/doc/librepo/README.md", + "hashes": [ + { + "alg": "SHA-1", + "content": "cbeab662650a5dc943d40b929d77d0ae0e8c5a67" + }, + { + "alg": "SHA-256", + "content": "126179a488975283a8ce48cd771b2816ada6771ac9f7b853ceb09fd31665e2b9" + } + ] + }, + { + "bom-ref": "8b10aaeddcc8bbd0", + "type": "file", + "name": "/usr/share/doc/libtasn1/AUTHORS", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f8a0b66fa3f77b4490d1c19b49629b6659046f4" + }, + { + "alg": "SHA-256", + "content": "949894e3b1d3952cbe5e2b16fcdcd2192d967e5da20d1f71bd8f434f6ccec2b1" + } + ] + }, + { + "bom-ref": "a2c8b5224135e21a", + "type": "file", + "name": "/usr/share/doc/libtasn1/NEWS", + "hashes": [ + { + "alg": "SHA-1", + "content": "d558a897bc83547a1d96b24577f75bb36de7a1cc" + }, + { + "alg": "SHA-256", + "content": "cd659d7c4dab21bbaecb9aa4c2908018a30b88e33b3bcc556484b177c2a78341" + } + ] + }, + { + "bom-ref": "e96158079ca16b1c", + "type": "file", + "name": "/usr/share/doc/libtasn1/README.md", + "hashes": [ + { + "alg": "SHA-1", + "content": "cddb140f1be1a540af4f251ee4c4974e136811d6" + }, + { + "alg": "SHA-256", + "content": "48572667217bbe68ab05d2188c09e45e569c04d3d16a0db4bddb42dcb1ae349b" + } + ] + }, + { + "bom-ref": "26101b2a73c22813", + "type": "file", + "name": "/usr/share/doc/libxml2/NEWS", + "hashes": [ + { + "alg": "SHA-1", + "content": "bc4da39c644ea8ea254aa2cae1038bd144361e54" + }, + { + "alg": "SHA-256", + "content": "847ddd05b336af3cb92cd69e855383c2f3b1cc5c0707afa5b081c50529a70671" + } + ] + }, + { + "bom-ref": "5600ce50a10eb4d4", + "type": "file", + "name": "/usr/share/doc/libxml2/README.md", + "hashes": [ + { + "alg": "SHA-1", + "content": "4d0879ad47deab4a30887505ee1afe6e755489fa" + }, + { + "alg": "SHA-256", + "content": "163a54f9593b6a7ef39caca031a9b9899dd60b3bb943527e71d699fabf5564ea" + } + ] + }, + { + "bom-ref": "518d26076223bf16", + "type": "file", + "name": "/usr/share/doc/libxml2/TODO", + "hashes": [ + { + "alg": "SHA-1", + "content": "be6d5916d015d930331e4a8102db4f899896fae5" + }, + { + "alg": "SHA-256", + "content": "8cbe077cd85d513ca3f3a8a51c3ccae43f6485b043aa1253954d0bddf5f9c817" + } + ] + }, + { + "bom-ref": "ab815bf6c0edffd2", + "type": "file", + "name": "/usr/share/doc/ncurses-base/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "6c124560cd62bdb59839d2219e1bbd33fcee7aa4" + }, + { + "alg": "SHA-256", + "content": "07794ece2a1bbeb5f3760c201700436d9d88f77e902dc809dc44474345d7bfcb" + } + ] + }, + { + "bom-ref": "d8440719a2647712", + "type": "file", + "name": "/usr/share/doc/nettle/AUTHORS", + "hashes": [ + { + "alg": "SHA-1", + "content": "04fbd8d41d82f816099fdc8fa79becada57c46bb" + }, + { + "alg": "SHA-256", + "content": "6fd91e60caa0c33dd22888b710fcfa36532bbbef00d85c78de385dcd97f7b9ee" + } + ] + }, + { + "bom-ref": "b38fb49ec7a7ad9a", + "type": "file", + "name": "/usr/share/doc/nettle/NEWS", + "hashes": [ + { + "alg": "SHA-1", + "content": "0404f925c3cf59613eccde257ef0a65ff8fed984" + }, + { + "alg": "SHA-256", + "content": "a903faa402c389ef025f85eefbd860abca64fbe78d12b3a25a38e2aed351ca2b" + } + ] + }, + { + "bom-ref": "80154d44abd9a5df", + "type": "file", + "name": "/usr/share/doc/nettle/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "354c1f9b4cf4cf475d01c01f10abaf7febe856de" + }, + { + "alg": "SHA-256", + "content": "02cb98d7b68bd895fe26752c5f10d7eb23623dff90238998e019c26994c6739b" + } + ] + }, + { + "bom-ref": "06ddd2c5ab1466d1", + "type": "file", + "name": "/usr/share/doc/openldap/ANNOUNCEMENT", + "hashes": [ + { + "alg": "SHA-1", + "content": "9c3f398729454628f2aa452e96be92be21ad9c7d" + }, + { + "alg": "SHA-256", + "content": "bab2a80eab7ad580f678d677fb9a6ef2aa8608af0dda0c0b360a4ed288cbb10d" + } + ] + }, + { + "bom-ref": "e3c8722270703b1f", + "type": "file", + "name": "/usr/share/doc/openldap/CHANGES", + "hashes": [ + { + "alg": "SHA-1", + "content": "05c4a531a01be3039c428ac36d3b50bfb2fae92d" + }, + { + "alg": "SHA-256", + "content": "8266a11815b7f36f069fc10e31e40adeb6c11c48167c3b09c453931bf290c206" + } + ] + }, + { + "bom-ref": "af87b9e7aabb7c0d", + "type": "file", + "name": "/usr/share/doc/openldap/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "528c1f6f9eaf19b83dbf9fbc8eb666fc3fe4291e" + }, + { + "alg": "SHA-256", + "content": "5bf8efa8807f8d11f2040fda7d691e175494364b865bd31ef264d5cf05d64616" + } + ] + }, + { + "bom-ref": "a38d4d64727600bf", + "type": "file", + "name": "/usr/share/doc/openssl-fips-provider/README.md", + "hashes": [ + { + "alg": "SHA-1", + "content": "3fffa80240ed8b796e9156fac6ab1b934d91aca5" + }, + { + "alg": "SHA-256", + "content": "752bf68e811026a9249b09b74c1fd1286d589c0a197d74281467e6696350a65d" + } + ] + }, + { + "bom-ref": "966b775465888454", + "type": "file", + "name": "/usr/share/doc/openssl/NEWS.md", + "hashes": [ + { + "alg": "SHA-1", + "content": "9394286c79376d10c0e6f044591f08038324cc0f" + }, + { + "alg": "SHA-256", + "content": "2fba7a5c465ae545e821fd2db834e7b2de003f92efc906c565e0a5951f54a528" + } + ] + }, + { + "bom-ref": "2dda2c3f18ee55a7", + "type": "file", + "name": "/usr/share/doc/openssl/README.md", + "hashes": [ + { + "alg": "SHA-1", + "content": "3616dd742d101c0f16616f2008d6a8522b186677" + }, + { + "alg": "SHA-256", + "content": "2bfd51ec120e0795439788274b5f447bb8559818fc4927e4712e73ac54c01c3f" + } + ] + }, + { + "bom-ref": "2d96fcb60e6d6812", + "type": "file", + "name": "/usr/share/doc/redhat-release/GPL", + "hashes": [ + { + "alg": "SHA-1", + "content": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "alg": "SHA-256", + "content": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "bom-ref": "ecc1c4f163b4ad49", + "type": "file", + "name": "/usr/share/doc/redhat-release/GPL-source-offer", + "hashes": [ + { + "alg": "SHA-1", + "content": "f87e1e4eaa28bc4b242269c832c1e45f65f954d1" + }, + { + "alg": "SHA-256", + "content": "025c99694c7fa9dd8a6a9cc0d450dbd36427cdff856771499718a421ab217482" + } + ] + }, + { + "bom-ref": "7e9fece2ad52f597", + "type": "file", + "name": "/usr/share/doc/rpm/CREDITS", + "hashes": [ + { + "alg": "SHA-1", + "content": "0363cf8a78176f5806241ea47cbff8bab6b929ee" + }, + { + "alg": "SHA-256", + "content": "eca98e23b93ba154007bc76bb763d52167255a5def83715727946e2b14bc847d" + } + ] + }, + { + "bom-ref": "ba367ba1a6a17446", + "type": "file", + "name": "/usr/share/doc/rpm/builddependencies", + "hashes": [ + { + "alg": "SHA-1", + "content": "a83b0fd6b0bc12a6225678d72a75fa97844f0e0f" + }, + { + "alg": "SHA-256", + "content": "1580050367dd281a03cb5d5e8692349829f1b21e48ebb328cbacf7e7e09d04ad" + } + ] + }, + { + "bom-ref": "70e0901d857c8852", + "type": "file", + "name": "/usr/share/doc/rpm/buildroot", + "hashes": [ + { + "alg": "SHA-1", + "content": "850853187ebb434876fd72acc7486c8191d52d41" + }, + { + "alg": "SHA-256", + "content": "7eac4a3d80abb2c002735348520f939cb43d21e73d3f52990baf3ba925b40d10" + } + ] + }, + { + "bom-ref": "84af44f4271d45ac", + "type": "file", + "name": "/usr/share/doc/rpm/conditionalbuilds", + "hashes": [ + { + "alg": "SHA-1", + "content": "4c0ba174d1d68dbc61743088e883c5e177d78241" + }, + { + "alg": "SHA-256", + "content": "70a9517d270bcfd399cd7927aa18d659e0c63395b7d8fa11560ed71b549340a2" + } + ] + }, + { + "bom-ref": "618be8f32a42d98b", + "type": "file", + "name": "/usr/share/doc/rpm/dependencies", + "hashes": [ + { + "alg": "SHA-1", + "content": "83e48f7e8f9d39afc364a2d69655a8d52b7f9a63" + }, + { + "alg": "SHA-256", + "content": "397c40977dcd4655cb76ce9847a1968c0de37d3f351b722fb05376969a8dbee2" + } + ] + }, + { + "bom-ref": "77d382b59680ea33", + "type": "file", + "name": "/usr/share/doc/rpm/format", + "hashes": [ + { + "alg": "SHA-1", + "content": "dec1af8f706736d4201f3c658c6bf7e0abb8bdb0" + }, + { + "alg": "SHA-256", + "content": "546660743edaa82c31176c705c6452ce0e4600ec1e5a77def2bc1c8c3ea86b8c" + } + ] + }, + { + "bom-ref": "ad0dd43970cd551f", + "type": "file", + "name": "/usr/share/doc/rpm/hregions", + "hashes": [ + { + "alg": "SHA-1", + "content": "bcfc6bea245367a4bd56560b426f27305a259ad0" + }, + { + "alg": "SHA-256", + "content": "013a188ee9adf79a94b8961e4342d6994ee0866f12cea3f6579dcd51eda0d796" + } + ] + }, + { + "bom-ref": "35b8382e49af6760", + "type": "file", + "name": "/usr/share/doc/rpm/macros", + "hashes": [ + { + "alg": "SHA-1", + "content": "ef045e38bc1a6a88ae87ef9f40f1801e8ac945e6" + }, + { + "alg": "SHA-256", + "content": "960b85cc1ab24fe12ba69e0ffea91ada56b1afc67d6e20bb48903bab4961133d" + } + ] + }, + { + "bom-ref": "c72cc34a7734b8ad", + "type": "file", + "name": "/usr/share/doc/rpm/multiplebuilds", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa9822ea70b4e8691511d07018a56b9c554cbb1c" + }, + { + "alg": "SHA-256", + "content": "59e84e15d9af66ed7b693b7c200aa48328bd24d18c9ce53f4c2a36bcefe65a31" + } + ] + }, + { + "bom-ref": "29f580ed6ad02546", + "type": "file", + "name": "/usr/share/doc/rpm/queryformat", + "hashes": [ + { + "alg": "SHA-1", + "content": "a7e1514a93a90f8ba9b80260df999e9c173b8ef8" + }, + { + "alg": "SHA-256", + "content": "ecaaa58e3a380e4def9c2e4bcb315810209a802027fe1b4a7bf2a01f44bc5e3d" + } + ] + }, + { + "bom-ref": "9c61ea48cb83168a", + "type": "file", + "name": "/usr/share/doc/rpm/relocatable", + "hashes": [ + { + "alg": "SHA-1", + "content": "80e0019c56778d0ebde9dccc3245f7616efd4632" + }, + { + "alg": "SHA-256", + "content": "3a41eeced53b1c6d1ffcb8df980d98f6b53c8f79cf0b3d78eea66ce058bd817d" + } + ] + }, + { + "bom-ref": "8ea6468decc16ca3", + "type": "file", + "name": "/usr/share/doc/rpm/signatures", + "hashes": [ + { + "alg": "SHA-1", + "content": "ca9beae334fc974b6a8dfc933ae415d112cead7b" + }, + { + "alg": "SHA-256", + "content": "e52f26d6b1474b405e410e0d348b45509aee6168eaae06643ce1298d41a69ed9" + } + ] + }, + { + "bom-ref": "55e972a9bd3adf7d", + "type": "file", + "name": "/usr/share/doc/rpm/spec", + "hashes": [ + { + "alg": "SHA-1", + "content": "875b6552d0b4c7090981097264b8471d07e5b0bf" + }, + { + "alg": "SHA-256", + "content": "02fc972cb34963139c4363ac279905ec6428cbba7e0f4d799c7fc3015fcf1aa8" + } + ] + }, + { + "bom-ref": "fd26c3eb3403b2b5", + "type": "file", + "name": "/usr/share/doc/rpm/triggers", + "hashes": [ + { + "alg": "SHA-1", + "content": "7d5bac560078ef15d295c7a6c58f876fb98ab3e5" + }, + { + "alg": "SHA-256", + "content": "ac2f2772cf98b150a0c9779d2dae3c6c213c98d85f9c037527c35db57345b906" + } + ] + }, + { + "bom-ref": "c15c94c1738fbcb5", + "type": "file", + "name": "/usr/share/doc/rpm/tsort", + "hashes": [ + { + "alg": "SHA-1", + "content": "aed363515bef72c6c0a4b3430e400da3557f28d0" + }, + { + "alg": "SHA-256", + "content": "533567bdebec1ed11887dc9041d68402a67497d19a3d124a090093ca5bfeb96f" + } + ] + }, + { + "bom-ref": "819bee19751e8fbd", + "type": "file", + "name": "/usr/share/doc/shadow-utils/HOWTO", + "hashes": [ + { + "alg": "SHA-1", + "content": "589aba60d5393dcde61320a5db15ae4bcbaa94fd" + }, + { + "alg": "SHA-256", + "content": "9786629ea4c20733b576cac0f09a342ff2d971c74abc1c571f9eb1c1ef53219e" + } + ] + }, + { + "bom-ref": "acd3a81b3ac2b9e0", + "type": "file", + "name": "/usr/share/doc/shadow-utils/NEWS", + "hashes": [ + { + "alg": "SHA-1", + "content": "62ad7fa054bdb86fa799cfaad74bacfa53d7133d" + }, + { + "alg": "SHA-256", + "content": "b9de8dcd827a89d0eaeaec17ac4a319160dde1dbde618f41bc6ce3a6e877525d" + } + ] + }, + { + "bom-ref": "27ac861c1eb25c36", + "type": "file", + "name": "/usr/share/doc/shadow-utils/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "7e0679a986338cd29afd8dce0d95822c49aeb848" + }, + { + "alg": "SHA-256", + "content": "fda044b9c99d2ad2748248f93562138ff0a3582ed1ac300ff5befda04eb0b40a" + } + ] + }, + { + "bom-ref": "d50f1628fdf00808", + "type": "file", + "name": "/usr/share/doc/sqlite-libs/README.md", + "hashes": [ + { + "alg": "SHA-1", + "content": "4df383f341bcdd29371bbbd9a5b1ada698976aa7" + }, + { + "alg": "SHA-256", + "content": "8f065f666e82710b9f5dcfc74a6dc04e359a1883c655647e2d97882e1ca42787" + } + ] + }, + { + "bom-ref": "d582b81e5c24dbe2", + "type": "file", + "name": "/usr/share/doc/tzdata/NEWS", + "hashes": [ + { + "alg": "SHA-1", + "content": "24d6743ce536c5270aa5cbe9069bde58ee62a417" + }, + { + "alg": "SHA-256", + "content": "6786fdd586c42d9dc9e6cf0c977430753c6c4f3b2b9716c8cd12dbbe69a00243" + } + ] + }, + { + "bom-ref": "b491273c5071c377", + "type": "file", + "name": "/usr/share/doc/tzdata/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "b612ab352fcb6ac4bb8a4905a1fe342e2d317392" + }, + { + "alg": "SHA-256", + "content": "f6d96b82996a6ccac80027816704183c63a754d5b1eb2e7b25858e32164e2707" + } + ] + }, + { + "bom-ref": "0687579881861600", + "type": "file", + "name": "/usr/share/doc/tzdata/theory.html", + "hashes": [ + { + "alg": "SHA-1", + "content": "7e13674e161d07553138c3a4db8c0ce7e2228a71" + }, + { + "alg": "SHA-256", + "content": "6595250beade4e03269711bff79b07f0bbd00ee93c54fb1931b576786d49ab9b" + } + ] + }, + { + "bom-ref": "b1d2358a79ff3e1f", + "type": "file", + "name": "/usr/share/doc/tzdata/tz-art.html", + "hashes": [ + { + "alg": "SHA-1", + "content": "ceb98b07fd544a34453b9b725c4c4227540f294f" + }, + { + "alg": "SHA-256", + "content": "0665b9189cf5f6fb2e912c01da70a5ce5543d2f439e8d5be8b1185cea7ea0679" + } + ] + }, + { + "bom-ref": "d31a81ab8db21c1e", + "type": "file", + "name": "/usr/share/doc/tzdata/tz-link.html", + "hashes": [ + { + "alg": "SHA-1", + "content": "de87135861365dc299b0db394b61aae83f79dc30" + }, + { + "alg": "SHA-256", + "content": "f1f9ab582449226111e7eef271a71f25875383c4c236f4531941c69faaab5db3" + } + ] + }, + { + "bom-ref": "0fe68e1bb714f0e3", + "type": "file", + "name": "/usr/share/gcc-11/python/libstdcxx/__init__.py", + "hashes": [ + { + "alg": "SHA-1", + "content": "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc" + }, + { + "alg": "SHA-256", + "content": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b" + } + ] + }, + { + "bom-ref": "6f49fe62ba8d300d", + "type": "file", + "name": "/usr/share/gcc-11/python/libstdcxx/__pycache__/__init__.cpython-39.opt-1.pyc", + "hashes": [ + { + "alg": "SHA-1", + "content": "e8e84aed632789e7fd868906a645cffc41df1ebb" + }, + { + "alg": "SHA-256", + "content": "0b55ea2691d26305fe18eeb3ce8f454b429400c73d236730a3f882448e9b84c0" + } + ] + }, + { + "bom-ref": "37aa0a1b0543f751", + "type": "file", + "name": "/usr/share/gcc-11/python/libstdcxx/v6/__init__.py", + "hashes": [ + { + "alg": "SHA-1", + "content": "a62f9ccb97c2ac61c72380221a40d1b3a01d0340" + }, + { + "alg": "SHA-256", + "content": "2cafc1b79bcd4efab8233623bd93c7e1e1a6c29fcf80d5b7787ea9dbfe80dcda" + } + ] + }, + { + "bom-ref": "24b3a3f969bb4ffc", + "type": "file", + "name": "/usr/share/gcc-11/python/libstdcxx/v6/__pycache__/__init__.cpython-39.opt-1.pyc", + "hashes": [ + { + "alg": "SHA-1", + "content": "3ae2e88eb4bc53274c9f0c31876f5da19938d979" + }, + { + "alg": "SHA-256", + "content": "84280c44fc615f742d769887602e8fac7ef4214d914fa7de04d333af7dc3a2c9" + } + ] + }, + { + "bom-ref": "395fbd00f29f7d3c", + "type": "file", + "name": "/usr/share/gcc-11/python/libstdcxx/v6/__pycache__/printers.cpython-39.opt-1.pyc", + "hashes": [ + { + "alg": "SHA-1", + "content": "914ba69bda04369538ae67043b436da396e745dc" + }, + { + "alg": "SHA-256", + "content": "f86431757b85d352cf151ee3561cc0a709041919b5dd59f34f32be4a58632199" + } + ] + }, + { + "bom-ref": "f8f393ad0c1f8e18", + "type": "file", + "name": "/usr/share/gcc-11/python/libstdcxx/v6/__pycache__/xmethods.cpython-39.opt-1.pyc", + "hashes": [ + { + "alg": "SHA-1", + "content": "3218228bf5b5ff3b9c72e8fc211d4e16d4d20793" + }, + { + "alg": "SHA-256", + "content": "fb597ed2c0c3453940eef336e47afbc92e7f13f3287ad1a9bdcc91d090631128" + } + ] + }, + { + "bom-ref": "b17c36bfeff5fe18", + "type": "file", + "name": "/usr/share/gcc-11/python/libstdcxx/v6/printers.py", + "hashes": [ + { + "alg": "SHA-1", + "content": "127bd38eba6a5dcfb7ca5aaaeb9b2f899681a636" + }, + { + "alg": "SHA-256", + "content": "26feccb2e10bea3e4cf01462ce1801eded90e3b0ab478f33aceea55acfe5cda3" + } + ] + }, + { + "bom-ref": "9a675f46f0e5bbd6", + "type": "file", + "name": "/usr/share/gcc-11/python/libstdcxx/v6/xmethods.py", + "hashes": [ + { + "alg": "SHA-1", + "content": "833b7659fa74e94ecae9b89ab276a9adfd33dfbb" + }, + { + "alg": "SHA-256", + "content": "ac13a5d60975756f3a6827e5c97521079b482114346c34b58ffd2d25e38762eb" + } + ] + }, + { + "bom-ref": "7048897fa7034e19", + "type": "file", + "name": "/usr/share/gdb/auto-load/usr/lib64/__pycache__/libstdc++.so.6.0.29-gdb.cpython-39.opt-1.pyc", + "hashes": [ + { + "alg": "SHA-1", + "content": "0060f9b71291b6433fc7d97ff53150aaf988d256" + }, + { + "alg": "SHA-256", + "content": "40044a0eba476cb704f1c8ac09916d222ab5b8b0f3ccf34d0907fc1f912ecfa5" + } + ] + }, + { + "bom-ref": "23259e543780ca49", + "type": "file", + "name": "/usr/share/gdb/auto-load/usr/lib64/libstdc++.so.6.0.29-gdb.py", + "hashes": [ + { + "alg": "SHA-1", + "content": "2be19761420d637dd33273c38510c33de17eee09" + }, + { + "alg": "SHA-256", + "content": "930bba9ae3997868e991cab461ce9b9684c137eace1b5f2dbd957e03429105c5" + } + ] + }, + { + "bom-ref": "8666c08c86669390", + "type": "file", + "name": "/usr/share/info/find-maint.info.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "9817b738dfbec3d596b9983610a14f451a867b23" + }, + { + "alg": "SHA-256", + "content": "8dc95e254c6738d503cf1f0c3fab56487abd49f698a2e5162ed3bba96ae68df7" + } + ] + }, + { + "bom-ref": "6bec087ae55f3170", + "type": "file", + "name": "/usr/share/info/find.info-1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "bb300f7bd6b8639a267fdf929a756d05573d69e0" + }, + { + "alg": "SHA-256", + "content": "9ae179d3eaef0c964b41e1d3e95e6344ebcab7a4f7b7675dfebd3d4ecca68d74" + } + ] + }, + { + "bom-ref": "4268922d65c4bac2", + "type": "file", + "name": "/usr/share/info/find.info-2.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "429f52495b0342e778e8b35ccb6370c7b992f6c1" + }, + { + "alg": "SHA-256", + "content": "1b8c04a2ddf3b03109a456ba1dee8f26fb602cd585909c92e2d4eadbc6cda6a3" + } + ] + }, + { + "bom-ref": "6643a17eada4fe22", + "type": "file", + "name": "/usr/share/info/find.info.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "89deaff5b52a4f5fec879ad68029031a2e927c02" + }, + { + "alg": "SHA-256", + "content": "f26a4f7adfe744f46e95c33091593158566156021dbe08f3c30472de32d3703d" + } + ] + }, + { + "bom-ref": "04915934a2e73e28", + "type": "file", + "name": "/usr/share/info/nettle.info.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c7e25c4af62bb0c9cf14ed5acb9232aa446bb618" + }, + { + "alg": "SHA-256", + "content": "fc2a6c6468b27431d68e356f7ed60af36ca75dbf4cbc5cf965e832a927f7ada4" + } + ] + }, + { + "bom-ref": "e3582f67f8651df5", + "type": "file", + "name": "/usr/share/licenses/audit-libs/lgpl-2.1.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "alg": "SHA-256", + "content": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "bom-ref": "b34e1538c9281ef1", + "type": "file", + "name": "/usr/share/licenses/crypto-policies/COPYING.LESSER", + "hashes": [ + { + "alg": "SHA-1", + "content": "545f380fb332eb41236596500913ff8d582e3ead" + }, + { + "alg": "SHA-256", + "content": "6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3" + } + ] + }, + { + "bom-ref": "23ce7a6f5cc39317", + "type": "file", + "name": "/usr/share/licenses/findutils/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "alg": "SHA-256", + "content": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ] + }, + { + "bom-ref": "02b5faaa0d20cf40", + "type": "file", + "name": "/usr/share/licenses/libtool-ltdl/COPYING.LIB", + "hashes": [ + { + "alg": "SHA-1", + "content": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "alg": "SHA-256", + "content": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "bom-ref": "4ddb6a5846d7bb35", + "type": "file", + "name": "/usr/share/licenses/libzstd/COPYING", + "hashes": [ + { + "alg": "SHA-1", + "content": "1d8c93712cbc9117a9e55a7ff86cebd066c8bfd8" + }, + { + "alg": "SHA-256", + "content": "f9c375a1be4a41f7b70301dd83c91cb89e41567478859b77eef375a52d782505" + } + ] + }, + { + "bom-ref": "69c16800ed95c329", + "type": "file", + "name": "/usr/share/licenses/libzstd/LICENSE", + "hashes": [ + { + "alg": "SHA-1", + "content": "d5e630eee1d3500039f2e16bed21d0f0cd580994" + }, + { + "alg": "SHA-256", + "content": "7055266497633c9025b777c78eb7235af13922117480ed5c674677adc381c9d8" + } + ] + }, + { + "bom-ref": "4614cea04c46ab52", + "type": "file", + "name": "/usr/share/licenses/nettle/COPYING.LESSERv3", + "hashes": [ + { + "alg": "SHA-1", + "content": "e7d563f52bf5295e6dba1d67ac23e9f6a160fab9" + }, + { + "alg": "SHA-256", + "content": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + } + ] + }, + { + "bom-ref": "72c25efc2e6e63cc", + "type": "file", + "name": "/usr/share/licenses/nettle/COPYINGv2", + "hashes": [ + { + "alg": "SHA-1", + "content": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "alg": "SHA-256", + "content": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "bom-ref": "f31ba919b023de20", + "type": "file", + "name": "/usr/share/licenses/openldap/COPYRIGHT", + "hashes": [ + { + "alg": "SHA-1", + "content": "c233045b5d94079ca390f8c0119c09f17953b673" + }, + { + "alg": "SHA-256", + "content": "128ecc86259c874aee293aa67409932d7eeb38f3fad07805c8f275c3a5af5c08" + } + ] + }, + { + "bom-ref": "a3d4d44688c63b2c", + "type": "file", + "name": "/usr/share/licenses/openldap/LICENSE", + "hashes": [ + { + "alg": "SHA-1", + "content": "bc06cbdf781c87d2df2fe385214f936d010dd2a2" + }, + { + "alg": "SHA-256", + "content": "310fe25c858a9515fc8c8d7d1f24a67c9496f84a91e0a0e41ea9975b1371e569" + } + ] + }, + { + "bom-ref": "8e5de5fe02f24a18", + "type": "file", + "name": "/usr/share/licenses/openssl-libs/LICENSE.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "c5c8a68f4b80929b3e66f054f37bb9e16078847f" + }, + { + "alg": "SHA-256", + "content": "7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a" + } + ] + }, + { + "bom-ref": "799e684ab92fe053", + "type": "file", + "name": "/usr/share/licenses/openssl/LICENSE.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "c5c8a68f4b80929b3e66f054f37bb9e16078847f" + }, + { + "alg": "SHA-256", + "content": "7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a" + } + ] + }, + { + "bom-ref": "8dd999a0604f6b53", + "type": "file", + "name": "/usr/share/licenses/shadow-utils/gpl-2.0.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "alg": "SHA-256", + "content": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "bom-ref": "99084efb9a55b6ee", + "type": "file", + "name": "/usr/share/licenses/shadow-utils/shadow-bsd.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "fdca9412e2b33de67f5052f0a9bb184813495222" + }, + { + "alg": "SHA-256", + "content": "f062266d929e3157924e7a48dd77d8852b246d911ae382b1c06a0b35a724ac3b" + } + ] + }, + { + "bom-ref": "4000effc7cb0f74d", + "type": "file", + "name": "/usr/share/licenses/tzdata/LICENSE", + "hashes": [ + { + "alg": "SHA-1", + "content": "7067a61d3f4dae438636a8b29e41948fccb16a26" + }, + { + "alg": "SHA-256", + "content": "0613408568889f5739e5ae252b722a2659c02002839ad970a63dc5e9174b27cf" + } + ] + }, + { + "bom-ref": "0162f52421956672", + "type": "file", + "name": "/usr/share/locale/locale.alias", + "hashes": [ + { + "alg": "SHA-1", + "content": "c2d67b029449db667d732e86d319d4c4f3c9965c" + }, + { + "alg": "SHA-256", + "content": "68020a80eea5366fbe60c2e812ebdebf4875a1b85a3f2f9dd4413306e41c796f" + } + ] + }, + { + "bom-ref": "55feb480571762d8", + "type": "file", + "name": "/usr/share/man/man1/capsh.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "be4654878c111e82681300b57130b73eab70078e" + }, + { + "alg": "SHA-256", + "content": "3e489de2e396b085e2ee341e1f1ba702fab493e6c5706520c6629fcd2fd7beff" + } + ] + }, + { + "bom-ref": "de4502809ef1a91e", + "type": "file", + "name": "/usr/share/man/man1/chage.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c7ca80a98b3554c7095e1e6554a1773d51cadda8" + }, + { + "alg": "SHA-256", + "content": "4779a5bd67b642e9820fef0afdb9d68a0215b5c1c124238a1676d28b5ad7b0f4" + } + ] + }, + { + "bom-ref": "3c8b941fb8090d67", + "type": "file", + "name": "/usr/share/man/man1/curl.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "71eefda37d1f578599d7bd4d152e56d37945812c" + }, + { + "alg": "SHA-256", + "content": "971a5b31c031a179ab49867163ff11628f08ba8c6f6d3c412029d6c36e9a22a8" + } + ] + }, + { + "bom-ref": "edd5a8e8d4e5104f", + "type": "file", + "name": "/usr/share/man/man1/find.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "193068ccb7833985b5d2088bb0bf4727561e83a2" + }, + { + "alg": "SHA-256", + "content": "88483971a99b29e2bce2d0ea0ffa4d479faed6300f346e6f464c792fe7b7fe91" + } + ] + }, + { + "bom-ref": "9177b59dbe124c50", + "type": "file", + "name": "/usr/share/man/man1/gapplication.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "86a8d7d1da683711a57a2aef892dd5ba5e79b1b2" + }, + { + "alg": "SHA-256", + "content": "0441a51f97dfcc2b7c116496c773440cddc47313c8f74f58b14519dbb3746321" + } + ] + }, + { + "bom-ref": "77cbc96976386886", + "type": "file", + "name": "/usr/share/man/man1/gdbus.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "99eed25719c0a5fcf89868c745cc86df28a14a68" + }, + { + "alg": "SHA-256", + "content": "d68dfa1b41025de6dba8c6487bffefc75c8db056f0a2985ca8d4dc66559e374c" + } + ] + }, + { + "bom-ref": "552d2c53a768d981", + "type": "file", + "name": "/usr/share/man/man1/gio-querymodules.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "4632fa55571e87179e30ecc242951f1d48aa2d7c" + }, + { + "alg": "SHA-256", + "content": "fdf8e8e6db4513926f93afe56d6b840f9d44fa61b7013d31fb4fee8601ed33f9" + } + ] + }, + { + "bom-ref": "47c400f5c24f856f", + "type": "file", + "name": "/usr/share/man/man1/gio.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "bf5d168b07c5a0ea2f68408502aaa871e50c9128" + }, + { + "alg": "SHA-256", + "content": "64f71d89f071221fdee2d4da39cb1a25a2d71289b3329bb11be00f01735897ab" + } + ] + }, + { + "bom-ref": "887e3b3e646d1504", + "type": "file", + "name": "/usr/share/man/man1/glib-compile-schemas.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "9d6c74c94217a0513d268377e7830820068b906d" + }, + { + "alg": "SHA-256", + "content": "7679553a5f28ac225617a53d42299a1857f0c44b065058f8cad05c668f333aa5" + } + ] + }, + { + "bom-ref": "c71bfad7a3472fb5", + "type": "file", + "name": "/usr/share/man/man1/gpasswd.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "d3413f8edca34927b6c1e2f635d33c163cb43287" + }, + { + "alg": "SHA-256", + "content": "c6cf714bd64d1569f6bc56b5eada580a84197e91b326bf6f8369c07a27ec0fba" + } + ] + }, + { + "bom-ref": "d74bc027ece3129e", + "type": "file", + "name": "/usr/share/man/man1/gsettings.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "fe36c7cceece19be55c3f81c3d9446e69dac34d8" + }, + { + "alg": "SHA-256", + "content": "884e964ba1b1e5b415339a7b9cea0557191cb78cdb5a0f1e443f40ddf2785db7" + } + ] + }, + { + "bom-ref": "593678eff8e8e760", + "type": "file", + "name": "/usr/share/man/man1/newgidmap.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "67ae7a562d9d0c6d531efab47d6a26153d10ea2c" + }, + { + "alg": "SHA-256", + "content": "8c80ee485dab2f8052b2749cf94bfc32231b66adbb8ead5c44384227533cdfd3" + } + ] + }, + { + "bom-ref": "ce4cf1b303e1f5e7", + "type": "file", + "name": "/usr/share/man/man1/newgrp.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "8e2e3d47af9c42fef42403df3e3534abce3c04c6" + }, + { + "alg": "SHA-256", + "content": "500956b7fd739d4fcea7ba1c53ccf0a9e8f4cdf6d1828dec923690aaaaf3ec7c" + } + ] + }, + { + "bom-ref": "eaaa7709f2e3bb87", + "type": "file", + "name": "/usr/share/man/man1/newuidmap.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "0c6beef93283d92c42db50e7dec3df853675237e" + }, + { + "alg": "SHA-256", + "content": "ed8f0354f4a5b18a8a604877b87ce79eb006eb699a337ca64dcb7ab62593d91a" + } + ] + }, + { + "bom-ref": "e35276299485df38", + "type": "file", + "name": "/usr/share/man/man1/openssl-asn1parse.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c88fc35c94a015ae2b9d7a1155c06d241f44cd5f" + }, + { + "alg": "SHA-256", + "content": "a0ce52a56454788bb16f91438d1da5930a12cfb05f0d98ec8a478b1fd46f97f1" + } + ] + }, + { + "bom-ref": "17109a9d9fd0da32", + "type": "file", + "name": "/usr/share/man/man1/openssl-ca.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "67671f00e140aa5185abb041bb363a6365ad5d55" + }, + { + "alg": "SHA-256", + "content": "ba2ec3503896097f38b550a5ba98d2f24de17c37ac37f07530f0c735892867fc" + } + ] + }, + { + "bom-ref": "9fa5deb8729f3821", + "type": "file", + "name": "/usr/share/man/man1/openssl-ciphers.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "e2a3c64789ea92faf3cf6f9a5655b02de1045a51" + }, + { + "alg": "SHA-256", + "content": "decbce1c3f5f5c92b1bb549e0b98d55becc3045e6feef229de85d06e670a6745" + } + ] + }, + { + "bom-ref": "0908fd4fd5f4a818", + "type": "file", + "name": "/usr/share/man/man1/openssl-cmds.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "58ddcab222d812e22b2a49a639933e8e61a1e91a" + }, + { + "alg": "SHA-256", + "content": "13f16cfcc1bfaa56786364f493f0714698268d989c8fdf7fd95f29ad184b495b" + } + ] + }, + { + "bom-ref": "db2112de23468a3d", + "type": "file", + "name": "/usr/share/man/man1/openssl-cmp.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "d482c8bd6c7f483d2771340b5fea548767e680d5" + }, + { + "alg": "SHA-256", + "content": "2f8ca4481eb39bc817ad6b4bf36bf24363cffaee2c1c8321d4d57ba9c6e7458f" + } + ] + }, + { + "bom-ref": "de726e601e08077c", + "type": "file", + "name": "/usr/share/man/man1/openssl-cms.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "f263df19782bc6dbf574d8dd1543117e5f10226c" + }, + { + "alg": "SHA-256", + "content": "4194e79cbeb99d9fceb15e3de46cef1528ccae1df8f7862b55d6f089246f6c9c" + } + ] + }, + { + "bom-ref": "32b179d3dd5804a6", + "type": "file", + "name": "/usr/share/man/man1/openssl-crl.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "5b7cc1ceeac5b12f8830d9d267673b9dd89df0bc" + }, + { + "alg": "SHA-256", + "content": "fdd71e29cf0152ac836b6756758431043734ada293fdfdc804fa52cc0fa8e3aa" + } + ] + }, + { + "bom-ref": "b0c8815f33b14bc9", + "type": "file", + "name": "/usr/share/man/man1/openssl-crl2pkcs7.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "3821060aa4fb1516e3a0c113a1c3acae94a08cf7" + }, + { + "alg": "SHA-256", + "content": "a4dbb658690bb84737bc4a92fb21509b4c57430b41edc8eed8d92e6c1fcf97c5" + } + ] + }, + { + "bom-ref": "67c6af8d96a64031", + "type": "file", + "name": "/usr/share/man/man1/openssl-dgst.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "bbb5b6cdc32ed4eb3a775af01a2f3e1d4f450ae5" + }, + { + "alg": "SHA-256", + "content": "8dd74cd63a0c5884fc0ec7736640833ec9d5db7a02f563ba3bf581647c93fe3d" + } + ] + }, + { + "bom-ref": "0e7e8dc5e9378ef8", + "type": "file", + "name": "/usr/share/man/man1/openssl-dhparam.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "8d109cec2d9b5d2e8bb0f6a25466e2cd3c7cb918" + }, + { + "alg": "SHA-256", + "content": "81e04af17f3ae310ca7af40e0ffe07d6d7eb89c7314242048a3c835adfff8970" + } + ] + }, + { + "bom-ref": "ce4f9f095c302b35", + "type": "file", + "name": "/usr/share/man/man1/openssl-dsa.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "0853efffb03801ee93ace200b95cf3a4823aaa40" + }, + { + "alg": "SHA-256", + "content": "7bb37e19c8a14f910e178e995d649ca298b34ae7b4fbcf60be5c0d9f68dbc75f" + } + ] + }, + { + "bom-ref": "9317b3bdb7a401ee", + "type": "file", + "name": "/usr/share/man/man1/openssl-dsaparam.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "f75dbfb51ba69ce0efca7b1c5a2a6c074447b97f" + }, + { + "alg": "SHA-256", + "content": "06ddd4843711d7017c3f0ed234fc746f187c68546b03d1c056806512e2865046" + } + ] + }, + { + "bom-ref": "530981cb7fd39695", + "type": "file", + "name": "/usr/share/man/man1/openssl-ec.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "75a87f58b6d78a33a5a916239be9b2dfa3eb688e" + }, + { + "alg": "SHA-256", + "content": "f0af081ed85d16c96bda05cad016339c55e3493fc23bb2b913070e9a7cf29f57" + } + ] + }, + { + "bom-ref": "862b82be72f04846", + "type": "file", + "name": "/usr/share/man/man1/openssl-ecparam.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "26513f87858f4e0d4993a4f8f6474619cbfe7ce8" + }, + { + "alg": "SHA-256", + "content": "5d365cdcb2c292a88817920f5d74ef84952a431916b4fa1c21f9144971996d50" + } + ] + }, + { + "bom-ref": "7dc068014a9b892c", + "type": "file", + "name": "/usr/share/man/man1/openssl-enc.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "3cbe42cee5d6b4f0a2b7a90939de19a8eed8eb08" + }, + { + "alg": "SHA-256", + "content": "b28610d86402ade133bb158254e18ef53a2fc16fb91fb88af3f811d8f48c5965" + } + ] + }, + { + "bom-ref": "d0e810fad76c8bcc", + "type": "file", + "name": "/usr/share/man/man1/openssl-engine.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "219c0c6ee382583ffafab259704cddff315e7710" + }, + { + "alg": "SHA-256", + "content": "28d2b002772754cafc485a4abd007b026237ed83943eabaa7214204ba635511a" + } + ] + }, + { + "bom-ref": "4d3db18e5ba09e94", + "type": "file", + "name": "/usr/share/man/man1/openssl-errstr.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "2554b45b877bc713ab6b645df75472b3e67666e7" + }, + { + "alg": "SHA-256", + "content": "fd5de1e719e6a5c1f0a842fb9e2b54da97052ac5a7a4ae04cb1cdea8dc26ed63" + } + ] + }, + { + "bom-ref": "fcbe3b9c6ec15ddf", + "type": "file", + "name": "/usr/share/man/man1/openssl-fipsinstall.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "168d9ac18e0defaf7298e031a752072b6e744ab5" + }, + { + "alg": "SHA-256", + "content": "b0b014056355dc74fbc32293e78117e9dda84fdd2cdbedeb0cb0b852954791c1" + } + ] + }, + { + "bom-ref": "dbad20590b337b0b", + "type": "file", + "name": "/usr/share/man/man1/openssl-format-options.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "88c4f2438f0ad077ad2ff0dfc6590851ed4b03d7" + }, + { + "alg": "SHA-256", + "content": "0e7a10d5666f6f422a880740aae6ead06949daa307f09f69ef45914240c29e5f" + } + ] + }, + { + "bom-ref": "f4ae5a8c6162ab46", + "type": "file", + "name": "/usr/share/man/man1/openssl-gendsa.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "5beab3ec0c2de69cd7e0bd86ae26d20c361b587b" + }, + { + "alg": "SHA-256", + "content": "7dde50ca4c466ed84c8c49bfdeed956a1cca12a5b4b43febfff6d183abd7e902" + } + ] + }, + { + "bom-ref": "575440ca93aa9cf3", + "type": "file", + "name": "/usr/share/man/man1/openssl-genpkey.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "9c030ddc0d0d3c285eac6cb9a44aacfbda1a7efb" + }, + { + "alg": "SHA-256", + "content": "07647ebe6696c6683eac90b54f7594b9867ba1e2051387ef0f9a7d9dc3413c84" + } + ] + }, + { + "bom-ref": "0f3d7c8384d26afc", + "type": "file", + "name": "/usr/share/man/man1/openssl-genrsa.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "22dcca9afce1ab1c0bfe6fb4cbca094fb0172a9b" + }, + { + "alg": "SHA-256", + "content": "c5307f47abdfae08b700c74c51fa2fc019e26525ec51fd272f4692fe25e636db" + } + ] + }, + { + "bom-ref": "a5e8bff5370b1e19", + "type": "file", + "name": "/usr/share/man/man1/openssl-info.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "0a66c69eeeda660c008c7fa3610eb6cc120a75d4" + }, + { + "alg": "SHA-256", + "content": "5e6fabb6c0b47b22c56df6561b6630d9f8d2b5c25ad3c8258a91166869cedbc2" + } + ] + }, + { + "bom-ref": "238f5a7f2c70ae74", + "type": "file", + "name": "/usr/share/man/man1/openssl-kdf.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "be1b7bc8795ce331762c2b42c10126d23ad580a8" + }, + { + "alg": "SHA-256", + "content": "86a04ed1bea44a9bd91fe29fe9d8bbf95562d1ad77ed7d1477d4e4cfa9bd4338" + } + ] + }, + { + "bom-ref": "d40c4d74d5d2e19e", + "type": "file", + "name": "/usr/share/man/man1/openssl-list.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "32464787a84a286c6b0f7972c670122e3d6504e8" + }, + { + "alg": "SHA-256", + "content": "1a8253f01fec01da21ef4b6cb8b5883b9813d460f4d3e116f71af4c67a804c7f" + } + ] + }, + { + "bom-ref": "aa1ee177b72ce245", + "type": "file", + "name": "/usr/share/man/man1/openssl-mac.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "f054e07a540e842d759f9fd7d56eda1a546f37f0" + }, + { + "alg": "SHA-256", + "content": "fd4a4af26c70e9bc7fc0adc2f6deb8b7e6a125dad0707161b3fad2fa7988061f" + } + ] + }, + { + "bom-ref": "4d84e8f5b61a4032", + "type": "file", + "name": "/usr/share/man/man1/openssl-namedisplay-options.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "9301e165587f72a2ec2307caf320a02e4bacdff9" + }, + { + "alg": "SHA-256", + "content": "85daeaf62c824aeffa192e7692c2da898f7aaab20a2be1cc2ddf405b016df1a5" + } + ] + }, + { + "bom-ref": "840907f3de9baefd", + "type": "file", + "name": "/usr/share/man/man1/openssl-nseq.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "a026ea19b0ad70edc825292707c17a4f38d55dd8" + }, + { + "alg": "SHA-256", + "content": "36ea2ef3b47fe1ce058c5a7a5614ef38f14916be27ce1e34d994da0c0d0e8b25" + } + ] + }, + { + "bom-ref": "a261c7dda099b902", + "type": "file", + "name": "/usr/share/man/man1/openssl-ocsp.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "cce2418d506ada9187c3df95c034862a1f39739c" + }, + { + "alg": "SHA-256", + "content": "1fefc553c8bee4da5510e37d74bbd5443574c86f1adfe26521c0d27c91411501" + } + ] + }, + { + "bom-ref": "2e29e91c30514a79", + "type": "file", + "name": "/usr/share/man/man1/openssl-passphrase-options.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "1e4a399f0c9d2e2de4963ab19e6f9441757aec0d" + }, + { + "alg": "SHA-256", + "content": "1215642ca56ea98fb3554110717940611d283a35330c8e49ff62be79c2985817" + } + ] + }, + { + "bom-ref": "345b04093df8b158", + "type": "file", + "name": "/usr/share/man/man1/openssl-passwd.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "7536520404317d122eba91e2eef6c8b437a596a3" + }, + { + "alg": "SHA-256", + "content": "61d6c8029652cf292f9accc9ac5d7e4f9cce3837a9511bdbeae34f51fa546b1c" + } + ] + }, + { + "bom-ref": "d3c869f45dc75e7e", + "type": "file", + "name": "/usr/share/man/man1/openssl-pkcs12.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "f3f9b1ddff115fc3527474e4ceca8a55e6cba07f" + }, + { + "alg": "SHA-256", + "content": "49c779c26e8d7517dfa1b81fc1b10fd3fbbe4ae27aa59d9bdd1c3e0440e405d3" + } + ] + }, + { + "bom-ref": "1df1410d70a4f922", + "type": "file", + "name": "/usr/share/man/man1/openssl-pkcs7.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "779dc185dad1c7bdb4e48da67f8ce308d3da9945" + }, + { + "alg": "SHA-256", + "content": "50d47c97bc0bf527c3ddec527652f2eb5bf8349290d405a9986e095726c97eb8" + } + ] + }, + { + "bom-ref": "cb358798958b3813", + "type": "file", + "name": "/usr/share/man/man1/openssl-pkcs8.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "2a5104e7295e91289063215b2e2fd6d6ddbb81c6" + }, + { + "alg": "SHA-256", + "content": "2a52af3f158efa66f17fd476964df90b15d54e629e9653c5a6bc5b16b216803a" + } + ] + }, + { + "bom-ref": "098a7230ad91992c", + "type": "file", + "name": "/usr/share/man/man1/openssl-pkey.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "f4de95666cefd9d3683241f98cce456948c06615" + }, + { + "alg": "SHA-256", + "content": "347c59ed82070116d3b03ba3046652e1a3c2b50e2ff7d49f84d750f77071f220" + } + ] + }, + { + "bom-ref": "ec9aa26d671d3eac", + "type": "file", + "name": "/usr/share/man/man1/openssl-pkeyparam.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c503231a2808ed2e11be48249201d65e53f02cc5" + }, + { + "alg": "SHA-256", + "content": "6d7165ea0da2945dd3f41666a8e10c61ba702d7f327aa505c6a66ee71b402741" + } + ] + }, + { + "bom-ref": "fba93cbf0804cffd", + "type": "file", + "name": "/usr/share/man/man1/openssl-pkeyutl.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "df249e3564dd66b76c09772514f5539aa6c6acb7" + }, + { + "alg": "SHA-256", + "content": "8f2b44c96ccbb55fcaa2cf701583c2597e6985ca6c87f8a1d2bbec28761b2dac" + } + ] + }, + { + "bom-ref": "ac719cc39b9f9075", + "type": "file", + "name": "/usr/share/man/man1/openssl-prime.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "104cf97f9284065cb8a06f5d10c14219a8f11e7f" + }, + { + "alg": "SHA-256", + "content": "0e88b29c9fa4fb46f94d9785eb7d70dd6bff2454f731507ce5cce1add8aabe31" + } + ] + }, + { + "bom-ref": "8fecaeade48e90c2", + "type": "file", + "name": "/usr/share/man/man1/openssl-rand.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "dd3fb909fe1504de0dd5298ef729b9b6bb149402" + }, + { + "alg": "SHA-256", + "content": "144b244ca66e06d4289caa9a303a3e2c1416170752cb86b26fd62aa0918687ac" + } + ] + }, + { + "bom-ref": "22ee4bba12ea0d5a", + "type": "file", + "name": "/usr/share/man/man1/openssl-rehash.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "8b1c328e0112ddfbf823359002f7ff595aa355b5" + }, + { + "alg": "SHA-256", + "content": "79ee52d8d208a25b2e6dfe0ed187a9f0426a3b30eb889db486f946583a43307b" + } + ] + }, + { + "bom-ref": "1d83425a6d3a43ed", + "type": "file", + "name": "/usr/share/man/man1/openssl-req.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "f9462a3eddb4d1de57aad3fff524b842568cde80" + }, + { + "alg": "SHA-256", + "content": "fd9dce94f8ce2ba477b45017159c9a011451f6f6a2b7d3df91b7baf126f5b12d" + } + ] + }, + { + "bom-ref": "93532361ae12ed8f", + "type": "file", + "name": "/usr/share/man/man1/openssl-rsa.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "6c70d16149accfe1976dc178245784d5d388c24b" + }, + { + "alg": "SHA-256", + "content": "73a6f08cf45c8d6774dcc875a93ba1f080787ef38f8069453722b6375fc3a588" + } + ] + }, + { + "bom-ref": "614a1b6a37fae2ab", + "type": "file", + "name": "/usr/share/man/man1/openssl-rsautl.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "1e24f59fa06c0e0ae3feab64d0da9581975ae866" + }, + { + "alg": "SHA-256", + "content": "94c3519d73257b23bb2ceb5f9db07a7dd1116607c3fd2e9c29239ea3c3c100b8" + } + ] + }, + { + "bom-ref": "2302c94d9b695ace", + "type": "file", + "name": "/usr/share/man/man1/openssl-s_client.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "576367ee00cce206c1be3b97fb236dc191779fe9" + }, + { + "alg": "SHA-256", + "content": "4cc184b090c5e3af8ca56a7e07bc6ab4cf3c9cabf41e2dafa39c1decc73518cf" + } + ] + }, + { + "bom-ref": "273a9dd2b508fd4e", + "type": "file", + "name": "/usr/share/man/man1/openssl-s_server.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "bd7808a078c42694962c6f9860526139b4d8a67a" + }, + { + "alg": "SHA-256", + "content": "b1ca021f127e7a0524de68efea2eb44d812eda8b0409ec626c15d65a600462ed" + } + ] + }, + { + "bom-ref": "aa543e4068d97fd5", + "type": "file", + "name": "/usr/share/man/man1/openssl-s_time.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "6bfbd2403324aa1b5a924e7bf2c4ec19d76095f1" + }, + { + "alg": "SHA-256", + "content": "41f43614f21ef62aded42c8d9770bcb165b18f476a165517ebc2c109c9f2a72e" + } + ] + }, + { + "bom-ref": "27d2730b405f40c1", + "type": "file", + "name": "/usr/share/man/man1/openssl-sess_id.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "5199987422c5d63075a40227ac96e3153df535c3" + }, + { + "alg": "SHA-256", + "content": "7df302ef19413c9ff1c598ae1fb5257f4a1a1325ca77237f2d2ad54ad7add7ea" + } + ] + }, + { + "bom-ref": "868a400a31e858b9", + "type": "file", + "name": "/usr/share/man/man1/openssl-skeyutl.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "664d087339c39729e41447b85a0b65d31219e581" + }, + { + "alg": "SHA-256", + "content": "365383a274ab6e42dbb3231ee21037e61899411df15839210f276741300a2444" + } + ] + }, + { + "bom-ref": "ae24ee67d5c58772", + "type": "file", + "name": "/usr/share/man/man1/openssl-smime.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "9c3543c1dc9aced9797c6850d3d49705f2a69d5d" + }, + { + "alg": "SHA-256", + "content": "5155022d88a491a02922a8d482dc86663be3a1d33a25566609c11ead5edc6f67" + } + ] + }, + { + "bom-ref": "26de3af2b0c9031f", + "type": "file", + "name": "/usr/share/man/man1/openssl-speed.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "a4bada45063b857f1debeb27fbfc4193dc10de31" + }, + { + "alg": "SHA-256", + "content": "6366b32f05ec4bb47f148dbf727aa350bf65a935fe88d6a02eb21ecbfce412e5" + } + ] + }, + { + "bom-ref": "01930f5f73b7f35d", + "type": "file", + "name": "/usr/share/man/man1/openssl-spkac.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "4fd0793a7f076b552767d97a825926903216cb62" + }, + { + "alg": "SHA-256", + "content": "d7b36531335a31df1bc55ad230536ac6e725f883a9e5f0d251a78098dc326e8b" + } + ] + }, + { + "bom-ref": "90a4241bf68fbfff", + "type": "file", + "name": "/usr/share/man/man1/openssl-srp.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "9124282c89a1ff08d9a0fc9a9d0d9741029f789b" + }, + { + "alg": "SHA-256", + "content": "2876181cac05b7dd7f1e87ecbc0fb6a1eba864302f71358921931d50687f77c0" + } + ] + }, + { + "bom-ref": "13b677168cd419ca", + "type": "file", + "name": "/usr/share/man/man1/openssl-storeutl.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "13779c1e47434affcaf712eb3d73f817d8bdf53d" + }, + { + "alg": "SHA-256", + "content": "cc06c20175fbe82118bce61d10b8cfe3bd50b227f8f63343bd9c0bbf1a162fc3" + } + ] + }, + { + "bom-ref": "d07aedc7eebcf38f", + "type": "file", + "name": "/usr/share/man/man1/openssl-ts.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "37e32fa0604b36f450019486ec868213ce60f5c0" + }, + { + "alg": "SHA-256", + "content": "b6adb937bdb7edac7bc24fc250f4ad1530b4e42f86d27715e0f8c5687de9a3d3" + } + ] + }, + { + "bom-ref": "f0d5b9184199c52b", + "type": "file", + "name": "/usr/share/man/man1/openssl-verification-options.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "76b93dfe74688a0d2f9a8958c0c1e860ca941312" + }, + { + "alg": "SHA-256", + "content": "b649be7a88f76256a0c77f7cec4547fb3fdaeab205232e89ab379c39ddc7fc59" + } + ] + }, + { + "bom-ref": "6003ee08f870b8e0", + "type": "file", + "name": "/usr/share/man/man1/openssl-verify.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "e0aec26ce1f0d1736554857736883d93ed202bb5" + }, + { + "alg": "SHA-256", + "content": "65c5178be1d6a4b480d07f1685eb89bf86210de69466e47718bf9f394ada57c9" + } + ] + }, + { + "bom-ref": "b3711aa9269af576", + "type": "file", + "name": "/usr/share/man/man1/openssl-version.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "284b9eddd20e5b356eee6834744a873f92ff8053" + }, + { + "alg": "SHA-256", + "content": "802b7ad6000cdc7aa8d023b2787bb9ab589a1e9fad7d306d45041d4983e1265e" + } + ] + }, + { + "bom-ref": "6708b04c922a30f8", + "type": "file", + "name": "/usr/share/man/man1/openssl-x509.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "87a7d509b68607d09cc6968ca8f866dacbe2218d" + }, + { + "alg": "SHA-256", + "content": "6c5646bc4c3ac256d99e8bf91f45691c175c8cd073d802aa2d4d18fc49209f4a" + } + ] + }, + { + "bom-ref": "32e3efd142dc1df3", + "type": "file", + "name": "/usr/share/man/man1/openssl.1ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "f6ddafce6759aec22a8534db17ebde52a750e854" + }, + { + "alg": "SHA-256", + "content": "a6c0a4615b2e1095feae2e550939d82c5dcb3ba9f06238861b9937c457649e9c" + } + ] + }, + { + "bom-ref": "f7f5f5ee42ed5718", + "type": "file", + "name": "/usr/share/man/man1/sg.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "5835a5762c8641941b1c406b1a8d9ae1d5ab47ca" + }, + { + "alg": "SHA-256", + "content": "10d68d5a468d038ef51a2adc17dde913d9c8cf2d0aecbc4d400ce0e8266bc31f" + } + ] + }, + { + "bom-ref": "de5571141680d5bc", + "type": "file", + "name": "/usr/share/man/man1/xargs.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "e9515a84d2597b37e2c8d71284f7d18d938f52bb" + }, + { + "alg": "SHA-256", + "content": "ac4fe03dc5178928008219ed89abde58da1f6fdeb5c458b8fc32eaff969b5077" + } + ] + }, + { + "bom-ref": "e57ad82a664df51c", + "type": "file", + "name": "/usr/share/man/man1/xmlcatalog.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "8c01dfa8b1134587e2271aa566ff0335f666d571" + }, + { + "alg": "SHA-256", + "content": "f37b82271f7f80e11f65c99ed88e5ff50297567dfcf5ddb65ddcaadcb53cca1a" + } + ] + }, + { + "bom-ref": "d63ae4c3c914d90e", + "type": "file", + "name": "/usr/share/man/man1/xmllint.1.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "e6464c6c3043dca2c03c756e6d279f3cdb4dfc5d" + }, + { + "alg": "SHA-256", + "content": "f5ac9d9ca2c53d99fe5e9f42c9958fd50857464c030f886ba0355685f37a1b95" + } + ] + }, + { + "bom-ref": "f3ff4aa1233cced7", + "type": "file", + "name": "/usr/share/man/man3/libxml.3.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "6db919c78636c43c6b1c1e471cd1522a2e5d5299" + }, + { + "alg": "SHA-256", + "content": "05fb55e53f1c4006b2c7819b4aa82a72366e8721066e26db7f172834e370633d" + } + ] + }, + { + "bom-ref": "627e139f8f6ad642", + "type": "file", + "name": "/usr/share/man/man3/shadow.3.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "343c34ef915d1c4376b45298bfbb28ee173cbabf" + }, + { + "alg": "SHA-256", + "content": "30c26db9f71ce1252c3e63e6d67edd054fb1412c9576e7547cc064f9d5d118ec" + } + ] + }, + { + "bom-ref": "55ae2bfbc993fb90", + "type": "file", + "name": "/usr/share/man/man5/.k5identity.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "af8e3d2df83360abb0f0dcbf6202c04fbd11ac85" + }, + { + "alg": "SHA-256", + "content": "38df17b9e89d0628fcb53e9f1685ebfee9696029f48d16af80f712d9769c55d9" + } + ] + }, + { + "bom-ref": "6ee3a0391f2a137d", + "type": "file", + "name": "/usr/share/man/man5/.k5login.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "17019305776f366c5c4ee613161406bf226d7937" + }, + { + "alg": "SHA-256", + "content": "0a3338871b1c4f66d601587582d58e46eb5ce5d00fa47496547744e687f35584" + } + ] + }, + { + "bom-ref": "93c93a8b98729a8e", + "type": "file", + "name": "/usr/share/man/man5/cpio.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "af04a986cf7f8af76d8e1260553c81cf4398657c" + }, + { + "alg": "SHA-256", + "content": "f177a7abcd66002543952ebb68b4140ba7663a45e5fd293f3961a5a65d74153a" + } + ] + }, + { + "bom-ref": "0df328b7f8c16083", + "type": "file", + "name": "/usr/share/man/man5/dnf.conf.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c9494c055236656a73f895bcec48c98233bb115d" + }, + { + "alg": "SHA-256", + "content": "4b518d1ac8609edf2ffbb30155d1c453179e276698749e50f662c233ca7dd883" + } + ] + }, + { + "bom-ref": "87fed008d823de82", + "type": "file", + "name": "/usr/share/man/man5/fips_config.5ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "5c74d16556ceac8a49a076042e7f93bc62eed9c2" + }, + { + "alg": "SHA-256", + "content": "15a810d87d38173692c0e9878afed1ff4e4eb6e2ac8b3d12409560a4ae0f3f1a" + } + ] + }, + { + "bom-ref": "7780f82722a193f9", + "type": "file", + "name": "/usr/share/man/man5/gshadow.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "3c13cabce6bb6e85c566ff91c6aa5e77532b9378" + }, + { + "alg": "SHA-256", + "content": "4ecc289c15bc66b7b2e940c378ea42888296906e134bbb30e489db606f569f81" + } + ] + }, + { + "bom-ref": "396f3170300f5eac", + "type": "file", + "name": "/usr/share/man/man5/k5identity.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "0248168eb0588c1754f712bd1dbb64ab9e5673f1" + }, + { + "alg": "SHA-256", + "content": "a11b4eefceb2e5ebb980ab9bf27003a4a14a3198d3886b2f733ba26e581948a0" + } + ] + }, + { + "bom-ref": "7dc959edf743cd9a", + "type": "file", + "name": "/usr/share/man/man5/k5login.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "9de6cad471d2dc213d4d0cab9800bac8f3959d89" + }, + { + "alg": "SHA-256", + "content": "10837088cbd4c58ce91dcbef16ba755e71bfc6df7f2d97323f0b93e9afe048b1" + } + ] + }, + { + "bom-ref": "0c15dc319b7ac053", + "type": "file", + "name": "/usr/share/man/man5/krb5.conf.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "39300ac31a966bcbe57d9645fd10c2fd390fb92f" + }, + { + "alg": "SHA-256", + "content": "1321aa05e7688ea76ce979cdead0f02a6a1d332f24c9a7df0f53bee30c675aa2" + } + ] + }, + { + "bom-ref": "c9e25f63de34d365", + "type": "file", + "name": "/usr/share/man/man5/ldap.conf.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "da9eb0cfc63959cca3c30f49e918f7df2d265356" + }, + { + "alg": "SHA-256", + "content": "6a4798b91dac99b776f00a21cf1c88ca5c81b30944a4978505824770c927c50f" + } + ] + }, + { + "bom-ref": "331465f839b11ac2", + "type": "file", + "name": "/usr/share/man/man5/ldif.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "0ec348b6b97c4f354fc8ef8cb6a6c1fe3b0ce914" + }, + { + "alg": "SHA-256", + "content": "19d7126dab4ec06a2fe5d8a8e40f9a50fbf07d5aafe716b99f099901b82fe04c" + } + ] + }, + { + "bom-ref": "7b984e33ee9bdc53", + "type": "file", + "name": "/usr/share/man/man5/libaudit.conf.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "790e37e89749e20bfc337b02b7f036c914fd9f6a" + }, + { + "alg": "SHA-256", + "content": "b45065b6598339d91e74ded8b66e39b0452d379b26935948b3c8faa085817b23" + } + ] + }, + { + "bom-ref": "24816b3267972eed", + "type": "file", + "name": "/usr/share/man/man5/login.defs.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f3f541e0b136533807731e3feb6e67636a752fc" + }, + { + "alg": "SHA-256", + "content": "7097c6bf418935b73098fe95e4887d3300029e71d63850b81055be5eedb167a2" + } + ] + }, + { + "bom-ref": "31b68411d055e59a", + "type": "file", + "name": "/usr/share/man/man5/mtree.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "2b9d61d8f4fd927e9d31b1ec1c7b2be7495b9b39" + }, + { + "alg": "SHA-256", + "content": "c05389faebf77678f2127fdab130a7f6770038a1fe412e4a4bdee4694a7a9320" + } + ] + }, + { + "bom-ref": "7682f6723e342eb9", + "type": "file", + "name": "/usr/share/man/man5/openssl.cnf.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "614b0fbdfe2eeaa44c539aae86bd1514666f6469" + }, + { + "alg": "SHA-256", + "content": "d80417a1e70f6dd7f75bb236c2791b8d51689af0579c96374c659edd31e33ccf" + } + ] + }, + { + "bom-ref": "cc59bee454cfe52c", + "type": "file", + "name": "/usr/share/man/man5/semanage.conf.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "bc7bf48d2eabe81f79f0c22dd9003c0dc7addd8a" + }, + { + "alg": "SHA-256", + "content": "4dc05ad657fe57eccd803bbb48cfb8f8709c580b7516b335765eae58f2b46c36" + } + ] + }, + { + "bom-ref": "4ca44dad5b6c5e5e", + "type": "file", + "name": "/usr/share/man/man5/shadow.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "385b0f62a09dff9e41b56047b847a918194ed99e" + }, + { + "alg": "SHA-256", + "content": "17ff57d3aa76ee64c3fbbb7b02ad93b86bf385662f5a73feddb48f4377af2a31" + } + ] + }, + { + "bom-ref": "5b7163d7c563855f", + "type": "file", + "name": "/usr/share/man/man5/subgid.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "521ec36e85817a50f0e0ba706842d064337ae288" + }, + { + "alg": "SHA-256", + "content": "48f8de23a71fefc8105be9a088f933fc7474ea7e9e5c0e41d93d84c32b279f4b" + } + ] + }, + { + "bom-ref": "00e8e8122abacd21", + "type": "file", + "name": "/usr/share/man/man5/subuid.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "5467b39164543d43e9518fb79b45dffb54c23022" + }, + { + "alg": "SHA-256", + "content": "962b2b540d0f847ef919ebf26cc2f88f8ef5f52621281837b775be6a08eb7b1e" + } + ] + }, + { + "bom-ref": "6cc990701a0483cf", + "type": "file", + "name": "/usr/share/man/man5/tar.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "4cc826fddc32373ff2baca75047bdb542541f0e4" + }, + { + "alg": "SHA-256", + "content": "3ab252b6067ddacc4a57d2dcd5bcde3223a3af3c324b2a87fe0bcd7364ff6c70" + } + ] + }, + { + "bom-ref": "5e292b3a78fa663e", + "type": "file", + "name": "/usr/share/man/man5/x509v3_config.5ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "821498609fb78465682e6db725f295fbf91bac5d" + }, + { + "alg": "SHA-256", + "content": "c7a73764eb27b51ff855e31ffda6a5e5aafc611b73320e49f1a70a7da2c2186b" + } + ] + }, + { + "bom-ref": "0a62741227568113", + "type": "file", + "name": "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "0f7dc1b9a494817dc399a5389828321b91ec5f01" + }, + { + "alg": "SHA-256", + "content": "9adb66a06899ddd4211ecbe7d75260c88949eaf35095416aa288cd4cd7173f3e" + } + ] + }, + { + "bom-ref": "614b857c27a1c5f8", + "type": "file", + "name": "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "aabab7951cad3af0a032064c0c6fe40ca3d83bbc" + }, + { + "alg": "SHA-256", + "content": "678519b9df1ac01a19a7e6581d663f1455e65f90b68376fcbebe346bfd29c323" + } + ] + }, + { + "bom-ref": "04a987f5b10a610c", + "type": "file", + "name": "/usr/share/man/man7/EVP_CIPHER-AES.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "8d36b84133fced3f8e82ff58530561b0baada424" + }, + { + "alg": "SHA-256", + "content": "6f821d9bc04c2757f4891deead2c80de75b67742c880a3af4cd9c4f88a62fb4b" + } + ] + }, + { + "bom-ref": "ceb0217c8a12470b", + "type": "file", + "name": "/usr/share/man/man7/EVP_CIPHER-ARIA.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "831ee499156129f73caca7809d10ccae98561388" + }, + { + "alg": "SHA-256", + "content": "3f6fc3b6e06f7c200eb9317d1f1407d2ee436253ae2ef528ed0fd5769b2d284a" + } + ] + }, + { + "bom-ref": "975fffbcfac782eb", + "type": "file", + "name": "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "4c908f3c32e9a32d3fc8a281660280ad47439f70" + }, + { + "alg": "SHA-256", + "content": "1c4aae9fa2168d02e5d90df893d68ef952c0e82ad870ce05575d435a26b916d7" + } + ] + }, + { + "bom-ref": "cec6961786f8edc3", + "type": "file", + "name": "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "1fe7b56d528443a42bf21f62eeb37c1121bcb3f6" + }, + { + "alg": "SHA-256", + "content": "f17c13a80923d19bedc06495a8ef59d8f10d344397546a43fe2169dd69c871b4" + } + ] + }, + { + "bom-ref": "368098ac9821757c", + "type": "file", + "name": "/usr/share/man/man7/EVP_CIPHER-CAST.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "d51ca198f2237a8bbd58702c1d3c8eb180baa27d" + }, + { + "alg": "SHA-256", + "content": "03e245655f99153556b77fa9bd2df96c72b9dab778df5cb46d8694a8938b5544" + } + ] + }, + { + "bom-ref": "1530f883db4b364b", + "type": "file", + "name": "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "e0b72160bf72aaf23b1853ef3780bf2ed10e2484" + }, + { + "alg": "SHA-256", + "content": "cff71dd921119b1342e447655c464655137e5a42ebef9c10538e98e76ed5cf12" + } + ] + }, + { + "bom-ref": "080a70f9a4603dbc", + "type": "file", + "name": "/usr/share/man/man7/EVP_CIPHER-DES.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "4e2349f0b6c8650cccfb3f2e3694b5bca8c7c366" + }, + { + "alg": "SHA-256", + "content": "e0be8aa305dd7e8fccb93290303cd6d3b7ea3183b8027211d160267d1b744401" + } + ] + }, + { + "bom-ref": "fab0ad695fe86de7", + "type": "file", + "name": "/usr/share/man/man7/EVP_CIPHER-IDEA.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "344cc99e06268bff0b20eb77ce8df5eecbe68b83" + }, + { + "alg": "SHA-256", + "content": "5c46103011da292b4a6e34c6bef0a22568a23a962b173c4b3e6e039971d8db6c" + } + ] + }, + { + "bom-ref": "589755c709a5e68e", + "type": "file", + "name": "/usr/share/man/man7/EVP_CIPHER-NULL.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c38da2b7bef8f3b3c904ff09bbaf335782bb81c1" + }, + { + "alg": "SHA-256", + "content": "44b36b5606ea1c14e71f9b33cfdab4879d4f164b55b1a966ad70166441af670b" + } + ] + }, + { + "bom-ref": "64135b28c46f9bb3", + "type": "file", + "name": "/usr/share/man/man7/EVP_CIPHER-RC2.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "8caf1fcaadd779811e3b65b264bf4a0ea3e7e216" + }, + { + "alg": "SHA-256", + "content": "7dd4485467748b7af90c78d59180b7c7acc03f115932d1bec93b4c9f387ba136" + } + ] + }, + { + "bom-ref": "b5478fdde922a6c2", + "type": "file", + "name": "/usr/share/man/man7/EVP_CIPHER-RC4.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "ae716176fa98716681db459dfc46e2b9e2331784" + }, + { + "alg": "SHA-256", + "content": "660051e40ee4c8985b0505c2f3073369a88bd634034ea36062f0a4575b6551b1" + } + ] + }, + { + "bom-ref": "d2e151662e06a92f", + "type": "file", + "name": "/usr/share/man/man7/EVP_CIPHER-RC5.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "6dd04108eae292923d0e4ae4b1b4f5566aed1ab0" + }, + { + "alg": "SHA-256", + "content": "2cafd301ce673d38122d8ddd8775e76542a1b779183d67ff9c87ffeb7acb3cce" + } + ] + }, + { + "bom-ref": "467837e1f76df428", + "type": "file", + "name": "/usr/share/man/man7/EVP_CIPHER-SEED.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "b17ce47eac0619c1480f9dce641de82bea26ed1f" + }, + { + "alg": "SHA-256", + "content": "c8c8c516d120379f5df27486fb040e03995d2581315ee9399d1e5d1070210b7d" + } + ] + }, + { + "bom-ref": "5e55681099c9ac55", + "type": "file", + "name": "/usr/share/man/man7/EVP_CIPHER-SM4.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "f93bd12665f7d9ee3904002acc0d067713ac9e5a" + }, + { + "alg": "SHA-256", + "content": "b44a653ae2e95be0dd0815eb7a9a4d2b245ecea96864ae621227214bace31f89" + } + ] + }, + { + "bom-ref": "4f6c8c0223470a84", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-ARGON2.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "23adb59156e3cf96ecfc38f0d6a2b788d41dd228" + }, + { + "alg": "SHA-256", + "content": "a31936a669a89e4666142441799ac4cbb9c486e24e03e090e82c8ae2800bb225" + } + ] + }, + { + "bom-ref": "3a7fc15fcc4dadfa", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-HKDF.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "eaa0a00f06981a1c5af94c07689f3414d7d9b2e7" + }, + { + "alg": "SHA-256", + "content": "6feade2f08a1729ee453218a840aba964ca0b8c057ebf3f6049d81a591c4553b" + } + ] + }, + { + "bom-ref": "8b74dbb9b76ffae7", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-HMAC-DRBG.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "b50417a28c5aebba1f0b1ec4a2910d21e970c2cd" + }, + { + "alg": "SHA-256", + "content": "220c8b5e07859cc46dcf348356ff2ac8bff3cbd913510f9d828587179fd76830" + } + ] + }, + { + "bom-ref": "2867a7f559c350c2", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-KB.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "973eae331e1c1566fe580501dbaa886d63ddee3d" + }, + { + "alg": "SHA-256", + "content": "76932a79463d97d55da1dfa1d3dd8c4ef9b3604ea7c2a88e287edcf689a4bed3" + } + ] + }, + { + "bom-ref": "a0b6c5155090d47d", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "d7d00cc25665dbd5416d7102440ff196ace251ca" + }, + { + "alg": "SHA-256", + "content": "c29d3a76446f8e45ed16ebe710105603a744aea7044cda78a63711dd4186302c" + } + ] + }, + { + "bom-ref": "2ccf1330944b3911", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-PBKDF1.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "55328f9e02b6f7e3f4eceea1cc9c1757ddf98d41" + }, + { + "alg": "SHA-256", + "content": "63801430e465921063d23c381a4464468788b25c71cbce83f42729b4e819c7d1" + } + ] + }, + { + "bom-ref": "f2ed5774c659335b", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-PBKDF2.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "7348c092015b14c156c47f217d4601661611730c" + }, + { + "alg": "SHA-256", + "content": "7eba1878f7907f682e8c788f94ff2367f5f1b33b95732e9af5ab690a5ee7b66d" + } + ] + }, + { + "bom-ref": "525dee4e979d11a3", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c8fb69ee0a83d875bc8696fb94961e212ddc6745" + }, + { + "alg": "SHA-256", + "content": "cee684f8a03551be0e8feecea5cab5864df87249ea8c934e16360dbaa7b1f95a" + } + ] + }, + { + "bom-ref": "8b2a0b87a4276bd3", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-PVKKDF.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "d5fda3931d55c1b1adacd947c73610605f4f5232" + }, + { + "alg": "SHA-256", + "content": "a67ead799c7250a2b7a6beb2991087069f10d6fe412e959b5616e4f43ce7a7a1" + } + ] + }, + { + "bom-ref": "fa7659be1bbaac1c", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-SCRYPT.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "703ae78626c835cba80279f0574760795e25338b" + }, + { + "alg": "SHA-256", + "content": "befaced50aaa9046b50a854aeba5e360a158d436f31192c582cfbc56cb0a8092" + } + ] + }, + { + "bom-ref": "d2f4648fd31ce066", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-SS.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "cde9e9dd7ae8cdb433a091c00eff8dbdd3981de7" + }, + { + "alg": "SHA-256", + "content": "6d2079f83ea2444b9c51a838a6c7d2360d4f7f4b3f6bedd98d170b9b2317a90d" + } + ] + }, + { + "bom-ref": "552f5139f3e4f68d", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-SSHKDF.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "da28b4ee98e7e5af20bbd899b3f9ec3f47d2ad4f" + }, + { + "alg": "SHA-256", + "content": "addc220d360ab59a647cd93a24645eb911eb98907e96dfbe8eea36ee3305a06f" + } + ] + }, + { + "bom-ref": "459e9f148272cee8", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "b4309b59701493419e52c473c30405a83be9f2d1" + }, + { + "alg": "SHA-256", + "content": "b01bc5ff37d1b6f9e8242a21211b49169e8913c8f695be1a4a47e37f8e5f993d" + } + ] + }, + { + "bom-ref": "757c5e7433c8bba4", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "641e78e20054210c91c7699287cad38a145c9991" + }, + { + "alg": "SHA-256", + "content": "2e96af999fdf51a20d7b9e8edb3ce29068dea80780598c35053c3c862c0c78cb" + } + ] + }, + { + "bom-ref": "03b262d8fe93a385", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "7ca9ad40e111c2dc59393d757f5a803a00010b12" + }, + { + "alg": "SHA-256", + "content": "1935b45f189c789f26081199a8d53e9a95d031c16cc124ae292560ed39106fe8" + } + ] + }, + { + "bom-ref": "7972d18b8c491ea5", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "2a0f216ba4a5346f8e88bd6ba371cb81324ea1c9" + }, + { + "alg": "SHA-256", + "content": "36d5129a6881951f1946ea58e6db3d5a274a0df7ad7035ed725400b8d22e4f10" + } + ] + }, + { + "bom-ref": "5debda3dd8c43da2", + "type": "file", + "name": "/usr/share/man/man7/EVP_KDF-X963.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "e55f6ba90ce631943b2c5a3b4a5d9dee2c0403ee" + }, + { + "alg": "SHA-256", + "content": "ba4ffacc7f9b15f91ee6d5261a0a25c2928e0f229e8eb518523c28964b359cbf" + } + ] + }, + { + "bom-ref": "eaf10019bfa53e6c", + "type": "file", + "name": "/usr/share/man/man7/EVP_KEM-EC.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "04a40cee62fa558a80464e313f36363cf31cfefd" + }, + { + "alg": "SHA-256", + "content": "e61ac1db45e16725c0d74be6fd4a0ab6f6e93ee9a747f0365776c1a754bce567" + } + ] + }, + { + "bom-ref": "dde1ad43ffe850f7", + "type": "file", + "name": "/usr/share/man/man7/EVP_KEM-ML-KEM.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "7bb4d9b935f3cef0615fb2c39c82c2349d874913" + }, + { + "alg": "SHA-256", + "content": "2ba7c1295bd15944469f28a33760bede10cf4e125ea0af8221846a1ef05f2f5a" + } + ] + }, + { + "bom-ref": "4b71fd7f4dd7c76a", + "type": "file", + "name": "/usr/share/man/man7/EVP_KEM-RSA.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "765c553b6092aec68a9898ce9efa59cf8a4b06c3" + }, + { + "alg": "SHA-256", + "content": "e9e3831822de6d7c96c73632073d7d1d8a05f87c5d2fdf6c3a6af472522d41fa" + } + ] + }, + { + "bom-ref": "116612c7f9a4276c", + "type": "file", + "name": "/usr/share/man/man7/EVP_KEM-X25519.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "f646ac6fcecb435642e93af63e3febe199b3a5a8" + }, + { + "alg": "SHA-256", + "content": "2ed8fbe186d68899ef9f41b9ade76661ece11ba48a4f2b48631a8cd63ca90563" + } + ] + }, + { + "bom-ref": "ad000ecdfa943769", + "type": "file", + "name": "/usr/share/man/man7/EVP_KEYEXCH-DH.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "03062847148f6283aacd3dd6684b89aeb40dc0fe" + }, + { + "alg": "SHA-256", + "content": "f36a5b1e05fad760f8e239f70bf6a677699574257816ad2b56136bb919d4fe48" + } + ] + }, + { + "bom-ref": "534f9530f3e7d4ef", + "type": "file", + "name": "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "9a19020f05014ee5103f0d6d7177107c5034a512" + }, + { + "alg": "SHA-256", + "content": "1f30ae0ee56e852c82586f6aa624a67dae144bfe291f6413caf4c9191a1da510" + } + ] + }, + { + "bom-ref": "579c5e1799c04e87", + "type": "file", + "name": "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "4fe3dd0c4ea6b8ffac75655029af108537631892" + }, + { + "alg": "SHA-256", + "content": "9a6b8e0fae2f3239a3b2bf49df6aa1353ca1184e754cd3d18a63c1158e6c671e" + } + ] + }, + { + "bom-ref": "d94a24d38f12eab7", + "type": "file", + "name": "/usr/share/man/man7/EVP_MAC-BLAKE2.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "b1d411e74e4a630bb9e746d52b83d5f3f1a7ccfc" + }, + { + "alg": "SHA-256", + "content": "94b0f6ae9b71afc540c7908c257996e58db2dba9da300ff73d2f8f36b8b08dc4" + } + ] + }, + { + "bom-ref": "21b9bf623e477c9b", + "type": "file", + "name": "/usr/share/man/man7/EVP_MAC-CMAC.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "232d6656dbb0cf7b43d65a5cb7f5ef139baab6d5" + }, + { + "alg": "SHA-256", + "content": "482488d48d3f2c917be66ac7285c95f68dad873324e4c63585e9eb09999fb97c" + } + ] + }, + { + "bom-ref": "6670e4a5d0e8f7b4", + "type": "file", + "name": "/usr/share/man/man7/EVP_MAC-GMAC.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "3d0d5416e9d4932a7dd5f4c5b430119c7fdac7fd" + }, + { + "alg": "SHA-256", + "content": "64d6e1ae2b9a05e07b5cd532b3732c9ba66f5fe02eddbd7c0978f12777bf77e6" + } + ] + }, + { + "bom-ref": "512d053c17d87ee2", + "type": "file", + "name": "/usr/share/man/man7/EVP_MAC-HMAC.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "6358b37f296787897e06dd6e8a38004d97b85971" + }, + { + "alg": "SHA-256", + "content": "39ef21f034a42744a8a99e300c6e1fe899a5aaea863d9acac97dcb81a7e10c3e" + } + ] + }, + { + "bom-ref": "e0ddeaa423d94e65", + "type": "file", + "name": "/usr/share/man/man7/EVP_MAC-KMAC.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "3ddbf486b09284ae822eb94a5c9cde1ef5a9af14" + }, + { + "alg": "SHA-256", + "content": "7a3b285ed2fa6600aba01173112dab6619edeb4018de57afaa8858884159debf" + } + ] + }, + { + "bom-ref": "c9b816255fc03fd3", + "type": "file", + "name": "/usr/share/man/man7/EVP_MAC-Poly1305.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "3709ffbc903e8d89da3febd7c4ca1946f0c23dc8" + }, + { + "alg": "SHA-256", + "content": "815903fe49540243343dc4dae324c98cf191354ab1f41e589f13250831af2591" + } + ] + }, + { + "bom-ref": "12fb8dcbf17e12f9", + "type": "file", + "name": "/usr/share/man/man7/EVP_MAC-Siphash.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "d525dd2742f0addb73460995619b1c90a4f890e1" + }, + { + "alg": "SHA-256", + "content": "22a7bae909eb8c5ee692ce145a614cd24149c4e5f7f18a9442d31455e7dfc4ea" + } + ] + }, + { + "bom-ref": "33151bcb993bbe1b", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-BLAKE2.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "f547a35083a6bdea4fbe5b672dc6d441efaae6bb" + }, + { + "alg": "SHA-256", + "content": "5a4f65756cb704d395f250b280f1917aa8670dba484472381885628ee65bba0b" + } + ] + }, + { + "bom-ref": "2492038fe7738f6b", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-KECCAK.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "2a75c6c66442b6e0b113429e45569c9c40a7627c" + }, + { + "alg": "SHA-256", + "content": "67c856a70f86af1ac78280cb6cf7b2a54af2a0c8cf84cb3403c7a055ec2645df" + } + ] + }, + { + "bom-ref": "362858c8cee5ee21", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-MD2.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "a6f0bc4856a3619970ad0089b12fb195f7e3e7b2" + }, + { + "alg": "SHA-256", + "content": "c47ca5f289ee3976ca6da76384bc1c78fc431bdfa0372ec8cebfe92807e33c75" + } + ] + }, + { + "bom-ref": "557a753af79601d4", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-MD4.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "90b75ed246c9cb80d60f617c8580d6874577a63d" + }, + { + "alg": "SHA-256", + "content": "40b5e13d50905d7c9acd7e9d36d2789812b90d2871eadd3d110dfd53de079e64" + } + ] + }, + { + "bom-ref": "3b4405ce04b1600e", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "0bcfc887e34ecd5373c578c819b79a919c36a72e" + }, + { + "alg": "SHA-256", + "content": "54f85786ad5135b0a1e495934b8dea95148fcd33fe3d573d2fbbb5c537b5d662" + } + ] + }, + { + "bom-ref": "d51833fa2e124644", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-MD5.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "20e67e7f68c8171931a5729d813e9c2ab88a1db8" + }, + { + "alg": "SHA-256", + "content": "8a2eba35eb1a35bf521ced91fea40a074d810a096d2e1d6735e96d60b0af382e" + } + ] + }, + { + "bom-ref": "91df02eaeecd459d", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-MDC2.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "25cb56e667cb00fa5814a1b20a61d6aab99cfb4c" + }, + { + "alg": "SHA-256", + "content": "e972ba9f44b5e47d6e879239dd51ab7fb9452eb4cacb950e5c2c821398f6d6fa" + } + ] + }, + { + "bom-ref": "34502f16226e82d3", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-NULL.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "2df9b22472ba46882dc4d82d129cca8214f51487" + }, + { + "alg": "SHA-256", + "content": "6b888d8866df01c656bf5b6f801d930bd8f6fcfd3bf335f04c3e29ecf874d754" + } + ] + }, + { + "bom-ref": "e9514150e59eddd1", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-RIPEMD160.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "501c0a33acb85d62945f26454253befac74b12f7" + }, + { + "alg": "SHA-256", + "content": "e5dddbee5c549b16fe6c74dccaa11f5187d4914dc50d66414cbb997794540a17" + } + ] + }, + { + "bom-ref": "e6158bdeccf8b95c", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-SHA1.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa6ee113c99d2dcae37160792c3a6f6dc5ee7b58" + }, + { + "alg": "SHA-256", + "content": "f9a8b8034ad4ec80c5d888eee2c0e41b9bad8b164bead41a5149766e814c1353" + } + ] + }, + { + "bom-ref": "380f15a0186b69d1", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-SHA2.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "b8a29484b63bc8d0ac452cddddaa05e946d8aaf6" + }, + { + "alg": "SHA-256", + "content": "58a2105a502493d7d5ec13e49d4318848f0e55ebe33aa219287fe33872c722f9" + } + ] + }, + { + "bom-ref": "1223afc00cf0844c", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-SHA3.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "4b80b438ae6fdd26f01e65e626cd8be1ced1e602" + }, + { + "alg": "SHA-256", + "content": "3057ff8d3c1aa31b87065feff4d52e5113c9495b1f9d7e1682a04ec763036cbb" + } + ] + }, + { + "bom-ref": "0b11dc6ec27fcb50", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-SHAKE.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "cce7913ddd497e5bc4a177cdcf9bbad7f62225c1" + }, + { + "alg": "SHA-256", + "content": "13db6eeb0883668e0df6a97fecc195999b1dc201e45ab074b921cb64609c1a2a" + } + ] + }, + { + "bom-ref": "40e6051abeb3f042", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-SM3.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "7f7f980654419e0455be32dc715952b183bbb412" + }, + { + "alg": "SHA-256", + "content": "73c375e85808bad375e6270767eeeafbe53c3eb8f73c48ca678fb8b457e0e88a" + } + ] + }, + { + "bom-ref": "ac57a7fab3558da3", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c08b7b4f28447c07bad9c4e088e1fb73cca1572f" + }, + { + "alg": "SHA-256", + "content": "25f5026878d44caccf615b259eecf2041d805858cae483a7f81fd9005a870a8f" + } + ] + }, + { + "bom-ref": "eb4659e903b52f95", + "type": "file", + "name": "/usr/share/man/man7/EVP_MD-common.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "6c14eeef33779a4ec1f47f703e42b440d163ea25" + }, + { + "alg": "SHA-256", + "content": "9018eee6bf69fada25a66de5333c28d19136b8dc1dc3e9427bf347ecc9bf5c57" + } + ] + }, + { + "bom-ref": "05269894336f94f1", + "type": "file", + "name": "/usr/share/man/man7/EVP_PKEY-DH.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "d7edaa83549df5ae3b9a6f7264b36855d11dd76a" + }, + { + "alg": "SHA-256", + "content": "eb0d58b8983f36dee2eadfbde585e9c96da892e5c0716028f03d45bc0c1ee338" + } + ] + }, + { + "bom-ref": "3717e7a528f67db3", + "type": "file", + "name": "/usr/share/man/man7/EVP_PKEY-DSA.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "247f40abbd4331e5b95efa57949e680960b0befe" + }, + { + "alg": "SHA-256", + "content": "40205f1717dbe4478e7c1f916f93c4fc0760fa295b1c580364adf5c38c1e06cd" + } + ] + }, + { + "bom-ref": "4c7ea6934cd41c12", + "type": "file", + "name": "/usr/share/man/man7/EVP_PKEY-EC.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "600d4bd1d42ac4a8b4f9baa161eb936dd823b8a4" + }, + { + "alg": "SHA-256", + "content": "b4115aa6c5d2c232c7f8b506e6636b58a1f1f0688d1c4651f49b82f25129b7cb" + } + ] + }, + { + "bom-ref": "91f91d555a9103a8", + "type": "file", + "name": "/usr/share/man/man7/EVP_PKEY-FFC.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "56b0f6536793be5ee2e94de6608f1ca37441e43d" + }, + { + "alg": "SHA-256", + "content": "ff6f56ab05f2549d8be2b60e51c640f3ef6d9115787dab3fde63023875ded470" + } + ] + }, + { + "bom-ref": "0a2c3c47f7545b9e", + "type": "file", + "name": "/usr/share/man/man7/EVP_PKEY-HMAC.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c5ac211bd688e67efb816151d1dcbad4ffabbc20" + }, + { + "alg": "SHA-256", + "content": "37a85ff053b85cb11ca6375ae0b39dc0746dd42820d0362c0ebb7886d21983a9" + } + ] + }, + { + "bom-ref": "164f352d72d01539", + "type": "file", + "name": "/usr/share/man/man7/EVP_PKEY-ML-DSA.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "76bb28f59894425a66199e8e557b9258e271f287" + }, + { + "alg": "SHA-256", + "content": "799556567884a8916eb610bc13080b3a5e400db5194966913580bf85b175c686" + } + ] + }, + { + "bom-ref": "a1e614a5bfcbaf8b", + "type": "file", + "name": "/usr/share/man/man7/EVP_PKEY-ML-KEM.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f295b63affe266f764c8fbcc1357df777dadec3" + }, + { + "alg": "SHA-256", + "content": "15c97da5cd2ee75fa69e576ab4c6da28dd2e64bf7247bae23ab5b539c735464d" + } + ] + }, + { + "bom-ref": "8f48b348d58b0ba4", + "type": "file", + "name": "/usr/share/man/man7/EVP_PKEY-RSA.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c3ff788711667cd488e005c3adf9e247ee162caf" + }, + { + "alg": "SHA-256", + "content": "7f6dde005bd8676338aa6993e687fd734a328a64ba87abc8a86ac17985a3e39e" + } + ] + }, + { + "bom-ref": "4e88db845a1d6c20", + "type": "file", + "name": "/usr/share/man/man7/EVP_PKEY-SLH-DSA.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "20676370d78badbeabe221dd7c2964b40d2e5d78" + }, + { + "alg": "SHA-256", + "content": "41ab32541a8ba6a0eb4438a8c2a333c5d3635ab1d1c50eb9e992c8c7890f8cbb" + } + ] + }, + { + "bom-ref": "f8db2e7291900711", + "type": "file", + "name": "/usr/share/man/man7/EVP_PKEY-SM2.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "a418d5c2ac6f5baaae5c3bfa82c22a0eb8749d72" + }, + { + "alg": "SHA-256", + "content": "18683281bde52c6383972d29f2f9f41b7e51c111faf1decf164583a91ced9cde" + } + ] + }, + { + "bom-ref": "5e03800152dd27d6", + "type": "file", + "name": "/usr/share/man/man7/EVP_PKEY-X25519.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f14ab18f1f33df038eabb0d574e3904e25df426" + }, + { + "alg": "SHA-256", + "content": "c44e89ca5e665bf45ce7ca95ab2a7b82890d1264ec9437bd14c55beb1db2a422" + } + ] + }, + { + "bom-ref": "cd89c7149d5b8519", + "type": "file", + "name": "/usr/share/man/man7/EVP_RAND-CRNG-TEST.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "35f867faf0236d2449fb991008cc14a1a887c626" + }, + { + "alg": "SHA-256", + "content": "cc5263874eacc2f69afab4e742df56787ed0bbe6ad70cdca61189d642f7fb0b6" + } + ] + }, + { + "bom-ref": "34df9b20f6f66964", + "type": "file", + "name": "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "a9feb30594129b4df7b544dd618eaf69fda4b3c5" + }, + { + "alg": "SHA-256", + "content": "d5dcc7c74787dabc25cb173014befed9ea57f0a88dc501979f5b7b950d49765b" + } + ] + }, + { + "bom-ref": "f4cfffc2116f7bfe", + "type": "file", + "name": "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "8f048c3aca7b684516bd5949931f05470cb7a3c9" + }, + { + "alg": "SHA-256", + "content": "0259fbf7534f2ea1a218bce2a22f6bd36844472d2d005996096034d319158896" + } + ] + }, + { + "bom-ref": "469a3d0c003455eb", + "type": "file", + "name": "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "690a826e166e6c824074301810fd9c7fff1ee695" + }, + { + "alg": "SHA-256", + "content": "5e9e3f48db77000183bb65d84f4ec7bbfbf5bce78704645496ea64ecb3d5766e" + } + ] + }, + { + "bom-ref": "effd69c97c9344b7", + "type": "file", + "name": "/usr/share/man/man7/EVP_RAND-JITTER.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "245353702e6bb45523fc4fa40ecc2fc22f587dd2" + }, + { + "alg": "SHA-256", + "content": "2d564e37e863790cc9458e1648c85b8378d6e0a9ad93d710d3f0a49c3ea0edd9" + } + ] + }, + { + "bom-ref": "dda5f2f598756220", + "type": "file", + "name": "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "0e07d9573660c92e80068caad010292df0829c2d" + }, + { + "alg": "SHA-256", + "content": "78ed0e17531af03d68d54e7788ecb5b2cfe3e484d66113faa2132228716daf82" + } + ] + }, + { + "bom-ref": "c358961d83fa600f", + "type": "file", + "name": "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "d131282cda3340b32b97334ea367def51f1c2eac" + }, + { + "alg": "SHA-256", + "content": "6365df34ca70b738dbc19bac83a265955c0ec8bbfca32d3d036460e548d148de" + } + ] + }, + { + "bom-ref": "fe9eae88652d3c8c", + "type": "file", + "name": "/usr/share/man/man7/EVP_RAND.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "b021089b83b345c2a1bb39f01f1b3938a5833932" + }, + { + "alg": "SHA-256", + "content": "1150df4ca1c2206ca30b5a4a28e1150b07badecb6d4819d6a1f3ce3366201d2f" + } + ] + }, + { + "bom-ref": "0b3ada17b5808025", + "type": "file", + "name": "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "0acfe8936332565aa2718be92b1b82deef1e40de" + }, + { + "alg": "SHA-256", + "content": "fe879790d45d1bf76d440079aa73c36d0727ad1c302b1012d4d4f1ed01b9b291" + } + ] + }, + { + "bom-ref": "22a3961e6fdd8f2e", + "type": "file", + "name": "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "b85de04be695db96e289bd65f90605a38b140db2" + }, + { + "alg": "SHA-256", + "content": "aa23c62df9303e39d1276a8489dcd99f1890f044bb42a33f0b03ca7088cf236c" + } + ] + }, + { + "bom-ref": "7e6f15db1d2d3469", + "type": "file", + "name": "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "48ece9fdb5e703d59f54926f02151da34968b331" + }, + { + "alg": "SHA-256", + "content": "6b47aa8bf2955db526004dd8eeb512563061cb4b9d518c540171089b2915786b" + } + ] + }, + { + "bom-ref": "c5d017216849682d", + "type": "file", + "name": "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "576c5656a043c2ec5a1e9a58981cb11dc3509cf4" + }, + { + "alg": "SHA-256", + "content": "95e2223f981cd7365f5cdd5459faef4d661f0f9497a9ec5f0d6c1dcdc9682b8a" + } + ] + }, + { + "bom-ref": "b03e6f64daabd092", + "type": "file", + "name": "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "86f36327b128520d75b2e55c79a4f121dccc7d85" + }, + { + "alg": "SHA-256", + "content": "5a04a083fff068a1a54a3a2bb2810943f82dd5c7aa2cb4ca1eb7884349e3cfbe" + } + ] + }, + { + "bom-ref": "3978c1ded75360d2", + "type": "file", + "name": "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "053d6582112fb6a7db07987c813737ab8b07c9ac" + }, + { + "alg": "SHA-256", + "content": "e7c24c0f8f7593c8c0f2d85b60cd0cdf33e78f9e6ba6414a53df06ae4eb16277" + } + ] + }, + { + "bom-ref": "77c3c07010d12669", + "type": "file", + "name": "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c463632046cdb268451bf49b3e2baed504da26f4" + }, + { + "alg": "SHA-256", + "content": "efa7726fe98300fc2b5eba273b626d7e36cd30a688eac5fc4833e94705a0c93b" + } + ] + }, + { + "bom-ref": "e851d200f2c305dd", + "type": "file", + "name": "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "67a795209a5159334401304c0aa8ee90ed11a5f8" + }, + { + "alg": "SHA-256", + "content": "5e1fee30b775716756f7f35ef3fa8ea2ce9181b7bd09638c2457b40961d3cbfb" + } + ] + }, + { + "bom-ref": "08389c7ca7020248", + "type": "file", + "name": "/usr/share/man/man7/OSSL_PROVIDER-base.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "51c822dbc7f5d7e3e24021ac54a26a466bb1fc5e" + }, + { + "alg": "SHA-256", + "content": "75ce22e58e16f3676d8048d80988c9e04164280940c134a22406c196cb8397f5" + } + ] + }, + { + "bom-ref": "dcfede4baf820cb0", + "type": "file", + "name": "/usr/share/man/man7/OSSL_PROVIDER-default.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "3e712c877b809c2b7ea08e8d20ebadcc86a350cf" + }, + { + "alg": "SHA-256", + "content": "5634d71e60866269838a5d76079d2b334e70bd5d7fd46b99291dea8b6ba2d1ca" + } + ] + }, + { + "bom-ref": "953494b038436cb6", + "type": "file", + "name": "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c8742ee755b5cdef416fa41177137859947ba5d5" + }, + { + "alg": "SHA-256", + "content": "06c925a915991c880ed7a7a02237c15e9f836155a5d31d52ebbd04a15822da08" + } + ] + }, + { + "bom-ref": "8824c210f678a8fb", + "type": "file", + "name": "/usr/share/man/man7/OSSL_PROVIDER-null.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "0809fff2a8ddc81188175c8d877471835e1299dd" + }, + { + "alg": "SHA-256", + "content": "6f1eb27a9bda8f1c2995c6d049cb351536931594c6bf1e0630b09e14332963ee" + } + ] + }, + { + "bom-ref": "c302d53de8a0a610", + "type": "file", + "name": "/usr/share/man/man7/OSSL_STORE-winstore.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "bc55b8b0392553cc5ada762f492b72c630de7327" + }, + { + "alg": "SHA-256", + "content": "13b5944e85181062fd4a534b0d7f36f81d338f0eaf86745616178e608547fca9" + } + ] + }, + { + "bom-ref": "b4eb6556380b1ece", + "type": "file", + "name": "/usr/share/man/man7/RAND.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "29c49852d32bef1a68842bb89a7d2eeaebc35d0c" + }, + { + "alg": "SHA-256", + "content": "9a7b237d5484cd1511f2eaf54f3b86b1038fad924d179a0261bffd2c336d0291" + } + ] + }, + { + "bom-ref": "8f3b76c59363aa11", + "type": "file", + "name": "/usr/share/man/man7/RSA-PSS.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "5da2bf95c85997466406a6f771e66c8a114c8216" + }, + { + "alg": "SHA-256", + "content": "ee7e644c043ce90a627f9674b744d88a1adfc1f3881d07e09d4c2b498dc3050a" + } + ] + }, + { + "bom-ref": "40616822d43702fa", + "type": "file", + "name": "/usr/share/man/man7/X25519.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "9738a115ce54e0bd2f570df81191abd91326ec53" + }, + { + "alg": "SHA-256", + "content": "6a35d5639f030ce4a971216a70e04b265c1e9766032a2045876bbc680470c841" + } + ] + }, + { + "bom-ref": "9850eedf46693151", + "type": "file", + "name": "/usr/share/man/man7/bio.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c1523f3a9accf1e225f3794375d56ebcd77d1dac" + }, + { + "alg": "SHA-256", + "content": "2256cd5b5747dfd314c8ef649d77d7f0c687536f19aec0f9011dee25ec1c064c" + } + ] + }, + { + "bom-ref": "e805870ce82f9ddf", + "type": "file", + "name": "/usr/share/man/man7/crypto-policies.7.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "9092074e065d28c81e81f837863f0139267a2b04" + }, + { + "alg": "SHA-256", + "content": "b7798e9f31248342b6a56b6a9555a65fd61f5180808fb98ad26a63b6fa49b8dd" + } + ] + }, + { + "bom-ref": "ac109f4be4188339", + "type": "file", + "name": "/usr/share/man/man7/ct.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "a9d10e3e13b0f80c8edbab5b8e906cc548a982cd" + }, + { + "alg": "SHA-256", + "content": "11d22a2651b8066d55c4097519b8fa31ffc85e8a560c9dbbf7c888544153da1d" + } + ] + }, + { + "bom-ref": "a3f6b17683961d43", + "type": "file", + "name": "/usr/share/man/man7/des_modes.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "9581228b6faa042cc2f9dbe96119ce035c771f9a" + }, + { + "alg": "SHA-256", + "content": "7d9153f3059a6980686573193bff3d6261ca162190b27d6af5b947d76398671f" + } + ] + }, + { + "bom-ref": "6c8868eb7d22aacf", + "type": "file", + "name": "/usr/share/man/man7/evp.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "e4e477582992ca7b05e085b2b187feffe1e987dc" + }, + { + "alg": "SHA-256", + "content": "0a76b75e6e34ae1195b5983fdc5a91a37037450b62a5433cb059ccf3ecd43bdd" + } + ] + }, + { + "bom-ref": "ad74469e5bea331e", + "type": "file", + "name": "/usr/share/man/man7/fips_module.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "94e69b35050c41b5263e99b4ee903d90dff37fbe" + }, + { + "alg": "SHA-256", + "content": "020fab93e995d03b95189a11d40e81a4422d295db9c3396083f4e95861e436ae" + } + ] + }, + { + "bom-ref": "6dd72dec86149806", + "type": "file", + "name": "/usr/share/man/man7/kerberos.7.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "b4a71a4ce27c9392e96f4195573ed7499fe68f46" + }, + { + "alg": "SHA-256", + "content": "06b401f61c72c02d37d8584572696df5fe8891686727f40d2636ca5f44435bc6" + } + ] + }, + { + "bom-ref": "a16275234016a655", + "type": "file", + "name": "/usr/share/man/man7/life_cycle-cipher.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "70893e5bab72c671f02d2ee3334f8044cd2ac6d6" + }, + { + "alg": "SHA-256", + "content": "c13bcd281901af42ebe19fa5ddbea78185d0efb5c73628d25cc0fa03f95444a9" + } + ] + }, + { + "bom-ref": "f7389995945cefc5", + "type": "file", + "name": "/usr/share/man/man7/life_cycle-digest.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "aa15f4b83e9439f572a0e3c8267a04f97eda3b7b" + }, + { + "alg": "SHA-256", + "content": "f735bc4ffb52b870581bbfa5813b14ac278694c19611e65d21ef7390759af50d" + } + ] + }, + { + "bom-ref": "7075d77f48f819db", + "type": "file", + "name": "/usr/share/man/man7/life_cycle-kdf.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "408469cf7bdf2b6ab284c649cec92cf007e6fc1f" + }, + { + "alg": "SHA-256", + "content": "f59a36ed427968aecedb7d0325b2b0753cb90793d6c36f6286fd471479cb9a40" + } + ] + }, + { + "bom-ref": "9198d6c05a6327fb", + "type": "file", + "name": "/usr/share/man/man7/life_cycle-mac.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "ed0509a593721be29dbc2cd6e0a794f2772def87" + }, + { + "alg": "SHA-256", + "content": "fb65415767b528fd9707e5048e7e3349e66058e8cd511b8d7934fe44b1fd4743" + } + ] + }, + { + "bom-ref": "127b13d2bc472163", + "type": "file", + "name": "/usr/share/man/man7/life_cycle-pkey.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "bd2575ad5fe2b10be688ddd51267c48da7ecc3ce" + }, + { + "alg": "SHA-256", + "content": "5b489671bbd1fe2aece3a1eb7a7a830188db05d0d1cd0d465a9d1444b6202e07" + } + ] + }, + { + "bom-ref": "8e00f1b19b53f224", + "type": "file", + "name": "/usr/share/man/man7/life_cycle-rand.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "af469a4b0cb6490c6a5fe5816e04417b6983223f" + }, + { + "alg": "SHA-256", + "content": "4ddff0ef7c386842680f163aa46afc4ee4b1cc628534835341a0a4457b060252" + } + ] + }, + { + "bom-ref": "9405b70229ad2c0a", + "type": "file", + "name": "/usr/share/man/man7/openssl-core.h.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "734863517602e4c431c5de0476edf41b37734b51" + }, + { + "alg": "SHA-256", + "content": "a0ca28b82dd85492206f6e397c01b6bcc186b0b626db4b98efe95c47221d2bef" + } + ] + }, + { + "bom-ref": "50eb8ce87c65d0b9", + "type": "file", + "name": "/usr/share/man/man7/openssl-core_dispatch.h.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c1c76d96a6aeeb191690466f8c5a7bd55c12b404" + }, + { + "alg": "SHA-256", + "content": "1db039e4c77f5f1737481298a6ad81f50fed41b7b69e1c3cb1b1a82aad51de0e" + } + ] + }, + { + "bom-ref": "e7ef7561df01cdbd", + "type": "file", + "name": "/usr/share/man/man7/openssl-core_names.h.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "5d6a893f1ba6093434235d4f769c993bf2e8b64e" + }, + { + "alg": "SHA-256", + "content": "7cac2f3cc5a889d0c368abac794c451a27a0c90efe8a85e940e9ea46c64ab4a7" + } + ] + }, + { + "bom-ref": "93aca83efcab4231", + "type": "file", + "name": "/usr/share/man/man7/openssl-env.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "76d23fd440a1a4156084bc648c518056de658166" + }, + { + "alg": "SHA-256", + "content": "15e2f195fcc9a9da18e513f6e414147f4bf0dc9b27b61de13fdc62315d7e9c96" + } + ] + }, + { + "bom-ref": "9318266d310bb3cb", + "type": "file", + "name": "/usr/share/man/man7/openssl-glossary.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "52e6dcaee085dae678d41a589157b7460d14f700" + }, + { + "alg": "SHA-256", + "content": "5a56b5edd88416097bce26a92f31448e28e08e3e23a3e1d3f80bd8e1cffbba61" + } + ] + }, + { + "bom-ref": "9c4dff099946523a", + "type": "file", + "name": "/usr/share/man/man7/openssl-qlog.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "5e93c37f505bc84caef3a863c9b302df8aacd4a9" + }, + { + "alg": "SHA-256", + "content": "1de6e247881905868cda2bee686da11e2fe0c67375c2670a7412eb9e852fd8b0" + } + ] + }, + { + "bom-ref": "1cf26eb3e5d7d8f4", + "type": "file", + "name": "/usr/share/man/man7/openssl-quic-concurrency.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "b107a17baef168902f1281ef988b9427e9271f02" + }, + { + "alg": "SHA-256", + "content": "54d7d935831ed4f1f8dcb8b50ac4fadb458492c16cb9209978c001a19a1d5501" + } + ] + }, + { + "bom-ref": "e79d0b5e8522462e", + "type": "file", + "name": "/usr/share/man/man7/openssl-quic.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "30b9d2cc50e8f3b61c2ce9fd38d1e48ac6287a3e" + }, + { + "alg": "SHA-256", + "content": "86ac52650a21a5ed93c2075c744171fb448ac4aadab51298dc38d1157a613971" + } + ] + }, + { + "bom-ref": "2f61072da3b72ad2", + "type": "file", + "name": "/usr/share/man/man7/openssl-threads.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "2f88d7d36f7b6f89d48ee0b3dd058480ea4a4a9f" + }, + { + "alg": "SHA-256", + "content": "ad0782bc2b97d5eb164307e8c278f7d5064f4bd30a4b182803dc619bb509565e" + } + ] + }, + { + "bom-ref": "45bce5e300fd4ccf", + "type": "file", + "name": "/usr/share/man/man7/openssl_user_macros.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c6acb125ed1d512523040c28f6cf2b8810891de4" + }, + { + "alg": "SHA-256", + "content": "98b6f19211cf4ec8e937bd3e84e795fcb0c82f23141d3abc5f3d6e30ebf63f30" + } + ] + }, + { + "bom-ref": "34f86a316b899160", + "type": "file", + "name": "/usr/share/man/man7/ossl-guide-introduction.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "f7bcdeb3e454a6ad13893ebd17352071b752f8a4" + }, + { + "alg": "SHA-256", + "content": "58b9b4fd3306f54579797fe9b3404b49a501bc985076d1bf57b11dce9e487973" + } + ] + }, + { + "bom-ref": "9472f49a2146cbf3", + "type": "file", + "name": "/usr/share/man/man7/ossl-guide-libcrypto-introduction.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "a1ef6b3d821dd73082b65a843f8c7f3ae0e0333f" + }, + { + "alg": "SHA-256", + "content": "c02386a18012d0dd8ebd6eed739e25516fedd000532f843fd24d6326120e8e2c" + } + ] + }, + { + "bom-ref": "a90401c687aafd46", + "type": "file", + "name": "/usr/share/man/man7/ossl-guide-libraries-introduction.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "8274bc10267b68ea0362006359dd37a1486c8797" + }, + { + "alg": "SHA-256", + "content": "11895eb4691400975a03ef5b2828a233a418cdd17675d27e8dcf65993d9614b0" + } + ] + }, + { + "bom-ref": "38c9e9de9ef8b1bf", + "type": "file", + "name": "/usr/share/man/man7/ossl-guide-libssl-introduction.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "deab25bc149dbc97b0e1a49cb29c7c6eb2af5e46" + }, + { + "alg": "SHA-256", + "content": "71f8479fa3655690a01218f3b68e5311a55749a14f339566d0b7d91d8068b53b" + } + ] + }, + { + "bom-ref": "b8889875fe5d8ccc", + "type": "file", + "name": "/usr/share/man/man7/ossl-guide-migration.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "e045b3d467d7fa6758770a091b4525dab98d0d3b" + }, + { + "alg": "SHA-256", + "content": "1a77c395329528a07988f504fc59ce0e0799d2f0469cd941d8a7e35b48b81a6c" + } + ] + }, + { + "bom-ref": "28dfcfd179be0b78", + "type": "file", + "name": "/usr/share/man/man7/ossl-guide-quic-client-block.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "490635fd5c0392732b2247928b5f0b3a8169bd2f" + }, + { + "alg": "SHA-256", + "content": "4763b0fd4136950e01479bbe8760ebf00c2b96e95e788ea91224bd3db7c136f7" + } + ] + }, + { + "bom-ref": "45807708e472faea", + "type": "file", + "name": "/usr/share/man/man7/ossl-guide-quic-client-non-block.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "8f6f67c3133af8a0a251c9940683d85aabc8893c" + }, + { + "alg": "SHA-256", + "content": "af5a966bbf726386772879b40bdf11a3be4ce5b28d65ee37f1af800b1e73d2f2" + } + ] + }, + { + "bom-ref": "460d5c116f6223dd", + "type": "file", + "name": "/usr/share/man/man7/ossl-guide-quic-introduction.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "920622e5cb29ad036559668d9fd403008ec85b1d" + }, + { + "alg": "SHA-256", + "content": "2b7874c08565763002478362fe83955be43155ab0d8ce31ce4a5b86a06b01789" + } + ] + }, + { + "bom-ref": "ddd66b78c7891cd8", + "type": "file", + "name": "/usr/share/man/man7/ossl-guide-quic-multi-stream.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "9327ca8a5364b603a3afde411d4ead6cc2489171" + }, + { + "alg": "SHA-256", + "content": "e6bf5243f928ac1e5024380ebeea8a3dd6ef9570ee88595cac42889efe78ea72" + } + ] + }, + { + "bom-ref": "3dfdfeadef568451", + "type": "file", + "name": "/usr/share/man/man7/ossl-guide-quic-server-block.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa62ed5cc5069839268b39b4e7ff4266dc41b9a3" + }, + { + "alg": "SHA-256", + "content": "44e1b008149d71f66e129c0ab092bafebdaf4ac444558bac3d2f2132965a3769" + } + ] + }, + { + "bom-ref": "fa9a2006ebdb8c1b", + "type": "file", + "name": "/usr/share/man/man7/ossl-guide-quic-server-non-block.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "a724051b9bcd56ff95fd8dae07b6e9e7c4332e0b" + }, + { + "alg": "SHA-256", + "content": "5134015cfcc302ad4b548be43fce0c07947401535e638b973b38f15d405f3ab2" + } + ] + }, + { + "bom-ref": "00e72aac91d28573", + "type": "file", + "name": "/usr/share/man/man7/ossl-guide-tls-client-block.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "fe783dde1f04fcd631024c52777e90e4a13871ac" + }, + { + "alg": "SHA-256", + "content": "c6a2090730762fac75b257a545fa3dced6e75be8303269ac0696ce58a883f47d" + } + ] + }, + { + "bom-ref": "0d6444570e9a4441", + "type": "file", + "name": "/usr/share/man/man7/ossl-guide-tls-client-non-block.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "308da4f7d747dd91fb91be866b0506d4aa4615bb" + }, + { + "alg": "SHA-256", + "content": "28410b61c2b970d20bc764f5abeae9a37d1eb8f2c1a7d46eb857ce278abcc7e0" + } + ] + }, + { + "bom-ref": "30ba784dfcde4319", + "type": "file", + "name": "/usr/share/man/man7/ossl-guide-tls-introduction.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "66ca0b0e1eb4c83d78783dbb88530205d7bfc30d" + }, + { + "alg": "SHA-256", + "content": "6bb4d4c2d4dc5d52b9754a262d2872be9b11156391431c238b510de7e797be62" + } + ] + }, + { + "bom-ref": "70a4e9c2614d0bc8", + "type": "file", + "name": "/usr/share/man/man7/ossl-guide-tls-server-block.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "43ad31ae3b8a992032815515fe5ddf75eb359cf5" + }, + { + "alg": "SHA-256", + "content": "7807df01a66dc902145ef198014df925c21a6a39b7d773f0739f7f6a4174bb05" + } + ] + }, + { + "bom-ref": "98d38560381f1526", + "type": "file", + "name": "/usr/share/man/man7/ossl_store-file.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "103ac6fc1d5fd58bb4b381a41eae522898f0d329" + }, + { + "alg": "SHA-256", + "content": "7b6f1097befa944653d94d5e56310eb54ff1aca43587b2234ae406a49469137a" + } + ] + }, + { + "bom-ref": "1ba2765c720edf90", + "type": "file", + "name": "/usr/share/man/man7/ossl_store.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "ce9d916acd000440edced818f653ea92d1332f62" + }, + { + "alg": "SHA-256", + "content": "f31e0262ac1704c7fe3ba04f0afde26bdf7184abe396946374d9f08e8664cd81" + } + ] + }, + { + "bom-ref": "1fc819056b194ba1", + "type": "file", + "name": "/usr/share/man/man7/passphrase-encoding.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "40f293dbdcdb287c235c05caec5aa3cf5bb538a8" + }, + { + "alg": "SHA-256", + "content": "4e62afbc88c4a4def0aebfd7ee39019f8138fa07ebe823b0fe416151d55f22b9" + } + ] + }, + { + "bom-ref": "4c23c7378d159b46", + "type": "file", + "name": "/usr/share/man/man7/property.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "aadbc0acc9aee369e63077355d5dec4fcfd9d142" + }, + { + "alg": "SHA-256", + "content": "271dcb89afc8604fa7bc07d54e802718889b30dd9d7ae7453693489add058c8c" + } + ] + }, + { + "bom-ref": "7f4b6e2448ed3140", + "type": "file", + "name": "/usr/share/man/man7/provider-asym_cipher.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "d6539c607153083d988e98d2b8b007f1c4653c7c" + }, + { + "alg": "SHA-256", + "content": "e84fed2c876fb58311e6222289b5dc3d48b984c96f6a06979af8f13689ad1b8f" + } + ] + }, + { + "bom-ref": "3ad33f14bbbecc4f", + "type": "file", + "name": "/usr/share/man/man7/provider-base.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "6b7abd391ffcb2e8177e794d7f0b6f4984c2c77a" + }, + { + "alg": "SHA-256", + "content": "6d81d8a87df7066c1708d2949785beae4c0413675895ee9dcc57ed354b1c27c4" + } + ] + }, + { + "bom-ref": "bb179cb5784643e0", + "type": "file", + "name": "/usr/share/man/man7/provider-cipher.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "28b4a633e66dec774e0f8e3399d50378b9de5554" + }, + { + "alg": "SHA-256", + "content": "ecb6f6166b1b89149185c868145530830864b5a4895ff60effc25c9d553ea183" + } + ] + }, + { + "bom-ref": "95755bdbf4c35b87", + "type": "file", + "name": "/usr/share/man/man7/provider-decoder.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "91a0f2587ee512857e8f46ad1dd0244937886ca7" + }, + { + "alg": "SHA-256", + "content": "948ae40cb4108897e0e6a318d0093ef6131ba2c14dbcae54b64d87ff88509cee" + } + ] + }, + { + "bom-ref": "35251537084ad631", + "type": "file", + "name": "/usr/share/man/man7/provider-digest.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "dea983f70e57712848006b172d874429c465d3c9" + }, + { + "alg": "SHA-256", + "content": "f749d6c6f93e362523ffd44025ec2210abbdfde3aba18777c7b704c6f6682df9" + } + ] + }, + { + "bom-ref": "35e43fc4d5dfd95a", + "type": "file", + "name": "/usr/share/man/man7/provider-encoder.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "2b02c3f5f28f8a3f67b22ddc87d7535bd1e0214b" + }, + { + "alg": "SHA-256", + "content": "4a05eed4b3ff9cd8a1d209f417d60db1f1ec1cd6ae404d4b72b741cca8465036" + } + ] + }, + { + "bom-ref": "3b7481d6c56feb94", + "type": "file", + "name": "/usr/share/man/man7/provider-kdf.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "aed5bb3c0154796048825dc43648b0bd2527b3ef" + }, + { + "alg": "SHA-256", + "content": "897d92ab8281d249cd641efa69c308844ba027f636dfae1e53954ed64c44bd15" + } + ] + }, + { + "bom-ref": "18ede0deb982b800", + "type": "file", + "name": "/usr/share/man/man7/provider-kem.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "5a12d1a9dc6291510e1cbd9c611a8504e9e83490" + }, + { + "alg": "SHA-256", + "content": "b12b54cf732e7c0cd687ae71052b9f9174da0508f504e6fc8d994a3a5b29577c" + } + ] + }, + { + "bom-ref": "d99e42a25be30c76", + "type": "file", + "name": "/usr/share/man/man7/provider-keyexch.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "10e25eb58a272682017167ececd786c1dff7aa94" + }, + { + "alg": "SHA-256", + "content": "af8d7802d1f7ab5ac8f9f427e19603274138a346e77d993bbca771ddf83e14dc" + } + ] + }, + { + "bom-ref": "d9f36e6fed776f19", + "type": "file", + "name": "/usr/share/man/man7/provider-keymgmt.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "94918a793e449274ec2a23ff241dd20426bc5248" + }, + { + "alg": "SHA-256", + "content": "07180dc901461cc192ba2850e63cf745b166d35c3b081f2d262d5414098c461d" + } + ] + }, + { + "bom-ref": "3af3c17164dced1d", + "type": "file", + "name": "/usr/share/man/man7/provider-mac.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "1042a1af952ca945bf2079b2c61d84535683e5c9" + }, + { + "alg": "SHA-256", + "content": "df27f247c67cc68bc59a824696bf3ebe29d67178f8d25239846d1d5d4fe526da" + } + ] + }, + { + "bom-ref": "ad7650e90c02e7ae", + "type": "file", + "name": "/usr/share/man/man7/provider-object.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "2548ecff1ae1bf7cca830a08cb7bc2f231b07d06" + }, + { + "alg": "SHA-256", + "content": "1c24a0f260f4c76386cf6f9526ad2a16713ea61830a5ee1efbd96afc28d0129e" + } + ] + }, + { + "bom-ref": "64f306c08f107916", + "type": "file", + "name": "/usr/share/man/man7/provider-rand.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "cb184c2a5334e15890ad365c7cccb8a8445d0169" + }, + { + "alg": "SHA-256", + "content": "fc8dc315b18912235b729b50877149c6c9d13caa8e7fc5ef03aad52e1f736085" + } + ] + }, + { + "bom-ref": "2e6e0bd2077d78e3", + "type": "file", + "name": "/usr/share/man/man7/provider-signature.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "715e7f9c33b59fc00c6d6124c671e7941c876ad0" + }, + { + "alg": "SHA-256", + "content": "91a46ad91428eb1b168c4930e43beaed4018ffa81f6c3a47933355c75d33d945" + } + ] + }, + { + "bom-ref": "807793bc82961c26", + "type": "file", + "name": "/usr/share/man/man7/provider-skeymgmt.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "1747905ee5f313c2e5b223bdd7b3e0aaf81b8a3f" + }, + { + "alg": "SHA-256", + "content": "74ad115441e7b953dd94f2da033f77857770397b4c5da64b4ec74ee96e790108" + } + ] + }, + { + "bom-ref": "04979271e7e61cf1", + "type": "file", + "name": "/usr/share/man/man7/provider-storemgmt.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "7b31524aa1649d055ec98908b22d5b8e104684d1" + }, + { + "alg": "SHA-256", + "content": "6a4a17abd97359423c43b8f6477e5d796625306c29515af42bee32fb21590282" + } + ] + }, + { + "bom-ref": "afa96907b0c15332", + "type": "file", + "name": "/usr/share/man/man7/provider.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "506fcc2fbd3d1d6420703b727deb2b46374db304" + }, + { + "alg": "SHA-256", + "content": "c2fdede907af8ea7f09fea83a579d523b19a4cf75acb6ba0fe3b3588aa7b8131" + } + ] + }, + { + "bom-ref": "d9428be1cfec208f", + "type": "file", + "name": "/usr/share/man/man7/proxy-certificates.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "b48e136e84af7b2258a6f518629f50043cd6533c" + }, + { + "alg": "SHA-256", + "content": "d0b141855efc0cd70db908af40ca55b3e6c71919d8807c918196fb5ef27502a1" + } + ] + }, + { + "bom-ref": "8cb4be846bdf4a6b", + "type": "file", + "name": "/usr/share/man/man7/x509.7ossl.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "a173922261cc5bbd3279368a724499167db4ad8d" + }, + { + "alg": "SHA-256", + "content": "21773cae697cf5d36cb055b634850dab6bc9afb274a21f6d8d36d6e79df866a6" + } + ] + }, + { + "bom-ref": "f7da459eec88b367", + "type": "file", + "name": "/usr/share/man/man8/alternatives.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "818233332f9b07a1351710ff6ee9a1d520a803db" + }, + { + "alg": "SHA-256", + "content": "486f5011e513cfe9f2aa0fc837f38927c8c2af7b1a54e0d919d43645e552d829" + } + ] + }, + { + "bom-ref": "979f7169936e88d6", + "type": "file", + "name": "/usr/share/man/man8/ca-legacy.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "5201c006b12e6327ffdbd3e66074debfb320e0c7" + }, + { + "alg": "SHA-256", + "content": "25cfe6db0a9f9ab8f0476903cef280c5a073f099519ae4ddd0a073eefa53cd17" + } + ] + }, + { + "bom-ref": "8c6e70c8073dd743", + "type": "file", + "name": "/usr/share/man/man8/chgpasswd.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "136c56a24d755ca13c5b978c71e7fc28b98bfed4" + }, + { + "alg": "SHA-256", + "content": "a6e0963808914bbdd01576f37d8fbc0a56a389360f9cb7528b606b93ad65b0fe" + } + ] + }, + { + "bom-ref": "04f2af066de0b149", + "type": "file", + "name": "/usr/share/man/man8/chpasswd.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "0780c29d9da452188982c3c69df39e6d153bc3c6" + }, + { + "alg": "SHA-256", + "content": "e99b4d1203743bf05eb9616888310c0c5a01b0c4eb5bf75e119c206e44b6c33a" + } + ] + }, + { + "bom-ref": "508f3556caa1e8ec", + "type": "file", + "name": "/usr/share/man/man8/getcap.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "e89253471e0e928279ce7cb0722a13f078189e52" + }, + { + "alg": "SHA-256", + "content": "8504a853a37e47cd61a3f0dca3eb3c10a64df63c7f185bcc98b9fd3f34a26b38" + } + ] + }, + { + "bom-ref": "ae8e6fdb3bff5894", + "type": "file", + "name": "/usr/share/man/man8/getpcaps.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "977480bfc147a0fc6aea7dd0c04ceabb41be7307" + }, + { + "alg": "SHA-256", + "content": "cb777f28334500ac5b37bdfb0325b2bbe12c1f08953686c9a94eaa6366dbfb02" + } + ] + }, + { + "bom-ref": "c8eef5d64160aec3", + "type": "file", + "name": "/usr/share/man/man8/groupadd.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "d0b763acf648a0dbbda72be270755fe05ca70733" + }, + { + "alg": "SHA-256", + "content": "8ea1978377b2a22456443edcf6889cb8a74b65026bafd417df8da981e5a1d9d0" + } + ] + }, + { + "bom-ref": "9339aac8feecce6d", + "type": "file", + "name": "/usr/share/man/man8/groupdel.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "619452d0cf3bd7f40c72e80eaacb4dc039f32c5f" + }, + { + "alg": "SHA-256", + "content": "b90f55b4f492761d2ecdadfe518c1d30080af13b7ee53a8d77c51976530db624" + } + ] + }, + { + "bom-ref": "7fecc962fc876f80", + "type": "file", + "name": "/usr/share/man/man8/groupmems.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "078bd8cff1a8a484b6c174293a5af7eb8db9fbd0" + }, + { + "alg": "SHA-256", + "content": "3155aaa0d9c29b2449222888e74ac34b1684d3537d89973b9ad9958a2f09615a" + } + ] + }, + { + "bom-ref": "aaf3bf68249c31a2", + "type": "file", + "name": "/usr/share/man/man8/groupmod.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "be810cba867f850445b74f256e774c5dbf784cc8" + }, + { + "alg": "SHA-256", + "content": "dbaa039b771872344ae1576c813109c3bbf5cd09d5fd1cdd4aa031379e308eed" + } + ] + }, + { + "bom-ref": "f6867945d3c955d1", + "type": "file", + "name": "/usr/share/man/man8/grpck.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "40ce8cc87b86f961d0a4024aace6f97317aea84b" + }, + { + "alg": "SHA-256", + "content": "4f9d17ad9c8aeaa651ded8f6457a71192c07ece9091899ab7fe9002e92202698" + } + ] + }, + { + "bom-ref": "c95c777efd3b33f0", + "type": "file", + "name": "/usr/share/man/man8/grpconv.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "d189fb1bf8491582d6e8372db76c20a98b53aeec" + }, + { + "alg": "SHA-256", + "content": "1de2873f0b66dd4bfc3d78fa621727e9b01a1304dd2f627f8ef92e454c06fdf0" + } + ] + }, + { + "bom-ref": "e7c59d719c145ebe", + "type": "file", + "name": "/usr/share/man/man8/grpunconv.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "d189fb1bf8491582d6e8372db76c20a98b53aeec" + }, + { + "alg": "SHA-256", + "content": "1de2873f0b66dd4bfc3d78fa621727e9b01a1304dd2f627f8ef92e454c06fdf0" + } + ] + }, + { + "bom-ref": "bf13bb4fc87a4e51", + "type": "file", + "name": "/usr/share/man/man8/lastlog.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "0122c24d33c3f1f5921cafee5c565d2f66dde371" + }, + { + "alg": "SHA-256", + "content": "1b68dd77880e9772b3fa4c0ff0547a91d24a07c8ac220897fc608342526d6342" + } + ] + }, + { + "bom-ref": "32ecdc00bc8f1320", + "type": "file", + "name": "/usr/share/man/man8/libnss_myhostname.so.2.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c32a3c7e2dec394629f98e8ba10f8c0cdafacc12" + }, + { + "alg": "SHA-256", + "content": "b2f995e61359cb0efbfb6b3356f29136fd7e1c15ee1c3d3909ac0cc9e92826d5" + } + ] + }, + { + "bom-ref": "8913e02f37ae1f62", + "type": "file", + "name": "/usr/share/man/man8/libnss_resolve.so.2.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "e9dad32e403cd4c43b4345b93e6d45c640374312" + }, + { + "alg": "SHA-256", + "content": "a68b9870d5051a5c63125019047f4ab0c9ffe0b94e3fb829d6df75a572ba87d0" + } + ] + }, + { + "bom-ref": "c941dd2fee8bc9dc", + "type": "file", + "name": "/usr/share/man/man8/libnss_systemd.so.2.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "1d362af7faf3ec53d5a2133f21ea739acc60ce29" + }, + { + "alg": "SHA-256", + "content": "3b085ed21510b7f307f8af04e73d95c854d12d6c51749a801ab6bdbd6d679213" + } + ] + }, + { + "bom-ref": "3a93c2921610e609", + "type": "file", + "name": "/usr/share/man/man8/newusers.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "e9b810435a301aa1ffc3bc18261734b7f2cb3b86" + }, + { + "alg": "SHA-256", + "content": "cb947b80687c563cfb42f114b44bda8a112aabd076b7417dcd1c424ab7da6e0f" + } + ] + }, + { + "bom-ref": "d666a7310157583d", + "type": "file", + "name": "/usr/share/man/man8/pwck.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "cb7de92f791a4c3e215abf5b3f661bb678804da5" + }, + { + "alg": "SHA-256", + "content": "8d6053d9eda3b481bafeba7c65336af76445c5a0ede868be34c7049d0df9d354" + } + ] + }, + { + "bom-ref": "cdbe43f9ded41de2", + "type": "file", + "name": "/usr/share/man/man8/pwconv.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f6e3000b970ff90ca84a6a1491205b7e0a0a152" + }, + { + "alg": "SHA-256", + "content": "836530469af58342f13c40249a226ca018ed0fed400f9336cc0a4a4fb4864821" + } + ] + }, + { + "bom-ref": "1fac9ba21322fcea", + "type": "file", + "name": "/usr/share/man/man8/pwunconv.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "d189fb1bf8491582d6e8372db76c20a98b53aeec" + }, + { + "alg": "SHA-256", + "content": "1de2873f0b66dd4bfc3d78fa621727e9b01a1304dd2f627f8ef92e454c06fdf0" + } + ] + }, + { + "bom-ref": "34bd4326f0fa931f", + "type": "file", + "name": "/usr/share/man/man8/rpm-misc.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "e8b146df669f0070864ac3f445ff3b8fe1bca8eb" + }, + { + "alg": "SHA-256", + "content": "a8c647b82726c4c7f7c5bb89f7b16a8c638e575c51b912adcf9d29fa5e5d12ca" + } + ] + }, + { + "bom-ref": "ea9a00cfc2cc63bf", + "type": "file", + "name": "/usr/share/man/man8/rpm-plugins.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "6931194c9791b7a445ea7037b47f9eb7680a9edb" + }, + { + "alg": "SHA-256", + "content": "e4877aa3aa292ca6c369b372bd65b08385ef1a8f98d328a643a5e743a0634395" + } + ] + }, + { + "bom-ref": "b0fc8d476106d1c3", + "type": "file", + "name": "/usr/share/man/man8/rpm.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "9957f080b5e278d1b2195ed0cf7bf1625dea04d5" + }, + { + "alg": "SHA-256", + "content": "c177bafab7ba5a754b7aef7e901e23bb70fb21a265f5b0554bedd41d44746899" + } + ] + }, + { + "bom-ref": "a0780dbff54c9fb1", + "type": "file", + "name": "/usr/share/man/man8/rpm2archive.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "911d5924e3eb690f626f11c90a6be5a7c1f44194" + }, + { + "alg": "SHA-256", + "content": "1fa08dc7c7f37f287e802fb28759b33c7175440051582fe86be9b95995651584" + } + ] + }, + { + "bom-ref": "aba75d947d4bd17c", + "type": "file", + "name": "/usr/share/man/man8/rpm2cpio.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "675c49d1a25af76dd3ce472523ba0249a10149c2" + }, + { + "alg": "SHA-256", + "content": "f3853aef7abafb2a402738fbc85ad008c2cb7c467f909522013abfba00de97b4" + } + ] + }, + { + "bom-ref": "aff45e84ed41704c", + "type": "file", + "name": "/usr/share/man/man8/rpmdb.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "00d72f6bb991a17086ef1c53b78b6b57866a5c23" + }, + { + "alg": "SHA-256", + "content": "e4e15b316d7d83b2cb18b59426b532ed1cdb3da8d546475b154f53b5abe96e61" + } + ] + }, + { + "bom-ref": "97eb1dd3d3eee063", + "type": "file", + "name": "/usr/share/man/man8/rpmkeys.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "9326a64f1444320749a28a8f4c9681eff7d3f4f5" + }, + { + "alg": "SHA-256", + "content": "1ff622afaae4ec05292f0284c991fc4f3cbaf295200372c410a89cad3c6dd404" + } + ] + }, + { + "bom-ref": "d8bdde81208a0a93", + "type": "file", + "name": "/usr/share/man/man8/setcap.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "16024ae1cbcfa2e29a87c946685914c0b5b5cbbf" + }, + { + "alg": "SHA-256", + "content": "c0e7af5d94de223a697069acd7013f4a456cd51f0139c63d3300b2071ab77fca" + } + ] + }, + { + "bom-ref": "b63a0a7b01d148eb", + "type": "file", + "name": "/usr/share/man/man8/update-ca-trust.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "ed5fa2893af5184ed19ffc6d53c64aad689ef742" + }, + { + "alg": "SHA-256", + "content": "9dcfcf93ce9ced75a8851784380629b539f5ff1db97ec2bd65409f3232ca692a" + } + ] + }, + { + "bom-ref": "7f383931a464767c", + "type": "file", + "name": "/usr/share/man/man8/useradd.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "b75ae8de1ad3e162fdce683b1893a5ad13b9f3c0" + }, + { + "alg": "SHA-256", + "content": "a35494b203a2ead241817fd820a8ec268d9a8cfefa003024087c98106826c202" + } + ] + }, + { + "bom-ref": "5bfd1be1aabee033", + "type": "file", + "name": "/usr/share/man/man8/userdel.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "c1e904ff64e50009a8bf518024235b2751c4d968" + }, + { + "alg": "SHA-256", + "content": "144ef60d536a87f9b80e3c97e64f4326129e46f14b26fa4e98be9f9ba9da2972" + } + ] + }, + { + "bom-ref": "03871e262f623541", + "type": "file", + "name": "/usr/share/man/man8/usermod.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "5eacb2fcb99da51b839441c17febace553c65800" + }, + { + "alg": "SHA-256", + "content": "980486b182a2d5510cbe6abeb17e3978f93bd6fa706c66346e04bbecbdfb019c" + } + ] + }, + { + "bom-ref": "20916f2b078a8aad", + "type": "file", + "name": "/usr/share/man/man8/vigr.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "4df34d59dfeb44f70569075cf7829708e09c8aaa" + }, + { + "alg": "SHA-256", + "content": "d7e13de50506fd087784c5e0c52eb496c3daae11deae8e684eabf69b45ddb3db" + } + ] + }, + { + "bom-ref": "fbfd1d356eb4ddb3", + "type": "file", + "name": "/usr/share/man/man8/vipw.8.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "3373698a38f25bcb090465170c325c9641738dae" + }, + { + "alg": "SHA-256", + "content": "23b1f5cf9b7e925790e9a1b0826e55aef807db34463c247f44eeb07316818f85" + } + ] + }, + { + "bom-ref": "aa7a3466a80a0996", + "type": "file", + "name": "/usr/share/man/ru/man5/semanage.conf.5.gz", + "hashes": [ + { + "alg": "SHA-1", + "content": "8fe7766ec7a6e24aa691396a976309d150acff2f" + }, + { + "alg": "SHA-256", + "content": "3e66d6385e45e9085de1095632a5facf1004ce796b50e9f011d1ed2c80c946fd" + } + ] + }, + { + "bom-ref": "68b4d5db7e9b5c5e", + "type": "file", + "name": "/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt" + }, + { + "bom-ref": "3759503d470d31ea", + "type": "file", + "name": "/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt" + }, + { + "bom-ref": "385bef3e509708fa", + "type": "file", + "name": "/usr/share/pki/ca-trust-source/README", + "hashes": [ + { + "alg": "SHA-1", + "content": "a11ae92b056325ef0add4b4726c997780295f3f2" + }, + { + "alg": "SHA-256", + "content": "0d2e90b6cf575678cd9d4f409d92258ef0d676995d4d733acdb2425309a38ff8" + } + ] + }, + { + "bom-ref": "c045464a7d75f70d", + "type": "file", + "name": "/usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit", + "hashes": [ + { + "alg": "SHA-1", + "content": "5a7a2e7e5803a37883cd65038d9f014be82db3c6" + }, + { + "alg": "SHA-256", + "content": "02ad6e337e41b5e7bea51e6def6d97f608d244d4ec134856fe0324a375af6b59" + } + ] + }, + { + "bom-ref": "b70ce668c38e8866", + "type": "file", + "name": "/usr/share/rootfiles/.bash_logout", + "hashes": [ + { + "alg": "SHA-1", + "content": "66296908ae73bd0b72b71fb15b413e9c7b81c69d" + }, + { + "alg": "SHA-256", + "content": "2584c4ba8b0d2a52d94023f420b7e356a1b1a3f2291ad5eba06683d58c48570d" + } + ] + }, + { + "bom-ref": "88819ffead5dde14", + "type": "file", + "name": "/usr/share/rootfiles/.bash_profile", + "hashes": [ + { + "alg": "SHA-1", + "content": "3dd5fa8ddb34c23b4c2bac9754004e2a3aa01605" + }, + { + "alg": "SHA-256", + "content": "28bc81aadfd6e6639675760dc11dddd4ed1fcbd08f423224a93c09802552b87e" + } + ] + }, + { + "bom-ref": "684ba92e32e6b8db", + "type": "file", + "name": "/usr/share/rootfiles/.bashrc", + "hashes": [ + { + "alg": "SHA-1", + "content": "11ca3585a568f82dad333b5ac15937c738d4e864" + }, + { + "alg": "SHA-256", + "content": "7e5d5df65ced1e47aee7b016d405ace4298fd9134d6caef45e1c835078c79aec" + } + ] + }, + { + "bom-ref": "1cf7480adb1b706a", + "type": "file", + "name": "/usr/share/rootfiles/.cshrc", + "hashes": [ + { + "alg": "SHA-1", + "content": "ea145e5186958c0c70514ab1eab4ce9cc9f71073" + }, + { + "alg": "SHA-256", + "content": "4e9418cde048f912e4aadb76ba55045b5d9af0e0565f7091bfc752154451eca9" + } + ] + }, + { + "bom-ref": "d81651ac3ba0104d", + "type": "file", + "name": "/usr/share/rootfiles/.tcshrc", + "hashes": [ + { + "alg": "SHA-1", + "content": "2c691d1108be15163e3211776730031b40641d96" + }, + { + "alg": "SHA-256", + "content": "1bb91935e2cee1d5d2ab7e8d92125acbfac12d9bf3f1c7922aa4ce77ae7ea131" + } + ] + }, + { + "bom-ref": "b41a49b6e27da37f", + "type": "file", + "name": "/usr/share/tabset/std", + "hashes": [ + { + "alg": "SHA-1", + "content": "0969b2c95d9430c81b0d4b05d81146a6cced5f31" + }, + { + "alg": "SHA-256", + "content": "fbadb5f608b355fe481c0c7d9c6265b2372bfa35250662f81f68d46540080770" + } + ] + }, + { + "bom-ref": "e4b58777688d3db6", + "type": "file", + "name": "/usr/share/tabset/stdcrt", + "hashes": [ + { + "alg": "SHA-1", + "content": "e1fae2fc4bba672fc26554780be21d74106a064b" + }, + { + "alg": "SHA-256", + "content": "cf6c37b18ceea7c306f7e3a5e604a03b0dfb9c22ec99163e4b52f885ce063145" + } + ] + }, + { + "bom-ref": "2d4b5bcf32f6cbc2", + "type": "file", + "name": "/usr/share/tabset/vt100", + "hashes": [ + { + "alg": "SHA-1", + "content": "b84fb01263cd003588e9a164e80bd0b8ea2e56b5" + }, + { + "alg": "SHA-256", + "content": "075251754239d9973945d82b95c18cd90997acd2017393e70c8832e9297de056" + } + ] + }, + { + "bom-ref": "5517326a8e488359", + "type": "file", + "name": "/usr/share/tabset/vt300", + "hashes": [ + { + "alg": "SHA-1", + "content": "5246984995036718d05516acefc59c8bbd17b3ce" + }, + { + "alg": "SHA-256", + "content": "61f8388cad6a381feb819bc6a8d299d06a853d15e1f4bfdfd6b6f40069ad4956" + } + ] + }, + { + "bom-ref": "49fb4120d637fe1a", + "type": "file", + "name": "/usr/share/terminfo/A/Apple_Terminal", + "hashes": [ + { + "alg": "SHA-1", + "content": "961c492dc1577bd974ffea27a95c9829d5c1a586" + }, + { + "alg": "SHA-256", + "content": "e0c164ffe1cd8dbbb8162f5f0925424c401fd2871c8e4556f6a67b2f95a1ac7c" + } + ] + }, + { + "bom-ref": "c159e8b0661e7d06", + "type": "file", + "name": "/usr/share/terminfo/E/Eterm", + "hashes": [ + { + "alg": "SHA-1", + "content": "426a08e18cefeab7cb48760f7403433553cc7960" + }, + { + "alg": "SHA-256", + "content": "9c6c23dd46de071e5f5ee24cb2144f82e46365c9011bd8574bf210f0c8245043" + } + ] + }, + { + "bom-ref": "0e34fb41de1b62b1", + "type": "file", + "name": "/usr/share/terminfo/E/Eterm-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "a3dedac4ce00ae3b8a14f771d212116b8a6d212f" + }, + { + "alg": "SHA-256", + "content": "6954921767095f6869584f352abe93a025c0a7b8babe3b100082f622e9f2e7c7" + } + ] + }, + { + "bom-ref": "f0ecee1a41d9766c", + "type": "file", + "name": "/usr/share/terminfo/E/Eterm-88color", + "hashes": [ + { + "alg": "SHA-1", + "content": "c1183fafbe090fac812f9167a8a6ce8f361388c9" + }, + { + "alg": "SHA-256", + "content": "7c9db2ec3a75e199ea30cb5daf86fcc90c9a96a1ae30e941556b4b55bb8cc71c" + } + ] + }, + { + "bom-ref": "739c4c996183e33c", + "type": "file", + "name": "/usr/share/terminfo/a/alacritty", + "hashes": [ + { + "alg": "SHA-1", + "content": "4814150f074b4f43052f1f51cbb088c6646ffac8" + }, + { + "alg": "SHA-256", + "content": "d92bacc079ad7110ea07f405850bc5cb07e33a7b721bb609065e10a1b465d4c9" + } + ] + }, + { + "bom-ref": "9ce0eef993dd6662", + "type": "file", + "name": "/usr/share/terminfo/a/ansi", + "hashes": [ + { + "alg": "SHA-1", + "content": "b5211ae4c20d69e9913b175c3645c5ce97837ce3" + }, + { + "alg": "SHA-256", + "content": "93ec8cb9beb0c898ebc7dda0f670de31addb605be9005735228680d592cff657" + } + ] + }, + { + "bom-ref": "0c3e4cf799fcc30f", + "type": "file", + "name": "/usr/share/terminfo/a/ansi80x25", + "hashes": [ + { + "alg": "SHA-1", + "content": "b9fe14cf5f090381ae40637d02c3734b28fdd3ff" + }, + { + "alg": "SHA-256", + "content": "acd69b88fbc9045037b562dd67c876e88cc5d2616af20b9ca6c41d33ee335606" + } + ] + }, + { + "bom-ref": "11b19e39d79597cb", + "type": "file", + "name": "/usr/share/terminfo/a/aterm", + "hashes": [ + { + "alg": "SHA-1", + "content": "fb7c8aebe3d8e6842067fb9615710603e28231fb" + }, + { + "alg": "SHA-256", + "content": "ec91b6e46b961cf52e1138691886a2de4ba2807eedd3502e5f11da197bc7cf9e" + } + ] + }, + { + "bom-ref": "6d9636fb6e232098", + "type": "file", + "name": "/usr/share/terminfo/b/bterm", + "hashes": [ + { + "alg": "SHA-1", + "content": "367f109e38c891cfc1b00849a5fa25dd44e36352" + }, + { + "alg": "SHA-256", + "content": "b5166019760429c4d6150180f1c2dd81136488e21c36b564e605c9dc7366f1db" + } + ] + }, + { + "bom-ref": "1d1a43393b1232b9", + "type": "file", + "name": "/usr/share/terminfo/c/cygwin", + "hashes": [ + { + "alg": "SHA-1", + "content": "76d9469b0fc8838dacfd5d3922bfc95a06a6ba1c" + }, + { + "alg": "SHA-256", + "content": "3e04bfdcc0764f4e28655701864845752cd3f77d0c52390637ebe588f91665cf" + } + ] + }, + { + "bom-ref": "09084d46a70bf81b", + "type": "file", + "name": "/usr/share/terminfo/d/dumb", + "hashes": [ + { + "alg": "SHA-1", + "content": "df4b4d8fa4137e85510ddb04c84cc7b0bfc518f6" + }, + { + "alg": "SHA-256", + "content": "123c85a2812a517d967db5f31660db0e6aded4a0b95ed943c5ab435368e7a25c" + } + ] + }, + { + "bom-ref": "3ca2d9bbc94af0e3", + "type": "file", + "name": "/usr/share/terminfo/e/eterm", + "hashes": [ + { + "alg": "SHA-1", + "content": "a63bbca4434711cfa92bc50ee48ccaaff42ef178" + }, + { + "alg": "SHA-256", + "content": "c79a54efd731abe696b0373d814c9a67839eb74229cb0f63ec436b43871b8a2a" + } + ] + }, + { + "bom-ref": "1897f00c748327d1", + "type": "file", + "name": "/usr/share/terminfo/e/eterm-color", + "hashes": [ + { + "alg": "SHA-1", + "content": "306abed9b67901c310e15aa32627bf31b8384b5a" + }, + { + "alg": "SHA-256", + "content": "718af703c538849e5b13ca124dc0416a60e05f1eed5208f6d72836c51c108f31" + } + ] + }, + { + "bom-ref": "2d6b3c65dcb51837", + "type": "file", + "name": "/usr/share/terminfo/g/gnome", + "hashes": [ + { + "alg": "SHA-1", + "content": "ed1d9b1864a262c2b9d5346943bd5e1169c58006" + }, + { + "alg": "SHA-256", + "content": "9054b3a9afffd27c0fb4748f1181703168c8f0d0ce4dd0fa83af850a8672c2ab" + } + ] + }, + { + "bom-ref": "117bddb3be9fc6c4", + "type": "file", + "name": "/usr/share/terminfo/g/gnome-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "ed4c79cb7ead3eab7e776529d1d3336df1bfc926" + }, + { + "alg": "SHA-256", + "content": "7c411676c7c6aa80510f711598786df0ef9ad986bbe9496b71d41da73734dab4" + } + ] + }, + { + "bom-ref": "a563a8a6f4101d54", + "type": "file", + "name": "/usr/share/terminfo/h/hurd", + "hashes": [ + { + "alg": "SHA-1", + "content": "015da86ead4aed847658dfc1b2a583349d5e6632" + }, + { + "alg": "SHA-256", + "content": "10aecfba156ec90c243267284da1f9d43b8e68813e58690c5870ae8d2a5ac9e9" + } + ] + }, + { + "bom-ref": "9e7a24f8b9f9a4a0", + "type": "file", + "name": "/usr/share/terminfo/j/jfbterm", + "hashes": [ + { + "alg": "SHA-1", + "content": "3525047500b2283571e883985f716c42c356450a" + }, + { + "alg": "SHA-256", + "content": "4598cafe3bdb6a266fbe58846482e57cece634382a0b002f95780a72df37c86e" + } + ] + }, + { + "bom-ref": "87088da3c73ee47a", + "type": "file", + "name": "/usr/share/terminfo/k/kitty", + "hashes": [ + { + "alg": "SHA-1", + "content": "81c84132b8a775fa53aa1ce16ab69778009b61cb" + }, + { + "alg": "SHA-256", + "content": "bccaa15c12d7fcf33aea0d7205588141d32c63834fca2d87e25fa07e57927f00" + } + ] + }, + { + "bom-ref": "ee7f726c682ba5b0", + "type": "file", + "name": "/usr/share/terminfo/k/konsole", + "hashes": [ + { + "alg": "SHA-1", + "content": "af0724ef2ff3ed16f4ed6d83da22fecca584dd52" + }, + { + "alg": "SHA-256", + "content": "f0300abc7f4b5f3ddb541c68c563171b4de742c9f1be1e0e06979ad50493b08e" + } + ] + }, + { + "bom-ref": "96c8175a8f36d182", + "type": "file", + "name": "/usr/share/terminfo/k/konsole-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "52334c5cd1f77103d7078b126553d00cebc26b7d" + }, + { + "alg": "SHA-256", + "content": "ffccaf526a120f9c52c7fbff5ac0c60a1ec1d803c562a3bb62c5ecb3ff41adae" + } + ] + }, + { + "bom-ref": "b77f01b69f16a601", + "type": "file", + "name": "/usr/share/terminfo/l/linux", + "hashes": [ + { + "alg": "SHA-1", + "content": "e2ab37cc907ba18540050f28ed8b2819665ea708" + }, + { + "alg": "SHA-256", + "content": "3eacc0f9dcd8aac29a7935eb1f78be5c51b24a5dd38065789bb326015c9a9836" + } + ] + }, + { + "bom-ref": "5c91ea5dfc763123", + "type": "file", + "name": "/usr/share/terminfo/m/mach", + "hashes": [ + { + "alg": "SHA-1", + "content": "2164ebc6389b2eb81f855aff81dd512a9c0ef589" + }, + { + "alg": "SHA-256", + "content": "ecd31c58040e5908eb434514e67620b2e4be538655126f427155760b273c7e9b" + } + ] + }, + { + "bom-ref": "f34d0eb0a29edab3", + "type": "file", + "name": "/usr/share/terminfo/m/mach-bold", + "hashes": [ + { + "alg": "SHA-1", + "content": "b31e68274d7e658c3d20302c10f3a8dee2d45a6a" + }, + { + "alg": "SHA-256", + "content": "4e4400e3ad4df2dbbf90920860c540cd72552ca71a24b556a0b6ba62fa091b84" + } + ] + }, + { + "bom-ref": "5b678d76cc0043bf", + "type": "file", + "name": "/usr/share/terminfo/m/mach-color", + "hashes": [ + { + "alg": "SHA-1", + "content": "519df843a8d27ca36bb1703c3edc893135793dd1" + }, + { + "alg": "SHA-256", + "content": "5caa825bd606e26c8b6c55a3206eccfea525e788f74da5e7cb48cc713db52239" + } + ] + }, + { + "bom-ref": "a968fc110e78a7e9", + "type": "file", + "name": "/usr/share/terminfo/m/mach-gnu", + "hashes": [ + { + "alg": "SHA-1", + "content": "bf9269b2a7a463c68e2ba9200b28ae3115f6b362" + }, + { + "alg": "SHA-256", + "content": "99372cd399478be723230692595362004df345dee6c4145e4d109113a2357717" + } + ] + }, + { + "bom-ref": "84b5e513d406987a", + "type": "file", + "name": "/usr/share/terminfo/m/mach-gnu-color", + "hashes": [ + { + "alg": "SHA-1", + "content": "4466e8a9353f3400cfba527abcf0d26c28f364c2" + }, + { + "alg": "SHA-256", + "content": "e1c62541670d0e10fe46daabce8ce95d9fd77115a68106e5eb2c2a7647e40a13" + } + ] + }, + { + "bom-ref": "2f07e6cfdae0c898", + "type": "file", + "name": "/usr/share/terminfo/m/mlterm", + "hashes": [ + { + "alg": "SHA-1", + "content": "855ae490a8e1a2e788d973c57bd0bb81b547b2c3" + }, + { + "alg": "SHA-256", + "content": "1334887ef2b3ca487e445ed9a0b03b3ec6750ed1617d8cad6416045a69d32cdf" + } + ] + }, + { + "bom-ref": "4c763e54c767a733", + "type": "file", + "name": "/usr/share/terminfo/m/mrxvt", + "hashes": [ + { + "alg": "SHA-1", + "content": "ee1c75869778dca9cc90ebf7ca6f7f5ca619a973" + }, + { + "alg": "SHA-256", + "content": "28e3b5820b9762eadf7201f9877f8e010fdeaf74a60ed12e94d3f39c24cc8d3f" + } + ] + }, + { + "bom-ref": "a4671eb99dd9ce2d", + "type": "file", + "name": "/usr/share/terminfo/n/nxterm", + "hashes": [ + { + "alg": "SHA-1", + "content": "4ed36bad309da59504a894aafbb0bd2fab0e6819" + }, + { + "alg": "SHA-256", + "content": "f74fe619914bfe650f6071bbbaf242c439de8a2f0ecefe9e80870216dfb844b4" + } + ] + }, + { + "bom-ref": "49ce661ec5b0e144", + "type": "file", + "name": "/usr/share/terminfo/p/pcansi", + "hashes": [ + { + "alg": "SHA-1", + "content": "6867ac96a0cfed1d9df1e9a64f122c75cac71a99" + }, + { + "alg": "SHA-256", + "content": "ecda9662049c96ee0a574f40cfb8950b0198b508b5b72a3de05774eb3cb3f34e" + } + ] + }, + { + "bom-ref": "9927684daea6e98f", + "type": "file", + "name": "/usr/share/terminfo/p/putty", + "hashes": [ + { + "alg": "SHA-1", + "content": "7f0059c55c612f78d56c2326c7ebd7f40c94fd16" + }, + { + "alg": "SHA-256", + "content": "61c517a78fe0e43e1dc0c46211e2c21caff28dde5faec6dcac1854f406a8f198" + } + ] + }, + { + "bom-ref": "bb7b9486d2967e4f", + "type": "file", + "name": "/usr/share/terminfo/p/putty-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "160d4ab98b0b21aec25b853141c516e947accd5c" + }, + { + "alg": "SHA-256", + "content": "f300b4599e56d79862ae9b2564b9a1c6b80b1e97377caff9cf5c0d3c321da1cf" + } + ] + }, + { + "bom-ref": "478f145eadc35c6e", + "type": "file", + "name": "/usr/share/terminfo/r/rxvt", + "hashes": [ + { + "alg": "SHA-1", + "content": "7ebae08a244978e66725578525b77e4c6681f9a5" + }, + { + "alg": "SHA-256", + "content": "fd66cf403b6a6dc0a9fb1644f5e90a6c045e121a2039086bc105995dee951cca" + } + ] + }, + { + "bom-ref": "9343d5cbf9e585e5", + "type": "file", + "name": "/usr/share/terminfo/r/rxvt-16color", + "hashes": [ + { + "alg": "SHA-1", + "content": "2031924bda14f0353b35c855bd0cd8e859c23d83" + }, + { + "alg": "SHA-256", + "content": "6ab73ad1b0b5fc6e7d8bba94dd640dd1ac0af130977ec0343722f844b1dc731f" + } + ] + }, + { + "bom-ref": "ba04e1a02ccf0e79", + "type": "file", + "name": "/usr/share/terminfo/r/rxvt-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "984f719ef802db986328ab24f87cd9c7f98bd67f" + }, + { + "alg": "SHA-256", + "content": "04d0d3eff9bad452bb14b3758c4550d2541804c47418dd8962738c8b0af56900" + } + ] + }, + { + "bom-ref": "a5abdb1170ef5088", + "type": "file", + "name": "/usr/share/terminfo/r/rxvt-88color", + "hashes": [ + { + "alg": "SHA-1", + "content": "1ceb9fdec92ed9a93e788606f7a30bf5c7517502" + }, + { + "alg": "SHA-256", + "content": "970530f4391f38cdd940ba3260e3be762b0106ce9e6566e44bce78eb83ebf667" + } + ] + }, + { + "bom-ref": "b4b0af52e0102e33", + "type": "file", + "name": "/usr/share/terminfo/r/rxvt-basic", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f0dd8d350f267d421e4ceb42ed496bd100b6ac2" + }, + { + "alg": "SHA-256", + "content": "8d7df7d5b30ab517c857ec8dd8bc19353536e19a8b4dab9b32dab7515ccc67fc" + } + ] + }, + { + "bom-ref": "523c6606f11f2b6b", + "type": "file", + "name": "/usr/share/terminfo/r/rxvt-color", + "hashes": [ + { + "alg": "SHA-1", + "content": "b0f9c33dffa72b5870816350bf9138b204b08b24" + }, + { + "alg": "SHA-256", + "content": "dba804770a9c6832dd1ac4f2fd209f8053aa5d01a89f60b9e2428c59e3500fc0" + } + ] + }, + { + "bom-ref": "64f587ed99b945e5", + "type": "file", + "name": "/usr/share/terminfo/r/rxvt-cygwin", + "hashes": [ + { + "alg": "SHA-1", + "content": "3ee54f150e0f558069507db5d5faf9f6746acdc1" + }, + { + "alg": "SHA-256", + "content": "524b0193a04a4f2d50d19846e47a36aac33161331e929820a5b229c73d0db700" + } + ] + }, + { + "bom-ref": "088ade83e6eebed3", + "type": "file", + "name": "/usr/share/terminfo/r/rxvt-cygwin-native", + "hashes": [ + { + "alg": "SHA-1", + "content": "69ab48190b1e8f39d0a43301e4e9fa5adb09ce92" + }, + { + "alg": "SHA-256", + "content": "bc25e9fefa0e94ecc6892a987c7e8ed4331475e35049a134e5e3903d681a0b52" + } + ] + }, + { + "bom-ref": "ca75d7cf751c3a9b", + "type": "file", + "name": "/usr/share/terminfo/r/rxvt-unicode", + "hashes": [ + { + "alg": "SHA-1", + "content": "bb79402a4c07ef2bc1862da01aa85ff1c54712b8" + }, + { + "alg": "SHA-256", + "content": "063264a85fd735a13028390c8d43cf38b5214417c6e48908eabb85bcdb9b7495" + } + ] + }, + { + "bom-ref": "be6d66b461c658b9", + "type": "file", + "name": "/usr/share/terminfo/r/rxvt-unicode-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "53502733cd0469b40a4ae1e071096650cdc17798" + }, + { + "alg": "SHA-256", + "content": "d713e450e914420493252afbde977cd3165ea649dfe5c33b0f518ec83b1afba1" + } + ] + }, + { + "bom-ref": "ba2b8aeeed756e4b", + "type": "file", + "name": "/usr/share/terminfo/r/rxvt-xpm", + "hashes": [ + { + "alg": "SHA-1", + "content": "54b5114a07a2196a308d285dae8f955e3e2b7237" + }, + { + "alg": "SHA-256", + "content": "331dd75bad5d1a9dffd4fd1ad254edfca32780ace51a22b1d8d657aebf03663f" + } + ] + }, + { + "bom-ref": "bf552973196385fd", + "type": "file", + "name": "/usr/share/terminfo/s/screen", + "hashes": [ + { + "alg": "SHA-1", + "content": "ae72fc57a69459885628f96cf46b8a8c55b293fb" + }, + { + "alg": "SHA-256", + "content": "8c9f1ec5d39d497e23943171bbba511c07192392a673ec642b0f805e1496c242" + } + ] + }, + { + "bom-ref": "2671778ef1b1ae46", + "type": "file", + "name": "/usr/share/terminfo/s/screen-16color", + "hashes": [ + { + "alg": "SHA-1", + "content": "9bc9e2b411bbca518178fafcfaaedf038843ee1a" + }, + { + "alg": "SHA-256", + "content": "04e2d2a20905a85daf8c652e6cb359a4c43c0df0da42079fa250a40860b501bb" + } + ] + }, + { + "bom-ref": "f03e4607a68f7fff", + "type": "file", + "name": "/usr/share/terminfo/s/screen-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "df1d3a56010c9996a514c40e3b9f834a8c629bc2" + }, + { + "alg": "SHA-256", + "content": "cbac29ca9641403d7c2e377f4c54c52f24e811f98d47c71b599707e00ad91f0c" + } + ] + }, + { + "bom-ref": "c70fed58b78ebdab", + "type": "file", + "name": "/usr/share/terminfo/s/screen.Eterm", + "hashes": [ + { + "alg": "SHA-1", + "content": "0651e42e81446e751ad964a5e48554c5f924240f" + }, + { + "alg": "SHA-256", + "content": "0cdc69a1a9d76f90782c9033fdaca7867d761dde7ae2cbd1277d8b1a2e84a859" + } + ] + }, + { + "bom-ref": "96eaafd3944dde48", + "type": "file", + "name": "/usr/share/terminfo/s/screen.gnome", + "hashes": [ + { + "alg": "SHA-1", + "content": "fae5fa662a2775c936f772b9043f07c92c25bffd" + }, + { + "alg": "SHA-256", + "content": "a3eaa12685b0c5dc1c1fd813d9413b35ee0559658b738a7518d5ef82048fdd90" + } + ] + }, + { + "bom-ref": "de1aaed71982acfe", + "type": "file", + "name": "/usr/share/terminfo/s/screen.konsole", + "hashes": [ + { + "alg": "SHA-1", + "content": "5eabf0951c6b1664387c338048ef54d20f34c0c0" + }, + { + "alg": "SHA-256", + "content": "3589347d84695a08fa10f5468540eace3b8d5efe0473cfad05823fb42a7f4200" + } + ] + }, + { + "bom-ref": "fc223aa7c8c6f6f1", + "type": "file", + "name": "/usr/share/terminfo/s/screen.konsole-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "f2186907191b3dee1e646177d88fa0f842c34e7a" + }, + { + "alg": "SHA-256", + "content": "a6a490ec343cba7c36539dadfa3662f014c19b567bdf0bdd49524757ea5555e3" + } + ] + }, + { + "bom-ref": "1b17f7a3b989d675", + "type": "file", + "name": "/usr/share/terminfo/s/screen.linux", + "hashes": [ + { + "alg": "SHA-1", + "content": "0a94bcc700376d0092ab7da25b91b69e92a59a19" + }, + { + "alg": "SHA-256", + "content": "f4cd95e072ac92d217e69b93d9da8209d6532bd67428b5f90395a02ba686d26b" + } + ] + }, + { + "bom-ref": "878ad561b086b8ad", + "type": "file", + "name": "/usr/share/terminfo/s/screen.mlterm", + "hashes": [ + { + "alg": "SHA-1", + "content": "b0a2ed8af7d1f34d5ddc1dd44df404c32633052b" + }, + { + "alg": "SHA-256", + "content": "f127db567ddf4fa0dc0aaf3d15dec44e876efb748ac6db252e2e9c716c925746" + } + ] + }, + { + "bom-ref": "62b0b802c45d2d9e", + "type": "file", + "name": "/usr/share/terminfo/s/screen.mlterm-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "2f568837a14e73410a9608ff1654e66ba844c722" + }, + { + "alg": "SHA-256", + "content": "82996e7e225aafe638618c97025a9c7452ae8d1f29d5e677d1bccde3571b3956" + } + ] + }, + { + "bom-ref": "d58e250ca45ee93a", + "type": "file", + "name": "/usr/share/terminfo/s/screen.mrxvt", + "hashes": [ + { + "alg": "SHA-1", + "content": "0bd36300776980e25e41c18b000ef99dd9a959ab" + }, + { + "alg": "SHA-256", + "content": "8f9718e189abece10bf6d2371ed0fdfb9cd2b62485edcddfcde5e40c6905bb1e" + } + ] + }, + { + "bom-ref": "bf768e51b1b0694d", + "type": "file", + "name": "/usr/share/terminfo/s/screen.putty", + "hashes": [ + { + "alg": "SHA-1", + "content": "86263e54dd2fa24639462c60226bc384ba3a8db6" + }, + { + "alg": "SHA-256", + "content": "79112ae95d9610b54e5f6e756cfc0dd95e8f126ac8f2b924df9818158c934b72" + } + ] + }, + { + "bom-ref": "63723b0f4336e0db", + "type": "file", + "name": "/usr/share/terminfo/s/screen.putty-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "d4aab7ad9f0f234b16fa304b455a007bfb2de490" + }, + { + "alg": "SHA-256", + "content": "1c06f6fa536cb53c00337c19062698ac20c1ec07bb7925a9cf4fe5f833554dff" + } + ] + }, + { + "bom-ref": "c458e6458e9b08ba", + "type": "file", + "name": "/usr/share/terminfo/s/screen.rxvt", + "hashes": [ + { + "alg": "SHA-1", + "content": "7208e1cb51192309e5b46b7a546e6437a8a7993e" + }, + { + "alg": "SHA-256", + "content": "8983e116d7c302b9764918d14a3a1f48efc0475da61bc1d9d094cfc111d470fd" + } + ] + }, + { + "bom-ref": "469423e151105775", + "type": "file", + "name": "/usr/share/terminfo/s/screen.teraterm", + "hashes": [ + { + "alg": "SHA-1", + "content": "0db862fbc9c8b47cf70a4c53d93f77a67ea1ff45" + }, + { + "alg": "SHA-256", + "content": "e4167086215b313305bc5b19412c50ccc1bf794079b5ff459517a47574f625aa" + } + ] + }, + { + "bom-ref": "70069cacf08e5836", + "type": "file", + "name": "/usr/share/terminfo/s/screen.vte", + "hashes": [ + { + "alg": "SHA-1", + "content": "82766b952dc629bd9e667462383a3b2e0de7a30e" + }, + { + "alg": "SHA-256", + "content": "a8304c19e96ef295020a0aad7f50e3fca43d1687ec4f1e238cbf2ac641b4a9b9" + } + ] + }, + { + "bom-ref": "97be65b698050a66", + "type": "file", + "name": "/usr/share/terminfo/s/screen.vte-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "8154ab1ea7f3dd2fa3a9274eb9beb43c502a4cfa" + }, + { + "alg": "SHA-256", + "content": "eb2a1590196eb9238e5d89b6c4e0fec0a4fe8cb4e45747a781fb7c84b35a8002" + } + ] + }, + { + "bom-ref": "b1a9a334edfc782d", + "type": "file", + "name": "/usr/share/terminfo/s/screen.xterm-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "c8ca10f4e38b4bde0a6e374710e1787da44fd579" + }, + { + "alg": "SHA-256", + "content": "41464ca875edb94074f7f757d03c337daf45c3ef98258c6ab5113352b45c9599" + } + ] + }, + { + "bom-ref": "e58f4643f64e0965", + "type": "file", + "name": "/usr/share/terminfo/s/screen.xterm-new", + "hashes": [ + { + "alg": "SHA-1", + "content": "d16c714355802ee18656cc6bf46128231a123148" + }, + { + "alg": "SHA-256", + "content": "50f7c84aeed647a706370427fb6833f9b069455f0479c5bceee310b1a603c1c3" + } + ] + }, + { + "bom-ref": "efa0d7dce3147d57", + "type": "file", + "name": "/usr/share/terminfo/s/screen.xterm-r6", + "hashes": [ + { + "alg": "SHA-1", + "content": "51d961daa0f5ed51638197accab163e57ce8e0d5" + }, + { + "alg": "SHA-256", + "content": "d7b2d447bde520f07fb34eafaa5a52475c6a573cd25ffece947538111a082697" + } + ] + }, + { + "bom-ref": "f40c1864762c12c0", + "type": "file", + "name": "/usr/share/terminfo/s/st", + "hashes": [ + { + "alg": "SHA-1", + "content": "008c71d39a6f89a8deaa05e846fd40a4e14f167a" + }, + { + "alg": "SHA-256", + "content": "04ec866bf3b2f7747f021870d7f3cfcc32b2c00933ed56da5f2c53276f98cc6d" + } + ] + }, + { + "bom-ref": "b6c79f65123c68c7", + "type": "file", + "name": "/usr/share/terminfo/s/st-16color", + "hashes": [ + { + "alg": "SHA-1", + "content": "ae1db2c4f699b91c38021d80791cfbd3d5f7aedf" + }, + { + "alg": "SHA-256", + "content": "9233dae204dcccbe231489b90e5a73b6960237cbdc66e5095a796687bbc98cad" + } + ] + }, + { + "bom-ref": "f1092c0f72a807b1", + "type": "file", + "name": "/usr/share/terminfo/s/st-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "7ba52b715ca27d2b1cf7cdd36d9a1d4c489bb3e5" + }, + { + "alg": "SHA-256", + "content": "1a0830080f6101ea005cad2f2dc14d7be90d6dd31bd2ef978717908b1f248732" + } + ] + }, + { + "bom-ref": "01d4f5973d1c627a", + "type": "file", + "name": "/usr/share/terminfo/s/sun", + "hashes": [ + { + "alg": "SHA-1", + "content": "faf6b1b33d6c3a6aae31f7b657810b6171d91a8d" + }, + { + "alg": "SHA-256", + "content": "02e392161cb23f49a8fb1ba2f1a6583e013c0c26672f58c5eaca828db3b19914" + } + ] + }, + { + "bom-ref": "326ff4dc26b7e7f3", + "type": "file", + "name": "/usr/share/terminfo/t/teraterm", + "hashes": [ + { + "alg": "SHA-1", + "content": "6f5a518f864e1b517b340db118202293d573aded" + }, + { + "alg": "SHA-256", + "content": "4e45171106372b30d13e11934d5cd217aef45dfc0f2c065b4b0b1f7d9d2cbf9e" + } + ] + }, + { + "bom-ref": "b8e23a2c85c074aa", + "type": "file", + "name": "/usr/share/terminfo/t/teraterm2.3", + "hashes": [ + { + "alg": "SHA-1", + "content": "722dd14fea3e528e555dd324b2549ce7ccc2e0e0" + }, + { + "alg": "SHA-256", + "content": "6598b360cd87b5c3e3f99a5b0b4d462c59e754bad79968febc84c77b7acc3bdc" + } + ] + }, + { + "bom-ref": "3c671293eaa35b7d", + "type": "file", + "name": "/usr/share/terminfo/t/tmux", + "hashes": [ + { + "alg": "SHA-1", + "content": "5dce89f95ed8f1253a105a887b54bf09822a91b8" + }, + { + "alg": "SHA-256", + "content": "dfca8c55e27b29092119c636df3f294f91899c773cd88fd045211f33e4374b4e" + } + ] + }, + { + "bom-ref": "66aaab4ba24bc5b4", + "type": "file", + "name": "/usr/share/terminfo/t/tmux-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "602bb3f1c90195fdcecd0a1df7c01ba600633255" + }, + { + "alg": "SHA-256", + "content": "0be91123144f84d33761a08e98ae0bef4fbf25ab73dac895d20f5baefa1e5f69" + } + ] + }, + { + "bom-ref": "0e50753a88851779", + "type": "file", + "name": "/usr/share/terminfo/t/tmux-direct", + "hashes": [ + { + "alg": "SHA-1", + "content": "48a350b75f941a5c2d6cba8df1eb108b0502a5f6" + }, + { + "alg": "SHA-256", + "content": "a60c23f2642905644aba59b21d70a0d86ac8b3efb66a500e316dee0c77dfd01a" + } + ] + }, + { + "bom-ref": "c3c8cf0a40b73304", + "type": "file", + "name": "/usr/share/terminfo/v/vs100", + "hashes": [ + { + "alg": "SHA-1", + "content": "bfa87e9290d04805f82626a2d0371697d7f6f7e4" + }, + { + "alg": "SHA-256", + "content": "2b1249158a7053eee58242625f79b29f35da721cbcf695a327521cfed3bec117" + } + ] + }, + { + "bom-ref": "fc15b1cbbbc8b700", + "type": "file", + "name": "/usr/share/terminfo/v/vt100", + "hashes": [ + { + "alg": "SHA-1", + "content": "604682c15cc708fbd02fecf33d0d23bed5e735e6" + }, + { + "alg": "SHA-256", + "content": "44fe1bfcc36f3a7669a387b623a44c360f9e150868f9924920182b44bcbbdba6" + } + ] + }, + { + "bom-ref": "22d92096b251462b", + "type": "file", + "name": "/usr/share/terminfo/v/vt100-nav", + "hashes": [ + { + "alg": "SHA-1", + "content": "5a64f0f0ecbbb4db08aacb7f21041293b58a95ec" + }, + { + "alg": "SHA-256", + "content": "e509a4ee7373ff884ef9b5b293fdffa88182711d6b0448fe99d2cbeb1939114a" + } + ] + }, + { + "bom-ref": "a00981ff8a31aa27", + "type": "file", + "name": "/usr/share/terminfo/v/vt102", + "hashes": [ + { + "alg": "SHA-1", + "content": "0647b65463bb39b373e3fa4019249f2b2f84991b" + }, + { + "alg": "SHA-256", + "content": "60e451f57c0308b79004ebc6189b49417b4ac11d783154072cae803a11af7d3f" + } + ] + }, + { + "bom-ref": "07b4d533d94c80f2", + "type": "file", + "name": "/usr/share/terminfo/v/vt200", + "hashes": [ + { + "alg": "SHA-1", + "content": "ed09f848574a9e8f0d82951ab0ae4c8674d757bc" + }, + { + "alg": "SHA-256", + "content": "9454527a74b80c5d3f8489137b9cf0cbb38c6d2a700c0ac5894164409e10f3ec" + } + ] + }, + { + "bom-ref": "243f7f524d627de6", + "type": "file", + "name": "/usr/share/terminfo/v/vt52", + "hashes": [ + { + "alg": "SHA-1", + "content": "3c42c0190e2097c89d02a33c3aae1baf365d35af" + }, + { + "alg": "SHA-256", + "content": "e18f7a08c5e49f850f5673c1a393da8fce302dcbb960c546bb341ae858c953c9" + } + ] + }, + { + "bom-ref": "358e676f3ce16efa", + "type": "file", + "name": "/usr/share/terminfo/v/vte", + "hashes": [ + { + "alg": "SHA-1", + "content": "594d35295bd9d090172a081cd1c46a0ff7154e7c" + }, + { + "alg": "SHA-256", + "content": "a59d832325bcaf79ee1e96dbabc05f82d576a3817e6295d151e8796a342ceb35" + } + ] + }, + { + "bom-ref": "8290f04afbda7365", + "type": "file", + "name": "/usr/share/terminfo/v/vte-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "09fdc1b67a1a8bbfbdd70a9d3d83c0eb31d83fd5" + }, + { + "alg": "SHA-256", + "content": "332a40dd7766bd6368ce500ecdff89b8ffec1022bd3d3e11e87ae4d68c95ff7d" + } + ] + }, + { + "bom-ref": "c8cc24147a716899", + "type": "file", + "name": "/usr/share/terminfo/v/vwmterm", + "hashes": [ + { + "alg": "SHA-1", + "content": "c4732fbcd7e0406e8b72c0bb122e01654f6b495d" + }, + { + "alg": "SHA-256", + "content": "eae3fe39004992478d09bdb5063c6609f8c6f5119053de8fca645002b993b535" + } + ] + }, + { + "bom-ref": "aa00d5296f618d6a", + "type": "file", + "name": "/usr/share/terminfo/w/wsvt25", + "hashes": [ + { + "alg": "SHA-1", + "content": "6e544110ee387257fad3048674d0b6cb5e81291c" + }, + { + "alg": "SHA-256", + "content": "28d3410e6b83a3b78a41f108098ac8772a3af3ee2b627b9f9bb4b19b363a5be3" + } + ] + }, + { + "bom-ref": "968fd195a4554675", + "type": "file", + "name": "/usr/share/terminfo/w/wsvt25m", + "hashes": [ + { + "alg": "SHA-1", + "content": "74ef27fc6d81c6a43dd40f231777c0ffb485a559" + }, + { + "alg": "SHA-256", + "content": "18c85db3b0ef0ab15b7eb8dc4ac6ea14a37d851628220c8bb61e2edfa4f81683" + } + ] + }, + { + "bom-ref": "b2c06c93987dc6df", + "type": "file", + "name": "/usr/share/terminfo/x/xfce", + "hashes": [ + { + "alg": "SHA-1", + "content": "2295d08f2831f0e3323b9061ee797c134a14a8df" + }, + { + "alg": "SHA-256", + "content": "390a5f18914c8c867a62637326b7a0f00ec72c746fe282efe55fa36746241c84" + } + ] + }, + { + "bom-ref": "5dadf1adff8ce7ae", + "type": "file", + "name": "/usr/share/terminfo/x/xterm", + "hashes": [ + { + "alg": "SHA-1", + "content": "b3f26dd67868d19acca1e04c76e5c9796f1cf0cd" + }, + { + "alg": "SHA-256", + "content": "e423b4b00aa50e3161ae0b0fca7c6019389a837bcdc29075dd40452aaff21579" + } + ] + }, + { + "bom-ref": "37b118056dc26790", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-1002", + "hashes": [ + { + "alg": "SHA-1", + "content": "17b4daee1d21145996d794280cf2fd2f7d8457eb" + }, + { + "alg": "SHA-256", + "content": "6daca159799eeebe2100543a42e2931777a978e59fb2bcc17d1693c146c5670f" + } + ] + }, + { + "bom-ref": "5d67ea35ce22f6ae", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-1003", + "hashes": [ + { + "alg": "SHA-1", + "content": "e6755e1610ad2ed419843459399707d9d88fc542" + }, + { + "alg": "SHA-256", + "content": "35fa2e56262f3e1c790fc56846544b5385fc608a357989ef656b86c4f18aa042" + } + ] + }, + { + "bom-ref": "be7456704d957929", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-1005", + "hashes": [ + { + "alg": "SHA-1", + "content": "b6f6f128e4445ee37802db3190b26b9e90b2b5a7" + }, + { + "alg": "SHA-256", + "content": "eff2d7f9eeaa5c20b0fabae9ce1a4637a15f2a1c3f732cf5f95fa98d19fd793b" + } + ] + }, + { + "bom-ref": "5bc14091563d357b", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-1006", + "hashes": [ + { + "alg": "SHA-1", + "content": "a052414b7718bded5e515d573065f42aa3bffdd2" + }, + { + "alg": "SHA-256", + "content": "57afd1b3d2629e6ac46123b3eeb12b80e8b5aff415a9f18613f86d2871336e31" + } + ] + }, + { + "bom-ref": "022bdd650baaeff4", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-16color", + "hashes": [ + { + "alg": "SHA-1", + "content": "b502cd6300c553fb7be991b779c8e2ec587be2df" + }, + { + "alg": "SHA-256", + "content": "262a09a0f9ea8f8ea53ef151ed0283e25544897a1dea89307ffd5e5c863570a7" + } + ] + }, + { + "bom-ref": "3a06aa97b9d3c315", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-256color", + "hashes": [ + { + "alg": "SHA-1", + "content": "70cda1040ca4254d8e41dda619ce653dee06b976" + }, + { + "alg": "SHA-256", + "content": "680743a3e8a460e35683ba59e97b3579f6e25d5a104507040d256e703575de9b" + } + ] + }, + { + "bom-ref": "ae45f54c300bb636", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-88color", + "hashes": [ + { + "alg": "SHA-1", + "content": "b12ea7da1cec1b83fad202e27d2a415e09cbe30a" + }, + { + "alg": "SHA-256", + "content": "e096ba9743b994565fc98ce40ff37cc8a7fd30d0a48e83f58bf5fb3a6e8cde8d" + } + ] + }, + { + "bom-ref": "0cb46cc286b242d6", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-8bit", + "hashes": [ + { + "alg": "SHA-1", + "content": "6147b83c6a0616522ae0833646887b6b5e5565f0" + }, + { + "alg": "SHA-256", + "content": "999ec07a74a5587da0966f9a361e587143aeab35212cbab6ad4a03451ef797d1" + } + ] + }, + { + "bom-ref": "3a3dd63fc31cf9f0", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-basic", + "hashes": [ + { + "alg": "SHA-1", + "content": "a84a45e8d4f34c78094475d4a0a4d489a4a158fd" + }, + { + "alg": "SHA-256", + "content": "5d54cb15056ae0a673ef75dcce8cc6966dbe74579808ea81180e84965871dca0" + } + ] + }, + { + "bom-ref": "358a54515c04e917", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-bold", + "hashes": [ + { + "alg": "SHA-1", + "content": "4e889ac2d471114952b37ddcf1b6fc82321f58dc" + }, + { + "alg": "SHA-256", + "content": "4296a878469b6bc5bab5acbce875e43bc501ab57a62d8d29cd34a424ba1e9de4" + } + ] + }, + { + "bom-ref": "f3f45085dd41c8af", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-direct", + "hashes": [ + { + "alg": "SHA-1", + "content": "21c521345e063c5ecfb8f7e99f8b15abdd984f34" + }, + { + "alg": "SHA-256", + "content": "63a281b88bfa1d525432c712c68887f2b6a321bcf5c1600451d116f5f89babcf" + } + ] + }, + { + "bom-ref": "9243f8be77ca5508", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-direct16", + "hashes": [ + { + "alg": "SHA-1", + "content": "28be03201ca765e264dc9fdf630cbc44c8b45ff4" + }, + { + "alg": "SHA-256", + "content": "767604eb2e2a242db60555bb2e4f801a045a3b03ec02f6aa318c321f7d29110d" + } + ] + }, + { + "bom-ref": "0d62abe9ceec72d8", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-direct2", + "hashes": [ + { + "alg": "SHA-1", + "content": "06b536b9aa86e862e87fcd7d7d380980e8600198" + }, + { + "alg": "SHA-256", + "content": "420b7a15d5023a4030742ccd48639de223cfbaeb675d4af7fc5882e822dfded8" + } + ] + }, + { + "bom-ref": "9ba2547f37f694f8", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-direct256", + "hashes": [ + { + "alg": "SHA-1", + "content": "37a4f04ab6ea0726ef48eb063ae89b2f93d3276a" + }, + { + "alg": "SHA-256", + "content": "b80042a930fd54d642f2f4d194894c2b4344acaba4eb6032f30acb5d8b2d0a0c" + } + ] + }, + { + "bom-ref": "10b15c7300d1de17", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-hp", + "hashes": [ + { + "alg": "SHA-1", + "content": "abc01a5137972b9587e7819f08ac6021a230f283" + }, + { + "alg": "SHA-256", + "content": "f11650d98fd186dbeb717ec72a72c9a450a42ee0387d20f5408f75364f04c62b" + } + ] + }, + { + "bom-ref": "770bb10fedc6e4ed", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-mono", + "hashes": [ + { + "alg": "SHA-1", + "content": "554f1f8aa440753daaae49b149a49b3e4c4cf848" + }, + { + "alg": "SHA-256", + "content": "3024be4c36be53d6468fa1e48a0f584a410a17e26c3c6e7826c815b4ef56c595" + } + ] + }, + { + "bom-ref": "27fa8cd5292f5759", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-new", + "hashes": [ + { + "alg": "SHA-1", + "content": "edaa0aad5eca10b8a97413b2a559ecf62b0dd10d" + }, + { + "alg": "SHA-256", + "content": "7ba565ab3d4132d6cb3ee77d4f3a82f74755294b40f155f5fb0f96138dd77e7d" + } + ] + }, + { + "bom-ref": "fff2cc852438009f", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-nic", + "hashes": [ + { + "alg": "SHA-1", + "content": "3717b448255e585338148342a97da63d29efc697" + }, + { + "alg": "SHA-256", + "content": "d1ac522553500494c979be8912645b1b6036fb3803898e19d86b032f82ec98bc" + } + ] + }, + { + "bom-ref": "b9c6ec960b364afe", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-noapp", + "hashes": [ + { + "alg": "SHA-1", + "content": "fb1a830b20924764a0c66470ec96c0ade2214386" + }, + { + "alg": "SHA-256", + "content": "e4e0c9f4c27f51504e5eb67aa1ce121c663a759b1e2102338c20ecf6259794d7" + } + ] + }, + { + "bom-ref": "aeb11193f8402ce7", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-old", + "hashes": [ + { + "alg": "SHA-1", + "content": "34923577f4a51dbe7a79d1d6274d10e207d28eb7" + }, + { + "alg": "SHA-256", + "content": "927b8821c947b96b020ca7341dffb57bdfa2986fcaecd5fdbf2ca2369eacc285" + } + ] + }, + { + "bom-ref": "262bec80ab3b6fc9", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-pcolor", + "hashes": [ + { + "alg": "SHA-1", + "content": "956b61f6a02ee955b5795e0f35937ef81bb4474e" + }, + { + "alg": "SHA-256", + "content": "1fc3a8c307a46818870ad4313246f62c439ca3ef704a947c09471e8cf335e2fe" + } + ] + }, + { + "bom-ref": "8e1d542f8169b000", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-r5", + "hashes": [ + { + "alg": "SHA-1", + "content": "a4283a7cf44e9e4a4a9e5ac166328ba8d6ddf632" + }, + { + "alg": "SHA-256", + "content": "82098ec067be6189e91e8264278bb85fe3b7bfdeaa3754be301313be140522ca" + } + ] + }, + { + "bom-ref": "9a82f7c0ce9888c0", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-r6", + "hashes": [ + { + "alg": "SHA-1", + "content": "97bfc10103a98e54eb646a2e9b39d9e23a983336" + }, + { + "alg": "SHA-256", + "content": "ee12fe6d2d8e1d0b83d1042fe8a38f1aed6fd73e2c7316e6db5ec5b061b09ef8" + } + ] + }, + { + "bom-ref": "d00ddd9f869070e6", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-sco", + "hashes": [ + { + "alg": "SHA-1", + "content": "afd94d9cec40a7e571619d06e4cf41854b2c6a19" + }, + { + "alg": "SHA-256", + "content": "da57c8f3d66ce45f68d8c28dd360201c6e6918bb5da6947a80949129f5a93940" + } + ] + }, + { + "bom-ref": "9ae4907d5846a39c", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-sun", + "hashes": [ + { + "alg": "SHA-1", + "content": "0d4572d62c0d6a276e28f1466f77034913b8fa7d" + }, + { + "alg": "SHA-256", + "content": "12a8b1c0907e5a1cd1aa1b8c8815dc85477c7f953113d127a2dfca5eaf04c90d" + } + ] + }, + { + "bom-ref": "9ed2eb25fdb82770", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-utf8", + "hashes": [ + { + "alg": "SHA-1", + "content": "1faca6458b3a792e647147459a9149fd3c2fb7a8" + }, + { + "alg": "SHA-256", + "content": "f00daefe425aeec94b657249dd6575b48a58b1a3db5feca318003799e9eac188" + } + ] + }, + { + "bom-ref": "10e3777ce389b734", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-vt220", + "hashes": [ + { + "alg": "SHA-1", + "content": "732f3cba430675fad0760c774b9124c474f27572" + }, + { + "alg": "SHA-256", + "content": "84a21605f8740519373ad315139195949c76cf63abd5a00f4315545c6b7f44be" + } + ] + }, + { + "bom-ref": "68e1197e7698a852", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-vt52", + "hashes": [ + { + "alg": "SHA-1", + "content": "afd9b9c4a321327e4acbed97153bef23dfdf31b3" + }, + { + "alg": "SHA-256", + "content": "b3113c9b349f1fa3ab9d141a67742a14edde60e06a98c6c9adf4aaaf15afbb65" + } + ] + }, + { + "bom-ref": "48281070c504d26d", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-x10mouse", + "hashes": [ + { + "alg": "SHA-1", + "content": "0a84c286d399ddf22d3bc43d17124f3d9fbe20b8" + }, + { + "alg": "SHA-256", + "content": "781b3399f614a9a456f266132e6da69a48a8974a2fef418ee0e546a001edc889" + } + ] + }, + { + "bom-ref": "36256cdb62622e80", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-x11hilite", + "hashes": [ + { + "alg": "SHA-1", + "content": "4659d0b5482fb2ae09ef31f59727954a53c84130" + }, + { + "alg": "SHA-256", + "content": "bc1edd65d8437128d901c1e4534872b9a5cdfc0b1e959c7f90191f20d0b10037" + } + ] + }, + { + "bom-ref": "e8c64ca72ddad3e6", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-x11mouse", + "hashes": [ + { + "alg": "SHA-1", + "content": "6b284ea695088d038e3727f6fca922d5d515ef7d" + }, + { + "alg": "SHA-256", + "content": "9b8944e971bc60997823a6660c79de5fd47f259ebd427b971353f53ff2083ca7" + } + ] + }, + { + "bom-ref": "40c55a7db4a229cd", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-xf86-v32", + "hashes": [ + { + "alg": "SHA-1", + "content": "19840e58a41b5f289c78073fe5eb0e83d0b002c4" + }, + { + "alg": "SHA-256", + "content": "bf8cbc70b73992ca93b22f411bae2f71d613a69a9f0b59f0f9c2d5be12f982d8" + } + ] + }, + { + "bom-ref": "c35dd89b3eb05a79", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-xf86-v33", + "hashes": [ + { + "alg": "SHA-1", + "content": "b458625d264a9717e805f17e5415ad9554221e05" + }, + { + "alg": "SHA-256", + "content": "d4127e626af189a2d56cc45e1c60e4e6ac32b4d55b9c417129bcc8369c347515" + } + ] + }, + { + "bom-ref": "85c3ed778f0ddb90", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-xf86-v333", + "hashes": [ + { + "alg": "SHA-1", + "content": "93e84400f5ff9008cd64565d35630e3a121448fe" + }, + { + "alg": "SHA-256", + "content": "24a1f8a18d96d544cef7c4427bee3f4b73fe12156e902ea214cf49d6807b3bb5" + } + ] + }, + { + "bom-ref": "5170d1225175e819", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-xf86-v40", + "hashes": [ + { + "alg": "SHA-1", + "content": "dfaacdc92a4bc1c13fddcc7279c9ac5f15233d27" + }, + { + "alg": "SHA-256", + "content": "7da82a4679f772e87f3ca2b93740ee0d0e20f61a263bbfea31199566eab29536" + } + ] + }, + { + "bom-ref": "0403744b03ece668", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-xf86-v43", + "hashes": [ + { + "alg": "SHA-1", + "content": "dd74540822b3982624d3f21fd53c37381c21240d" + }, + { + "alg": "SHA-256", + "content": "0507f61ded223aa930b87d22255974423d73fdd860ea588d4fd0b895e5d9d2ea" + } + ] + }, + { + "bom-ref": "4745f6daad934514", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-xf86-v44", + "hashes": [ + { + "alg": "SHA-1", + "content": "e17794a406f5afd3082a5a6d0218baae9531fe0b" + }, + { + "alg": "SHA-256", + "content": "1111271420d735b74ecb175e9fcb79847e6c0e298c3abfb2224747502a854adf" + } + ] + }, + { + "bom-ref": "b93e2d2cfb64bc9b", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-xfree86", + "hashes": [ + { + "alg": "SHA-1", + "content": "735e300eaa0b79dcb0f6683e9861565fd3f884da" + }, + { + "alg": "SHA-256", + "content": "0827497deddd4ec9e9515dd9530e6b0bf92762553d1c4eedbca3459c1931775e" + } + ] + }, + { + "bom-ref": "e218da38269c139b", + "type": "file", + "name": "/usr/share/terminfo/x/xterm-xi", + "hashes": [ + { + "alg": "SHA-1", + "content": "8fdba88c3930d0828f84c09ed998fbc431c0aa49" + }, + { + "alg": "SHA-256", + "content": "d89c9fe77fa62d5df516089d11422ede4b78c167cf061e17a183b663f022c051" + } + ] + }, + { + "bom-ref": "318d6eab1c4b4756", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Abidjan", + "hashes": [ + { + "alg": "SHA-1", + "content": "5cc9b028b5bd2222200e20091a18868ea62c4f18" + }, + { + "alg": "SHA-256", + "content": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + } + ] + }, + { + "bom-ref": "c9f88fd6c52d991f", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Addis_Ababa", + "hashes": [ + { + "alg": "SHA-1", + "content": "289d1fb5a419107bc1d23a84a9e06ad3f9ee8403" + }, + { + "alg": "SHA-256", + "content": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + } + ] + }, + { + "bom-ref": "4f0e212bbcaed305", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Algiers", + "hashes": [ + { + "alg": "SHA-1", + "content": "edb95d3dc9238b5545f4f1d85d8bc879cdacdec8" + }, + { + "alg": "SHA-256", + "content": "bda1698cd542c0e6e76dfbbcdab390cdd26f37a9d5826a57a50d5aab37f3b2a6" + } + ] + }, + { + "bom-ref": "ef4b2ad66ec4cf22", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Bangui", + "hashes": [ + { + "alg": "SHA-1", + "content": "30ba925b4670235915dddfa1dd824dd9d7295eac" + }, + { + "alg": "SHA-256", + "content": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + } + ] + }, + { + "bom-ref": "322000192658f13d", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Bissau", + "hashes": [ + { + "alg": "SHA-1", + "content": "adca16c6998258a9ccabcc8d4bcfe883a8d848f5" + }, + { + "alg": "SHA-256", + "content": "223bb10cfe846620c716f97f6c74ba34deec751c4b297965a28042f36f69a1a9" + } + ] + }, + { + "bom-ref": "f27d0499d3b1c954", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Blantyre", + "hashes": [ + { + "alg": "SHA-1", + "content": "b0ff96d087e4c86adb55b851c0d3800dfbb05e9a" + }, + { + "alg": "SHA-256", + "content": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + } + ] + }, + { + "bom-ref": "eef0a08628daad13", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Cairo", + "hashes": [ + { + "alg": "SHA-1", + "content": "428e1f5f708eb4c131f29185bd602223027b3eac" + }, + { + "alg": "SHA-256", + "content": "2dfb7e1822d085a4899bd56a526b041681c84b55617daee91499fd1990a989fb" + } + ] + }, + { + "bom-ref": "796657e2d7cc9dcf", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Casablanca", + "hashes": [ + { + "alg": "SHA-1", + "content": "0a90bf261426bdb4544c441d1312c1866b056583" + }, + { + "alg": "SHA-256", + "content": "5f06da20694355706642644e3ffce81779e17cf37e302f7b6c5ef83390bb1723" + } + ] + }, + { + "bom-ref": "24d0eefe07c685d5", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Ceuta", + "hashes": [ + { + "alg": "SHA-1", + "content": "029ce64badb36722c9e2191f3ce858c514aabbc1" + }, + { + "alg": "SHA-256", + "content": "0b0fb6fe714319b37c5aa22c56971abb2668a165fc8f72a6c763e70b47c7badf" + } + ] + }, + { + "bom-ref": "9e8d2102ea28598a", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/El_Aaiun", + "hashes": [ + { + "alg": "SHA-1", + "content": "562677dcaa1d34a7bd9744b5d3fc024d78ce7329" + }, + { + "alg": "SHA-256", + "content": "d47aadca5f9d163223d71c75fc5689fbf418968a805441f9681fecd816c9f0e8" + } + ] + }, + { + "bom-ref": "566978418a8582b5", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Johannesburg", + "hashes": [ + { + "alg": "SHA-1", + "content": "65c0d4ab314cb72b8d8c768e3d0c3218848b61f1" + }, + { + "alg": "SHA-256", + "content": "6c1bcc752668e77585a308ae8543bd0bccd8e813865626e809bf94f3fe3d977e" + } + ] + }, + { + "bom-ref": "6191b262893eb64a", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Juba", + "hashes": [ + { + "alg": "SHA-1", + "content": "48173811f532aabc17b3798c40fad46a3df0e543" + }, + { + "alg": "SHA-256", + "content": "5159c8a843c9c072d3302fabe6a6501cdbfda29a1856c29dabeb5aff95d4c3f4" + } + ] + }, + { + "bom-ref": "c2a8edf6c75a67a6", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Khartoum", + "hashes": [ + { + "alg": "SHA-1", + "content": "7cde30d5acfd99119ef22162c1f8bcafb86eaf03" + }, + { + "alg": "SHA-256", + "content": "318583a09dc070222d65d029a1e3a0b565830f1aaec13a27e6fe533863fbd3ea" + } + ] + }, + { + "bom-ref": "78f5d71f306ef4ce", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Monrovia", + "hashes": [ + { + "alg": "SHA-1", + "content": "81b045ed68f73a8806c5f2104b573b0479c19bd0" + }, + { + "alg": "SHA-256", + "content": "f95b095b9714e0a76f7e061a415bf895cbb399a28854531de369cee915ce05d5" + } + ] + }, + { + "bom-ref": "86d26aeda90b4234", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Ndjamena", + "hashes": [ + { + "alg": "SHA-1", + "content": "035072509f30da9a5a27b48910ae180f9c6b4b15" + }, + { + "alg": "SHA-256", + "content": "f13dc0d199bd1a3d01be6eab77cf2ddc60172a229d1947c7948a98964608d0a3" + } + ] + }, + { + "bom-ref": "1ac51dcf88d495c2", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Sao_Tome", + "hashes": [ + { + "alg": "SHA-1", + "content": "7d2cac076d99bc5e38ba27b67113317ad496d3b1" + }, + { + "alg": "SHA-256", + "content": "31d8f1a50dbaf2ecc9ed9c7566ba0552d454c2ab09e85ff263701857d157c352" + } + ] + }, + { + "bom-ref": "e187e467e11bb275", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Tripoli", + "hashes": [ + { + "alg": "SHA-1", + "content": "fabf4010ab003c26947df60b5e359781670caa70" + }, + { + "alg": "SHA-256", + "content": "5b5769b460fbd13ee9a46a28d1f733150783888a749ee96d2cd3d5eba3300767" + } + ] + }, + { + "bom-ref": "9a76fb50afdcaa0e", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Tunis", + "hashes": [ + { + "alg": "SHA-1", + "content": "c44e2d3c1e351f1004ab69ea559feb8ccdd65f64" + }, + { + "alg": "SHA-256", + "content": "38554c10ce1e613d84cf46deba1114093488a5c165756c6c576b84a1364850d2" + } + ] + }, + { + "bom-ref": "722217af7e61be0e", + "type": "file", + "name": "/usr/share/zoneinfo/Africa/Windhoek", + "hashes": [ + { + "alg": "SHA-1", + "content": "650da30ebf5b460404c98be416f9580d9795dffb" + }, + { + "alg": "SHA-256", + "content": "639c868f5284fdf750a11e21b9aa6a972cb48596c8afbc8f949d8efeb6128d1c" + } + ] + }, + { + "bom-ref": "ea0f3b8bf78643a2", + "type": "file", + "name": "/usr/share/zoneinfo/America/Adak", + "hashes": [ + { + "alg": "SHA-1", + "content": "be58a7c839146fa675eeb6dad748c08d0647542c" + }, + { + "alg": "SHA-256", + "content": "201d4387025000a6e13c9f631cb7fccd6e4369dec7224052f9d86feb81353a53" + } + ] + }, + { + "bom-ref": "4f7ebf154c9dee62", + "type": "file", + "name": "/usr/share/zoneinfo/America/Anchorage", + "hashes": [ + { + "alg": "SHA-1", + "content": "275760f2eb22160c578089566f68042a5f4d2f57" + }, + { + "alg": "SHA-256", + "content": "a190353523d2d8159dca66299c21c53bc0656154be965e4a2e0d84cfd09b113b" + } + ] + }, + { + "bom-ref": "c3b81e97789af4f1", + "type": "file", + "name": "/usr/share/zoneinfo/America/Anguilla", + "hashes": [ + { + "alg": "SHA-1", + "content": "fcf8be5296496a5dd3a7a97ed331b0bb5c861450" + }, + { + "alg": "SHA-256", + "content": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + } + ] + }, + { + "bom-ref": "536a0170a2e837ec", + "type": "file", + "name": "/usr/share/zoneinfo/America/Araguaina", + "hashes": [ + { + "alg": "SHA-1", + "content": "86307f5f8222c3ae21815c2844f6fca38f94b55d" + }, + { + "alg": "SHA-256", + "content": "929a628b2b6649079eb1f97234660cdebf0d5549750be820bb4f2cf7f4edf9ca" + } + ] + }, + { + "bom-ref": "15aec7429804cc49", + "type": "file", + "name": "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "hashes": [ + { + "alg": "SHA-1", + "content": "6e7ba0a5dcf870abab721a47adbbc8f93af1db56" + }, + { + "alg": "SHA-256", + "content": "9ed9ff1851da75bac527866e854ea1daecdb170983c92f665d5e52dbca64185f" + } + ] + }, + { + "bom-ref": "ba53573b9cfd0fcb", + "type": "file", + "name": "/usr/share/zoneinfo/America/Argentina/Catamarca", + "hashes": [ + { + "alg": "SHA-1", + "content": "ac9a4e79fe5a861447c23d68cccb35762d5f3aa4" + }, + { + "alg": "SHA-256", + "content": "7621f57fdea46db63eee0258427482347b379fd7701c9a94852746371d4bec8d" + } + ] + }, + { + "bom-ref": "d34abf13f23fa547", + "type": "file", + "name": "/usr/share/zoneinfo/America/Argentina/Cordoba", + "hashes": [ + { + "alg": "SHA-1", + "content": "04f2815d23c3c63ac6bd204a2935f18366c8d182" + }, + { + "alg": "SHA-256", + "content": "d57a883fc428d9b3d1efdd3d86b008faa02db726e6c045b89acec58d903961fc" + } + ] + }, + { + "bom-ref": "8ea257eac59089ca", + "type": "file", + "name": "/usr/share/zoneinfo/America/Argentina/Jujuy", + "hashes": [ + { + "alg": "SHA-1", + "content": "12099cd844cb19e4842eca3457c937dd9580b0fd" + }, + { + "alg": "SHA-256", + "content": "e474744e564589fc09e672d39a0ef25978024f1f664616a17ece3f5aaef4c0e6" + } + ] + }, + { + "bom-ref": "ca71f5553b5d6b00", + "type": "file", + "name": "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "hashes": [ + { + "alg": "SHA-1", + "content": "a2c4c6ee89eacd8b99867fddcd8db684e15f8ee9" + }, + { + "alg": "SHA-256", + "content": "65ffc4dda905135614b7d319e31c5b4673aba766c7d43f818ec73448b15f4725" + } + ] + }, + { + "bom-ref": "cd9b726fe5f144e5", + "type": "file", + "name": "/usr/share/zoneinfo/America/Argentina/Mendoza", + "hashes": [ + { + "alg": "SHA-1", + "content": "e321681c40214a181d2c4ec2015f740507811fbe" + }, + { + "alg": "SHA-256", + "content": "e43262618790a5c2c147f228209b64e3722cc0978661ac31e46ca4b33b89f8dc" + } + ] + }, + { + "bom-ref": "e3f08a267b684227", + "type": "file", + "name": "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "hashes": [ + { + "alg": "SHA-1", + "content": "a508a0daafb22185e4f39d040b2f15053bc2b2a5" + }, + { + "alg": "SHA-256", + "content": "4fded6003c2f6ba25bc480af88d414b7fee2c3d73e9e5a08e10242b1c10d49c9" + } + ] + }, + { + "bom-ref": "8bdfa32e69de48fa", + "type": "file", + "name": "/usr/share/zoneinfo/America/Argentina/Salta", + "hashes": [ + { + "alg": "SHA-1", + "content": "ba6390b0c61d1c92c30692a309b9cfd3c54f9a41" + }, + { + "alg": "SHA-256", + "content": "013c34b91eaccd628fb3a8f3767eab7af4bb5310970f6e8e44aea3966b232f5f" + } + ] + }, + { + "bom-ref": "7a903f7a2c9d5ba9", + "type": "file", + "name": "/usr/share/zoneinfo/America/Argentina/San_Juan", + "hashes": [ + { + "alg": "SHA-1", + "content": "2ef1b1742c1daf27a441e1dd81f3ee2e21cbab6f" + }, + { + "alg": "SHA-256", + "content": "aa55baf776b44e7a1fcbe45d71506e598dc3bd34c6c56c1c61d294dd8f7ca57f" + } + ] + }, + { + "bom-ref": "79a942968674b495", + "type": "file", + "name": "/usr/share/zoneinfo/America/Argentina/San_Luis", + "hashes": [ + { + "alg": "SHA-1", + "content": "c6469d1173cff2a995e00bef9764294185d65af6" + }, + { + "alg": "SHA-256", + "content": "59875cae8e7e15ef8de8b910b0ac31ff5b55a339a7069e7c0ced7e049b36b2ea" + } + ] + }, + { + "bom-ref": "43dbbaa7ed552857", + "type": "file", + "name": "/usr/share/zoneinfo/America/Argentina/Tucuman", + "hashes": [ + { + "alg": "SHA-1", + "content": "9bbe6f5300224148f2451195f471e7f310cd2bde" + }, + { + "alg": "SHA-256", + "content": "c2c8e0d5ae4033574fda08ebd75da4defb79e2dadc38e33f4ad17be31cef0497" + } + ] + }, + { + "bom-ref": "38d0fbbdf89964cf", + "type": "file", + "name": "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "hashes": [ + { + "alg": "SHA-1", + "content": "0d6b6844b13bf120a80b7e72147ca94a111ae39e" + }, + { + "alg": "SHA-256", + "content": "f79e3c56fabf929c3f357e6ceb9bd8b886eabf0195f8f071ab099cadf94b2345" + } + ] + }, + { + "bom-ref": "7f9562764d10c0b9", + "type": "file", + "name": "/usr/share/zoneinfo/America/Asuncion", + "hashes": [ + { + "alg": "SHA-1", + "content": "e91a29807bc92d61324d265ab40c3fa651e66cb7" + }, + { + "alg": "SHA-256", + "content": "a9e3a3a4b284bb3ed45dabfb7b1df7e14c482e835c7b5856ab6cdfbf1ef4c709" + } + ] + }, + { + "bom-ref": "2112b844bdb7263e", + "type": "file", + "name": "/usr/share/zoneinfo/America/Atikokan", + "hashes": [ + { + "alg": "SHA-1", + "content": "a94fbc2d567e41723f03629b6c9a864260108a17" + }, + { + "alg": "SHA-256", + "content": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + } + ] + }, + { + "bom-ref": "bbc47973b9d50f9f", + "type": "file", + "name": "/usr/share/zoneinfo/America/Bahia", + "hashes": [ + { + "alg": "SHA-1", + "content": "f6df0a2d176d0df66fae90bc35a9f8f1ee9b249b" + }, + { + "alg": "SHA-256", + "content": "7262e448003320d9736065c1a800c4537b8f800f52e67b7ea75015dd9cbce956" + } + ] + }, + { + "bom-ref": "72bbfbf43a13bdfd", + "type": "file", + "name": "/usr/share/zoneinfo/America/Bahia_Banderas", + "hashes": [ + { + "alg": "SHA-1", + "content": "33e0f3d5c7eace9077bacfa4f2b6e1e4b374fdb5" + }, + { + "alg": "SHA-256", + "content": "32fad7189e4bcda1ce7a0b89ab1b33c63c4c85569f1956e4fa88d711ceff6042" + } + ] + }, + { + "bom-ref": "b3ff2a61ff5b4796", + "type": "file", + "name": "/usr/share/zoneinfo/America/Barbados", + "hashes": [ + { + "alg": "SHA-1", + "content": "5904a49c6c0ce8f10178fe13174ed9c964a8312a" + }, + { + "alg": "SHA-256", + "content": "8a66be42bae16b3bb841fbeed99d3e7ba13e193898927b8906ee9cdb2546f4b1" + } + ] + }, + { + "bom-ref": "3bc3cdb4c0d18237", + "type": "file", + "name": "/usr/share/zoneinfo/America/Belem", + "hashes": [ + { + "alg": "SHA-1", + "content": "b29f1ee834833e89c06ef39b80b8f8c0b49ad31d" + }, + { + "alg": "SHA-256", + "content": "ff6e7c85064b0845c15fcc512f2412c3e004fa38839a3570257df698de545049" + } + ] + }, + { + "bom-ref": "ca05fe3e6305beea", + "type": "file", + "name": "/usr/share/zoneinfo/America/Belize", + "hashes": [ + { + "alg": "SHA-1", + "content": "4728ee967fe9745f4b614e5b511da1c08bd3689c" + }, + { + "alg": "SHA-256", + "content": "a647cb63629f3dc85b7896b5a56717996030a7866546fc562d57b35e7adb930b" + } + ] + }, + { + "bom-ref": "7cb88702cda86e95", + "type": "file", + "name": "/usr/share/zoneinfo/America/Boa_Vista", + "hashes": [ + { + "alg": "SHA-1", + "content": "a32d00603897fd4d970a675e5c01656f8652f598" + }, + { + "alg": "SHA-256", + "content": "5785553a4ac5515d6a51f569f44f7be0838916603943142b72d6ad4c111bfa1b" + } + ] + }, + { + "bom-ref": "7b2ab2deee4bf264", + "type": "file", + "name": "/usr/share/zoneinfo/America/Bogota", + "hashes": [ + { + "alg": "SHA-1", + "content": "1e810e3d76edd6adf16384b7e49d2236b9c57ee1" + }, + { + "alg": "SHA-256", + "content": "afe3b7e1d826b7507bc08da3c5c7e5d2b0ae33dfb0d7f66a8c63708c98700e24" + } + ] + }, + { + "bom-ref": "f6f403ed0f9f3203", + "type": "file", + "name": "/usr/share/zoneinfo/America/Boise", + "hashes": [ + { + "alg": "SHA-1", + "content": "e0608b89be80aaa6660eee5964203ad760b0659a" + }, + { + "alg": "SHA-256", + "content": "ec742c34f262521790805cf99152ef4e77f9c615c061a78036a0ec9312b3d95b" + } + ] + }, + { + "bom-ref": "fba6ced282174415", + "type": "file", + "name": "/usr/share/zoneinfo/America/Cambridge_Bay", + "hashes": [ + { + "alg": "SHA-1", + "content": "dcfc3c07c7366b75916af1dccd366fd1077e5b18" + }, + { + "alg": "SHA-256", + "content": "ff8c51957dd6755a4472aa13ea6c83ecd7930979e7f4e624fe21f4d3a6f050ba" + } + ] + }, + { + "bom-ref": "da56e399ea6614c0", + "type": "file", + "name": "/usr/share/zoneinfo/America/Campo_Grande", + "hashes": [ + { + "alg": "SHA-1", + "content": "9a7b1e23290eeb4394e91e0ef4adc00b9ba4def5" + }, + { + "alg": "SHA-256", + "content": "e41044351dfff20269e05fd48f6451927bd173824958d44f9d953d13bb5bf102" + } + ] + }, + { + "bom-ref": "cfcf3b57eca8267c", + "type": "file", + "name": "/usr/share/zoneinfo/America/Cancun", + "hashes": [ + { + "alg": "SHA-1", + "content": "cf74e0c9c8ba2365819123eaddd6817606064eaf" + }, + { + "alg": "SHA-256", + "content": "11d574370d968cced59e3147a2ae63b126cbbae13b78fd4e13be2eb44c96246e" + } + ] + }, + { + "bom-ref": "9f0583310b4acb5b", + "type": "file", + "name": "/usr/share/zoneinfo/America/Caracas", + "hashes": [ + { + "alg": "SHA-1", + "content": "3914e45c3922bc30b89498066fb637cc04886462" + }, + { + "alg": "SHA-256", + "content": "d8da705cf12d42423cd96099b905875dfeba54200371ac0ca5f84a4ecb80d31e" + } + ] + }, + { + "bom-ref": "fedcac4633f1430a", + "type": "file", + "name": "/usr/share/zoneinfo/America/Cayenne", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f888b09b894c79fa691466a4f4eaaa83da367e0" + }, + { + "alg": "SHA-256", + "content": "6ad55b5b90a1262290feafb7905b3e0cb4d365af69b64887926265ab8017a18e" + } + ] + }, + { + "bom-ref": "dd83a8010444a199", + "type": "file", + "name": "/usr/share/zoneinfo/America/Chicago", + "hashes": [ + { + "alg": "SHA-1", + "content": "0a037f985f6fa0b392c95c7afb247f16a3925a7e" + }, + { + "alg": "SHA-256", + "content": "feba326ebe88eac20017a718748c46c68469a1e7f5e7716dcb8f1d43a6e6f686" + } + ] + }, + { + "bom-ref": "532e2f858590f4ad", + "type": "file", + "name": "/usr/share/zoneinfo/America/Chihuahua", + "hashes": [ + { + "alg": "SHA-1", + "content": "e0c67cc4ed5fe366fb39d9e55b02082254606e47" + }, + { + "alg": "SHA-256", + "content": "dcd8336de760f00cc0ab1b1b4121b48d5471f8bc58970d62de4c7e63397ed887" + } + ] + }, + { + "bom-ref": "6cad865e5e3d3d96", + "type": "file", + "name": "/usr/share/zoneinfo/America/Ciudad_Juarez", + "hashes": [ + { + "alg": "SHA-1", + "content": "fe11c20a18788db4260afcaa5d952c219f4777d2" + }, + { + "alg": "SHA-256", + "content": "8abe1bdbb0e216b84bd07e1f650f769c46be041a0f7cb588cf7a61537ef77601" + } + ] + }, + { + "bom-ref": "b2853301acd2fdab", + "type": "file", + "name": "/usr/share/zoneinfo/America/Costa_Rica", + "hashes": [ + { + "alg": "SHA-1", + "content": "2d1fd66de0198ddfcc1958fbaaaaba9cdb7b1d8f" + }, + { + "alg": "SHA-256", + "content": "ef8ad86ba96b80893296cf4f907a3c482625f683aa8ae1b94bb31676725e94fe" + } + ] + }, + { + "bom-ref": "c38520c3d5cfe803", + "type": "file", + "name": "/usr/share/zoneinfo/America/Coyhaique", + "hashes": [ + { + "alg": "SHA-1", + "content": "0922bbda5c964aac267330bedf39deae6d2e0636" + }, + { + "alg": "SHA-256", + "content": "1c54d0a27e44241baf597e2406334a6d29124ccc3a7edce42e070bab4f77c027" + } + ] + }, + { + "bom-ref": "7d23b4abca3bf0cf", + "type": "file", + "name": "/usr/share/zoneinfo/America/Creston", + "hashes": [ + { + "alg": "SHA-1", + "content": "a3f54df3a017c38626f04bd9576a0a11663303fd" + }, + { + "alg": "SHA-256", + "content": "8a5973d2c62e2cbf2520f2b44e4a2ee9d2f455c93f0f45bfdeb4533af1584664" + } + ] + }, + { + "bom-ref": "93e44073edf8bfa8", + "type": "file", + "name": "/usr/share/zoneinfo/America/Cuiaba", + "hashes": [ + { + "alg": "SHA-1", + "content": "1a6b69bdf16991900ae16a00deb7ffbf722d5486" + }, + { + "alg": "SHA-256", + "content": "33416c47c4fdb388c54aecc3f108baa6ab5be917f6353cf254728666b9f9ea7e" + } + ] + }, + { + "bom-ref": "be96d0167c0ac1f9", + "type": "file", + "name": "/usr/share/zoneinfo/America/Danmarkshavn", + "hashes": [ + { + "alg": "SHA-1", + "content": "3bfae70ff7ffa8b928ba4bf0bcb5452d09ec0407" + }, + { + "alg": "SHA-256", + "content": "6116407d40a856d68bd4bf8c60c60c1f5c3239a5509df528fe0167bcc5d2bb3c" + } + ] + }, + { + "bom-ref": "4b434e46d7216259", + "type": "file", + "name": "/usr/share/zoneinfo/America/Dawson", + "hashes": [ + { + "alg": "SHA-1", + "content": "dc241cb66d50821505cc7708d43ee9b1e77a36dc" + }, + { + "alg": "SHA-256", + "content": "ac01e1cae32eca37ff7b20364811bbe8c4417ff7e3ff18b9140ba2595420261c" + } + ] + }, + { + "bom-ref": "ec55daf0b0767148", + "type": "file", + "name": "/usr/share/zoneinfo/America/Dawson_Creek", + "hashes": [ + { + "alg": "SHA-1", + "content": "dd98b887a02f1ae2785d5d6fe7d77e91ec5aae83" + }, + { + "alg": "SHA-256", + "content": "6895c2c8fe23de0804e3018237e2eb4bd8690ffe73587cd04de4802935843d43" + } + ] + }, + { + "bom-ref": "f130723512533721", + "type": "file", + "name": "/usr/share/zoneinfo/America/Denver", + "hashes": [ + { + "alg": "SHA-1", + "content": "faa7d6cf4178d032d8ba8a4d77eac0fd47f8a718" + }, + { + "alg": "SHA-256", + "content": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + } + ] + }, + { + "bom-ref": "ffd04305e07a420d", + "type": "file", + "name": "/usr/share/zoneinfo/America/Detroit", + "hashes": [ + { + "alg": "SHA-1", + "content": "6597537b399eab91a66e32bb4edae466de96a146" + }, + { + "alg": "SHA-256", + "content": "85e733f32a98d828f907ad46de02d9740559bd180af65d0ff7473f80dfae0f98" + } + ] + }, + { + "bom-ref": "c6e59beebb7b1c28", + "type": "file", + "name": "/usr/share/zoneinfo/America/Edmonton", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f441f7a62122e43a963260550efb1a1ff3100c2" + }, + { + "alg": "SHA-256", + "content": "f939087dcdd096f6827f4a7c08e678dd8d47441025fa7011522f8975778ad6f1" + } + ] + }, + { + "bom-ref": "a4f511e1a2654e3c", + "type": "file", + "name": "/usr/share/zoneinfo/America/Eirunepe", + "hashes": [ + { + "alg": "SHA-1", + "content": "45e5dd1baab63d6970c0424cd8ae77bfadfdfd61" + }, + { + "alg": "SHA-256", + "content": "a52f741d9cd1c07e137fcba098a1df8a9857ef308fa99921ff408d6fe7c43003" + } + ] + }, + { + "bom-ref": "66332fc00e499578", + "type": "file", + "name": "/usr/share/zoneinfo/America/El_Salvador", + "hashes": [ + { + "alg": "SHA-1", + "content": "45b4b952081502968b04b36e7cae24b987e9f532" + }, + { + "alg": "SHA-256", + "content": "82f18df0b923fac1a6dbfaecf0e52300c7f5a0cb4aa765deb3a51f593d16aa05" + } + ] + }, + { + "bom-ref": "f9a9c4bb9f9dbc98", + "type": "file", + "name": "/usr/share/zoneinfo/America/Ensenada", + "hashes": [ + { + "alg": "SHA-1", + "content": "6ad63533ea183b2895759a9702ea96f0fff98759" + }, + { + "alg": "SHA-256", + "content": "8c2e7b321726e6345912da396796bdb3672bfc4bd1a91c65ee58b38e004d4ca5" + } + ] + }, + { + "bom-ref": "9e8e0dcd6461e814", + "type": "file", + "name": "/usr/share/zoneinfo/America/Fort_Nelson", + "hashes": [ + { + "alg": "SHA-1", + "content": "a453ec818cd948cc2492666443d4e39637ed7040" + }, + { + "alg": "SHA-256", + "content": "7ab7ce0ebdc3ad2a73eb990074eed3b367466d9c6f75d10fea0c78057df2d89d" + } + ] + }, + { + "bom-ref": "f17c51d39cbe85b7", + "type": "file", + "name": "/usr/share/zoneinfo/America/Fort_Wayne", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad1a26bddb9304a620b2c6f7ec9f3a5226622906" + }, + { + "alg": "SHA-256", + "content": "90d2b2f4a8fd202b226187c209b020833300edec5ff86a463ccc685e8707532c" + } + ] + }, + { + "bom-ref": "55db14dcae4a215e", + "type": "file", + "name": "/usr/share/zoneinfo/America/Fortaleza", + "hashes": [ + { + "alg": "SHA-1", + "content": "aa8e9c8cd8301dd0a61085ada31923f7e1ccc983" + }, + { + "alg": "SHA-256", + "content": "9884ee32b44b4535b2a22174e0ecbf519f20c59a1f4e95c36e533cb7b721ed28" + } + ] + }, + { + "bom-ref": "6396e1bb85ca2420", + "type": "file", + "name": "/usr/share/zoneinfo/America/Glace_Bay", + "hashes": [ + { + "alg": "SHA-1", + "content": "40ba9843662a853c1d3643395db1a75c1164951f" + }, + { + "alg": "SHA-256", + "content": "1bc0c62c609aa47fda60217f3a168be50a277fb14e02000fc1e94ee61b425817" + } + ] + }, + { + "bom-ref": "e26f98fd4ad10e74", + "type": "file", + "name": "/usr/share/zoneinfo/America/Godthab", + "hashes": [ + { + "alg": "SHA-1", + "content": "4ff7ac72af2c09efd8e1779e5fba28288439df41" + }, + { + "alg": "SHA-256", + "content": "d10822ffacf8c01b25cee6d99f0f862eea713a894818a9f1a3b63353519c4202" + } + ] + }, + { + "bom-ref": "a82580e6f79f5ff5", + "type": "file", + "name": "/usr/share/zoneinfo/America/Goose_Bay", + "hashes": [ + { + "alg": "SHA-1", + "content": "21d4df7695accb7b5164e41e28452f9655cd91a0" + }, + { + "alg": "SHA-256", + "content": "26068bb9e8214af5f683bdb914e7c882982fb2ac591b29163a1019586a506516" + } + ] + }, + { + "bom-ref": "598379db727de0c1", + "type": "file", + "name": "/usr/share/zoneinfo/America/Grand_Turk", + "hashes": [ + { + "alg": "SHA-1", + "content": "48735366abbf3760087cd1533f24415136763745" + }, + { + "alg": "SHA-256", + "content": "e1838510f2bad017a5dbf7c2b18eaf499c5470c24a8e22adc8e7ff4349211305" + } + ] + }, + { + "bom-ref": "be051504c746aade", + "type": "file", + "name": "/usr/share/zoneinfo/America/Guatemala", + "hashes": [ + { + "alg": "SHA-1", + "content": "e0d50c845873aa466c9a2b020326d57af4d39b3d" + }, + { + "alg": "SHA-256", + "content": "76e81480277a418e76c87907b943f88d15b3a39c78dfd2108a06980af105e3a4" + } + ] + }, + { + "bom-ref": "f63f6f85c3f220a3", + "type": "file", + "name": "/usr/share/zoneinfo/America/Guayaquil", + "hashes": [ + { + "alg": "SHA-1", + "content": "8415ce0daac4cfe819154671e05b4185b9c08970" + }, + { + "alg": "SHA-256", + "content": "3db705e1bbc6026f9a17076d18fa2d272de46f8370a325b0c60c0bf7c05e5160" + } + ] + }, + { + "bom-ref": "15e0b2f49afa5fb8", + "type": "file", + "name": "/usr/share/zoneinfo/America/Guyana", + "hashes": [ + { + "alg": "SHA-1", + "content": "d48d26f50f53db2dd9ddcbb6acb5723cb49e81b2" + }, + { + "alg": "SHA-256", + "content": "89c1eed182c2261c24f43e3b7f85420478277b1eb21ab638245b6391f308783b" + } + ] + }, + { + "bom-ref": "79b1a23ae343c28d", + "type": "file", + "name": "/usr/share/zoneinfo/America/Halifax", + "hashes": [ + { + "alg": "SHA-1", + "content": "93568fd7e148b3f61fca5f36f8ae0a5b3b107fe3" + }, + { + "alg": "SHA-256", + "content": "4d9a667393f05a82df4df42843f6f7535ec113689529278d911d07a3c99b4e7f" + } + ] + }, + { + "bom-ref": "e4917ad7e3741dd9", + "type": "file", + "name": "/usr/share/zoneinfo/America/Havana", + "hashes": [ + { + "alg": "SHA-1", + "content": "51c1a7a700e4028481e506e58faf22f9677c5e29" + }, + { + "alg": "SHA-256", + "content": "1d441e02e281b04908e522d98eaca75c808e51539a8e42b3287e6bf8ebf939d7" + } + ] + }, + { + "bom-ref": "ea46ed9196f3d64d", + "type": "file", + "name": "/usr/share/zoneinfo/America/Hermosillo", + "hashes": [ + { + "alg": "SHA-1", + "content": "e055ab758b61beef7d8a4ee5a6b38d789c5f6b2c" + }, + { + "alg": "SHA-256", + "content": "8b160a7acb4b992ee05a86e4f4aaba16d2d9a35caa6d601cb6b1542a5bb372dc" + } + ] + }, + { + "bom-ref": "097d210877f6bbc8", + "type": "file", + "name": "/usr/share/zoneinfo/America/Indiana/Knox", + "hashes": [ + { + "alg": "SHA-1", + "content": "41fdfe70a9789d427dc4be468f559a97ee9fcf54" + }, + { + "alg": "SHA-256", + "content": "0acbd9e412b0daa55abf7c7f17c094f6d68974393b8d7e3509fb2a9acea35d5f" + } + ] + }, + { + "bom-ref": "f6e3d69d53a65a0e", + "type": "file", + "name": "/usr/share/zoneinfo/America/Indiana/Marengo", + "hashes": [ + { + "alg": "SHA-1", + "content": "0530ef4b3396d7031cc5e4ff82dc42c10f2f89a1" + }, + { + "alg": "SHA-256", + "content": "7f7b50fa580c49403b9ef9fae295e12ad24bee65b319a8e809e81ae4c10949b2" + } + ] + }, + { + "bom-ref": "00a4fc892c991cfb", + "type": "file", + "name": "/usr/share/zoneinfo/America/Indiana/Petersburg", + "hashes": [ + { + "alg": "SHA-1", + "content": "570cef94f900163bce34b3f85b9ea5b36df92146" + }, + { + "alg": "SHA-256", + "content": "03cf0e1ee334460de230b1e32a05eafddda36427554b2b5442cfbd5b429c1724" + } + ] + }, + { + "bom-ref": "66e3e42e88e3467b", + "type": "file", + "name": "/usr/share/zoneinfo/America/Indiana/Tell_City", + "hashes": [ + { + "alg": "SHA-1", + "content": "20594c1309a07d4691ff9af0a77782b5e2d95c61" + }, + { + "alg": "SHA-256", + "content": "e1d5aa02bf58d815df2f8a40424fbcd5cde01a5d9c35d1d7383effc09861867f" + } + ] + }, + { + "bom-ref": "b1c6be64f1598066", + "type": "file", + "name": "/usr/share/zoneinfo/America/Indiana/Vevay", + "hashes": [ + { + "alg": "SHA-1", + "content": "3959be4d9e86c9c1a7f8febc46554584b2a7ceff" + }, + { + "alg": "SHA-256", + "content": "1fb551d86fbfb03fc2e519b83f78358910b515608f8389b43060f73f53cbcec9" + } + ] + }, + { + "bom-ref": "f5a1cbbac5704326", + "type": "file", + "name": "/usr/share/zoneinfo/America/Indiana/Vincennes", + "hashes": [ + { + "alg": "SHA-1", + "content": "f9a3d65b42b008c5a85c73934fcf94eaeac4b931" + }, + { + "alg": "SHA-256", + "content": "eb6980c53ec03c509aa3281f96713374ea5ef9fb96d7239b23a9ba11451c4bb0" + } + ] + }, + { + "bom-ref": "a8c22c4c598830b6", + "type": "file", + "name": "/usr/share/zoneinfo/America/Indiana/Winamac", + "hashes": [ + { + "alg": "SHA-1", + "content": "5d169fbd02f628dd6fdafbbab7a7e4a6da54fd21" + }, + { + "alg": "SHA-256", + "content": "69918cda347c087f411d252aed7ca08b078377a768ad72cf5e0db8e97b1b47ab" + } + ] + }, + { + "bom-ref": "f232ff6f62af2a7b", + "type": "file", + "name": "/usr/share/zoneinfo/America/Inuvik", + "hashes": [ + { + "alg": "SHA-1", + "content": "1291de8f6d914ee264f0b27a55278ff12a00ad7a" + }, + { + "alg": "SHA-256", + "content": "e89fa66a90e7ae4f40d4bb6cc28137e2da92cbfb9f79d70404dc62c64ac48c8a" + } + ] + }, + { + "bom-ref": "b5b43a537b956807", + "type": "file", + "name": "/usr/share/zoneinfo/America/Iqaluit", + "hashes": [ + { + "alg": "SHA-1", + "content": "210193fdb9be1a88f5d245ddf3dce819469be233" + }, + { + "alg": "SHA-256", + "content": "7de3a7c40374374afe335aa592b03824cc9ac28734b6a69ed2288108f0c0b389" + } + ] + }, + { + "bom-ref": "0ee4e00c20eb77b0", + "type": "file", + "name": "/usr/share/zoneinfo/America/Jamaica", + "hashes": [ + { + "alg": "SHA-1", + "content": "77453a2772c127d0b213f8580ff7890cbf7b4929" + }, + { + "alg": "SHA-256", + "content": "c256a089e50f45fe7e6de89efa1ed0b0e35b3738c6b26f2f32cf2e7f6f29c36f" + } + ] + }, + { + "bom-ref": "790fa2b99a8abe0b", + "type": "file", + "name": "/usr/share/zoneinfo/America/Juneau", + "hashes": [ + { + "alg": "SHA-1", + "content": "740e88dcd737d076404c386330bd379d55ee8281" + }, + { + "alg": "SHA-256", + "content": "93b8716f46864677e713e0c18b72e472303344fc807f4fc7c34bd515f8c679bd" + } + ] + }, + { + "bom-ref": "cb8e9eb83e52c3ea", + "type": "file", + "name": "/usr/share/zoneinfo/America/Kentucky/Louisville", + "hashes": [ + { + "alg": "SHA-1", + "content": "a63a322042aab6a2583de2f636a5eb15f71eae33" + }, + { + "alg": "SHA-256", + "content": "b4fd3bdb157f9ffbc8423c71709efb0067868fac8bd4a3e99f77f089db3d8355" + } + ] + }, + { + "bom-ref": "312cc6f73b42ebc3", + "type": "file", + "name": "/usr/share/zoneinfo/America/Kentucky/Monticello", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad63bf4d1228ab308b2ed6758c21fbebb56395db" + }, + { + "alg": "SHA-256", + "content": "2ed7720a8f3906b5d0b3aae51fad589bef0aa961c7e8fc003a30f44318487733" + } + ] + }, + { + "bom-ref": "26a99c7d4a95e43a", + "type": "file", + "name": "/usr/share/zoneinfo/America/La_Paz", + "hashes": [ + { + "alg": "SHA-1", + "content": "631b8d0f538c7ec23d132fd7d72fb1ff64b938ae" + }, + { + "alg": "SHA-256", + "content": "3c0185d9553f40ec36c53d42a9da763fc023f615cc55694207257b72f7c843f9" + } + ] + }, + { + "bom-ref": "76c0c45bbfc61e39", + "type": "file", + "name": "/usr/share/zoneinfo/America/Lima", + "hashes": [ + { + "alg": "SHA-1", + "content": "75864c99309070f61b033c039b7509c89da5ab08" + }, + { + "alg": "SHA-256", + "content": "2470c283de6ec3a044bb86b819fca2926d6cf2b9bc02c60f1bc749c5040d645b" + } + ] + }, + { + "bom-ref": "64947a93aceb9392", + "type": "file", + "name": "/usr/share/zoneinfo/America/Los_Angeles", + "hashes": [ + { + "alg": "SHA-1", + "content": "a4f1faebf0f0d032290ef87bb9973c2ff8f84074" + }, + { + "alg": "SHA-256", + "content": "68977bb9ad6d186fefc6c7abd36010a66e30008dcb2d376087a41c49861e7268" + } + ] + }, + { + "bom-ref": "17da2ac5fdcc25a6", + "type": "file", + "name": "/usr/share/zoneinfo/America/Maceio", + "hashes": [ + { + "alg": "SHA-1", + "content": "c0295301332918d79abf0bb349cc1fee3b9f2db9" + }, + { + "alg": "SHA-256", + "content": "a738cd82199e1e1bc5e1a237703ab61bfe6def505234621b4401793662720e6c" + } + ] + }, + { + "bom-ref": "8abee6515b5f03b5", + "type": "file", + "name": "/usr/share/zoneinfo/America/Managua", + "hashes": [ + { + "alg": "SHA-1", + "content": "566a887308e8e16a9cebb62f3d4124b42c331674" + }, + { + "alg": "SHA-256", + "content": "c41cc5d350079f61367c3f10772f831c57b7e94aa878da4a3df0a176e04a59d9" + } + ] + }, + { + "bom-ref": "b58b430e813e1e19", + "type": "file", + "name": "/usr/share/zoneinfo/America/Manaus", + "hashes": [ + { + "alg": "SHA-1", + "content": "a759afda024a0ba961569017b3003805849c6f61" + }, + { + "alg": "SHA-256", + "content": "969e91964717250ee64ac2aa9c4802f2cbc956b143264ff5eb1c6f7e9352a4ae" + } + ] + }, + { + "bom-ref": "cb5ca6e7813dea77", + "type": "file", + "name": "/usr/share/zoneinfo/America/Martinique", + "hashes": [ + { + "alg": "SHA-1", + "content": "caf0e4c5fdae59d1b6c1278ad7ac84bf03bcb0a9" + }, + { + "alg": "SHA-256", + "content": "7ccb3cd24394d9816f0b47fdcb67a37bdec9780b536016a65eb9e54ee9cd2f34" + } + ] + }, + { + "bom-ref": "3994723bfb139261", + "type": "file", + "name": "/usr/share/zoneinfo/America/Matamoros", + "hashes": [ + { + "alg": "SHA-1", + "content": "638e4541bddbb0164c8d62590ff1bb97f88b822e" + }, + { + "alg": "SHA-256", + "content": "7eaf8fa9d999ad0f7c52c1661c0f62be3059bf91840514ceb8b4390aee5a8d6f" + } + ] + }, + { + "bom-ref": "8d2a9e70b1763d0f", + "type": "file", + "name": "/usr/share/zoneinfo/America/Mazatlan", + "hashes": [ + { + "alg": "SHA-1", + "content": "44c28415e815f8e2b53604195f85da07b04d829d" + }, + { + "alg": "SHA-256", + "content": "0561f636a54f0353ecc842cf37fd8117c2a596bb26424aa0d5eba3b10be79f1f" + } + ] + }, + { + "bom-ref": "b7ff261fe1222dc9", + "type": "file", + "name": "/usr/share/zoneinfo/America/Menominee", + "hashes": [ + { + "alg": "SHA-1", + "content": "88fd8d108c020a3294eae6c83ad187cf0b01a602" + }, + { + "alg": "SHA-256", + "content": "02bbfd58b6df84d72946c5231c353be7b044770969d3c1addf4022c46de0674e" + } + ] + }, + { + "bom-ref": "3ad1c8c3c0c61955", + "type": "file", + "name": "/usr/share/zoneinfo/America/Merida", + "hashes": [ + { + "alg": "SHA-1", + "content": "8e07f8356362c517ef41035a0394a59363cebfc0" + }, + { + "alg": "SHA-256", + "content": "4953441c26b38e899fb67b8f5416b2148f84f884345a696e1df4e91cfd21dddd" + } + ] + }, + { + "bom-ref": "cec5d92d2742b191", + "type": "file", + "name": "/usr/share/zoneinfo/America/Metlakatla", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f327158b98652913af4d66c5257cfc014340536" + }, + { + "alg": "SHA-256", + "content": "b709a27864d563657e53c9c5c6abf1edab18bfc1958de59d2edace23b500a552" + } + ] + }, + { + "bom-ref": "a59b7b888d5b4655", + "type": "file", + "name": "/usr/share/zoneinfo/America/Mexico_City", + "hashes": [ + { + "alg": "SHA-1", + "content": "f46bb76507fbd52204eef47c12c9320bd7945af7" + }, + { + "alg": "SHA-256", + "content": "528836f85316cf6a35da347ab0af6f7a625a98b7a8e8e105310477b34c53c647" + } + ] + }, + { + "bom-ref": "94d8f29154035f0e", + "type": "file", + "name": "/usr/share/zoneinfo/America/Miquelon", + "hashes": [ + { + "alg": "SHA-1", + "content": "1418becc2c2023ac3dba15d27e5fd6b6b3b6fd5a" + }, + { + "alg": "SHA-256", + "content": "c1e3fb359fc8c508ace29266314768a6211b28e217c2457b2d3c6e9e0cdbf06d" + } + ] + }, + { + "bom-ref": "418571b0a4cdaf67", + "type": "file", + "name": "/usr/share/zoneinfo/America/Moncton", + "hashes": [ + { + "alg": "SHA-1", + "content": "c08e5d548c3bb971f1a1236c397ded4f7227d769" + }, + { + "alg": "SHA-256", + "content": "5a6bfe6e4f5a28a7165b33a9735505bbaec739fc1a224d969a1dcb82a19cb72b" + } + ] + }, + { + "bom-ref": "3589032a6e7d507f", + "type": "file", + "name": "/usr/share/zoneinfo/America/Monterrey", + "hashes": [ + { + "alg": "SHA-1", + "content": "ceaf09cf6075be4ff98b5716e65d197c9f302864" + }, + { + "alg": "SHA-256", + "content": "622c5311226e6dfe990545f2ea0df6840336811e065d73ea394e2dbf42f7906d" + } + ] + }, + { + "bom-ref": "043695b356310635", + "type": "file", + "name": "/usr/share/zoneinfo/America/Montevideo", + "hashes": [ + { + "alg": "SHA-1", + "content": "06e3ef1048ffd289a424fba8e053601b353cc2fa" + }, + { + "alg": "SHA-256", + "content": "e237204de80ae57f05d32358ce4fb7a32499e14f57434f546d327f9a5bbc37bd" + } + ] + }, + { + "bom-ref": "92b007f40eddfeb5", + "type": "file", + "name": "/usr/share/zoneinfo/America/Montreal", + "hashes": [ + { + "alg": "SHA-1", + "content": "a6d038ecff7126ee19ebb08a40d157c9a79964cd" + }, + { + "alg": "SHA-256", + "content": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + } + ] + }, + { + "bom-ref": "d97d6872449d4e6a", + "type": "file", + "name": "/usr/share/zoneinfo/America/New_York", + "hashes": [ + { + "alg": "SHA-1", + "content": "bc9337182ee4bad790b527f56bd3d2130691d693" + }, + { + "alg": "SHA-256", + "content": "e9ed07d7bee0c76a9d442d091ef1f01668fee7c4f26014c0a868b19fe6c18a95" + } + ] + }, + { + "bom-ref": "3ee9e9bc94152cab", + "type": "file", + "name": "/usr/share/zoneinfo/America/Nome", + "hashes": [ + { + "alg": "SHA-1", + "content": "1e6cf03e0c8fbb7a079090cf164e73291681bafc" + }, + { + "alg": "SHA-256", + "content": "da2cccdfe3fe3ea27dcdae8c761cc57ccbcf14dabb1a29baf6d02f1303de636b" + } + ] + }, + { + "bom-ref": "831f0664c5476a76", + "type": "file", + "name": "/usr/share/zoneinfo/America/Noronha", + "hashes": [ + { + "alg": "SHA-1", + "content": "f0e29b45f9003c1ff8ed350b40b1369e8a569d0f" + }, + { + "alg": "SHA-256", + "content": "dd1e252d5f238394a58e10b9395542939d58efb11f8e8eb309efa8a6983f145a" + } + ] + }, + { + "bom-ref": "8f7068be9c87455e", + "type": "file", + "name": "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "hashes": [ + { + "alg": "SHA-1", + "content": "99080962e50069d5e6a206bff8931a67b5afebe9" + }, + { + "alg": "SHA-256", + "content": "aad81ba8dbbc3370241c5da7fbfa12a6cd69613e12c607256e490f29b5da047b" + } + ] + }, + { + "bom-ref": "7c03028642527858", + "type": "file", + "name": "/usr/share/zoneinfo/America/North_Dakota/Center", + "hashes": [ + { + "alg": "SHA-1", + "content": "16ee5640265f404a2a64cbb48547b834b780cf71" + }, + { + "alg": "SHA-256", + "content": "f5959b2bd60a92ab942f2054152dcbaff89dc5bb7b57bcb85b810ed0a9f6d2cc" + } + ] + }, + { + "bom-ref": "2eb23f6b7c6b479e", + "type": "file", + "name": "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "hashes": [ + { + "alg": "SHA-1", + "content": "6d1defaee32cee5fdaaa1405460d9ee4e4dceb55" + }, + { + "alg": "SHA-256", + "content": "0c7fdbb107ee5272b6a1b75bd3a2a08ac3b85cbaa1b75d815ddae052c659bde8" + } + ] + }, + { + "bom-ref": "01ce09736956ec2d", + "type": "file", + "name": "/usr/share/zoneinfo/America/Ojinaga", + "hashes": [ + { + "alg": "SHA-1", + "content": "346cae590643f608e6c31870966e576f2c194936" + }, + { + "alg": "SHA-256", + "content": "6f7f10ffb55d902673695c1bece5ee75d8a1240cd428f4d3a97726a419b59ed1" + } + ] + }, + { + "bom-ref": "7e585fce630f1e19", + "type": "file", + "name": "/usr/share/zoneinfo/America/Paramaribo", + "hashes": [ + { + "alg": "SHA-1", + "content": "af2b3e2554003e56ec6e09f4ab2cc646cef58e06" + }, + { + "alg": "SHA-256", + "content": "1e6e6d0f05269e84eb4d43c43b8580adf485ef8663cb0544a1ccb890be751730" + } + ] + }, + { + "bom-ref": "9f28d3c8d4d5de91", + "type": "file", + "name": "/usr/share/zoneinfo/America/Port-au-Prince", + "hashes": [ + { + "alg": "SHA-1", + "content": "9901445a7bf4a993111d087ef812890dd44a67be" + }, + { + "alg": "SHA-256", + "content": "d3d64025de083a23297dda54b85d54e3847f851b7a06fa409055ce9d83bdc8e3" + } + ] + }, + { + "bom-ref": "797ef78fce0668f0", + "type": "file", + "name": "/usr/share/zoneinfo/America/Porto_Acre", + "hashes": [ + { + "alg": "SHA-1", + "content": "23649fa3b661b1a7b1332e38479d24bcdb4e902f" + }, + { + "alg": "SHA-256", + "content": "d7ba27926f0ffd580c904ae32bdaebd2ac0d9e2eeaa7db6071467dde0de5b4eb" + } + ] + }, + { + "bom-ref": "593cb16b27097278", + "type": "file", + "name": "/usr/share/zoneinfo/America/Porto_Velho", + "hashes": [ + { + "alg": "SHA-1", + "content": "d55253cee37291a6cf91e4bbccca6473cf6679aa" + }, + { + "alg": "SHA-256", + "content": "6517f380612edba86797724fb6264b3921468ff58149b38a7622c2d712327397" + } + ] + }, + { + "bom-ref": "013750e15c50f33e", + "type": "file", + "name": "/usr/share/zoneinfo/America/Punta_Arenas", + "hashes": [ + { + "alg": "SHA-1", + "content": "5a64891fd90cbc2ba9e1d7dfe1689dee65affef3" + }, + { + "alg": "SHA-256", + "content": "dfd2c88e86a8399349656b1820dfd061d842e1caea6c2e8b5abc683d6761f441" + } + ] + }, + { + "bom-ref": "e9aee5bc271dcd1a", + "type": "file", + "name": "/usr/share/zoneinfo/America/Rainy_River", + "hashes": [ + { + "alg": "SHA-1", + "content": "684c62d80d16a9256c9123074466cc5d0288daea" + }, + { + "alg": "SHA-256", + "content": "ecffbf610ae77857289fb40a4933a79221a3129a450e7dd9e3c309d6aabc541c" + } + ] + }, + { + "bom-ref": "ee5d12e425b2a4f6", + "type": "file", + "name": "/usr/share/zoneinfo/America/Rankin_Inlet", + "hashes": [ + { + "alg": "SHA-1", + "content": "f517c389db4ac89bc79cbf8ee5736f0cad7bc7b9" + }, + { + "alg": "SHA-256", + "content": "9d782a8cbdced815747a6f9793ca9545165bfd7d324261c4eaf9924af23d2b37" + } + ] + }, + { + "bom-ref": "29d9570982072ae4", + "type": "file", + "name": "/usr/share/zoneinfo/America/Recife", + "hashes": [ + { + "alg": "SHA-1", + "content": "6a681fe7cafc3cabe9a7ef75699e4e5fa7f6a81a" + }, + { + "alg": "SHA-256", + "content": "8a314dd99cd97b9a0161d97c020dd2c261a38f625e558617d95a3bebb836b3a2" + } + ] + }, + { + "bom-ref": "fd29287444e98f95", + "type": "file", + "name": "/usr/share/zoneinfo/America/Regina", + "hashes": [ + { + "alg": "SHA-1", + "content": "ecd6b0c718b65c0c90e8097943a899c0b0cb60d8" + }, + { + "alg": "SHA-256", + "content": "ca3a93d3ca476c80987bcdc7f099ad68306f085a91bfb4dfcdedd8f31b97ba4c" + } + ] + }, + { + "bom-ref": "6506494742ab1f9e", + "type": "file", + "name": "/usr/share/zoneinfo/America/Resolute", + "hashes": [ + { + "alg": "SHA-1", + "content": "c01bda981211a1387a2c18d7a57165e72da83d95" + }, + { + "alg": "SHA-256", + "content": "0a7314d9d048fbadefb7cf89d10d51a29c7ef1bf694422e386faf270c21e7468" + } + ] + }, + { + "bom-ref": "db9ed6006ae2095f", + "type": "file", + "name": "/usr/share/zoneinfo/America/Santarem", + "hashes": [ + { + "alg": "SHA-1", + "content": "f39fa90abacd688c7f6599bdbdd8c144a0b7c5b1" + }, + { + "alg": "SHA-256", + "content": "1a5fe5237a4f679ed42185d6726693a45a960c0e6b7ba6c78759d6b3f674f8d7" + } + ] + }, + { + "bom-ref": "56f140668c930944", + "type": "file", + "name": "/usr/share/zoneinfo/America/Santiago", + "hashes": [ + { + "alg": "SHA-1", + "content": "6788d98647fb2019aa749acfb7236e77e84c4533" + }, + { + "alg": "SHA-256", + "content": "ef9d2bf24112c65671eea391722ad6ae2cbf5f2f6ed5fcee8cc2c860780bfa01" + } + ] + }, + { + "bom-ref": "06c8dae4fcda6094", + "type": "file", + "name": "/usr/share/zoneinfo/America/Santo_Domingo", + "hashes": [ + { + "alg": "SHA-1", + "content": "a135300f73df9c427db37aa9ba29e25f83463211" + }, + { + "alg": "SHA-256", + "content": "0cab5a123f1f43ddb26c84d3594e019b5eb44bda732665156e36964677a7c54e" + } + ] + }, + { + "bom-ref": "23e1dd3ee39e9c2e", + "type": "file", + "name": "/usr/share/zoneinfo/America/Sao_Paulo", + "hashes": [ + { + "alg": "SHA-1", + "content": "96caf0f5c9ad021d2ca06e2b48ef7e3e52bff41d" + }, + { + "alg": "SHA-256", + "content": "70edd519e90c19d49fd72e1ffd4824a433117acdbafa5d68194a038252225108" + } + ] + }, + { + "bom-ref": "3b1a0b290e22f7ce", + "type": "file", + "name": "/usr/share/zoneinfo/America/Scoresbysund", + "hashes": [ + { + "alg": "SHA-1", + "content": "7497b479af7c157e844a90ecbfc041db4f639f04" + }, + { + "alg": "SHA-256", + "content": "75a39cf7fa0b8f250c4f8453d43588fbcc7d0e0ae58be81e2d45ce8891292c96" + } + ] + }, + { + "bom-ref": "2214a1edfbca4d81", + "type": "file", + "name": "/usr/share/zoneinfo/America/Sitka", + "hashes": [ + { + "alg": "SHA-1", + "content": "7bb2fd466acd0399f44f56c2ed9a2a0353fb2f82" + }, + { + "alg": "SHA-256", + "content": "6a24bb164dfb859a7367d56478941e17e06a4cb442d503930a03002704fc5310" + } + ] + }, + { + "bom-ref": "6bd19075def974a6", + "type": "file", + "name": "/usr/share/zoneinfo/America/St_Johns", + "hashes": [ + { + "alg": "SHA-1", + "content": "4336075a81adbebeb26ca297ce309dc595b86463" + }, + { + "alg": "SHA-256", + "content": "af5fb5eee2afdbb799dc9b15930fc32d941ba3ac2f8eeb95bbb0b6a43b263a02" + } + ] + }, + { + "bom-ref": "db3b41478abd19c9", + "type": "file", + "name": "/usr/share/zoneinfo/America/Swift_Current", + "hashes": [ + { + "alg": "SHA-1", + "content": "e607b1ddf124e4061e437365e16404633bbdc4bd" + }, + { + "alg": "SHA-256", + "content": "45128e17bbd90bc56f6310fc3cfe09d7f8543dac8a04fecbbbcd1abd191f3c36" + } + ] + }, + { + "bom-ref": "4293d64c3fcafdb2", + "type": "file", + "name": "/usr/share/zoneinfo/America/Tegucigalpa", + "hashes": [ + { + "alg": "SHA-1", + "content": "fe5537f0f326f4513aaf98ba68268b0798e72e0b" + }, + { + "alg": "SHA-256", + "content": "1333b3ee7b5396b78cabaf4967609c01bf0fb3df15f5b50c378f34b693c8cb0e" + } + ] + }, + { + "bom-ref": "181ac7465d94e356", + "type": "file", + "name": "/usr/share/zoneinfo/America/Thule", + "hashes": [ + { + "alg": "SHA-1", + "content": "c4e304073f4f90890439ca6205d60e20d2495f16" + }, + { + "alg": "SHA-256", + "content": "f31b8f45a654f1180ee440aa1581d89a71e2a1cf35b0139a8a5915bbc634da2f" + } + ] + }, + { + "bom-ref": "1dafda874efa42e4", + "type": "file", + "name": "/usr/share/zoneinfo/America/Vancouver", + "hashes": [ + { + "alg": "SHA-1", + "content": "b42a450523068cc1434b8774082525d8dc2a8e4f" + }, + { + "alg": "SHA-256", + "content": "b249ca1f48d23d66a6f831df337e6a5ecf0d6a6edde5316591423d4a0c6bcb28" + } + ] + }, + { + "bom-ref": "5895d89acd4e3705", + "type": "file", + "name": "/usr/share/zoneinfo/America/Whitehorse", + "hashes": [ + { + "alg": "SHA-1", + "content": "4a8f00d33b5ca551a16cedc68cc8528fb4c111d8" + }, + { + "alg": "SHA-256", + "content": "4eb47a3c29d81be9920a504ca21aa53fcaa76215cc52cc9d23e2feaae5c5c723" + } + ] + }, + { + "bom-ref": "be5bb17b40fd50c2", + "type": "file", + "name": "/usr/share/zoneinfo/America/Yakutat", + "hashes": [ + { + "alg": "SHA-1", + "content": "f115ac1b5b64b28cad149f1cdf10fb0649fe5c48" + }, + { + "alg": "SHA-256", + "content": "b45c2729bbf0872ca7e0b353027e727bf2560ddc6309eacd0edee83b05303b63" + } + ] + }, + { + "bom-ref": "8f71ccf80b2ad19b", + "type": "file", + "name": "/usr/share/zoneinfo/Antarctica/Casey", + "hashes": [ + { + "alg": "SHA-1", + "content": "da1d193862e1725420329b257e1b856b13dcdc7a" + }, + { + "alg": "SHA-256", + "content": "f8c45f27605f5b7f12c009a914042a53ad991ac268056fc49b61a093d620be52" + } + ] + }, + { + "bom-ref": "0212eb2afb4e13a0", + "type": "file", + "name": "/usr/share/zoneinfo/Antarctica/Davis", + "hashes": [ + { + "alg": "SHA-1", + "content": "87abeedc268901cc371d93faf9b775634a6c401b" + }, + { + "alg": "SHA-256", + "content": "e8fa24c8e69a212453375dec8acb8681db79bc6e40d98a8da282697cb4dbe524" + } + ] + }, + { + "bom-ref": "dfee78d6cc699226", + "type": "file", + "name": "/usr/share/zoneinfo/Antarctica/DumontDUrville", + "hashes": [ + { + "alg": "SHA-1", + "content": "65f9954328a5fda173ff0ce420428d024a7d32c3" + }, + { + "alg": "SHA-256", + "content": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + } + ] + }, + { + "bom-ref": "b0ce1cac5c29fc5c", + "type": "file", + "name": "/usr/share/zoneinfo/Antarctica/Macquarie", + "hashes": [ + { + "alg": "SHA-1", + "content": "99cbdcf1d9afe0907b96f0ca06636bde4e5383c3" + }, + { + "alg": "SHA-256", + "content": "89eed195a53c4474e8ad5563f8c5fc4ad28cab1fe85dfe141f63d4aa9cdcc1ed" + } + ] + }, + { + "bom-ref": "b22d792fc4fc1316", + "type": "file", + "name": "/usr/share/zoneinfo/Antarctica/Mawson", + "hashes": [ + { + "alg": "SHA-1", + "content": "cb34c38a02c76beb5b321971d94869451a5ceab1" + }, + { + "alg": "SHA-256", + "content": "f535b583fcf4b64e447de07b2baf55268f1a80eefe2bd67159b8aa34a9d464d1" + } + ] + }, + { + "bom-ref": "24faa7550e718ffd", + "type": "file", + "name": "/usr/share/zoneinfo/Antarctica/McMurdo", + "hashes": [ + { + "alg": "SHA-1", + "content": "78d4d3a481c49ab7ff31722bced30e1c31e8bc98" + }, + { + "alg": "SHA-256", + "content": "8000e3a323e8fd0212414e9426b020707a771c368ca0e151747f9ddb7b814b27" + } + ] + }, + { + "bom-ref": "0277a7b6c13e0e18", + "type": "file", + "name": "/usr/share/zoneinfo/Antarctica/Palmer", + "hashes": [ + { + "alg": "SHA-1", + "content": "12519921ed4c4f6684c5069a251141378f7134a4" + }, + { + "alg": "SHA-256", + "content": "0d6fc35c1c97839327319fb0d5b35dbbc6f494a3980ff120acf45de44732126e" + } + ] + }, + { + "bom-ref": "13197f3fca74319d", + "type": "file", + "name": "/usr/share/zoneinfo/Antarctica/Rothera", + "hashes": [ + { + "alg": "SHA-1", + "content": "05bc718d8f51e2dc23989d149b8dc7529a87bf1b" + }, + { + "alg": "SHA-256", + "content": "4102359b520de3fd9ee816f4cfeace61a3b0c69e178cc24338a33d4850d43ca8" + } + ] + }, + { + "bom-ref": "afd4814904e23921", + "type": "file", + "name": "/usr/share/zoneinfo/Antarctica/Syowa", + "hashes": [ + { + "alg": "SHA-1", + "content": "bde5a629fdb78b40544b8018b2578f0b085045cc" + }, + { + "alg": "SHA-256", + "content": "aeaf4a3e3f25d050679ca9fddd690c780d489e036d4f3939fe8578b04661738c" + } + ] + }, + { + "bom-ref": "b79fe7da5b4023c6", + "type": "file", + "name": "/usr/share/zoneinfo/Antarctica/Troll", + "hashes": [ + { + "alg": "SHA-1", + "content": "0f3bab6c4d956dd8e8bb969e354e1a211980e244" + }, + { + "alg": "SHA-256", + "content": "df3ae1f8ffe3302b2cf461b01c9247932a5967276ae26920a3f4c3a9cb67ddce" + } + ] + }, + { + "bom-ref": "932e0a15f794d6ea", + "type": "file", + "name": "/usr/share/zoneinfo/Antarctica/Vostok", + "hashes": [ + { + "alg": "SHA-1", + "content": "cab2a7ae9eb3304377d15b3761e4beca547fb07e" + }, + { + "alg": "SHA-256", + "content": "fd919da6bacf97141ca6169c92cf789f6a6e5a7c816564b5a9f17b329124355d" + } + ] + }, + { + "bom-ref": "734f0946a03d7707", + "type": "file", + "name": "/usr/share/zoneinfo/Arctic/Longyearbyen", + "hashes": [ + { + "alg": "SHA-1", + "content": "918341ad71f9d3acd28997326e42d5b00fba41e0" + }, + { + "alg": "SHA-256", + "content": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + } + ] + }, + { + "bom-ref": "8521e77186536070", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Almaty", + "hashes": [ + { + "alg": "SHA-1", + "content": "4b4d8aabb1fd81e39b5b8fd2d3506875966a3c34" + }, + { + "alg": "SHA-256", + "content": "0027ca41ce1a18262ee881b9daf8d4c0493240ccc468da435d757868d118c81e" + } + ] + }, + { + "bom-ref": "3c1113be1893fc56", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Amman", + "hashes": [ + { + "alg": "SHA-1", + "content": "fdffb8cdba7aaf42ba9f8e1f1d9093c21ed77027" + }, + { + "alg": "SHA-256", + "content": "5fd1b785b66b85d591515bc49aaf85e05e94a1c4156698f0a2b6c17eee93d9f6" + } + ] + }, + { + "bom-ref": "85439c400bbc86d5", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Anadyr", + "hashes": [ + { + "alg": "SHA-1", + "content": "5e18546688a8d72426a93024673be6a7b890ca49" + }, + { + "alg": "SHA-256", + "content": "8430d3972e397a3a1554ff40974ed398aa5300234625a20f95c5cb45bb06ff88" + } + ] + }, + { + "bom-ref": "05134288540b9a17", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Aqtau", + "hashes": [ + { + "alg": "SHA-1", + "content": "b5c1626f08af9ec32dadbbfcdb69f5a2a83445cb" + }, + { + "alg": "SHA-256", + "content": "0397b164ddb9e896a01494dc6ac81d0ab43c8223aa6761053115580564daa990" + } + ] + }, + { + "bom-ref": "1977e82ca78998ff", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Aqtobe", + "hashes": [ + { + "alg": "SHA-1", + "content": "67f145b5d2958ced37d7c63144ca314cc3a5619c" + }, + { + "alg": "SHA-256", + "content": "2d0ecfe4b1047bb8db59b8eabf398cefd734a3a01d65e084c504be7ce5a9f32c" + } + ] + }, + { + "bom-ref": "cabaebda56dc9639", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Ashgabat", + "hashes": [ + { + "alg": "SHA-1", + "content": "f077f5395b29d53b145792d5e2e309a99c4a7092" + }, + { + "alg": "SHA-256", + "content": "2f80d85769995b272c61e1c8ca95f33ba64d637b43f308e0c5f3d1d993d6dba7" + } + ] + }, + { + "bom-ref": "6ba30209572ae26e", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Atyrau", + "hashes": [ + { + "alg": "SHA-1", + "content": "879556e7e91d36d29c7921b7693b3aafa95ce9bf" + }, + { + "alg": "SHA-256", + "content": "dee128f3d391c8326a43f4ed6907487fd50f681f16a88450562d2079e63d8151" + } + ] + }, + { + "bom-ref": "32fa3bb6af7e7c21", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Baghdad", + "hashes": [ + { + "alg": "SHA-1", + "content": "10843b2e6588534f57e4c05255923c461fcaf40d" + }, + { + "alg": "SHA-256", + "content": "9503125273ae8a36dca13682a8c3676219ef2ad4b62153ff917140cde3d53435" + } + ] + }, + { + "bom-ref": "6df9f4201e1bd0e4", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Bahrain", + "hashes": [ + { + "alg": "SHA-1", + "content": "918dda414e2e89ca2b735946a84d94c42a24f452" + }, + { + "alg": "SHA-256", + "content": "574ac525d2c722b4e82795a5dbc573568c3009566863c65949e369fbb90ebe36" + } + ] + }, + { + "bom-ref": "7c204caa0f4f162d", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Baku", + "hashes": [ + { + "alg": "SHA-1", + "content": "8409d8a1289864bf61dd17a80524eb6aa36e9be8" + }, + { + "alg": "SHA-256", + "content": "be11e796268e751c8db9d974b0524574bca7120d0773423e22264d7db0de09b3" + } + ] + }, + { + "bom-ref": "e7bbcf8faecb67e1", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Bangkok", + "hashes": [ + { + "alg": "SHA-1", + "content": "5c81d559f702a0239d5bf025c97e70b2c577682e" + }, + { + "alg": "SHA-256", + "content": "798ab4be1f3d3758f4ebd511a10bed06ed277446a5e853ebb5b17c58228aa43c" + } + ] + }, + { + "bom-ref": "17d210f51ceceff4", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Barnaul", + "hashes": [ + { + "alg": "SHA-1", + "content": "1391b2598eff6e35378e261f36dd2f57b3e491bf" + }, + { + "alg": "SHA-256", + "content": "d9cd42abc5d89418326d140c3fcc343427fb91a2c3acf66d1a7e0ce622596c9a" + } + ] + }, + { + "bom-ref": "1184d1f54fa15648", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Beirut", + "hashes": [ + { + "alg": "SHA-1", + "content": "fba8b66863fcd6bcabec3a13467e0b3450650ad5" + }, + { + "alg": "SHA-256", + "content": "fd9ff664083f88bf6f539d490c1f02074e2e5c10eb7f590b222b3e2675da4b6a" + } + ] + }, + { + "bom-ref": "ddf4a0d970493a4c", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Bishkek", + "hashes": [ + { + "alg": "SHA-1", + "content": "d6c73a90b411c39d97ccda0ad8a57f252456881c" + }, + { + "alg": "SHA-256", + "content": "768ff8922d49bd22aea54aef973f634641eca4385dbe4d43d88901c85b248c93" + } + ] + }, + { + "bom-ref": "c8ee22b893a72c95", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Brunei", + "hashes": [ + { + "alg": "SHA-1", + "content": "951d0ec46419658895f8005b2583badeff166bdb" + }, + { + "alg": "SHA-256", + "content": "2ac02d4346a8708368ce2c705bb0a4a2b63ed4f4cb96c8fb5149d01903046134" + } + ] + }, + { + "bom-ref": "b5e862a573d7ed9f", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Calcutta", + "hashes": [ + { + "alg": "SHA-1", + "content": "856df72f3f593ff1e183505d743bf65e40a30aca" + }, + { + "alg": "SHA-256", + "content": "e90c341036cb7203200e293cb3b513267e104a39a594f35e195254e6bc0a17cf" + } + ] + }, + { + "bom-ref": "f3cd5fc16ded8e9f", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Chita", + "hashes": [ + { + "alg": "SHA-1", + "content": "4a265169da96777e85b65b87ed5a3d64d801e791" + }, + { + "alg": "SHA-256", + "content": "e0808e7005401169cff9c75ffd826ed7f90262760f1b6fef61f49bb8d23e5702" + } + ] + }, + { + "bom-ref": "6a58270c4e19e86c", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Choibalsan", + "hashes": [ + { + "alg": "SHA-1", + "content": "90cad7fd7da7d6546622901db622595f1880f593" + }, + { + "alg": "SHA-256", + "content": "bb2412cc8065d1fd935c7ae6526dd53ecd42f6ba34d77858980971eb25238776" + } + ] + }, + { + "bom-ref": "5f259ebabd9e8726", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Chongqing", + "hashes": [ + { + "alg": "SHA-1", + "content": "79360e38e040eaa15b6e880296c1d1531f537b6f" + }, + { + "alg": "SHA-256", + "content": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + } + ] + }, + { + "bom-ref": "ee9fd2a420997207", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Colombo", + "hashes": [ + { + "alg": "SHA-1", + "content": "0fe53f0c887f168201f4c4767068dadb1a698581" + }, + { + "alg": "SHA-256", + "content": "1c679af63b30208833ee4db42d3cdb2ad43252e9faec83f91efb19ae60096496" + } + ] + }, + { + "bom-ref": "d4e57dbd2e2c4a50", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Dacca", + "hashes": [ + { + "alg": "SHA-1", + "content": "5779829aea6d010cea872e6c2b6f1ac661d825e3" + }, + { + "alg": "SHA-256", + "content": "dcae6594685ca4275930c709ba8988095bfb9599434695383d46f90ed171f25e" + } + ] + }, + { + "bom-ref": "86808dddd6ed4312", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Damascus", + "hashes": [ + { + "alg": "SHA-1", + "content": "716b40d34b96db89c27eeb936693481abad8288b" + }, + { + "alg": "SHA-256", + "content": "fb90ce2ad6329e7b146189c13108a7dd7b2d850f58e651bebdd9e20fde6d2037" + } + ] + }, + { + "bom-ref": "0373ef1d181d86a6", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Dili", + "hashes": [ + { + "alg": "SHA-1", + "content": "f71f19932f5f7e625447e241be76b34dd2e75115" + }, + { + "alg": "SHA-256", + "content": "9d4384e3039ac9fc4b4d9c3becc8aa43802f9ccecd8e0b20bbb82fb1ba227f61" + } + ] + }, + { + "bom-ref": "cbb0ce76dec7a451", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Dubai", + "hashes": [ + { + "alg": "SHA-1", + "content": "612f06ce47e5c3acb96b2b6eb8075d89ece41f90" + }, + { + "alg": "SHA-256", + "content": "fa06b49b7b9af58ea4496444cf6fd576d715024abcdd6ad6defc63048ed6346b" + } + ] + }, + { + "bom-ref": "7206f4575066d8b5", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Dushanbe", + "hashes": [ + { + "alg": "SHA-1", + "content": "1694cb3276a637899c86f26176b2b1f862d47eda" + }, + { + "alg": "SHA-256", + "content": "15493d4edfc68a67d1ba57166a612fb8ebc0ec5439d987d9a90db0f3ca8cc7a3" + } + ] + }, + { + "bom-ref": "75275687a666710d", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Famagusta", + "hashes": [ + { + "alg": "SHA-1", + "content": "d7f718a82b28e4fedb4e6501fc94ca2a6ec758c8" + }, + { + "alg": "SHA-256", + "content": "085adcca077cb9d7b9c7a384b5f33f0f0d0a607a31a4f3f3ab8e8aa075718e37" + } + ] + }, + { + "bom-ref": "abb8a442c65a8e3d", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Gaza", + "hashes": [ + { + "alg": "SHA-1", + "content": "169848cd25c3fe443c5d0bdd5c96d68a949cfe78" + }, + { + "alg": "SHA-256", + "content": "b7463171440be7754d2a729b2a28e7d0e13f31aaf21329e89da6ec7be893b73b" + } + ] + }, + { + "bom-ref": "c7583b1a24cdbb05", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Hebron", + "hashes": [ + { + "alg": "SHA-1", + "content": "201832bdac94204b130b3d01a26f608357e8da26" + }, + { + "alg": "SHA-256", + "content": "e98d144872b1fb1a02c42aff5a90ae337a253f5bd41a7ceb7271a2c9015ca9d4" + } + ] + }, + { + "bom-ref": "bab9e9f85c79c245", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "hashes": [ + { + "alg": "SHA-1", + "content": "a96c3b96b551d852706b95e0bb739f8e62aee915" + }, + { + "alg": "SHA-256", + "content": "e23774e40786df8d8cc1ef0fb6a6a72ba32c94d9cb7765fb06ed4dfd8c96065e" + } + ] + }, + { + "bom-ref": "ff72e7d686c2154d", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Hong_Kong", + "hashes": [ + { + "alg": "SHA-1", + "content": "0c3205dd5ec08d17c2161af789df8d05b1bda1b6" + }, + { + "alg": "SHA-256", + "content": "6a5fcee243e5ab92698242d88c4699ceb7208a22ee97d342d11e41ebd2555a17" + } + ] + }, + { + "bom-ref": "bb847c5ee50cdda3", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Hovd", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f8950afc6522a8c920cbeb079ac39ca26d52e38" + }, + { + "alg": "SHA-256", + "content": "2549cea2cecf3538b65512b10fa5e7695477369ba1b17fcf8b5f2b23355ed71c" + } + ] + }, + { + "bom-ref": "b32984eb37225c93", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Irkutsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "f82e877820027d4c48be625842047a6cfe008234" + }, + { + "alg": "SHA-256", + "content": "894259095063a5f078acd2893abea0d33519b5c718624fc6934c13925c7c623d" + } + ] + }, + { + "bom-ref": "698282e99a14057e", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Istanbul", + "hashes": [ + { + "alg": "SHA-1", + "content": "df6cbece3d9afb3aedb44e131b6e68a6cf74ca8e" + }, + { + "alg": "SHA-256", + "content": "d92d00fdfed5c6fc84ac930c08fa8adf7002840dbd21590caf5a3e4a932d3319" + } + ] + }, + { + "bom-ref": "c66466b6e18873a5", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Jakarta", + "hashes": [ + { + "alg": "SHA-1", + "content": "be35b8895cd70cc9c5744d30260e82f0421a9337" + }, + { + "alg": "SHA-256", + "content": "4ef13306f4b37f314274eb0c019d10811f79240e717f790064e361cb98045d11" + } + ] + }, + { + "bom-ref": "3ebb04112fa6864c", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Jayapura", + "hashes": [ + { + "alg": "SHA-1", + "content": "70cd707f6e144cf0cb40af01a70b9c4739208e48" + }, + { + "alg": "SHA-256", + "content": "8a1cd477e2fc1d456a1be35ad743323c4f986308d5163fb17abaa34cde04259b" + } + ] + }, + { + "bom-ref": "77dec77de21ce078", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Jerusalem", + "hashes": [ + { + "alg": "SHA-1", + "content": "89e42d27cfb78255ae18ee02f5a4c8e3ba57dde0" + }, + { + "alg": "SHA-256", + "content": "254b964265b94e16b4a498f0eb543968dec25f4cf80fba29b3d38e4a775ae837" + } + ] + }, + { + "bom-ref": "2f19b94e364a70a5", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Kabul", + "hashes": [ + { + "alg": "SHA-1", + "content": "b2379e605267b8766f9e34d322a5e3a657df7113" + }, + { + "alg": "SHA-256", + "content": "89a97b4afc1e1d34170e5efd3275e6e901ed8b0da2ed9b757b9bab2d753c4aaf" + } + ] + }, + { + "bom-ref": "af2692a760bcc3d7", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Kamchatka", + "hashes": [ + { + "alg": "SHA-1", + "content": "9902b94b8a6fbc3d4533f43d9be5cdb6302693ce" + }, + { + "alg": "SHA-256", + "content": "a4103445bca72932ac30299fda124c67f8605543de9a6b3e55c78c309ed00bae" + } + ] + }, + { + "bom-ref": "56962c5b00032699", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Karachi", + "hashes": [ + { + "alg": "SHA-1", + "content": "a4c69f1551a0a9bdd8d1817c547bd18218b570a3" + }, + { + "alg": "SHA-256", + "content": "881fa658c4d75327c1c00919773f3f526130d31b20c48b9bf8a348eda9338649" + } + ] + }, + { + "bom-ref": "1e4ac086c3c7f220", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Kashgar", + "hashes": [ + { + "alg": "SHA-1", + "content": "c4fba0cb8c5f2ef8232782883fca5e7af1b1fdb2" + }, + { + "alg": "SHA-256", + "content": "0045c32793f140e85e3d9670d50665f7c9a80cd6be6d6dc8dd654d4191c13d80" + } + ] + }, + { + "bom-ref": "2137faa0e906ad55", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Kathmandu", + "hashes": [ + { + "alg": "SHA-1", + "content": "454f1d251f8a9cd2c1559897f6b38a53fdbfe249" + }, + { + "alg": "SHA-256", + "content": "4d4796eeb0d289f3934ac371be8f628086197c621311951ffb4123825c910d6b" + } + ] + }, + { + "bom-ref": "3dd26d3784448dae", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Khandyga", + "hashes": [ + { + "alg": "SHA-1", + "content": "7ddab9699af73544e5b52a7477e0c5532216c59a" + }, + { + "alg": "SHA-256", + "content": "5d8cc4dadb04e526b2f698347070d090413d693bb2da988548b006c7f77e7663" + } + ] + }, + { + "bom-ref": "f8e012ae6fbc2748", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "ec3786f8744bad78bbfc370674ad33ccba5d4080" + }, + { + "alg": "SHA-256", + "content": "9f3470e0f2360222bf19ef39e1bf14ed3483c342c6432ddc6b962e38e5365f02" + } + ] + }, + { + "bom-ref": "7cd97aee09ee2a47", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Kuala_Lumpur", + "hashes": [ + { + "alg": "SHA-1", + "content": "429a0689e9ed127265705febf2c9aa5f47ac3547" + }, + { + "alg": "SHA-256", + "content": "739e349e40a3e820c222f70c4c9d55810b65987ffb14e494d08b145ed3445711" + } + ] + }, + { + "bom-ref": "7d447b2ce9446c96", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Macao", + "hashes": [ + { + "alg": "SHA-1", + "content": "bbd377edbc12abe7cd74edc80086dd21bb34a6ca" + }, + { + "alg": "SHA-256", + "content": "32f02447246cac0dabd39d88b65c85e5b8761617918c8d233f0834b88887d989" + } + ] + }, + { + "bom-ref": "3c1f0c7b44068f06", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Magadan", + "hashes": [ + { + "alg": "SHA-1", + "content": "34134a81b737efcc82e3be92b2d222319b36f510" + }, + { + "alg": "SHA-256", + "content": "72ac23290b7c4e5ce7335c360decc066ecf512378e7cbc4f792635f62f7391f4" + } + ] + }, + { + "bom-ref": "f1dd28afef6d6466", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Makassar", + "hashes": [ + { + "alg": "SHA-1", + "content": "2d411fa607c974fe3d77ee18612a21717d226b5e" + }, + { + "alg": "SHA-256", + "content": "3a126d0aa493114faee67d28a4154ee41bbec10cdc60fcbd4bfe9a02125780ec" + } + ] + }, + { + "bom-ref": "18a968f29e5740c6", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Manila", + "hashes": [ + { + "alg": "SHA-1", + "content": "d1cabdadc66cf3536c77a812baa074080b2140ca" + }, + { + "alg": "SHA-256", + "content": "f314d21c542e615756dd385d36a896cd57ba16fef983fe6b4d061444bbf1ac9e" + } + ] + }, + { + "bom-ref": "99b2bdbf14ff57d8", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Nicosia", + "hashes": [ + { + "alg": "SHA-1", + "content": "642099c037f5f40aa6152f7590e3cee90b7ae64a" + }, + { + "alg": "SHA-256", + "content": "d149e6d08153ec7c86790ec5def4daffe9257f2b0282bba5a853ba043d699595" + } + ] + }, + { + "bom-ref": "371e66a63ad5cb5d", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Novokuznetsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "52b0a7aff4332d6481b146155abbe90912bc1aaf" + }, + { + "alg": "SHA-256", + "content": "bd019ca8a766626583765ef740f65373269d9e8a5ed513c9e2806065e950bbdd" + } + ] + }, + { + "bom-ref": "b1a17607f30e3edf", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Novosibirsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "823fbd64d76bfdcb6e3b0206b731fe407a6a188d" + }, + { + "alg": "SHA-256", + "content": "0292f7b36d075f6788027a34dc709ad915dd94ba2d55bf49be7665ed6d6c334d" + } + ] + }, + { + "bom-ref": "aa8af4fed1af33d2", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Omsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "cb67208994f35a825847c36964546c8b8d1ad243" + }, + { + "alg": "SHA-256", + "content": "c316c47ac7deedd24e90d3df7ea4f04fac2e4d249333a13d7f4b85300cb33023" + } + ] + }, + { + "bom-ref": "9621ef6c92b03c21", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Oral", + "hashes": [ + { + "alg": "SHA-1", + "content": "deec78c1cebcbd9efb7c57486ca0344e5f8f1fb3" + }, + { + "alg": "SHA-256", + "content": "88c8ea0f82ef0e0cb1375e6fec2ab211d043c8115a3a50a1c17d701f3d898954" + } + ] + }, + { + "bom-ref": "132a3666861a86da", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Pontianak", + "hashes": [ + { + "alg": "SHA-1", + "content": "ce2c32e874ec64696f76be4439aad95cc7e3c4e7" + }, + { + "alg": "SHA-256", + "content": "8a7397c2e2ad8cabf5cff7a588f65222a8d2b7ac21b6ec613de1b56298d4fc14" + } + ] + }, + { + "bom-ref": "398efbbacb77ff35", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Pyongyang", + "hashes": [ + { + "alg": "SHA-1", + "content": "99b004e8e97b94265617932951e7227b635ced64" + }, + { + "alg": "SHA-256", + "content": "ffe8371a70c0b5f0d7e17024b571fd8c5a2e2d40e63a8be78e839fbd1a540ec1" + } + ] + }, + { + "bom-ref": "a0e0fb0ab31ce0e1", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Qostanay", + "hashes": [ + { + "alg": "SHA-1", + "content": "f7e8708a8ae86992953f273773b65d1e36e4afe4" + }, + { + "alg": "SHA-256", + "content": "f76633d7074fa667abc02f50d5685c95e2023102c3c1c68d8550ae36c09e77b5" + } + ] + }, + { + "bom-ref": "57ebb2104f6050b6", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Qyzylorda", + "hashes": [ + { + "alg": "SHA-1", + "content": "001a7c9f9de8d7edab286c756c0d0c03e90fad88" + }, + { + "alg": "SHA-256", + "content": "6a2491c70a146d0f930477f6c1cc9a3a141bf3a8f78d0a57c1c41a48f9c0b705" + } + ] + }, + { + "bom-ref": "64ec135af71c4d24", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Rangoon", + "hashes": [ + { + "alg": "SHA-1", + "content": "b800894b13386d65d24df73322e82ee622f843de" + }, + { + "alg": "SHA-256", + "content": "647b97f97547afc746263acf439716edbf23414bf78a1c9df95ccde78e6694c0" + } + ] + }, + { + "bom-ref": "722044944ad58575", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Sakhalin", + "hashes": [ + { + "alg": "SHA-1", + "content": "ebaa95b0bf93239c1ccf8f96856b86dc58afe726" + }, + { + "alg": "SHA-256", + "content": "f7901d3f03a049ed20f70771ebb90a2c36e3bd8dc5b697950680166c955ca34c" + } + ] + }, + { + "bom-ref": "9c5a7e6750b42fe2", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Samarkand", + "hashes": [ + { + "alg": "SHA-1", + "content": "7bbf5c916ddd50548e8e5ed0324c59dc1fe9a693" + }, + { + "alg": "SHA-256", + "content": "0417ba1a0fca95242e4b9840cafbe165698295c2c96858e708d182dfdd471d03" + } + ] + }, + { + "bom-ref": "27b7ebcc965ed969", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Seoul", + "hashes": [ + { + "alg": "SHA-1", + "content": "53c1223d1f4dec149d0cadd6d488672619abf0d6" + }, + { + "alg": "SHA-256", + "content": "2c8f4bb15dd77090b497e2a841ff3323ecbbae4f9dbb9edead2f8dd8fb5d8bb4" + } + ] + }, + { + "bom-ref": "8c8ab4bea52abb5b", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Srednekolymsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "e860fc369629019ed59b45f5fed235cc6ea8dfb2" + }, + { + "alg": "SHA-256", + "content": "d039655bcab95605c4315e5cfe72c912566c3696aebcd84d00242972076a125d" + } + ] + }, + { + "bom-ref": "07dd2930e1b6b74f", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Taipei", + "hashes": [ + { + "alg": "SHA-1", + "content": "515e1ab82b216406f364cf666dae998e4b8dc6f8" + }, + { + "alg": "SHA-256", + "content": "0cc990c0ea4faa5db9b9edcd7fcbc028a4f87a6d3a0f567dac76cb222b718b19" + } + ] + }, + { + "bom-ref": "179ea1c3ef1bc59c", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Tashkent", + "hashes": [ + { + "alg": "SHA-1", + "content": "bbc8a292471ac05d8774b14bcb177ab7fd7f7398" + }, + { + "alg": "SHA-256", + "content": "2d2fb24f1874bf5be626843d23a7d8f8811193bba43e6a2f571d94b7ff9bf888" + } + ] + }, + { + "bom-ref": "2d4abebbc2b2bf97", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Tbilisi", + "hashes": [ + { + "alg": "SHA-1", + "content": "7cb93f7abf7171eb40186248ecc885b541836e74" + }, + { + "alg": "SHA-256", + "content": "c3a50dc60ca7e015554c5e56900b71a3fbbb9e7218dba99a90a4399d18227ddb" + } + ] + }, + { + "bom-ref": "61c77f2293826510", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Tehran", + "hashes": [ + { + "alg": "SHA-1", + "content": "a7cb8bf300b3177e2506a838f7fd218880350e57" + }, + { + "alg": "SHA-256", + "content": "a996eb28d87f8c73af608beada143b344fc2e9c297d84da7915d731ba97566b4" + } + ] + }, + { + "bom-ref": "9da0d06e1fcead8c", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Thimbu", + "hashes": [ + { + "alg": "SHA-1", + "content": "16dc4bbfe2b3668b9b737033f4ecb2a9c1ee7e6a" + }, + { + "alg": "SHA-256", + "content": "ba26bca2be5db4393155466b70bc248db4f3f42ed984bab44f88e513862fbaf4" + } + ] + }, + { + "bom-ref": "66ccf3fa33e02a87", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Tokyo", + "hashes": [ + { + "alg": "SHA-1", + "content": "41852e7fc829ff3ace521bc3ebc60b6e43b56da6" + }, + { + "alg": "SHA-256", + "content": "a02b9e66044dc5c35c5f76467627fdcba4aee1cc958606b85c777095cad82ceb" + } + ] + }, + { + "bom-ref": "ecf9f03cf839599b", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Tomsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "5e7464939be7db8572e95aea8381f94bca70f91d" + }, + { + "alg": "SHA-256", + "content": "efb6207492f111344a8d08e76871dfe78c4102a372c130f0410999e6fe80ab6f" + } + ] + }, + { + "bom-ref": "45e7be0fc4d7ce7b", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Ust-Nera", + "hashes": [ + { + "alg": "SHA-1", + "content": "0040f6ac898a101ca796115d646c4825833c0290" + }, + { + "alg": "SHA-256", + "content": "2406614403dd6ce2fd00bf961ce2fc6998f1759c4b9860cd046302c3d4cab51f" + } + ] + }, + { + "bom-ref": "e32f01816e708557", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Vladivostok", + "hashes": [ + { + "alg": "SHA-1", + "content": "7480790ddac173ba580e52d0f8754eeacbff02b6" + }, + { + "alg": "SHA-256", + "content": "5a892182d8f69f0523f7dda1ed2c9f07f7d134700a7cf37386c7ffa19a629bc7" + } + ] + }, + { + "bom-ref": "b3b0e2f90433506e", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Yakutsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "79d6a645076e873ce22c53a10b3de9e27df7b2fe" + }, + { + "alg": "SHA-256", + "content": "455088979d84bccae9d911b6860d9c8c34abf5086cb1c6804fe355f35c70ef37" + } + ] + }, + { + "bom-ref": "af2f85e92c305a99", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Yekaterinburg", + "hashes": [ + { + "alg": "SHA-1", + "content": "16f2954e67502e5e98391383ab4712700e456ee8" + }, + { + "alg": "SHA-256", + "content": "37355cd8388f7b2c3415d307c123d0245f64dedbd676dac44d988de7ca72c4b9" + } + ] + }, + { + "bom-ref": "6da615580f542f67", + "type": "file", + "name": "/usr/share/zoneinfo/Asia/Yerevan", + "hashes": [ + { + "alg": "SHA-1", + "content": "f10e1a31e38b267009bed042efd8a54c7b2043a2" + }, + { + "alg": "SHA-256", + "content": "934587b56416fdc0428dc12ff273f4d5c54f79354395fd7c950d3fbba7229f5a" + } + ] + }, + { + "bom-ref": "1a84896fd2eb9d3e", + "type": "file", + "name": "/usr/share/zoneinfo/Atlantic/Azores", + "hashes": [ + { + "alg": "SHA-1", + "content": "088e1a1365d0e0c8091f595e30e1791b5f468313" + }, + { + "alg": "SHA-256", + "content": "5daae581a2cbfa4926b50ac964e31f453141d0d3803ca4a4eea06a993d53c76f" + } + ] + }, + { + "bom-ref": "20b7ddeebb4a8e6b", + "type": "file", + "name": "/usr/share/zoneinfo/Atlantic/Bermuda", + "hashes": [ + { + "alg": "SHA-1", + "content": "44e7011574ab916094cc410221bcff4960831155" + }, + { + "alg": "SHA-256", + "content": "2cd18a7ccb2762fc089a34f2cd7acb84c3871c3bbba88ebb45b60d2afbc8d792" + } + ] + }, + { + "bom-ref": "b4f91d8034801ec4", + "type": "file", + "name": "/usr/share/zoneinfo/Atlantic/Canary", + "hashes": [ + { + "alg": "SHA-1", + "content": "395c4e66b52d9181e31450d07b5365a10ec26aa3" + }, + { + "alg": "SHA-256", + "content": "ca62bdb9faa986f3630cade1ce290de067e4711dd07820623cac9573a16395b0" + } + ] + }, + { + "bom-ref": "4f2072b67274b92c", + "type": "file", + "name": "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "hashes": [ + { + "alg": "SHA-1", + "content": "897189e0cda96bfb3248ee7f48706fe94d687fc1" + }, + { + "alg": "SHA-256", + "content": "11242f13775e308fa5c7d986d3224b12c157e4a465fbb73a803e4eda1d199bd4" + } + ] + }, + { + "bom-ref": "0e1e1c595cca2f74", + "type": "file", + "name": "/usr/share/zoneinfo/Atlantic/Faeroe", + "hashes": [ + { + "alg": "SHA-1", + "content": "dd6b1178a2066e496edfcd2426d44ea5dd23a3d8" + }, + { + "alg": "SHA-256", + "content": "3626dd64f66d6a99d847f9b22199cc753692286b0e04682e8e3d3f4f636f033b" + } + ] + }, + { + "bom-ref": "9f207aa74c31f0b8", + "type": "file", + "name": "/usr/share/zoneinfo/Atlantic/Madeira", + "hashes": [ + { + "alg": "SHA-1", + "content": "e8dce3b2d2a4db52d0b3d19afd01d5b5473cd179" + }, + { + "alg": "SHA-256", + "content": "4cac333702082b0d818dede51b57dde86e68f3e2fcb6d897a20d5b844ecdcc46" + } + ] + }, + { + "bom-ref": "fb61b3c1d01776f4", + "type": "file", + "name": "/usr/share/zoneinfo/Atlantic/South_Georgia", + "hashes": [ + { + "alg": "SHA-1", + "content": "b2acac8196001a9458b5e6c6921d781df3290d78" + }, + { + "alg": "SHA-256", + "content": "419ef67d12a9e8a82fcbb0dfc871a1b753159f31a048fba32d07785cc8cdaeb7" + } + ] + }, + { + "bom-ref": "41c24463c1caeb9c", + "type": "file", + "name": "/usr/share/zoneinfo/Atlantic/Stanley", + "hashes": [ + { + "alg": "SHA-1", + "content": "f612730123deabdd609145696adeea2ea26f499f" + }, + { + "alg": "SHA-256", + "content": "7b128c2f0f8ff79db04b5153c558e7514d66903d8ebca503c2d0edf081a07fcc" + } + ] + }, + { + "bom-ref": "dd7c01fb057a54fc", + "type": "file", + "name": "/usr/share/zoneinfo/Australia/ACT", + "hashes": [ + { + "alg": "SHA-1", + "content": "ca9f55088c536a5cb6993b1a5fe361c0617bc4fd" + }, + { + "alg": "SHA-256", + "content": "42c3857585b16db2f8ffd47ba19faa60f473340de8d4fe9320ea7be861605906" + } + ] + }, + { + "bom-ref": "07a3a3a51a8e3f6c", + "type": "file", + "name": "/usr/share/zoneinfo/Australia/Adelaide", + "hashes": [ + { + "alg": "SHA-1", + "content": "91e31f0fe53950a7e8ac0bd66964069d4d7dabe9" + }, + { + "alg": "SHA-256", + "content": "95dd846f153be6856098f7bbd37cfe23a6aa2e0d0a9afeb665c086ce44f9476d" + } + ] + }, + { + "bom-ref": "3090009812f92579", + "type": "file", + "name": "/usr/share/zoneinfo/Australia/Brisbane", + "hashes": [ + { + "alg": "SHA-1", + "content": "d1cae3c294b3bc9e1d4a1e1e5457f63abb6b554e" + }, + { + "alg": "SHA-256", + "content": "796e90cf37b6b74faca5e2669afb7524ccdb91269d20a744f385c773b254b467" + } + ] + }, + { + "bom-ref": "4195cb7a999e6f5f", + "type": "file", + "name": "/usr/share/zoneinfo/Australia/Broken_Hill", + "hashes": [ + { + "alg": "SHA-1", + "content": "7f8d2d9322173a3390737371410592ecbcb9e858" + }, + { + "alg": "SHA-256", + "content": "de4ff79634ef4b91927e8ed787ac3bd54811dda03060f06c9c227e9a51180aa4" + } + ] + }, + { + "bom-ref": "38955202e36be11d", + "type": "file", + "name": "/usr/share/zoneinfo/Australia/Currie", + "hashes": [ + { + "alg": "SHA-1", + "content": "db8884f4beb55ae0c292403cdb8ffc47c18effcd" + }, + { + "alg": "SHA-256", + "content": "18b412ce021fb16c4ebe628eae1a5fa1f5aa20d41fea1dfa358cb799caba81c8" + } + ] + }, + { + "bom-ref": "2262e80d8459d76e", + "type": "file", + "name": "/usr/share/zoneinfo/Australia/Darwin", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa21b92f3596419128a660acccf2f1cf6aa66ab0" + }, + { + "alg": "SHA-256", + "content": "7e7d08661216f7c1409f32e283efc606d5b92c0e788da8dd79e533838b421afa" + } + ] + }, + { + "bom-ref": "180c377ec849fba4", + "type": "file", + "name": "/usr/share/zoneinfo/Australia/Eucla", + "hashes": [ + { + "alg": "SHA-1", + "content": "abf9ae83cf5720d60dfc849f06ea666b6e6c1a0f" + }, + { + "alg": "SHA-256", + "content": "2f112e156c8cb1efdc00b56d4560a47fab08204935de34382575bc9366a049df" + } + ] + }, + { + "bom-ref": "dbc117de4035649c", + "type": "file", + "name": "/usr/share/zoneinfo/Australia/LHI", + "hashes": [ + { + "alg": "SHA-1", + "content": "2304257244b530bcd036aae724f99aff416198f8" + }, + { + "alg": "SHA-256", + "content": "2ee7f42f1fe2247ba1de465de0bc518dfdfab4b179fb05b650531534a353ee08" + } + ] + }, + { + "bom-ref": "ce26ee87860739cc", + "type": "file", + "name": "/usr/share/zoneinfo/Australia/Lindeman", + "hashes": [ + { + "alg": "SHA-1", + "content": "8ac554523fc5300e535323ce58e46f8adb72c2e5" + }, + { + "alg": "SHA-256", + "content": "c4ce94771db6a0b3682d1d58ec64211ce628bfc9f0df140daa073f35543624ae" + } + ] + }, + { + "bom-ref": "1514165139b117f0", + "type": "file", + "name": "/usr/share/zoneinfo/Australia/Melbourne", + "hashes": [ + { + "alg": "SHA-1", + "content": "d6f744692e6c8b73de1eef051814f00e0d159e6a" + }, + { + "alg": "SHA-256", + "content": "96fc7f31072e9cc73abb6b2622b97c5f8dbb6cbb17be3920a4249d8d80933413" + } + ] + }, + { + "bom-ref": "d21755e322b75c3f", + "type": "file", + "name": "/usr/share/zoneinfo/Australia/Perth", + "hashes": [ + { + "alg": "SHA-1", + "content": "bb00a26c7ab0df1054fa1c4a71f0bd836a9be5f8" + }, + { + "alg": "SHA-256", + "content": "025d4339487853fa1f3144127959734b20f7c7b4948cff5d72149a0541a67968" + } + ] + }, + { + "bom-ref": "781ba5c6912c8771", + "type": "file", + "name": "/usr/share/zoneinfo/CET", + "hashes": [ + { + "alg": "SHA-1", + "content": "d90f3247c4716c2e1068d5ad9c88ca2091bec4e8" + }, + { + "alg": "SHA-256", + "content": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + } + ] + }, + { + "bom-ref": "62d6b89873f37a68", + "type": "file", + "name": "/usr/share/zoneinfo/Chile/EasterIsland", + "hashes": [ + { + "alg": "SHA-1", + "content": "17b3f0bf160601c93bdda3e7a0b834ecc1e06f20" + }, + { + "alg": "SHA-256", + "content": "64eefdb1ed60766dd954d0fdaf98b5162ad501313612ce55f61fdd506b0788d3" + } + ] + }, + { + "bom-ref": "5ed840c9cb2b6f34", + "type": "file", + "name": "/usr/share/zoneinfo/EET", + "hashes": [ + { + "alg": "SHA-1", + "content": "fd241e817c1f999471c30d301238211a16f95866" + }, + { + "alg": "SHA-256", + "content": "5c363e14151d751c901cdf06c502d9e1ac23b8e956973954763bfb39d5c53730" + } + ] + }, + { + "bom-ref": "ffd566d34fc1d2f9", + "type": "file", + "name": "/usr/share/zoneinfo/Eire", + "hashes": [ + { + "alg": "SHA-1", + "content": "dbd27ca1fc5b5d8b864c48e92bb42dc49a8f442b" + }, + { + "alg": "SHA-256", + "content": "75b0b9a6bad4fb50a098ebfffb8afdf1f0ffe6a9908fdd3d108f7148b647c889" + } + ] + }, + { + "bom-ref": "971b147bcac60dc4", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT", + "hashes": [ + { + "alg": "SHA-1", + "content": "2a8483df5c2809f1dfe0c595102c474874338379" + }, + { + "alg": "SHA-256", + "content": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + } + ] + }, + { + "bom-ref": "99ada4e07c31c653", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT+1", + "hashes": [ + { + "alg": "SHA-1", + "content": "694bd47ee2b5d93fd043dd144c5dce214e163dd8" + }, + { + "alg": "SHA-256", + "content": "d50ce5d97f6b43f45711fd75c87d3dc10642affa61e947453fb134caef6cf884" + } + ] + }, + { + "bom-ref": "badb4b2cb912dd47", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT+10", + "hashes": [ + { + "alg": "SHA-1", + "content": "df25f8ee32cd9ac7f9d3fdafb6ccc897e0675a5c" + }, + { + "alg": "SHA-256", + "content": "244432432425902d28e994dd7958d984220e87a70ae5317b1f4d0f925b3eb142" + } + ] + }, + { + "bom-ref": "ce9e052bb4f505ea", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT+11", + "hashes": [ + { + "alg": "SHA-1", + "content": "326fa090be74ccc8e561a72ff2833a9a80460977" + }, + { + "alg": "SHA-256", + "content": "b56bdcbd830509a13ad27255bc3aeba2feecb49becd4a4183b2ae1977773714b" + } + ] + }, + { + "bom-ref": "5871dfbf7874cae3", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT+12", + "hashes": [ + { + "alg": "SHA-1", + "content": "9813523e1f092d2f0c0cd3e5f13e2738a51cb350" + }, + { + "alg": "SHA-256", + "content": "6fbd0712112babc2099aaf31edc399cb8791fffddfab9b871e98ef3c1107a8c0" + } + ] + }, + { + "bom-ref": "b2e4e38ed8791f04", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT+2", + "hashes": [ + { + "alg": "SHA-1", + "content": "e3c40ede5206526dd50a7f8d710afad3da46c12e" + }, + { + "alg": "SHA-256", + "content": "4fa129e7386c94129b61a10215407a8142a1de24d93f23285b59238689f1ad4a" + } + ] + }, + { + "bom-ref": "9583da24d1cf6bdb", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT+3", + "hashes": [ + { + "alg": "SHA-1", + "content": "8f68d2cb81ec1c386f80f820d6aaf54b7444f5cd" + }, + { + "alg": "SHA-256", + "content": "406a18ac4d386d427e3b32f7eddb763194f917158d2e92433d55e025bb2d6190" + } + ] + }, + { + "bom-ref": "7e295ef0c947ca85", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT+4", + "hashes": [ + { + "alg": "SHA-1", + "content": "32cfcd637174d91744d7dff4744e199750faf9d1" + }, + { + "alg": "SHA-256", + "content": "456ae43648bec15ed7f9ca1ed15bee7c17ba2eb595a643c98226b94106049c1a" + } + ] + }, + { + "bom-ref": "38c93329f777744a", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT+5", + "hashes": [ + { + "alg": "SHA-1", + "content": "cef7ce7bf61e746cc1ae39bbab9112bf1dfdc455" + }, + { + "alg": "SHA-256", + "content": "a1199e0b8d5d8185d3fb3cf264844a5cdf48bdd2f60dae674eec261b6fe9ac80" + } + ] + }, + { + "bom-ref": "4312a77b0dee8bd3", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT+6", + "hashes": [ + { + "alg": "SHA-1", + "content": "750271da92432a39887c376cd346144d785d4445" + }, + { + "alg": "SHA-256", + "content": "77a7409f089e8f2148da7ec0cc59455b4685013eb360d123048106d2ebb4b1b4" + } + ] + }, + { + "bom-ref": "9168bad0b03ce195", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT+7", + "hashes": [ + { + "alg": "SHA-1", + "content": "6ca6def25e8ec04a636003be3f3642e9b165b5f0" + }, + { + "alg": "SHA-256", + "content": "4ea8d86f3774607a71d708ac160d3c275f704e983aced24b2e89e0658fe5a33b" + } + ] + }, + { + "bom-ref": "59bc2fa9b50cd094", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT+8", + "hashes": [ + { + "alg": "SHA-1", + "content": "5c83913964f148a5e9d5add7eb511586880f4373" + }, + { + "alg": "SHA-256", + "content": "b61ffc6c832662044f09eb01adb981851af48d03bbc2177bd0b898f477f02729" + } + ] + }, + { + "bom-ref": "226ab5fdc7401d2f", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT+9", + "hashes": [ + { + "alg": "SHA-1", + "content": "fefc384f96a7e856e72e7d723eb2638cb3e7d469" + }, + { + "alg": "SHA-256", + "content": "42ae44ea2512ec9309232993ed8a2a948f0cb6ab55cb49abf6deb3585b5673d6" + } + ] + }, + { + "bom-ref": "36c654c8c660a279", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT-1", + "hashes": [ + { + "alg": "SHA-1", + "content": "0ab7ceaed57872977f2162ead3e08b3a2984757c" + }, + { + "alg": "SHA-256", + "content": "ef7175794f2e01018fde6728076abdf428df31a9c61479377de7e58e9f69602e" + } + ] + }, + { + "bom-ref": "a0fa56c69164af96", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT-10", + "hashes": [ + { + "alg": "SHA-1", + "content": "4081769004bdca6d05daa595d53c5e64e9da7dfd" + }, + { + "alg": "SHA-256", + "content": "7ca5963702c13a9d4e90a8ed735c3d2c85c94759934c3f8976f61f951cb522b5" + } + ] + }, + { + "bom-ref": "5786305fa98ec735", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT-11", + "hashes": [ + { + "alg": "SHA-1", + "content": "268a542f171d142870c273ea63d2b297e9132424" + }, + { + "alg": "SHA-256", + "content": "0f64bbf67ea9b1af6df7fdaf8f9c08ac5a471f63892dc08a3fabedc3315920d6" + } + ] + }, + { + "bom-ref": "645ebfede035aaea", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT-12", + "hashes": [ + { + "alg": "SHA-1", + "content": "7a7f58e042a671281dbf35baa7db93fc4661a80b" + }, + { + "alg": "SHA-256", + "content": "99ee15ea599623c812afc1fb378d56003d04c30d5a9e1fc4177e10afd5284a72" + } + ] + }, + { + "bom-ref": "4ae492f507985141", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT-13", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f692f0a177436496fa8381438ee7ed1f9ae3f1a" + }, + { + "alg": "SHA-256", + "content": "c5b99b1b505003a0e5a5afe2530106c89c56e1adedea599ac1d3ca004f2f6d1f" + } + ] + }, + { + "bom-ref": "28b506d95f98eff8", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT-14", + "hashes": [ + { + "alg": "SHA-1", + "content": "f073c38db02ac6096f4f32948eda1574a34d9d0b" + }, + { + "alg": "SHA-256", + "content": "3e95e8444061d36a85a6fc55323da957d200cd242f044ed73ef9cdf6a499f8a7" + } + ] + }, + { + "bom-ref": "4eb3fe00ba14e9c4", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT-2", + "hashes": [ + { + "alg": "SHA-1", + "content": "44c80b54e02666339300ec84db1f6f5566b5ba92" + }, + { + "alg": "SHA-256", + "content": "bdeea158b75eba22e1a9a81a58ba8c0fa1cdc9b4b57214708ee75f4d9d9b6011" + } + ] + }, + { + "bom-ref": "91327d43c35f78a6", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT-3", + "hashes": [ + { + "alg": "SHA-1", + "content": "3de0e41581d474c91db326d9e755fe1b11172983" + }, + { + "alg": "SHA-256", + "content": "37bee320b6a7b8b0d590bb1dba35d94aef9db078b0379308a7087b7cc5227eca" + } + ] + }, + { + "bom-ref": "049b90f71d2fe7e8", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT-4", + "hashes": [ + { + "alg": "SHA-1", + "content": "b81f76f5a16830f56841502d65c3d271a0d94ee4" + }, + { + "alg": "SHA-256", + "content": "2d2928e5f547a8f979cdfc231aa91b31afce167beda53ea8ff8c58c4dcfd9f9a" + } + ] + }, + { + "bom-ref": "90d2820f5da684dd", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT-5", + "hashes": [ + { + "alg": "SHA-1", + "content": "4978924cbee929c87b2726c9d9b4d2d5d7590da6" + }, + { + "alg": "SHA-256", + "content": "b8b69247931bd7c1d14ec000e52bde63d3c027dedd3bc433216a8d5dedf065be" + } + ] + }, + { + "bom-ref": "fbb68aefc6ca041b", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT-6", + "hashes": [ + { + "alg": "SHA-1", + "content": "773e9072d36b0f3dca58dc5de24b9947f3fefdeb" + }, + { + "alg": "SHA-256", + "content": "25237e454029849e747e922fedc602eae9ebb6bcfd4b55a66bea620c79467bb7" + } + ] + }, + { + "bom-ref": "8822a65fabe47778", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT-7", + "hashes": [ + { + "alg": "SHA-1", + "content": "6c3c180b690aee6c0320e6703f2f781618c4221e" + }, + { + "alg": "SHA-256", + "content": "bd500e17cc54f53f444a7c3af1cd12157a5cbe4a28a5a8b04d1d336de7c71d25" + } + ] + }, + { + "bom-ref": "51bd19b360dbd27e", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT-8", + "hashes": [ + { + "alg": "SHA-1", + "content": "280e22a595351b1fa0fdc3b3a3deed4e4840e31a" + }, + { + "alg": "SHA-256", + "content": "4bbc4541b14ca620d9cb8bf92f80fd7c2ae3448cf3a0b0b9a7c49edb7c62eeeb" + } + ] + }, + { + "bom-ref": "0bf6c8d5e79525f9", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/GMT-9", + "hashes": [ + { + "alg": "SHA-1", + "content": "f62a1c06f8a901efa933208ae9501c9a2f78a269" + }, + { + "alg": "SHA-256", + "content": "239bc736650af98ca0fd2d6c905378e15195cc1824b6316055088320a3b868c2" + } + ] + }, + { + "bom-ref": "3289702b1d71d398", + "type": "file", + "name": "/usr/share/zoneinfo/Etc/UCT", + "hashes": [ + { + "alg": "SHA-1", + "content": "d0b8991654116e9395714102c41d858c1454b3bd" + }, + { + "alg": "SHA-256", + "content": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + } + ] + }, + { + "bom-ref": "c1243c1120ba7c56", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Andorra", + "hashes": [ + { + "alg": "SHA-1", + "content": "4fbea0614a049786c42ba65ea8bea4b12a7a6ef3" + }, + { + "alg": "SHA-256", + "content": "8130798c2426bc8c372498b5fef01c398ba1b733c147a457531f60555ea9eae8" + } + ] + }, + { + "bom-ref": "4ea56c2152db1aaf", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Astrakhan", + "hashes": [ + { + "alg": "SHA-1", + "content": "6bdbac46bf6de697e0cb750be284973b05035877" + }, + { + "alg": "SHA-256", + "content": "cb0b732fdd8a55fa326ce980844f5e1ea98c72f2599b96f48ece460dd5882444" + } + ] + }, + { + "bom-ref": "006b1ef26c19fa86", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Belfast", + "hashes": [ + { + "alg": "SHA-1", + "content": "1beba7108ea93c7111dabc9d7f4e4bfdea383992" + }, + { + "alg": "SHA-256", + "content": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + } + ] + }, + { + "bom-ref": "5c6bfcdbc4578b60", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Belgrade", + "hashes": [ + { + "alg": "SHA-1", + "content": "961a2223fd1573ab344930109fbd905336175c5f" + }, + { + "alg": "SHA-256", + "content": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + } + ] + }, + { + "bom-ref": "dd8aa6a155f509af", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Bratislava", + "hashes": [ + { + "alg": "SHA-1", + "content": "396eb952fc9ee942964181ca4e5a2dcdb5e92901" + }, + { + "alg": "SHA-256", + "content": "fadd1d112954ec192506fb9421d7a22a80764fe4ae7b2eb116290437fec33167" + } + ] + }, + { + "bom-ref": "e1ede9996d1494c2", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Bucharest", + "hashes": [ + { + "alg": "SHA-1", + "content": "7176e5201942e3b2db81c853b0215abc86fd0ae7" + }, + { + "alg": "SHA-256", + "content": "9df83af9b5360fa0cc1166fd10c2014799319cdb1b0d2c7450a7c71ff673a857" + } + ] + }, + { + "bom-ref": "eba681381951981d", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Budapest", + "hashes": [ + { + "alg": "SHA-1", + "content": "91adb207dce9a1bfffd91c527c87591862b5befa" + }, + { + "alg": "SHA-256", + "content": "94dc2ac5672206fc3d7a2f35550c082876c2fd90c98e980753a1c5838c025246" + } + ] + }, + { + "bom-ref": "a0e66e6c4fdddb35", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Busingen", + "hashes": [ + { + "alg": "SHA-1", + "content": "782d7d6812933a263ebfff012a0120d480071b1b" + }, + { + "alg": "SHA-256", + "content": "2b9418ed48e3d9551c84a4786e185bd2181d009866c040fbd729170d038629ef" + } + ] + }, + { + "bom-ref": "a040004dfdfc4b8f", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Chisinau", + "hashes": [ + { + "alg": "SHA-1", + "content": "3c7ec1a8e357d2bbaead94d299dbe16db67b43ba" + }, + { + "alg": "SHA-256", + "content": "a7527faea144d77a4bf1ca4146b1057beb5e088f1fd1f28ae2e4d4cbfe1d885e" + } + ] + }, + { + "bom-ref": "67a4fe6b7b5e0b6a", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Gibraltar", + "hashes": [ + { + "alg": "SHA-1", + "content": "122f8383ab55c80eb33fe83cb2c8e870104260ee" + }, + { + "alg": "SHA-256", + "content": "6bced6a5a065bf123880053d3a940e90df155096e2ad55987fe55f14b4c8a12e" + } + ] + }, + { + "bom-ref": "dda9eee877f7aecc", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Helsinki", + "hashes": [ + { + "alg": "SHA-1", + "content": "3f01ceaf46492fcbd8753bc6cff72ca73df6d1f1" + }, + { + "alg": "SHA-256", + "content": "184901ecbb158667a0b7b62eb9685e083bc3182edbecdc3d6d3743192f6a9097" + } + ] + }, + { + "bom-ref": "38303342a053167e", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Kaliningrad", + "hashes": [ + { + "alg": "SHA-1", + "content": "a02a78fd9fd74fa6cd9abe6546273519018d5030" + }, + { + "alg": "SHA-256", + "content": "b3b19749ed58bcc72cec089484735303a2389c03909ff2a6cff66a2583be2cc3" + } + ] + }, + { + "bom-ref": "108c1e7b2a68808d", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Kiev", + "hashes": [ + { + "alg": "SHA-1", + "content": "946d9ae0ff7ee36e2d8809629da945ae868f4d65" + }, + { + "alg": "SHA-256", + "content": "fb0ae91bd8cfb882853f5360055be7c6c3117fd2ff879cf727a4378e3d40c0d3" + } + ] + }, + { + "bom-ref": "23c601af39604c0a", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Kirov", + "hashes": [ + { + "alg": "SHA-1", + "content": "22357ac98d315c82d585badfb9afe934a709f107" + }, + { + "alg": "SHA-256", + "content": "3fb4f665fe44a3aa382f80db83f05f8858d48138f47505e5af063e419d5e0559" + } + ] + }, + { + "bom-ref": "e5b5caa8f8fc650a", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Lisbon", + "hashes": [ + { + "alg": "SHA-1", + "content": "b9298daf385db9e18080b3d9f46be2c944714ec1" + }, + { + "alg": "SHA-256", + "content": "92b07cb24689226bf934308d1f1bd33c306aa4da610c52cd5bce25077960502c" + } + ] + }, + { + "bom-ref": "641ee0288cbb8df5", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Madrid", + "hashes": [ + { + "alg": "SHA-1", + "content": "373ee9e3d0ba9edf1ebd6497d5f1ffb50a62984f" + }, + { + "alg": "SHA-256", + "content": "9a42d7d37ad6dedd2d9b328120f7bf9e852f6850c4af00baff964f659b161cea" + } + ] + }, + { + "bom-ref": "74fcc1b62422ba79", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Malta", + "hashes": [ + { + "alg": "SHA-1", + "content": "eede4ec7a48fc8ada059d1462e2c090eda8c6c91" + }, + { + "alg": "SHA-256", + "content": "12129c6cf2f8efbeb9b56022439edcbac68ad9368842a64282d268119b3751dd" + } + ] + }, + { + "bom-ref": "05042171f6eec703", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Minsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "e36f1daec8979122825de4903770b79e0eabcd88" + }, + { + "alg": "SHA-256", + "content": "9a7f3acddacd5a92580df139d48cbd9f5f998b6a624f26fd10f692d80fae1894" + } + ] + }, + { + "bom-ref": "1ac852847005acbb", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Monaco", + "hashes": [ + { + "alg": "SHA-1", + "content": "f065dd54ad27c008caa5e96b7fec1e7859fcc003" + }, + { + "alg": "SHA-256", + "content": "ab77a1488a2dd4667a4f23072236e0d2845fe208405eec1b4834985629ba7af8" + } + ] + }, + { + "bom-ref": "2fcff6eb734c19f3", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Moscow", + "hashes": [ + { + "alg": "SHA-1", + "content": "d4d01723421789b2d2b54ffedee60283e94f5e65" + }, + { + "alg": "SHA-256", + "content": "2a69287d1723e93f0f876f0f242866f09569d77b91bde7fa4d9d06b8fcd4883c" + } + ] + }, + { + "bom-ref": "70dad2ef15073618", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Riga", + "hashes": [ + { + "alg": "SHA-1", + "content": "799671bdcad326eb5707eb620342c69bac5e6580" + }, + { + "alg": "SHA-256", + "content": "849dbfd26d6d696f48b80fa13323f99fe597ed83ab47485e2accc98609634569" + } + ] + }, + { + "bom-ref": "ca432ae695acaa61", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Rome", + "hashes": [ + { + "alg": "SHA-1", + "content": "2ef35f507ab176828a5c751f702144ede463e385" + }, + { + "alg": "SHA-256", + "content": "d5ade82cc4a232949b87d43157c84b2c355b66a6ac87cf6250ed6ead80b5018f" + } + ] + }, + { + "bom-ref": "8a0f58a73f65f6b8", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Samara", + "hashes": [ + { + "alg": "SHA-1", + "content": "a8bab29224d52a19e5960c2c66557748fb55c4e5" + }, + { + "alg": "SHA-256", + "content": "cf68a79ea499f3f964132f1c23217d24cfc57e73b6b1665aa9e16a3a1f290fb3" + } + ] + }, + { + "bom-ref": "2b2e27e3c71746d4", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Saratov", + "hashes": [ + { + "alg": "SHA-1", + "content": "916029e1ff74b86bd860098a43bacbac34677fb5" + }, + { + "alg": "SHA-256", + "content": "04c7a3e3d1e5406db80960a1e5538436b0778cfb893d270fb3346d6fb32b2772" + } + ] + }, + { + "bom-ref": "37dbd70f590af32f", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Simferopol", + "hashes": [ + { + "alg": "SHA-1", + "content": "f1773f7624c418081fb3ab76ac1a64ab60f2e9be" + }, + { + "alg": "SHA-256", + "content": "b7397bc5d355499a6b342ba5e181392d2a6847d268ba398eabc55b6c1f301e27" + } + ] + }, + { + "bom-ref": "201518c5bc694622", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Sofia", + "hashes": [ + { + "alg": "SHA-1", + "content": "541f61fa9ef15b102f8661b684ad9976bd81b929" + }, + { + "alg": "SHA-256", + "content": "84240a5df30dae7039c47370feecd38cacd5c38f81becab9a063b8c940afe6d6" + } + ] + }, + { + "bom-ref": "bc8d998b99a817ae", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Tallinn", + "hashes": [ + { + "alg": "SHA-1", + "content": "dff1b1743ddf6474e691fae0a6dab8ee93d81789" + }, + { + "alg": "SHA-256", + "content": "e1ae890b4688a4ccea215ecedf9ce81b42cb270910ab90285d9da2be489cebec" + } + ] + }, + { + "bom-ref": "d056db3910810802", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Tirane", + "hashes": [ + { + "alg": "SHA-1", + "content": "3b9be3df7968b0c46feed0a46349324179daaa84" + }, + { + "alg": "SHA-256", + "content": "ced959c824bd5825de556f2706e9f74f28b91d463412d15b8816c473582e72ec" + } + ] + }, + { + "bom-ref": "2eb274251cae73a6", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Ulyanovsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "f5d943bf83a0dffa86018b8512df7179536fb4ae" + }, + { + "alg": "SHA-256", + "content": "9c5b207154e64e2885cc7b722434673bedc7e064407c079c79be9bda31472d44" + } + ] + }, + { + "bom-ref": "77b6dbb3b0b69bc1", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Vienna", + "hashes": [ + { + "alg": "SHA-1", + "content": "1da9833989405bd5ff21d58013704f9f00cefd7b" + }, + { + "alg": "SHA-256", + "content": "6662379000c4e9b9eb24471caa1ef75d7058dfa2f51b80e4a624d0226b4dad49" + } + ] + }, + { + "bom-ref": "14a8522223084a28", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Vilnius", + "hashes": [ + { + "alg": "SHA-1", + "content": "88bfe2ba142bad0856984a813ac8b93939fd6b3e" + }, + { + "alg": "SHA-256", + "content": "505cd15f7a2b09307c77d23397124fcb9794036a013ee0aed54265fb60fb0b75" + } + ] + }, + { + "bom-ref": "09d951f943e65978", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Volgograd", + "hashes": [ + { + "alg": "SHA-1", + "content": "a4deb32b25919c4fbeec94d043abbdcc27b45bd6" + }, + { + "alg": "SHA-256", + "content": "46016fb7b9b367e4ed20a2fd0551e6a0d64b21e2c8ba20dd5de635d20dbfbe4b" + } + ] + }, + { + "bom-ref": "bd9dbbf07eac4f97", + "type": "file", + "name": "/usr/share/zoneinfo/Europe/Warsaw", + "hashes": [ + { + "alg": "SHA-1", + "content": "011e06118f3e209794b175332ffb109e2583e4f7" + }, + { + "alg": "SHA-256", + "content": "4e22c33db79517472480b54491a49e0da299f3072d7490ce97f1c4fd6779acab" + } + ] + }, + { + "bom-ref": "1146b88da7a69dde", + "type": "file", + "name": "/usr/share/zoneinfo/Factory", + "hashes": [ + { + "alg": "SHA-1", + "content": "d970812ef3dca71b59cc3dab08ba3391d4dd1418" + }, + { + "alg": "SHA-256", + "content": "6851652b1f771d7a09a05e124ae4e50fc719b4903e9dee682b301ae9e5f65789" + } + ] + }, + { + "bom-ref": "b6f45f1dbbc5ee47", + "type": "file", + "name": "/usr/share/zoneinfo/HST", + "hashes": [ + { + "alg": "SHA-1", + "content": "5d5313bee3a467f7b5311b263c7d38b52f182164" + }, + { + "alg": "SHA-256", + "content": "7f03d1bf5264e7ab023a2ef9b997ddfc8cb6936692407c770762b9c549523f33" + } + ] + }, + { + "bom-ref": "6a7104b310debc0d", + "type": "file", + "name": "/usr/share/zoneinfo/Indian/Chagos", + "hashes": [ + { + "alg": "SHA-1", + "content": "e56a740e0b4703426b63bf2ea71650a2ae0defda" + }, + { + "alg": "SHA-256", + "content": "db7076ea9c302b48315bb4cfefa1a5b7263e454fe8e911864ab17dde917b4b51" + } + ] + }, + { + "bom-ref": "e3cc6d32a56f65b7", + "type": "file", + "name": "/usr/share/zoneinfo/Indian/Kerguelen", + "hashes": [ + { + "alg": "SHA-1", + "content": "a77b20e17ce1c1f9c4767d1ddf03a67b0312ce6c" + }, + { + "alg": "SHA-256", + "content": "7544016eb9a8077a1d5ac32ddcad58527078e3b03a9e45b7691d5a1f374b17b3" + } + ] + }, + { + "bom-ref": "4156ca814b032d3f", + "type": "file", + "name": "/usr/share/zoneinfo/Indian/Mauritius", + "hashes": [ + { + "alg": "SHA-1", + "content": "1c264edb46f9058fb482a727ec95bb67807ec804" + }, + { + "alg": "SHA-256", + "content": "93abd651571f537812d4ad767bf68cc3a05e49d32f74bc822510802fb083d20a" + } + ] + }, + { + "bom-ref": "48f50aeeac70e98a", + "type": "file", + "name": "/usr/share/zoneinfo/Kwajalein", + "hashes": [ + { + "alg": "SHA-1", + "content": "6c90cce9681748e9c5c59ba8a9070c1425a71f79" + }, + { + "alg": "SHA-256", + "content": "2f89c7deac6fe4404a551c58b7aedbf487d97c1ce0e4a264d7d8aeef1de804c9" + } + ] + }, + { + "bom-ref": "f62c57c5ad5fd2a6", + "type": "file", + "name": "/usr/share/zoneinfo/NZ-CHAT", + "hashes": [ + { + "alg": "SHA-1", + "content": "cb54cbb65da9481265fbb1005f8860efa5170042" + }, + { + "alg": "SHA-256", + "content": "96456a692175596a6ffc1d8afa4dae269dac7ad4552ba5db8ec437f200c65448" + } + ] + }, + { + "bom-ref": "d1bfaa52e4bebb5c", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Apia", + "hashes": [ + { + "alg": "SHA-1", + "content": "442116a1776e38b80a519df388e5e3e992081f74" + }, + { + "alg": "SHA-256", + "content": "726e92e83d15747b1da8b264ba95091faa4bca76a8e50970a4c99123d9b9647e" + } + ] + }, + { + "bom-ref": "e9b0a023122242cd", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Bougainville", + "hashes": [ + { + "alg": "SHA-1", + "content": "4438f6699a844ec19aabc63f4ea9df91e1714ffb" + }, + { + "alg": "SHA-256", + "content": "64a0dafd2ff68129663968b35750eac47df06c4e7cadf2b5bca64766aaebb632" + } + ] + }, + { + "bom-ref": "5cddee3c98d816cc", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Efate", + "hashes": [ + { + "alg": "SHA-1", + "content": "dfcdfadd0146e60fdfa6c9a457f4fd94c062fb1a" + }, + { + "alg": "SHA-256", + "content": "a46e0d31578cde10494d99d99aa78bab3dd0e680a08135b81cef91f457bddba0" + } + ] + }, + { + "bom-ref": "81b79f4927e50813", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Enderbury", + "hashes": [ + { + "alg": "SHA-1", + "content": "ae7f372f20b1ed3a9bbc2eeabd3a67156f9e65f4" + }, + { + "alg": "SHA-256", + "content": "52f13b7d5b79bc64bb968297d7489b84d8a596288dab0bd001757d3518588603" + } + ] + }, + { + "bom-ref": "69d0293d392d7b80", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Fakaofo", + "hashes": [ + { + "alg": "SHA-1", + "content": "4ae0c959818fd9aad8518baa00dab9172c77f1d7" + }, + { + "alg": "SHA-256", + "content": "828c3e4a0139af973c27f020e67bc9e5250f0e0eb21fca6d87f6be40b0dc3eff" + } + ] + }, + { + "bom-ref": "b57a36a92b5eb980", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Fiji", + "hashes": [ + { + "alg": "SHA-1", + "content": "3c657bce2b4fd4ebd6fbf6e435eac77d0704d3a0" + }, + { + "alg": "SHA-256", + "content": "c955305c2fc9c0bc9f929adf08d4e7580add30ba925c600e7a479ee37b191a23" + } + ] + }, + { + "bom-ref": "aeb4b9efd34fc302", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Funafuti", + "hashes": [ + { + "alg": "SHA-1", + "content": "cb335dbaaa6de98cf1f54d4a9e665c21e2cd4088" + }, + { + "alg": "SHA-256", + "content": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + } + ] + }, + { + "bom-ref": "17dfdf30d4d5c5f2", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Galapagos", + "hashes": [ + { + "alg": "SHA-1", + "content": "e4dac5e58655145a568ed53ebe3c2acf5f4a3724" + }, + { + "alg": "SHA-256", + "content": "31db650be7dfa7cade202cc3c6c43cb5632c4e4ab965c37e8f73b2ca18e8915f" + } + ] + }, + { + "bom-ref": "d7c5fd0bd56e8a21", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Gambier", + "hashes": [ + { + "alg": "SHA-1", + "content": "1fb4054e9a560e58b8e482bc29621d1e88201a75" + }, + { + "alg": "SHA-256", + "content": "cfa79817cb2cccb8e47e9aa65a76c1040501fa26da4799e874a68061bbd739ed" + } + ] + }, + { + "bom-ref": "d7982316838b14d5", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Guadalcanal", + "hashes": [ + { + "alg": "SHA-1", + "content": "5011d0291e183a54b67e5cffba2d54278478ebe5" + }, + { + "alg": "SHA-256", + "content": "e865fe5e9c5c0b203ae2a50c77124c14cab8b0f93466385ec6a19baf2cdf8231" + } + ] + }, + { + "bom-ref": "5d624fa9a429b1e6", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Guam", + "hashes": [ + { + "alg": "SHA-1", + "content": "e89887209cf2ea7f4223ca7298e9377b233eaba6" + }, + { + "alg": "SHA-256", + "content": "131f739e67faacd7c6cdeea036964908caf54d3e2b925d929eb85e72b749b9f2" + } + ] + }, + { + "bom-ref": "80b12f5602f95d7f", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Kiritimati", + "hashes": [ + { + "alg": "SHA-1", + "content": "37395a0b6f3d7510d03c13e1a0a92b399f7b303c" + }, + { + "alg": "SHA-256", + "content": "5474778aec22bf7b71eb95ad8ad5470a840483754977cd76559e5d8ee4b25317" + } + ] + }, + { + "bom-ref": "17f16514685ef7f0", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Kosrae", + "hashes": [ + { + "alg": "SHA-1", + "content": "59dabc00195b0e9a26c1304e866284e7c9963d09" + }, + { + "alg": "SHA-256", + "content": "566e40288e8dbee612cf9f2cf3ddb658d2225a8a8f722c7624e24e8b1d669525" + } + ] + }, + { + "bom-ref": "f08e65df79237a22", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Marquesas", + "hashes": [ + { + "alg": "SHA-1", + "content": "57ac5495306a7ca1ce93df12ef67956ed2d81c44" + }, + { + "alg": "SHA-256", + "content": "bb3b2356896eb46457a7f1519ef5e85340290c46f865a628cffafad03ee3b9f8" + } + ] + }, + { + "bom-ref": "980393f7bdf1e927", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Midway", + "hashes": [ + { + "alg": "SHA-1", + "content": "4c388c7f9a7700517fc6577943f3efe3bdddd3eb" + }, + { + "alg": "SHA-256", + "content": "7c262b62985863aad47f13b0ef5db2e5cc917b5d38002de9a2ea83ddb0883458" + } + ] + }, + { + "bom-ref": "551b0b4dd1919168", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Nauru", + "hashes": [ + { + "alg": "SHA-1", + "content": "58548fa30aafa75c04f88b266404875a11a2c6f0" + }, + { + "alg": "SHA-256", + "content": "a06c68718b2ab2c67f11e4077f77143f9720d2ab6acf1d41ce81235568c4ffb8" + } + ] + }, + { + "bom-ref": "7f11aa76fb1d8e80", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Niue", + "hashes": [ + { + "alg": "SHA-1", + "content": "d65969431f77c6ed51c69499305c8bacad1e8ba6" + }, + { + "alg": "SHA-256", + "content": "29cd01460b2eee0d904d1f5edfb0eea91a35b140960c5328c00438c0ee98350d" + } + ] + }, + { + "bom-ref": "82bdd4a41a73e93f", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Norfolk", + "hashes": [ + { + "alg": "SHA-1", + "content": "0f70543c0407a341ec68b97c13354ad6bc5f5000" + }, + { + "alg": "SHA-256", + "content": "09d11733d48a602f569fb68cc43dac5798bccc4f3c350a36e59fcbf3be09b612" + } + ] + }, + { + "bom-ref": "863e3e46bb44ff41", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Noumea", + "hashes": [ + { + "alg": "SHA-1", + "content": "d8e75639c5dbd5aacc617f37e2d5003747a8a2e7" + }, + { + "alg": "SHA-256", + "content": "1526a7a4038213b58741e8a8a78404aca57d642dd3ceed86c641fcfad217b076" + } + ] + }, + { + "bom-ref": "bc7a57e20262ee4f", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Palau", + "hashes": [ + { + "alg": "SHA-1", + "content": "5d7598739759a6bc5a4907695beebb6c41a8d045" + }, + { + "alg": "SHA-256", + "content": "0915bffcc7173e539ac68d92f641cc1da05d8efeeee7d65613062e242a27ce64" + } + ] + }, + { + "bom-ref": "576fa0b745d60603", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Pitcairn", + "hashes": [ + { + "alg": "SHA-1", + "content": "e650a33fa02e1507b3b1720fa483a3a505784d67" + }, + { + "alg": "SHA-256", + "content": "3bae4477514e085ff4ac48e960f02ab83c2d005de1c7224d8ae8e0a60655d247" + } + ] + }, + { + "bom-ref": "ed3622667116df82", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Rarotonga", + "hashes": [ + { + "alg": "SHA-1", + "content": "dbdac5a429cf392f51c37a685c51690e4ff97263" + }, + { + "alg": "SHA-256", + "content": "deeaf48e2050a94db457228c2376d27c0f8705a43e1e18c4953aac1d69359227" + } + ] + }, + { + "bom-ref": "e2295f10ac3fcc40", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Tahiti", + "hashes": [ + { + "alg": "SHA-1", + "content": "c38a00fdc386eabc2c267e49cf2b84f7f5b5e7ba" + }, + { + "alg": "SHA-256", + "content": "f62a335d11580e104e2e28e60e4da6452e0c6fe2d7596d6eee7efdd2304d2b13" + } + ] + }, + { + "bom-ref": "8bacd41007b5e109", + "type": "file", + "name": "/usr/share/zoneinfo/Pacific/Tongatapu", + "hashes": [ + { + "alg": "SHA-1", + "content": "2948107fca9a51b432da408630a8507d5c6a1a59" + }, + { + "alg": "SHA-256", + "content": "6f44db6da6015031243c8a5c4be12720a099e4a4a0d8734e188649f4f6bc4c42" + } + ] + }, + { + "bom-ref": "798f2ecf54223fbe", + "type": "file", + "name": "/usr/share/zoneinfo/iso3166.tab", + "hashes": [ + { + "alg": "SHA-1", + "content": "658298663cd122665c3f4b2019be2663aab26185" + }, + { + "alg": "SHA-256", + "content": "837c80785080c8433fd9d4ea87e78f161ac7a40389301c5153d4f90198baeb2a" + } + ] + }, + { + "bom-ref": "a9190084e3644c0e", + "type": "file", + "name": "/usr/share/zoneinfo/leap-seconds.list", + "hashes": [ + { + "alg": "SHA-1", + "content": "4948216423b85b93f9552524d99c528f5742202c" + }, + { + "alg": "SHA-256", + "content": "f060924e3a76ee4e464f6664035b7beae834155dd93a81c50e922f94dfdb1d20" + } + ] + }, + { + "bom-ref": "7481b9a678cfb593", + "type": "file", + "name": "/usr/share/zoneinfo/leapseconds", + "hashes": [ + { + "alg": "SHA-1", + "content": "83b99035e7a8067c846b48ac29c8319348800cc6" + }, + { + "alg": "SHA-256", + "content": "5514348190a3ef9f0f65fee87fca59b4d6d9292702ae0e84960011159a7c2767" + } + ] + }, + { + "bom-ref": "708dd170b218f2c7", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Abidjan", + "hashes": [ + { + "alg": "SHA-1", + "content": "5cc9b028b5bd2222200e20091a18868ea62c4f18" + }, + { + "alg": "SHA-256", + "content": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + } + ] + }, + { + "bom-ref": "f2d63fcbed1ebf04", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Addis_Ababa", + "hashes": [ + { + "alg": "SHA-1", + "content": "289d1fb5a419107bc1d23a84a9e06ad3f9ee8403" + }, + { + "alg": "SHA-256", + "content": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + } + ] + }, + { + "bom-ref": "5eaa64d615bfbbf6", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Algiers", + "hashes": [ + { + "alg": "SHA-1", + "content": "edb95d3dc9238b5545f4f1d85d8bc879cdacdec8" + }, + { + "alg": "SHA-256", + "content": "bda1698cd542c0e6e76dfbbcdab390cdd26f37a9d5826a57a50d5aab37f3b2a6" + } + ] + }, + { + "bom-ref": "b426a0890ba8c900", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Bangui", + "hashes": [ + { + "alg": "SHA-1", + "content": "30ba925b4670235915dddfa1dd824dd9d7295eac" + }, + { + "alg": "SHA-256", + "content": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + } + ] + }, + { + "bom-ref": "4054b00b1ba2fbcf", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Bissau", + "hashes": [ + { + "alg": "SHA-1", + "content": "adca16c6998258a9ccabcc8d4bcfe883a8d848f5" + }, + { + "alg": "SHA-256", + "content": "223bb10cfe846620c716f97f6c74ba34deec751c4b297965a28042f36f69a1a9" + } + ] + }, + { + "bom-ref": "e9a7daefbb8b52fc", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Blantyre", + "hashes": [ + { + "alg": "SHA-1", + "content": "b0ff96d087e4c86adb55b851c0d3800dfbb05e9a" + }, + { + "alg": "SHA-256", + "content": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + } + ] + }, + { + "bom-ref": "ae535b182d40b06e", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Cairo", + "hashes": [ + { + "alg": "SHA-1", + "content": "428e1f5f708eb4c131f29185bd602223027b3eac" + }, + { + "alg": "SHA-256", + "content": "2dfb7e1822d085a4899bd56a526b041681c84b55617daee91499fd1990a989fb" + } + ] + }, + { + "bom-ref": "706b737aa97ab26b", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Casablanca", + "hashes": [ + { + "alg": "SHA-1", + "content": "0a90bf261426bdb4544c441d1312c1866b056583" + }, + { + "alg": "SHA-256", + "content": "5f06da20694355706642644e3ffce81779e17cf37e302f7b6c5ef83390bb1723" + } + ] + }, + { + "bom-ref": "4c4c00f75a1b2521", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Ceuta", + "hashes": [ + { + "alg": "SHA-1", + "content": "029ce64badb36722c9e2191f3ce858c514aabbc1" + }, + { + "alg": "SHA-256", + "content": "0b0fb6fe714319b37c5aa22c56971abb2668a165fc8f72a6c763e70b47c7badf" + } + ] + }, + { + "bom-ref": "f4063f58b813e126", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/El_Aaiun", + "hashes": [ + { + "alg": "SHA-1", + "content": "562677dcaa1d34a7bd9744b5d3fc024d78ce7329" + }, + { + "alg": "SHA-256", + "content": "d47aadca5f9d163223d71c75fc5689fbf418968a805441f9681fecd816c9f0e8" + } + ] + }, + { + "bom-ref": "4cab43b7a6d64883", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Johannesburg", + "hashes": [ + { + "alg": "SHA-1", + "content": "65c0d4ab314cb72b8d8c768e3d0c3218848b61f1" + }, + { + "alg": "SHA-256", + "content": "6c1bcc752668e77585a308ae8543bd0bccd8e813865626e809bf94f3fe3d977e" + } + ] + }, + { + "bom-ref": "1da9452bc193c348", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Juba", + "hashes": [ + { + "alg": "SHA-1", + "content": "48173811f532aabc17b3798c40fad46a3df0e543" + }, + { + "alg": "SHA-256", + "content": "5159c8a843c9c072d3302fabe6a6501cdbfda29a1856c29dabeb5aff95d4c3f4" + } + ] + }, + { + "bom-ref": "762dee584417a829", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Khartoum", + "hashes": [ + { + "alg": "SHA-1", + "content": "7cde30d5acfd99119ef22162c1f8bcafb86eaf03" + }, + { + "alg": "SHA-256", + "content": "318583a09dc070222d65d029a1e3a0b565830f1aaec13a27e6fe533863fbd3ea" + } + ] + }, + { + "bom-ref": "891be320c08c7dcc", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Monrovia", + "hashes": [ + { + "alg": "SHA-1", + "content": "81b045ed68f73a8806c5f2104b573b0479c19bd0" + }, + { + "alg": "SHA-256", + "content": "f95b095b9714e0a76f7e061a415bf895cbb399a28854531de369cee915ce05d5" + } + ] + }, + { + "bom-ref": "ce3dfe4995c8f24f", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Ndjamena", + "hashes": [ + { + "alg": "SHA-1", + "content": "035072509f30da9a5a27b48910ae180f9c6b4b15" + }, + { + "alg": "SHA-256", + "content": "f13dc0d199bd1a3d01be6eab77cf2ddc60172a229d1947c7948a98964608d0a3" + } + ] + }, + { + "bom-ref": "7b0126f480a1d35a", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Sao_Tome", + "hashes": [ + { + "alg": "SHA-1", + "content": "7d2cac076d99bc5e38ba27b67113317ad496d3b1" + }, + { + "alg": "SHA-256", + "content": "31d8f1a50dbaf2ecc9ed9c7566ba0552d454c2ab09e85ff263701857d157c352" + } + ] + }, + { + "bom-ref": "67626b40a8ea206b", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Tripoli", + "hashes": [ + { + "alg": "SHA-1", + "content": "fabf4010ab003c26947df60b5e359781670caa70" + }, + { + "alg": "SHA-256", + "content": "5b5769b460fbd13ee9a46a28d1f733150783888a749ee96d2cd3d5eba3300767" + } + ] + }, + { + "bom-ref": "cf7f960b881084d1", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Tunis", + "hashes": [ + { + "alg": "SHA-1", + "content": "c44e2d3c1e351f1004ab69ea559feb8ccdd65f64" + }, + { + "alg": "SHA-256", + "content": "38554c10ce1e613d84cf46deba1114093488a5c165756c6c576b84a1364850d2" + } + ] + }, + { + "bom-ref": "4f17e9450cb616ff", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Africa/Windhoek", + "hashes": [ + { + "alg": "SHA-1", + "content": "650da30ebf5b460404c98be416f9580d9795dffb" + }, + { + "alg": "SHA-256", + "content": "639c868f5284fdf750a11e21b9aa6a972cb48596c8afbc8f949d8efeb6128d1c" + } + ] + }, + { + "bom-ref": "4e1ca7b19d9ea1e5", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Adak", + "hashes": [ + { + "alg": "SHA-1", + "content": "be58a7c839146fa675eeb6dad748c08d0647542c" + }, + { + "alg": "SHA-256", + "content": "201d4387025000a6e13c9f631cb7fccd6e4369dec7224052f9d86feb81353a53" + } + ] + }, + { + "bom-ref": "7366e6a01808526e", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Anchorage", + "hashes": [ + { + "alg": "SHA-1", + "content": "275760f2eb22160c578089566f68042a5f4d2f57" + }, + { + "alg": "SHA-256", + "content": "a190353523d2d8159dca66299c21c53bc0656154be965e4a2e0d84cfd09b113b" + } + ] + }, + { + "bom-ref": "636826ee7c43e6fa", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Anguilla", + "hashes": [ + { + "alg": "SHA-1", + "content": "fcf8be5296496a5dd3a7a97ed331b0bb5c861450" + }, + { + "alg": "SHA-256", + "content": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + } + ] + }, + { + "bom-ref": "d3edd44f6865e2b6", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Araguaina", + "hashes": [ + { + "alg": "SHA-1", + "content": "86307f5f8222c3ae21815c2844f6fca38f94b55d" + }, + { + "alg": "SHA-256", + "content": "929a628b2b6649079eb1f97234660cdebf0d5549750be820bb4f2cf7f4edf9ca" + } + ] + }, + { + "bom-ref": "028dadd23d403b43", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Argentina/Buenos_Aires", + "hashes": [ + { + "alg": "SHA-1", + "content": "6e7ba0a5dcf870abab721a47adbbc8f93af1db56" + }, + { + "alg": "SHA-256", + "content": "9ed9ff1851da75bac527866e854ea1daecdb170983c92f665d5e52dbca64185f" + } + ] + }, + { + "bom-ref": "e5b54b73ef3461ad", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Argentina/Catamarca", + "hashes": [ + { + "alg": "SHA-1", + "content": "ac9a4e79fe5a861447c23d68cccb35762d5f3aa4" + }, + { + "alg": "SHA-256", + "content": "7621f57fdea46db63eee0258427482347b379fd7701c9a94852746371d4bec8d" + } + ] + }, + { + "bom-ref": "9447ec7fc9baea14", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Argentina/Cordoba", + "hashes": [ + { + "alg": "SHA-1", + "content": "04f2815d23c3c63ac6bd204a2935f18366c8d182" + }, + { + "alg": "SHA-256", + "content": "d57a883fc428d9b3d1efdd3d86b008faa02db726e6c045b89acec58d903961fc" + } + ] + }, + { + "bom-ref": "f79fda36a0e19923", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Argentina/Jujuy", + "hashes": [ + { + "alg": "SHA-1", + "content": "12099cd844cb19e4842eca3457c937dd9580b0fd" + }, + { + "alg": "SHA-256", + "content": "e474744e564589fc09e672d39a0ef25978024f1f664616a17ece3f5aaef4c0e6" + } + ] + }, + { + "bom-ref": "6dc93bf4829cb8ce", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Argentina/La_Rioja", + "hashes": [ + { + "alg": "SHA-1", + "content": "a2c4c6ee89eacd8b99867fddcd8db684e15f8ee9" + }, + { + "alg": "SHA-256", + "content": "65ffc4dda905135614b7d319e31c5b4673aba766c7d43f818ec73448b15f4725" + } + ] + }, + { + "bom-ref": "e7a70bbb02e6931f", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Argentina/Mendoza", + "hashes": [ + { + "alg": "SHA-1", + "content": "e321681c40214a181d2c4ec2015f740507811fbe" + }, + { + "alg": "SHA-256", + "content": "e43262618790a5c2c147f228209b64e3722cc0978661ac31e46ca4b33b89f8dc" + } + ] + }, + { + "bom-ref": "4a547b957bb16238", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Argentina/Rio_Gallegos", + "hashes": [ + { + "alg": "SHA-1", + "content": "a508a0daafb22185e4f39d040b2f15053bc2b2a5" + }, + { + "alg": "SHA-256", + "content": "4fded6003c2f6ba25bc480af88d414b7fee2c3d73e9e5a08e10242b1c10d49c9" + } + ] + }, + { + "bom-ref": "5fec325ab2367c56", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Argentina/Salta", + "hashes": [ + { + "alg": "SHA-1", + "content": "ba6390b0c61d1c92c30692a309b9cfd3c54f9a41" + }, + { + "alg": "SHA-256", + "content": "013c34b91eaccd628fb3a8f3767eab7af4bb5310970f6e8e44aea3966b232f5f" + } + ] + }, + { + "bom-ref": "4983ebde4b36d4bd", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Argentina/San_Juan", + "hashes": [ + { + "alg": "SHA-1", + "content": "2ef1b1742c1daf27a441e1dd81f3ee2e21cbab6f" + }, + { + "alg": "SHA-256", + "content": "aa55baf776b44e7a1fcbe45d71506e598dc3bd34c6c56c1c61d294dd8f7ca57f" + } + ] + }, + { + "bom-ref": "5ea9fa5ae87e7aed", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Argentina/San_Luis", + "hashes": [ + { + "alg": "SHA-1", + "content": "c6469d1173cff2a995e00bef9764294185d65af6" + }, + { + "alg": "SHA-256", + "content": "59875cae8e7e15ef8de8b910b0ac31ff5b55a339a7069e7c0ced7e049b36b2ea" + } + ] + }, + { + "bom-ref": "9b647f55ebb0b60b", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Argentina/Tucuman", + "hashes": [ + { + "alg": "SHA-1", + "content": "9bbe6f5300224148f2451195f471e7f310cd2bde" + }, + { + "alg": "SHA-256", + "content": "c2c8e0d5ae4033574fda08ebd75da4defb79e2dadc38e33f4ad17be31cef0497" + } + ] + }, + { + "bom-ref": "ad88d08f39df0077", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Argentina/Ushuaia", + "hashes": [ + { + "alg": "SHA-1", + "content": "0d6b6844b13bf120a80b7e72147ca94a111ae39e" + }, + { + "alg": "SHA-256", + "content": "f79e3c56fabf929c3f357e6ceb9bd8b886eabf0195f8f071ab099cadf94b2345" + } + ] + }, + { + "bom-ref": "84989d803046a4cc", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Asuncion", + "hashes": [ + { + "alg": "SHA-1", + "content": "e91a29807bc92d61324d265ab40c3fa651e66cb7" + }, + { + "alg": "SHA-256", + "content": "a9e3a3a4b284bb3ed45dabfb7b1df7e14c482e835c7b5856ab6cdfbf1ef4c709" + } + ] + }, + { + "bom-ref": "c52ed71aa894aa39", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Atikokan", + "hashes": [ + { + "alg": "SHA-1", + "content": "a94fbc2d567e41723f03629b6c9a864260108a17" + }, + { + "alg": "SHA-256", + "content": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + } + ] + }, + { + "bom-ref": "3b945d58d746a6b6", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Bahia", + "hashes": [ + { + "alg": "SHA-1", + "content": "f6df0a2d176d0df66fae90bc35a9f8f1ee9b249b" + }, + { + "alg": "SHA-256", + "content": "7262e448003320d9736065c1a800c4537b8f800f52e67b7ea75015dd9cbce956" + } + ] + }, + { + "bom-ref": "d306fdcd238494dd", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Bahia_Banderas", + "hashes": [ + { + "alg": "SHA-1", + "content": "33e0f3d5c7eace9077bacfa4f2b6e1e4b374fdb5" + }, + { + "alg": "SHA-256", + "content": "32fad7189e4bcda1ce7a0b89ab1b33c63c4c85569f1956e4fa88d711ceff6042" + } + ] + }, + { + "bom-ref": "27b60de34eee0b61", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Barbados", + "hashes": [ + { + "alg": "SHA-1", + "content": "5904a49c6c0ce8f10178fe13174ed9c964a8312a" + }, + { + "alg": "SHA-256", + "content": "8a66be42bae16b3bb841fbeed99d3e7ba13e193898927b8906ee9cdb2546f4b1" + } + ] + }, + { + "bom-ref": "6fcc59ea1daed1c0", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Belem", + "hashes": [ + { + "alg": "SHA-1", + "content": "b29f1ee834833e89c06ef39b80b8f8c0b49ad31d" + }, + { + "alg": "SHA-256", + "content": "ff6e7c85064b0845c15fcc512f2412c3e004fa38839a3570257df698de545049" + } + ] + }, + { + "bom-ref": "35312210bdc0464f", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Belize", + "hashes": [ + { + "alg": "SHA-1", + "content": "4728ee967fe9745f4b614e5b511da1c08bd3689c" + }, + { + "alg": "SHA-256", + "content": "a647cb63629f3dc85b7896b5a56717996030a7866546fc562d57b35e7adb930b" + } + ] + }, + { + "bom-ref": "3d034132e6079387", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Boa_Vista", + "hashes": [ + { + "alg": "SHA-1", + "content": "a32d00603897fd4d970a675e5c01656f8652f598" + }, + { + "alg": "SHA-256", + "content": "5785553a4ac5515d6a51f569f44f7be0838916603943142b72d6ad4c111bfa1b" + } + ] + }, + { + "bom-ref": "08c0d75a4724966d", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Bogota", + "hashes": [ + { + "alg": "SHA-1", + "content": "1e810e3d76edd6adf16384b7e49d2236b9c57ee1" + }, + { + "alg": "SHA-256", + "content": "afe3b7e1d826b7507bc08da3c5c7e5d2b0ae33dfb0d7f66a8c63708c98700e24" + } + ] + }, + { + "bom-ref": "800aa6d1893bdd9e", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Boise", + "hashes": [ + { + "alg": "SHA-1", + "content": "e0608b89be80aaa6660eee5964203ad760b0659a" + }, + { + "alg": "SHA-256", + "content": "ec742c34f262521790805cf99152ef4e77f9c615c061a78036a0ec9312b3d95b" + } + ] + }, + { + "bom-ref": "f895d61410f55511", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Cambridge_Bay", + "hashes": [ + { + "alg": "SHA-1", + "content": "dcfc3c07c7366b75916af1dccd366fd1077e5b18" + }, + { + "alg": "SHA-256", + "content": "ff8c51957dd6755a4472aa13ea6c83ecd7930979e7f4e624fe21f4d3a6f050ba" + } + ] + }, + { + "bom-ref": "57174e40dd79a7b8", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Campo_Grande", + "hashes": [ + { + "alg": "SHA-1", + "content": "9a7b1e23290eeb4394e91e0ef4adc00b9ba4def5" + }, + { + "alg": "SHA-256", + "content": "e41044351dfff20269e05fd48f6451927bd173824958d44f9d953d13bb5bf102" + } + ] + }, + { + "bom-ref": "d60a955930ff4a3f", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Cancun", + "hashes": [ + { + "alg": "SHA-1", + "content": "cf74e0c9c8ba2365819123eaddd6817606064eaf" + }, + { + "alg": "SHA-256", + "content": "11d574370d968cced59e3147a2ae63b126cbbae13b78fd4e13be2eb44c96246e" + } + ] + }, + { + "bom-ref": "404e0f2c906fcf3e", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Caracas", + "hashes": [ + { + "alg": "SHA-1", + "content": "3914e45c3922bc30b89498066fb637cc04886462" + }, + { + "alg": "SHA-256", + "content": "d8da705cf12d42423cd96099b905875dfeba54200371ac0ca5f84a4ecb80d31e" + } + ] + }, + { + "bom-ref": "2390dfa51e4ff768", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Cayenne", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f888b09b894c79fa691466a4f4eaaa83da367e0" + }, + { + "alg": "SHA-256", + "content": "6ad55b5b90a1262290feafb7905b3e0cb4d365af69b64887926265ab8017a18e" + } + ] + }, + { + "bom-ref": "b91225324d6263a0", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Chicago", + "hashes": [ + { + "alg": "SHA-1", + "content": "0a037f985f6fa0b392c95c7afb247f16a3925a7e" + }, + { + "alg": "SHA-256", + "content": "feba326ebe88eac20017a718748c46c68469a1e7f5e7716dcb8f1d43a6e6f686" + } + ] + }, + { + "bom-ref": "f3e2614697a555d3", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Chihuahua", + "hashes": [ + { + "alg": "SHA-1", + "content": "e0c67cc4ed5fe366fb39d9e55b02082254606e47" + }, + { + "alg": "SHA-256", + "content": "dcd8336de760f00cc0ab1b1b4121b48d5471f8bc58970d62de4c7e63397ed887" + } + ] + }, + { + "bom-ref": "b8afad39a9ebfd7c", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Ciudad_Juarez", + "hashes": [ + { + "alg": "SHA-1", + "content": "fe11c20a18788db4260afcaa5d952c219f4777d2" + }, + { + "alg": "SHA-256", + "content": "8abe1bdbb0e216b84bd07e1f650f769c46be041a0f7cb588cf7a61537ef77601" + } + ] + }, + { + "bom-ref": "6ef6737447295ce7", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Costa_Rica", + "hashes": [ + { + "alg": "SHA-1", + "content": "2d1fd66de0198ddfcc1958fbaaaaba9cdb7b1d8f" + }, + { + "alg": "SHA-256", + "content": "ef8ad86ba96b80893296cf4f907a3c482625f683aa8ae1b94bb31676725e94fe" + } + ] + }, + { + "bom-ref": "807df220f5b72e03", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Coyhaique", + "hashes": [ + { + "alg": "SHA-1", + "content": "0922bbda5c964aac267330bedf39deae6d2e0636" + }, + { + "alg": "SHA-256", + "content": "1c54d0a27e44241baf597e2406334a6d29124ccc3a7edce42e070bab4f77c027" + } + ] + }, + { + "bom-ref": "10db08e203dc8002", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Creston", + "hashes": [ + { + "alg": "SHA-1", + "content": "a3f54df3a017c38626f04bd9576a0a11663303fd" + }, + { + "alg": "SHA-256", + "content": "8a5973d2c62e2cbf2520f2b44e4a2ee9d2f455c93f0f45bfdeb4533af1584664" + } + ] + }, + { + "bom-ref": "ba42caa71e93d958", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Cuiaba", + "hashes": [ + { + "alg": "SHA-1", + "content": "1a6b69bdf16991900ae16a00deb7ffbf722d5486" + }, + { + "alg": "SHA-256", + "content": "33416c47c4fdb388c54aecc3f108baa6ab5be917f6353cf254728666b9f9ea7e" + } + ] + }, + { + "bom-ref": "8bed8fda8c543629", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Danmarkshavn", + "hashes": [ + { + "alg": "SHA-1", + "content": "3bfae70ff7ffa8b928ba4bf0bcb5452d09ec0407" + }, + { + "alg": "SHA-256", + "content": "6116407d40a856d68bd4bf8c60c60c1f5c3239a5509df528fe0167bcc5d2bb3c" + } + ] + }, + { + "bom-ref": "0554a04109a113fa", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Dawson", + "hashes": [ + { + "alg": "SHA-1", + "content": "dc241cb66d50821505cc7708d43ee9b1e77a36dc" + }, + { + "alg": "SHA-256", + "content": "ac01e1cae32eca37ff7b20364811bbe8c4417ff7e3ff18b9140ba2595420261c" + } + ] + }, + { + "bom-ref": "cd840c892dbec610", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Dawson_Creek", + "hashes": [ + { + "alg": "SHA-1", + "content": "dd98b887a02f1ae2785d5d6fe7d77e91ec5aae83" + }, + { + "alg": "SHA-256", + "content": "6895c2c8fe23de0804e3018237e2eb4bd8690ffe73587cd04de4802935843d43" + } + ] + }, + { + "bom-ref": "f3ee23e99741aee9", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Denver", + "hashes": [ + { + "alg": "SHA-1", + "content": "faa7d6cf4178d032d8ba8a4d77eac0fd47f8a718" + }, + { + "alg": "SHA-256", + "content": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + } + ] + }, + { + "bom-ref": "503e22ea1ae00bff", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Detroit", + "hashes": [ + { + "alg": "SHA-1", + "content": "6597537b399eab91a66e32bb4edae466de96a146" + }, + { + "alg": "SHA-256", + "content": "85e733f32a98d828f907ad46de02d9740559bd180af65d0ff7473f80dfae0f98" + } + ] + }, + { + "bom-ref": "84289022f58576ce", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Edmonton", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f441f7a62122e43a963260550efb1a1ff3100c2" + }, + { + "alg": "SHA-256", + "content": "f939087dcdd096f6827f4a7c08e678dd8d47441025fa7011522f8975778ad6f1" + } + ] + }, + { + "bom-ref": "bbd8826fbc7d4c0b", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Eirunepe", + "hashes": [ + { + "alg": "SHA-1", + "content": "45e5dd1baab63d6970c0424cd8ae77bfadfdfd61" + }, + { + "alg": "SHA-256", + "content": "a52f741d9cd1c07e137fcba098a1df8a9857ef308fa99921ff408d6fe7c43003" + } + ] + }, + { + "bom-ref": "5f2e5395ca7b421f", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/El_Salvador", + "hashes": [ + { + "alg": "SHA-1", + "content": "45b4b952081502968b04b36e7cae24b987e9f532" + }, + { + "alg": "SHA-256", + "content": "82f18df0b923fac1a6dbfaecf0e52300c7f5a0cb4aa765deb3a51f593d16aa05" + } + ] + }, + { + "bom-ref": "96c7c4394fb89eb7", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Ensenada", + "hashes": [ + { + "alg": "SHA-1", + "content": "6ad63533ea183b2895759a9702ea96f0fff98759" + }, + { + "alg": "SHA-256", + "content": "8c2e7b321726e6345912da396796bdb3672bfc4bd1a91c65ee58b38e004d4ca5" + } + ] + }, + { + "bom-ref": "ca000ca372e4d431", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Fort_Nelson", + "hashes": [ + { + "alg": "SHA-1", + "content": "a453ec818cd948cc2492666443d4e39637ed7040" + }, + { + "alg": "SHA-256", + "content": "7ab7ce0ebdc3ad2a73eb990074eed3b367466d9c6f75d10fea0c78057df2d89d" + } + ] + }, + { + "bom-ref": "337818befc3ad70c", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Fort_Wayne", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad1a26bddb9304a620b2c6f7ec9f3a5226622906" + }, + { + "alg": "SHA-256", + "content": "90d2b2f4a8fd202b226187c209b020833300edec5ff86a463ccc685e8707532c" + } + ] + }, + { + "bom-ref": "29bc63839999e78e", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Fortaleza", + "hashes": [ + { + "alg": "SHA-1", + "content": "aa8e9c8cd8301dd0a61085ada31923f7e1ccc983" + }, + { + "alg": "SHA-256", + "content": "9884ee32b44b4535b2a22174e0ecbf519f20c59a1f4e95c36e533cb7b721ed28" + } + ] + }, + { + "bom-ref": "e9f26b2889649ba5", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Glace_Bay", + "hashes": [ + { + "alg": "SHA-1", + "content": "40ba9843662a853c1d3643395db1a75c1164951f" + }, + { + "alg": "SHA-256", + "content": "1bc0c62c609aa47fda60217f3a168be50a277fb14e02000fc1e94ee61b425817" + } + ] + }, + { + "bom-ref": "62a35e2874bfe2d7", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Godthab", + "hashes": [ + { + "alg": "SHA-1", + "content": "4ff7ac72af2c09efd8e1779e5fba28288439df41" + }, + { + "alg": "SHA-256", + "content": "d10822ffacf8c01b25cee6d99f0f862eea713a894818a9f1a3b63353519c4202" + } + ] + }, + { + "bom-ref": "0e64f6f90d9e0545", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Goose_Bay", + "hashes": [ + { + "alg": "SHA-1", + "content": "21d4df7695accb7b5164e41e28452f9655cd91a0" + }, + { + "alg": "SHA-256", + "content": "26068bb9e8214af5f683bdb914e7c882982fb2ac591b29163a1019586a506516" + } + ] + }, + { + "bom-ref": "6c7dffa3a28243d1", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Grand_Turk", + "hashes": [ + { + "alg": "SHA-1", + "content": "48735366abbf3760087cd1533f24415136763745" + }, + { + "alg": "SHA-256", + "content": "e1838510f2bad017a5dbf7c2b18eaf499c5470c24a8e22adc8e7ff4349211305" + } + ] + }, + { + "bom-ref": "783ef47a4b6cc7c7", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Guatemala", + "hashes": [ + { + "alg": "SHA-1", + "content": "e0d50c845873aa466c9a2b020326d57af4d39b3d" + }, + { + "alg": "SHA-256", + "content": "76e81480277a418e76c87907b943f88d15b3a39c78dfd2108a06980af105e3a4" + } + ] + }, + { + "bom-ref": "ac44cca1e7a44914", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Guayaquil", + "hashes": [ + { + "alg": "SHA-1", + "content": "8415ce0daac4cfe819154671e05b4185b9c08970" + }, + { + "alg": "SHA-256", + "content": "3db705e1bbc6026f9a17076d18fa2d272de46f8370a325b0c60c0bf7c05e5160" + } + ] + }, + { + "bom-ref": "043fb5366c6c3f62", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Guyana", + "hashes": [ + { + "alg": "SHA-1", + "content": "d48d26f50f53db2dd9ddcbb6acb5723cb49e81b2" + }, + { + "alg": "SHA-256", + "content": "89c1eed182c2261c24f43e3b7f85420478277b1eb21ab638245b6391f308783b" + } + ] + }, + { + "bom-ref": "259405cab0d1a560", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Halifax", + "hashes": [ + { + "alg": "SHA-1", + "content": "93568fd7e148b3f61fca5f36f8ae0a5b3b107fe3" + }, + { + "alg": "SHA-256", + "content": "4d9a667393f05a82df4df42843f6f7535ec113689529278d911d07a3c99b4e7f" + } + ] + }, + { + "bom-ref": "634e2721b391cd86", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Havana", + "hashes": [ + { + "alg": "SHA-1", + "content": "51c1a7a700e4028481e506e58faf22f9677c5e29" + }, + { + "alg": "SHA-256", + "content": "1d441e02e281b04908e522d98eaca75c808e51539a8e42b3287e6bf8ebf939d7" + } + ] + }, + { + "bom-ref": "78ccdae019d28585", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Hermosillo", + "hashes": [ + { + "alg": "SHA-1", + "content": "e055ab758b61beef7d8a4ee5a6b38d789c5f6b2c" + }, + { + "alg": "SHA-256", + "content": "8b160a7acb4b992ee05a86e4f4aaba16d2d9a35caa6d601cb6b1542a5bb372dc" + } + ] + }, + { + "bom-ref": "ff7c90f720c54752", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Indiana/Knox", + "hashes": [ + { + "alg": "SHA-1", + "content": "41fdfe70a9789d427dc4be468f559a97ee9fcf54" + }, + { + "alg": "SHA-256", + "content": "0acbd9e412b0daa55abf7c7f17c094f6d68974393b8d7e3509fb2a9acea35d5f" + } + ] + }, + { + "bom-ref": "4dde89b97050f0d3", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Indiana/Marengo", + "hashes": [ + { + "alg": "SHA-1", + "content": "0530ef4b3396d7031cc5e4ff82dc42c10f2f89a1" + }, + { + "alg": "SHA-256", + "content": "7f7b50fa580c49403b9ef9fae295e12ad24bee65b319a8e809e81ae4c10949b2" + } + ] + }, + { + "bom-ref": "551a77d088635f9b", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Indiana/Petersburg", + "hashes": [ + { + "alg": "SHA-1", + "content": "570cef94f900163bce34b3f85b9ea5b36df92146" + }, + { + "alg": "SHA-256", + "content": "03cf0e1ee334460de230b1e32a05eafddda36427554b2b5442cfbd5b429c1724" + } + ] + }, + { + "bom-ref": "38c3fabbad78e2b0", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Indiana/Tell_City", + "hashes": [ + { + "alg": "SHA-1", + "content": "20594c1309a07d4691ff9af0a77782b5e2d95c61" + }, + { + "alg": "SHA-256", + "content": "e1d5aa02bf58d815df2f8a40424fbcd5cde01a5d9c35d1d7383effc09861867f" + } + ] + }, + { + "bom-ref": "a1f9e28be9e1515a", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Indiana/Vevay", + "hashes": [ + { + "alg": "SHA-1", + "content": "3959be4d9e86c9c1a7f8febc46554584b2a7ceff" + }, + { + "alg": "SHA-256", + "content": "1fb551d86fbfb03fc2e519b83f78358910b515608f8389b43060f73f53cbcec9" + } + ] + }, + { + "bom-ref": "4bb7d8e23c355cf0", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Indiana/Vincennes", + "hashes": [ + { + "alg": "SHA-1", + "content": "f9a3d65b42b008c5a85c73934fcf94eaeac4b931" + }, + { + "alg": "SHA-256", + "content": "eb6980c53ec03c509aa3281f96713374ea5ef9fb96d7239b23a9ba11451c4bb0" + } + ] + }, + { + "bom-ref": "385ad24ba0f04bad", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Indiana/Winamac", + "hashes": [ + { + "alg": "SHA-1", + "content": "5d169fbd02f628dd6fdafbbab7a7e4a6da54fd21" + }, + { + "alg": "SHA-256", + "content": "69918cda347c087f411d252aed7ca08b078377a768ad72cf5e0db8e97b1b47ab" + } + ] + }, + { + "bom-ref": "20811c14c8ff84dd", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Inuvik", + "hashes": [ + { + "alg": "SHA-1", + "content": "1291de8f6d914ee264f0b27a55278ff12a00ad7a" + }, + { + "alg": "SHA-256", + "content": "e89fa66a90e7ae4f40d4bb6cc28137e2da92cbfb9f79d70404dc62c64ac48c8a" + } + ] + }, + { + "bom-ref": "51e5cd74bb2ff2b6", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Iqaluit", + "hashes": [ + { + "alg": "SHA-1", + "content": "210193fdb9be1a88f5d245ddf3dce819469be233" + }, + { + "alg": "SHA-256", + "content": "7de3a7c40374374afe335aa592b03824cc9ac28734b6a69ed2288108f0c0b389" + } + ] + }, + { + "bom-ref": "47eaba1f98f04820", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Jamaica", + "hashes": [ + { + "alg": "SHA-1", + "content": "77453a2772c127d0b213f8580ff7890cbf7b4929" + }, + { + "alg": "SHA-256", + "content": "c256a089e50f45fe7e6de89efa1ed0b0e35b3738c6b26f2f32cf2e7f6f29c36f" + } + ] + }, + { + "bom-ref": "b0fa9cbd276df6bd", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Juneau", + "hashes": [ + { + "alg": "SHA-1", + "content": "740e88dcd737d076404c386330bd379d55ee8281" + }, + { + "alg": "SHA-256", + "content": "93b8716f46864677e713e0c18b72e472303344fc807f4fc7c34bd515f8c679bd" + } + ] + }, + { + "bom-ref": "5fb2236f15b7246f", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Kentucky/Louisville", + "hashes": [ + { + "alg": "SHA-1", + "content": "a63a322042aab6a2583de2f636a5eb15f71eae33" + }, + { + "alg": "SHA-256", + "content": "b4fd3bdb157f9ffbc8423c71709efb0067868fac8bd4a3e99f77f089db3d8355" + } + ] + }, + { + "bom-ref": "57338feedf76dae2", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Kentucky/Monticello", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad63bf4d1228ab308b2ed6758c21fbebb56395db" + }, + { + "alg": "SHA-256", + "content": "2ed7720a8f3906b5d0b3aae51fad589bef0aa961c7e8fc003a30f44318487733" + } + ] + }, + { + "bom-ref": "be1fb51e4d61dcd6", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/La_Paz", + "hashes": [ + { + "alg": "SHA-1", + "content": "631b8d0f538c7ec23d132fd7d72fb1ff64b938ae" + }, + { + "alg": "SHA-256", + "content": "3c0185d9553f40ec36c53d42a9da763fc023f615cc55694207257b72f7c843f9" + } + ] + }, + { + "bom-ref": "0aab09bf1271c5bd", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Lima", + "hashes": [ + { + "alg": "SHA-1", + "content": "75864c99309070f61b033c039b7509c89da5ab08" + }, + { + "alg": "SHA-256", + "content": "2470c283de6ec3a044bb86b819fca2926d6cf2b9bc02c60f1bc749c5040d645b" + } + ] + }, + { + "bom-ref": "31b6aed83a59a4d7", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Los_Angeles", + "hashes": [ + { + "alg": "SHA-1", + "content": "a4f1faebf0f0d032290ef87bb9973c2ff8f84074" + }, + { + "alg": "SHA-256", + "content": "68977bb9ad6d186fefc6c7abd36010a66e30008dcb2d376087a41c49861e7268" + } + ] + }, + { + "bom-ref": "f754203069453f64", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Maceio", + "hashes": [ + { + "alg": "SHA-1", + "content": "c0295301332918d79abf0bb349cc1fee3b9f2db9" + }, + { + "alg": "SHA-256", + "content": "a738cd82199e1e1bc5e1a237703ab61bfe6def505234621b4401793662720e6c" + } + ] + }, + { + "bom-ref": "155deab0d1b75139", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Managua", + "hashes": [ + { + "alg": "SHA-1", + "content": "566a887308e8e16a9cebb62f3d4124b42c331674" + }, + { + "alg": "SHA-256", + "content": "c41cc5d350079f61367c3f10772f831c57b7e94aa878da4a3df0a176e04a59d9" + } + ] + }, + { + "bom-ref": "7d5d839b76215ad9", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Manaus", + "hashes": [ + { + "alg": "SHA-1", + "content": "a759afda024a0ba961569017b3003805849c6f61" + }, + { + "alg": "SHA-256", + "content": "969e91964717250ee64ac2aa9c4802f2cbc956b143264ff5eb1c6f7e9352a4ae" + } + ] + }, + { + "bom-ref": "16588574ba987865", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Martinique", + "hashes": [ + { + "alg": "SHA-1", + "content": "caf0e4c5fdae59d1b6c1278ad7ac84bf03bcb0a9" + }, + { + "alg": "SHA-256", + "content": "7ccb3cd24394d9816f0b47fdcb67a37bdec9780b536016a65eb9e54ee9cd2f34" + } + ] + }, + { + "bom-ref": "b4ccccec0713b3e6", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Matamoros", + "hashes": [ + { + "alg": "SHA-1", + "content": "638e4541bddbb0164c8d62590ff1bb97f88b822e" + }, + { + "alg": "SHA-256", + "content": "7eaf8fa9d999ad0f7c52c1661c0f62be3059bf91840514ceb8b4390aee5a8d6f" + } + ] + }, + { + "bom-ref": "a94c967281cc09b1", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Mazatlan", + "hashes": [ + { + "alg": "SHA-1", + "content": "44c28415e815f8e2b53604195f85da07b04d829d" + }, + { + "alg": "SHA-256", + "content": "0561f636a54f0353ecc842cf37fd8117c2a596bb26424aa0d5eba3b10be79f1f" + } + ] + }, + { + "bom-ref": "aa7c6fe4e206bc29", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Menominee", + "hashes": [ + { + "alg": "SHA-1", + "content": "88fd8d108c020a3294eae6c83ad187cf0b01a602" + }, + { + "alg": "SHA-256", + "content": "02bbfd58b6df84d72946c5231c353be7b044770969d3c1addf4022c46de0674e" + } + ] + }, + { + "bom-ref": "5815083ad3d1b4cd", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Merida", + "hashes": [ + { + "alg": "SHA-1", + "content": "8e07f8356362c517ef41035a0394a59363cebfc0" + }, + { + "alg": "SHA-256", + "content": "4953441c26b38e899fb67b8f5416b2148f84f884345a696e1df4e91cfd21dddd" + } + ] + }, + { + "bom-ref": "b7f83def08194949", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Metlakatla", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f327158b98652913af4d66c5257cfc014340536" + }, + { + "alg": "SHA-256", + "content": "b709a27864d563657e53c9c5c6abf1edab18bfc1958de59d2edace23b500a552" + } + ] + }, + { + "bom-ref": "fa1a0ca8233565f2", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Mexico_City", + "hashes": [ + { + "alg": "SHA-1", + "content": "f46bb76507fbd52204eef47c12c9320bd7945af7" + }, + { + "alg": "SHA-256", + "content": "528836f85316cf6a35da347ab0af6f7a625a98b7a8e8e105310477b34c53c647" + } + ] + }, + { + "bom-ref": "bc4114dabf5c1926", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Miquelon", + "hashes": [ + { + "alg": "SHA-1", + "content": "1418becc2c2023ac3dba15d27e5fd6b6b3b6fd5a" + }, + { + "alg": "SHA-256", + "content": "c1e3fb359fc8c508ace29266314768a6211b28e217c2457b2d3c6e9e0cdbf06d" + } + ] + }, + { + "bom-ref": "2419686c77b5d0d7", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Moncton", + "hashes": [ + { + "alg": "SHA-1", + "content": "c08e5d548c3bb971f1a1236c397ded4f7227d769" + }, + { + "alg": "SHA-256", + "content": "5a6bfe6e4f5a28a7165b33a9735505bbaec739fc1a224d969a1dcb82a19cb72b" + } + ] + }, + { + "bom-ref": "f024214f6c82dc25", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Monterrey", + "hashes": [ + { + "alg": "SHA-1", + "content": "ceaf09cf6075be4ff98b5716e65d197c9f302864" + }, + { + "alg": "SHA-256", + "content": "622c5311226e6dfe990545f2ea0df6840336811e065d73ea394e2dbf42f7906d" + } + ] + }, + { + "bom-ref": "fc2d9d293f0e545b", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Montevideo", + "hashes": [ + { + "alg": "SHA-1", + "content": "06e3ef1048ffd289a424fba8e053601b353cc2fa" + }, + { + "alg": "SHA-256", + "content": "e237204de80ae57f05d32358ce4fb7a32499e14f57434f546d327f9a5bbc37bd" + } + ] + }, + { + "bom-ref": "8a8d315146c83b5b", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Montreal", + "hashes": [ + { + "alg": "SHA-1", + "content": "a6d038ecff7126ee19ebb08a40d157c9a79964cd" + }, + { + "alg": "SHA-256", + "content": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + } + ] + }, + { + "bom-ref": "949f877ffcc782bd", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/New_York", + "hashes": [ + { + "alg": "SHA-1", + "content": "bc9337182ee4bad790b527f56bd3d2130691d693" + }, + { + "alg": "SHA-256", + "content": "e9ed07d7bee0c76a9d442d091ef1f01668fee7c4f26014c0a868b19fe6c18a95" + } + ] + }, + { + "bom-ref": "b527118fa63d4dce", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Nome", + "hashes": [ + { + "alg": "SHA-1", + "content": "1e6cf03e0c8fbb7a079090cf164e73291681bafc" + }, + { + "alg": "SHA-256", + "content": "da2cccdfe3fe3ea27dcdae8c761cc57ccbcf14dabb1a29baf6d02f1303de636b" + } + ] + }, + { + "bom-ref": "d4d597f6762866c3", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Noronha", + "hashes": [ + { + "alg": "SHA-1", + "content": "f0e29b45f9003c1ff8ed350b40b1369e8a569d0f" + }, + { + "alg": "SHA-256", + "content": "dd1e252d5f238394a58e10b9395542939d58efb11f8e8eb309efa8a6983f145a" + } + ] + }, + { + "bom-ref": "b73e44fe1c60ab9b", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/North_Dakota/Beulah", + "hashes": [ + { + "alg": "SHA-1", + "content": "99080962e50069d5e6a206bff8931a67b5afebe9" + }, + { + "alg": "SHA-256", + "content": "aad81ba8dbbc3370241c5da7fbfa12a6cd69613e12c607256e490f29b5da047b" + } + ] + }, + { + "bom-ref": "3a22b177ad565097", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/North_Dakota/Center", + "hashes": [ + { + "alg": "SHA-1", + "content": "16ee5640265f404a2a64cbb48547b834b780cf71" + }, + { + "alg": "SHA-256", + "content": "f5959b2bd60a92ab942f2054152dcbaff89dc5bb7b57bcb85b810ed0a9f6d2cc" + } + ] + }, + { + "bom-ref": "48f69c3bd2c4dfe3", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/North_Dakota/New_Salem", + "hashes": [ + { + "alg": "SHA-1", + "content": "6d1defaee32cee5fdaaa1405460d9ee4e4dceb55" + }, + { + "alg": "SHA-256", + "content": "0c7fdbb107ee5272b6a1b75bd3a2a08ac3b85cbaa1b75d815ddae052c659bde8" + } + ] + }, + { + "bom-ref": "2f7d8e71fee1aaef", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Ojinaga", + "hashes": [ + { + "alg": "SHA-1", + "content": "346cae590643f608e6c31870966e576f2c194936" + }, + { + "alg": "SHA-256", + "content": "6f7f10ffb55d902673695c1bece5ee75d8a1240cd428f4d3a97726a419b59ed1" + } + ] + }, + { + "bom-ref": "c8310a6caaf65f94", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Paramaribo", + "hashes": [ + { + "alg": "SHA-1", + "content": "af2b3e2554003e56ec6e09f4ab2cc646cef58e06" + }, + { + "alg": "SHA-256", + "content": "1e6e6d0f05269e84eb4d43c43b8580adf485ef8663cb0544a1ccb890be751730" + } + ] + }, + { + "bom-ref": "e679befc0207bb79", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Port-au-Prince", + "hashes": [ + { + "alg": "SHA-1", + "content": "9901445a7bf4a993111d087ef812890dd44a67be" + }, + { + "alg": "SHA-256", + "content": "d3d64025de083a23297dda54b85d54e3847f851b7a06fa409055ce9d83bdc8e3" + } + ] + }, + { + "bom-ref": "74a1c70f5b7de613", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Porto_Acre", + "hashes": [ + { + "alg": "SHA-1", + "content": "23649fa3b661b1a7b1332e38479d24bcdb4e902f" + }, + { + "alg": "SHA-256", + "content": "d7ba27926f0ffd580c904ae32bdaebd2ac0d9e2eeaa7db6071467dde0de5b4eb" + } + ] + }, + { + "bom-ref": "07d76771e560a228", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Porto_Velho", + "hashes": [ + { + "alg": "SHA-1", + "content": "d55253cee37291a6cf91e4bbccca6473cf6679aa" + }, + { + "alg": "SHA-256", + "content": "6517f380612edba86797724fb6264b3921468ff58149b38a7622c2d712327397" + } + ] + }, + { + "bom-ref": "611985209674e281", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Punta_Arenas", + "hashes": [ + { + "alg": "SHA-1", + "content": "5a64891fd90cbc2ba9e1d7dfe1689dee65affef3" + }, + { + "alg": "SHA-256", + "content": "dfd2c88e86a8399349656b1820dfd061d842e1caea6c2e8b5abc683d6761f441" + } + ] + }, + { + "bom-ref": "2b395eebcb4a67ff", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Rainy_River", + "hashes": [ + { + "alg": "SHA-1", + "content": "684c62d80d16a9256c9123074466cc5d0288daea" + }, + { + "alg": "SHA-256", + "content": "ecffbf610ae77857289fb40a4933a79221a3129a450e7dd9e3c309d6aabc541c" + } + ] + }, + { + "bom-ref": "ae752373b648ec23", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Rankin_Inlet", + "hashes": [ + { + "alg": "SHA-1", + "content": "f517c389db4ac89bc79cbf8ee5736f0cad7bc7b9" + }, + { + "alg": "SHA-256", + "content": "9d782a8cbdced815747a6f9793ca9545165bfd7d324261c4eaf9924af23d2b37" + } + ] + }, + { + "bom-ref": "aea59607411935a9", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Recife", + "hashes": [ + { + "alg": "SHA-1", + "content": "6a681fe7cafc3cabe9a7ef75699e4e5fa7f6a81a" + }, + { + "alg": "SHA-256", + "content": "8a314dd99cd97b9a0161d97c020dd2c261a38f625e558617d95a3bebb836b3a2" + } + ] + }, + { + "bom-ref": "da2575a45478ba4c", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Regina", + "hashes": [ + { + "alg": "SHA-1", + "content": "ecd6b0c718b65c0c90e8097943a899c0b0cb60d8" + }, + { + "alg": "SHA-256", + "content": "ca3a93d3ca476c80987bcdc7f099ad68306f085a91bfb4dfcdedd8f31b97ba4c" + } + ] + }, + { + "bom-ref": "f742ec86d0af67ef", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Resolute", + "hashes": [ + { + "alg": "SHA-1", + "content": "c01bda981211a1387a2c18d7a57165e72da83d95" + }, + { + "alg": "SHA-256", + "content": "0a7314d9d048fbadefb7cf89d10d51a29c7ef1bf694422e386faf270c21e7468" + } + ] + }, + { + "bom-ref": "0654d6e280f96ad4", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Santarem", + "hashes": [ + { + "alg": "SHA-1", + "content": "f39fa90abacd688c7f6599bdbdd8c144a0b7c5b1" + }, + { + "alg": "SHA-256", + "content": "1a5fe5237a4f679ed42185d6726693a45a960c0e6b7ba6c78759d6b3f674f8d7" + } + ] + }, + { + "bom-ref": "6f773f10edc48288", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Santiago", + "hashes": [ + { + "alg": "SHA-1", + "content": "6788d98647fb2019aa749acfb7236e77e84c4533" + }, + { + "alg": "SHA-256", + "content": "ef9d2bf24112c65671eea391722ad6ae2cbf5f2f6ed5fcee8cc2c860780bfa01" + } + ] + }, + { + "bom-ref": "451a2d4d79e5ff2f", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Santo_Domingo", + "hashes": [ + { + "alg": "SHA-1", + "content": "a135300f73df9c427db37aa9ba29e25f83463211" + }, + { + "alg": "SHA-256", + "content": "0cab5a123f1f43ddb26c84d3594e019b5eb44bda732665156e36964677a7c54e" + } + ] + }, + { + "bom-ref": "d1c1756746a5da30", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Sao_Paulo", + "hashes": [ + { + "alg": "SHA-1", + "content": "96caf0f5c9ad021d2ca06e2b48ef7e3e52bff41d" + }, + { + "alg": "SHA-256", + "content": "70edd519e90c19d49fd72e1ffd4824a433117acdbafa5d68194a038252225108" + } + ] + }, + { + "bom-ref": "8a4a91898f4982f7", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Scoresbysund", + "hashes": [ + { + "alg": "SHA-1", + "content": "7497b479af7c157e844a90ecbfc041db4f639f04" + }, + { + "alg": "SHA-256", + "content": "75a39cf7fa0b8f250c4f8453d43588fbcc7d0e0ae58be81e2d45ce8891292c96" + } + ] + }, + { + "bom-ref": "f07efa25045dc460", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Sitka", + "hashes": [ + { + "alg": "SHA-1", + "content": "7bb2fd466acd0399f44f56c2ed9a2a0353fb2f82" + }, + { + "alg": "SHA-256", + "content": "6a24bb164dfb859a7367d56478941e17e06a4cb442d503930a03002704fc5310" + } + ] + }, + { + "bom-ref": "bef62ea9048f0f45", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/St_Johns", + "hashes": [ + { + "alg": "SHA-1", + "content": "4336075a81adbebeb26ca297ce309dc595b86463" + }, + { + "alg": "SHA-256", + "content": "af5fb5eee2afdbb799dc9b15930fc32d941ba3ac2f8eeb95bbb0b6a43b263a02" + } + ] + }, + { + "bom-ref": "169a1f9cb1911cff", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Swift_Current", + "hashes": [ + { + "alg": "SHA-1", + "content": "e607b1ddf124e4061e437365e16404633bbdc4bd" + }, + { + "alg": "SHA-256", + "content": "45128e17bbd90bc56f6310fc3cfe09d7f8543dac8a04fecbbbcd1abd191f3c36" + } + ] + }, + { + "bom-ref": "dbf2cd9405019f59", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Tegucigalpa", + "hashes": [ + { + "alg": "SHA-1", + "content": "fe5537f0f326f4513aaf98ba68268b0798e72e0b" + }, + { + "alg": "SHA-256", + "content": "1333b3ee7b5396b78cabaf4967609c01bf0fb3df15f5b50c378f34b693c8cb0e" + } + ] + }, + { + "bom-ref": "4014146544af9f8f", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Thule", + "hashes": [ + { + "alg": "SHA-1", + "content": "c4e304073f4f90890439ca6205d60e20d2495f16" + }, + { + "alg": "SHA-256", + "content": "f31b8f45a654f1180ee440aa1581d89a71e2a1cf35b0139a8a5915bbc634da2f" + } + ] + }, + { + "bom-ref": "322f6ad2ea49ba49", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Vancouver", + "hashes": [ + { + "alg": "SHA-1", + "content": "b42a450523068cc1434b8774082525d8dc2a8e4f" + }, + { + "alg": "SHA-256", + "content": "b249ca1f48d23d66a6f831df337e6a5ecf0d6a6edde5316591423d4a0c6bcb28" + } + ] + }, + { + "bom-ref": "fe7a4a0368fdcf2a", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Whitehorse", + "hashes": [ + { + "alg": "SHA-1", + "content": "4a8f00d33b5ca551a16cedc68cc8528fb4c111d8" + }, + { + "alg": "SHA-256", + "content": "4eb47a3c29d81be9920a504ca21aa53fcaa76215cc52cc9d23e2feaae5c5c723" + } + ] + }, + { + "bom-ref": "b1bc1a2041ffcfa5", + "type": "file", + "name": "/usr/share/zoneinfo/posix/America/Yakutat", + "hashes": [ + { + "alg": "SHA-1", + "content": "f115ac1b5b64b28cad149f1cdf10fb0649fe5c48" + }, + { + "alg": "SHA-256", + "content": "b45c2729bbf0872ca7e0b353027e727bf2560ddc6309eacd0edee83b05303b63" + } + ] + }, + { + "bom-ref": "4cd086e938b5d439", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Antarctica/Casey", + "hashes": [ + { + "alg": "SHA-1", + "content": "da1d193862e1725420329b257e1b856b13dcdc7a" + }, + { + "alg": "SHA-256", + "content": "f8c45f27605f5b7f12c009a914042a53ad991ac268056fc49b61a093d620be52" + } + ] + }, + { + "bom-ref": "99aca4dbfb4ccfdb", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Antarctica/Davis", + "hashes": [ + { + "alg": "SHA-1", + "content": "87abeedc268901cc371d93faf9b775634a6c401b" + }, + { + "alg": "SHA-256", + "content": "e8fa24c8e69a212453375dec8acb8681db79bc6e40d98a8da282697cb4dbe524" + } + ] + }, + { + "bom-ref": "5bbdcf82423f512e", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Antarctica/DumontDUrville", + "hashes": [ + { + "alg": "SHA-1", + "content": "65f9954328a5fda173ff0ce420428d024a7d32c3" + }, + { + "alg": "SHA-256", + "content": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + } + ] + }, + { + "bom-ref": "3e7aad594196cf97", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Antarctica/Macquarie", + "hashes": [ + { + "alg": "SHA-1", + "content": "99cbdcf1d9afe0907b96f0ca06636bde4e5383c3" + }, + { + "alg": "SHA-256", + "content": "89eed195a53c4474e8ad5563f8c5fc4ad28cab1fe85dfe141f63d4aa9cdcc1ed" + } + ] + }, + { + "bom-ref": "a183734120280e91", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Antarctica/Mawson", + "hashes": [ + { + "alg": "SHA-1", + "content": "cb34c38a02c76beb5b321971d94869451a5ceab1" + }, + { + "alg": "SHA-256", + "content": "f535b583fcf4b64e447de07b2baf55268f1a80eefe2bd67159b8aa34a9d464d1" + } + ] + }, + { + "bom-ref": "5e7841414f3ab611", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Antarctica/McMurdo", + "hashes": [ + { + "alg": "SHA-1", + "content": "78d4d3a481c49ab7ff31722bced30e1c31e8bc98" + }, + { + "alg": "SHA-256", + "content": "8000e3a323e8fd0212414e9426b020707a771c368ca0e151747f9ddb7b814b27" + } + ] + }, + { + "bom-ref": "b0f960fcd690076b", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Antarctica/Palmer", + "hashes": [ + { + "alg": "SHA-1", + "content": "12519921ed4c4f6684c5069a251141378f7134a4" + }, + { + "alg": "SHA-256", + "content": "0d6fc35c1c97839327319fb0d5b35dbbc6f494a3980ff120acf45de44732126e" + } + ] + }, + { + "bom-ref": "47389c1f2788315a", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Antarctica/Rothera", + "hashes": [ + { + "alg": "SHA-1", + "content": "05bc718d8f51e2dc23989d149b8dc7529a87bf1b" + }, + { + "alg": "SHA-256", + "content": "4102359b520de3fd9ee816f4cfeace61a3b0c69e178cc24338a33d4850d43ca8" + } + ] + }, + { + "bom-ref": "6dd7c3f7988a57c3", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Antarctica/Syowa", + "hashes": [ + { + "alg": "SHA-1", + "content": "bde5a629fdb78b40544b8018b2578f0b085045cc" + }, + { + "alg": "SHA-256", + "content": "aeaf4a3e3f25d050679ca9fddd690c780d489e036d4f3939fe8578b04661738c" + } + ] + }, + { + "bom-ref": "016d8025fd9f110b", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Antarctica/Troll", + "hashes": [ + { + "alg": "SHA-1", + "content": "0f3bab6c4d956dd8e8bb969e354e1a211980e244" + }, + { + "alg": "SHA-256", + "content": "df3ae1f8ffe3302b2cf461b01c9247932a5967276ae26920a3f4c3a9cb67ddce" + } + ] + }, + { + "bom-ref": "12d1add738110cee", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Antarctica/Vostok", + "hashes": [ + { + "alg": "SHA-1", + "content": "cab2a7ae9eb3304377d15b3761e4beca547fb07e" + }, + { + "alg": "SHA-256", + "content": "fd919da6bacf97141ca6169c92cf789f6a6e5a7c816564b5a9f17b329124355d" + } + ] + }, + { + "bom-ref": "909c114e91953fa5", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Arctic/Longyearbyen", + "hashes": [ + { + "alg": "SHA-1", + "content": "918341ad71f9d3acd28997326e42d5b00fba41e0" + }, + { + "alg": "SHA-256", + "content": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + } + ] + }, + { + "bom-ref": "edd8438e8eab25c7", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Almaty", + "hashes": [ + { + "alg": "SHA-1", + "content": "4b4d8aabb1fd81e39b5b8fd2d3506875966a3c34" + }, + { + "alg": "SHA-256", + "content": "0027ca41ce1a18262ee881b9daf8d4c0493240ccc468da435d757868d118c81e" + } + ] + }, + { + "bom-ref": "9623aead673ec6f5", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Amman", + "hashes": [ + { + "alg": "SHA-1", + "content": "fdffb8cdba7aaf42ba9f8e1f1d9093c21ed77027" + }, + { + "alg": "SHA-256", + "content": "5fd1b785b66b85d591515bc49aaf85e05e94a1c4156698f0a2b6c17eee93d9f6" + } + ] + }, + { + "bom-ref": "9188cae0e2d7e66c", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Anadyr", + "hashes": [ + { + "alg": "SHA-1", + "content": "5e18546688a8d72426a93024673be6a7b890ca49" + }, + { + "alg": "SHA-256", + "content": "8430d3972e397a3a1554ff40974ed398aa5300234625a20f95c5cb45bb06ff88" + } + ] + }, + { + "bom-ref": "9aed0a30b0b87a05", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Aqtau", + "hashes": [ + { + "alg": "SHA-1", + "content": "b5c1626f08af9ec32dadbbfcdb69f5a2a83445cb" + }, + { + "alg": "SHA-256", + "content": "0397b164ddb9e896a01494dc6ac81d0ab43c8223aa6761053115580564daa990" + } + ] + }, + { + "bom-ref": "7bdec1c6f9ad7660", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Aqtobe", + "hashes": [ + { + "alg": "SHA-1", + "content": "67f145b5d2958ced37d7c63144ca314cc3a5619c" + }, + { + "alg": "SHA-256", + "content": "2d0ecfe4b1047bb8db59b8eabf398cefd734a3a01d65e084c504be7ce5a9f32c" + } + ] + }, + { + "bom-ref": "ec2603cc92b83da1", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Ashgabat", + "hashes": [ + { + "alg": "SHA-1", + "content": "f077f5395b29d53b145792d5e2e309a99c4a7092" + }, + { + "alg": "SHA-256", + "content": "2f80d85769995b272c61e1c8ca95f33ba64d637b43f308e0c5f3d1d993d6dba7" + } + ] + }, + { + "bom-ref": "9da9e525e01ac96a", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Atyrau", + "hashes": [ + { + "alg": "SHA-1", + "content": "879556e7e91d36d29c7921b7693b3aafa95ce9bf" + }, + { + "alg": "SHA-256", + "content": "dee128f3d391c8326a43f4ed6907487fd50f681f16a88450562d2079e63d8151" + } + ] + }, + { + "bom-ref": "0e4d5e3dea1ba873", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Baghdad", + "hashes": [ + { + "alg": "SHA-1", + "content": "10843b2e6588534f57e4c05255923c461fcaf40d" + }, + { + "alg": "SHA-256", + "content": "9503125273ae8a36dca13682a8c3676219ef2ad4b62153ff917140cde3d53435" + } + ] + }, + { + "bom-ref": "41310208a3651bff", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Bahrain", + "hashes": [ + { + "alg": "SHA-1", + "content": "918dda414e2e89ca2b735946a84d94c42a24f452" + }, + { + "alg": "SHA-256", + "content": "574ac525d2c722b4e82795a5dbc573568c3009566863c65949e369fbb90ebe36" + } + ] + }, + { + "bom-ref": "e9d853b7613e991d", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Baku", + "hashes": [ + { + "alg": "SHA-1", + "content": "8409d8a1289864bf61dd17a80524eb6aa36e9be8" + }, + { + "alg": "SHA-256", + "content": "be11e796268e751c8db9d974b0524574bca7120d0773423e22264d7db0de09b3" + } + ] + }, + { + "bom-ref": "8369533c70045307", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Bangkok", + "hashes": [ + { + "alg": "SHA-1", + "content": "5c81d559f702a0239d5bf025c97e70b2c577682e" + }, + { + "alg": "SHA-256", + "content": "798ab4be1f3d3758f4ebd511a10bed06ed277446a5e853ebb5b17c58228aa43c" + } + ] + }, + { + "bom-ref": "e17549bc40721333", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Barnaul", + "hashes": [ + { + "alg": "SHA-1", + "content": "1391b2598eff6e35378e261f36dd2f57b3e491bf" + }, + { + "alg": "SHA-256", + "content": "d9cd42abc5d89418326d140c3fcc343427fb91a2c3acf66d1a7e0ce622596c9a" + } + ] + }, + { + "bom-ref": "cd5cef0f0e983751", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Beirut", + "hashes": [ + { + "alg": "SHA-1", + "content": "fba8b66863fcd6bcabec3a13467e0b3450650ad5" + }, + { + "alg": "SHA-256", + "content": "fd9ff664083f88bf6f539d490c1f02074e2e5c10eb7f590b222b3e2675da4b6a" + } + ] + }, + { + "bom-ref": "11b695663ecd0f36", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Bishkek", + "hashes": [ + { + "alg": "SHA-1", + "content": "d6c73a90b411c39d97ccda0ad8a57f252456881c" + }, + { + "alg": "SHA-256", + "content": "768ff8922d49bd22aea54aef973f634641eca4385dbe4d43d88901c85b248c93" + } + ] + }, + { + "bom-ref": "20d6cf74fbe318d1", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Brunei", + "hashes": [ + { + "alg": "SHA-1", + "content": "951d0ec46419658895f8005b2583badeff166bdb" + }, + { + "alg": "SHA-256", + "content": "2ac02d4346a8708368ce2c705bb0a4a2b63ed4f4cb96c8fb5149d01903046134" + } + ] + }, + { + "bom-ref": "41e55d95d3e71834", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Calcutta", + "hashes": [ + { + "alg": "SHA-1", + "content": "856df72f3f593ff1e183505d743bf65e40a30aca" + }, + { + "alg": "SHA-256", + "content": "e90c341036cb7203200e293cb3b513267e104a39a594f35e195254e6bc0a17cf" + } + ] + }, + { + "bom-ref": "0939219069390b95", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Chita", + "hashes": [ + { + "alg": "SHA-1", + "content": "4a265169da96777e85b65b87ed5a3d64d801e791" + }, + { + "alg": "SHA-256", + "content": "e0808e7005401169cff9c75ffd826ed7f90262760f1b6fef61f49bb8d23e5702" + } + ] + }, + { + "bom-ref": "cff69e2dbc82f86c", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Choibalsan", + "hashes": [ + { + "alg": "SHA-1", + "content": "90cad7fd7da7d6546622901db622595f1880f593" + }, + { + "alg": "SHA-256", + "content": "bb2412cc8065d1fd935c7ae6526dd53ecd42f6ba34d77858980971eb25238776" + } + ] + }, + { + "bom-ref": "2a7a7d29536a09d1", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Chongqing", + "hashes": [ + { + "alg": "SHA-1", + "content": "79360e38e040eaa15b6e880296c1d1531f537b6f" + }, + { + "alg": "SHA-256", + "content": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + } + ] + }, + { + "bom-ref": "fba5531118eb4f00", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Colombo", + "hashes": [ + { + "alg": "SHA-1", + "content": "0fe53f0c887f168201f4c4767068dadb1a698581" + }, + { + "alg": "SHA-256", + "content": "1c679af63b30208833ee4db42d3cdb2ad43252e9faec83f91efb19ae60096496" + } + ] + }, + { + "bom-ref": "238cecb2a77ae8a6", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Dacca", + "hashes": [ + { + "alg": "SHA-1", + "content": "5779829aea6d010cea872e6c2b6f1ac661d825e3" + }, + { + "alg": "SHA-256", + "content": "dcae6594685ca4275930c709ba8988095bfb9599434695383d46f90ed171f25e" + } + ] + }, + { + "bom-ref": "ebdf0273c85b7f11", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Damascus", + "hashes": [ + { + "alg": "SHA-1", + "content": "716b40d34b96db89c27eeb936693481abad8288b" + }, + { + "alg": "SHA-256", + "content": "fb90ce2ad6329e7b146189c13108a7dd7b2d850f58e651bebdd9e20fde6d2037" + } + ] + }, + { + "bom-ref": "3e09cd0ce754bdbf", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Dili", + "hashes": [ + { + "alg": "SHA-1", + "content": "f71f19932f5f7e625447e241be76b34dd2e75115" + }, + { + "alg": "SHA-256", + "content": "9d4384e3039ac9fc4b4d9c3becc8aa43802f9ccecd8e0b20bbb82fb1ba227f61" + } + ] + }, + { + "bom-ref": "83090e6d3da79b8e", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Dubai", + "hashes": [ + { + "alg": "SHA-1", + "content": "612f06ce47e5c3acb96b2b6eb8075d89ece41f90" + }, + { + "alg": "SHA-256", + "content": "fa06b49b7b9af58ea4496444cf6fd576d715024abcdd6ad6defc63048ed6346b" + } + ] + }, + { + "bom-ref": "4cf67b5bdef43c1e", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Dushanbe", + "hashes": [ + { + "alg": "SHA-1", + "content": "1694cb3276a637899c86f26176b2b1f862d47eda" + }, + { + "alg": "SHA-256", + "content": "15493d4edfc68a67d1ba57166a612fb8ebc0ec5439d987d9a90db0f3ca8cc7a3" + } + ] + }, + { + "bom-ref": "7ae7878adef825f3", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Famagusta", + "hashes": [ + { + "alg": "SHA-1", + "content": "d7f718a82b28e4fedb4e6501fc94ca2a6ec758c8" + }, + { + "alg": "SHA-256", + "content": "085adcca077cb9d7b9c7a384b5f33f0f0d0a607a31a4f3f3ab8e8aa075718e37" + } + ] + }, + { + "bom-ref": "a07326b416b47314", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Gaza", + "hashes": [ + { + "alg": "SHA-1", + "content": "169848cd25c3fe443c5d0bdd5c96d68a949cfe78" + }, + { + "alg": "SHA-256", + "content": "b7463171440be7754d2a729b2a28e7d0e13f31aaf21329e89da6ec7be893b73b" + } + ] + }, + { + "bom-ref": "aaf8680b8bfcb498", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Hebron", + "hashes": [ + { + "alg": "SHA-1", + "content": "201832bdac94204b130b3d01a26f608357e8da26" + }, + { + "alg": "SHA-256", + "content": "e98d144872b1fb1a02c42aff5a90ae337a253f5bd41a7ceb7271a2c9015ca9d4" + } + ] + }, + { + "bom-ref": "54e7b7be1b3ae175", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Ho_Chi_Minh", + "hashes": [ + { + "alg": "SHA-1", + "content": "a96c3b96b551d852706b95e0bb739f8e62aee915" + }, + { + "alg": "SHA-256", + "content": "e23774e40786df8d8cc1ef0fb6a6a72ba32c94d9cb7765fb06ed4dfd8c96065e" + } + ] + }, + { + "bom-ref": "e930291958ab98ae", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Hong_Kong", + "hashes": [ + { + "alg": "SHA-1", + "content": "0c3205dd5ec08d17c2161af789df8d05b1bda1b6" + }, + { + "alg": "SHA-256", + "content": "6a5fcee243e5ab92698242d88c4699ceb7208a22ee97d342d11e41ebd2555a17" + } + ] + }, + { + "bom-ref": "020b84622fb900db", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Hovd", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f8950afc6522a8c920cbeb079ac39ca26d52e38" + }, + { + "alg": "SHA-256", + "content": "2549cea2cecf3538b65512b10fa5e7695477369ba1b17fcf8b5f2b23355ed71c" + } + ] + }, + { + "bom-ref": "8048172bf741c0f9", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Irkutsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "f82e877820027d4c48be625842047a6cfe008234" + }, + { + "alg": "SHA-256", + "content": "894259095063a5f078acd2893abea0d33519b5c718624fc6934c13925c7c623d" + } + ] + }, + { + "bom-ref": "0488de992cd66915", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Istanbul", + "hashes": [ + { + "alg": "SHA-1", + "content": "df6cbece3d9afb3aedb44e131b6e68a6cf74ca8e" + }, + { + "alg": "SHA-256", + "content": "d92d00fdfed5c6fc84ac930c08fa8adf7002840dbd21590caf5a3e4a932d3319" + } + ] + }, + { + "bom-ref": "41a5726c799af744", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Jakarta", + "hashes": [ + { + "alg": "SHA-1", + "content": "be35b8895cd70cc9c5744d30260e82f0421a9337" + }, + { + "alg": "SHA-256", + "content": "4ef13306f4b37f314274eb0c019d10811f79240e717f790064e361cb98045d11" + } + ] + }, + { + "bom-ref": "d033123020293d3c", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Jayapura", + "hashes": [ + { + "alg": "SHA-1", + "content": "70cd707f6e144cf0cb40af01a70b9c4739208e48" + }, + { + "alg": "SHA-256", + "content": "8a1cd477e2fc1d456a1be35ad743323c4f986308d5163fb17abaa34cde04259b" + } + ] + }, + { + "bom-ref": "7375efccc3679997", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Jerusalem", + "hashes": [ + { + "alg": "SHA-1", + "content": "89e42d27cfb78255ae18ee02f5a4c8e3ba57dde0" + }, + { + "alg": "SHA-256", + "content": "254b964265b94e16b4a498f0eb543968dec25f4cf80fba29b3d38e4a775ae837" + } + ] + }, + { + "bom-ref": "cb22050893636562", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Kabul", + "hashes": [ + { + "alg": "SHA-1", + "content": "b2379e605267b8766f9e34d322a5e3a657df7113" + }, + { + "alg": "SHA-256", + "content": "89a97b4afc1e1d34170e5efd3275e6e901ed8b0da2ed9b757b9bab2d753c4aaf" + } + ] + }, + { + "bom-ref": "6df7fa08b1ea1e63", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Kamchatka", + "hashes": [ + { + "alg": "SHA-1", + "content": "9902b94b8a6fbc3d4533f43d9be5cdb6302693ce" + }, + { + "alg": "SHA-256", + "content": "a4103445bca72932ac30299fda124c67f8605543de9a6b3e55c78c309ed00bae" + } + ] + }, + { + "bom-ref": "403b6dd2aea67f45", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Karachi", + "hashes": [ + { + "alg": "SHA-1", + "content": "a4c69f1551a0a9bdd8d1817c547bd18218b570a3" + }, + { + "alg": "SHA-256", + "content": "881fa658c4d75327c1c00919773f3f526130d31b20c48b9bf8a348eda9338649" + } + ] + }, + { + "bom-ref": "2ba37f18f5bf7884", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Kashgar", + "hashes": [ + { + "alg": "SHA-1", + "content": "c4fba0cb8c5f2ef8232782883fca5e7af1b1fdb2" + }, + { + "alg": "SHA-256", + "content": "0045c32793f140e85e3d9670d50665f7c9a80cd6be6d6dc8dd654d4191c13d80" + } + ] + }, + { + "bom-ref": "3eda3ebfd73285c0", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Kathmandu", + "hashes": [ + { + "alg": "SHA-1", + "content": "454f1d251f8a9cd2c1559897f6b38a53fdbfe249" + }, + { + "alg": "SHA-256", + "content": "4d4796eeb0d289f3934ac371be8f628086197c621311951ffb4123825c910d6b" + } + ] + }, + { + "bom-ref": "f3259f345ccd3b65", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Khandyga", + "hashes": [ + { + "alg": "SHA-1", + "content": "7ddab9699af73544e5b52a7477e0c5532216c59a" + }, + { + "alg": "SHA-256", + "content": "5d8cc4dadb04e526b2f698347070d090413d693bb2da988548b006c7f77e7663" + } + ] + }, + { + "bom-ref": "26f75c5ac6f16539", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Krasnoyarsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "ec3786f8744bad78bbfc370674ad33ccba5d4080" + }, + { + "alg": "SHA-256", + "content": "9f3470e0f2360222bf19ef39e1bf14ed3483c342c6432ddc6b962e38e5365f02" + } + ] + }, + { + "bom-ref": "1c5427fce54bfbeb", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Kuala_Lumpur", + "hashes": [ + { + "alg": "SHA-1", + "content": "429a0689e9ed127265705febf2c9aa5f47ac3547" + }, + { + "alg": "SHA-256", + "content": "739e349e40a3e820c222f70c4c9d55810b65987ffb14e494d08b145ed3445711" + } + ] + }, + { + "bom-ref": "1f5e8f8731296243", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Macao", + "hashes": [ + { + "alg": "SHA-1", + "content": "bbd377edbc12abe7cd74edc80086dd21bb34a6ca" + }, + { + "alg": "SHA-256", + "content": "32f02447246cac0dabd39d88b65c85e5b8761617918c8d233f0834b88887d989" + } + ] + }, + { + "bom-ref": "834807d11e38bf7d", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Magadan", + "hashes": [ + { + "alg": "SHA-1", + "content": "34134a81b737efcc82e3be92b2d222319b36f510" + }, + { + "alg": "SHA-256", + "content": "72ac23290b7c4e5ce7335c360decc066ecf512378e7cbc4f792635f62f7391f4" + } + ] + }, + { + "bom-ref": "f6488689362ca2d1", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Makassar", + "hashes": [ + { + "alg": "SHA-1", + "content": "2d411fa607c974fe3d77ee18612a21717d226b5e" + }, + { + "alg": "SHA-256", + "content": "3a126d0aa493114faee67d28a4154ee41bbec10cdc60fcbd4bfe9a02125780ec" + } + ] + }, + { + "bom-ref": "c6d0dd5d4cf5c061", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Manila", + "hashes": [ + { + "alg": "SHA-1", + "content": "d1cabdadc66cf3536c77a812baa074080b2140ca" + }, + { + "alg": "SHA-256", + "content": "f314d21c542e615756dd385d36a896cd57ba16fef983fe6b4d061444bbf1ac9e" + } + ] + }, + { + "bom-ref": "366e61f85b8f86e1", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Nicosia", + "hashes": [ + { + "alg": "SHA-1", + "content": "642099c037f5f40aa6152f7590e3cee90b7ae64a" + }, + { + "alg": "SHA-256", + "content": "d149e6d08153ec7c86790ec5def4daffe9257f2b0282bba5a853ba043d699595" + } + ] + }, + { + "bom-ref": "fc4b946bb5757bb5", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Novokuznetsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "52b0a7aff4332d6481b146155abbe90912bc1aaf" + }, + { + "alg": "SHA-256", + "content": "bd019ca8a766626583765ef740f65373269d9e8a5ed513c9e2806065e950bbdd" + } + ] + }, + { + "bom-ref": "0d8efe1900de9bc8", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Novosibirsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "823fbd64d76bfdcb6e3b0206b731fe407a6a188d" + }, + { + "alg": "SHA-256", + "content": "0292f7b36d075f6788027a34dc709ad915dd94ba2d55bf49be7665ed6d6c334d" + } + ] + }, + { + "bom-ref": "823bd205cf39249a", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Omsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "cb67208994f35a825847c36964546c8b8d1ad243" + }, + { + "alg": "SHA-256", + "content": "c316c47ac7deedd24e90d3df7ea4f04fac2e4d249333a13d7f4b85300cb33023" + } + ] + }, + { + "bom-ref": "3df03911c231f0a6", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Oral", + "hashes": [ + { + "alg": "SHA-1", + "content": "deec78c1cebcbd9efb7c57486ca0344e5f8f1fb3" + }, + { + "alg": "SHA-256", + "content": "88c8ea0f82ef0e0cb1375e6fec2ab211d043c8115a3a50a1c17d701f3d898954" + } + ] + }, + { + "bom-ref": "2b506f7f2e1c9f60", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Pontianak", + "hashes": [ + { + "alg": "SHA-1", + "content": "ce2c32e874ec64696f76be4439aad95cc7e3c4e7" + }, + { + "alg": "SHA-256", + "content": "8a7397c2e2ad8cabf5cff7a588f65222a8d2b7ac21b6ec613de1b56298d4fc14" + } + ] + }, + { + "bom-ref": "ccc7cbc8cf1cb1bb", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Pyongyang", + "hashes": [ + { + "alg": "SHA-1", + "content": "99b004e8e97b94265617932951e7227b635ced64" + }, + { + "alg": "SHA-256", + "content": "ffe8371a70c0b5f0d7e17024b571fd8c5a2e2d40e63a8be78e839fbd1a540ec1" + } + ] + }, + { + "bom-ref": "fe919bc0bce64ff9", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Qostanay", + "hashes": [ + { + "alg": "SHA-1", + "content": "f7e8708a8ae86992953f273773b65d1e36e4afe4" + }, + { + "alg": "SHA-256", + "content": "f76633d7074fa667abc02f50d5685c95e2023102c3c1c68d8550ae36c09e77b5" + } + ] + }, + { + "bom-ref": "6b2728a383c7712f", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Qyzylorda", + "hashes": [ + { + "alg": "SHA-1", + "content": "001a7c9f9de8d7edab286c756c0d0c03e90fad88" + }, + { + "alg": "SHA-256", + "content": "6a2491c70a146d0f930477f6c1cc9a3a141bf3a8f78d0a57c1c41a48f9c0b705" + } + ] + }, + { + "bom-ref": "926b2a78a71c5bdd", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Rangoon", + "hashes": [ + { + "alg": "SHA-1", + "content": "b800894b13386d65d24df73322e82ee622f843de" + }, + { + "alg": "SHA-256", + "content": "647b97f97547afc746263acf439716edbf23414bf78a1c9df95ccde78e6694c0" + } + ] + }, + { + "bom-ref": "97f3937e1790735c", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Sakhalin", + "hashes": [ + { + "alg": "SHA-1", + "content": "ebaa95b0bf93239c1ccf8f96856b86dc58afe726" + }, + { + "alg": "SHA-256", + "content": "f7901d3f03a049ed20f70771ebb90a2c36e3bd8dc5b697950680166c955ca34c" + } + ] + }, + { + "bom-ref": "637c30cb07068c21", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Samarkand", + "hashes": [ + { + "alg": "SHA-1", + "content": "7bbf5c916ddd50548e8e5ed0324c59dc1fe9a693" + }, + { + "alg": "SHA-256", + "content": "0417ba1a0fca95242e4b9840cafbe165698295c2c96858e708d182dfdd471d03" + } + ] + }, + { + "bom-ref": "84d8c27f9fc6385d", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Seoul", + "hashes": [ + { + "alg": "SHA-1", + "content": "53c1223d1f4dec149d0cadd6d488672619abf0d6" + }, + { + "alg": "SHA-256", + "content": "2c8f4bb15dd77090b497e2a841ff3323ecbbae4f9dbb9edead2f8dd8fb5d8bb4" + } + ] + }, + { + "bom-ref": "0d9243f8d38fed47", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Srednekolymsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "e860fc369629019ed59b45f5fed235cc6ea8dfb2" + }, + { + "alg": "SHA-256", + "content": "d039655bcab95605c4315e5cfe72c912566c3696aebcd84d00242972076a125d" + } + ] + }, + { + "bom-ref": "01757da876968567", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Taipei", + "hashes": [ + { + "alg": "SHA-1", + "content": "515e1ab82b216406f364cf666dae998e4b8dc6f8" + }, + { + "alg": "SHA-256", + "content": "0cc990c0ea4faa5db9b9edcd7fcbc028a4f87a6d3a0f567dac76cb222b718b19" + } + ] + }, + { + "bom-ref": "1c1c8c076ee8a8fd", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Tashkent", + "hashes": [ + { + "alg": "SHA-1", + "content": "bbc8a292471ac05d8774b14bcb177ab7fd7f7398" + }, + { + "alg": "SHA-256", + "content": "2d2fb24f1874bf5be626843d23a7d8f8811193bba43e6a2f571d94b7ff9bf888" + } + ] + }, + { + "bom-ref": "d2b2ca8e16fefbdf", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Tbilisi", + "hashes": [ + { + "alg": "SHA-1", + "content": "7cb93f7abf7171eb40186248ecc885b541836e74" + }, + { + "alg": "SHA-256", + "content": "c3a50dc60ca7e015554c5e56900b71a3fbbb9e7218dba99a90a4399d18227ddb" + } + ] + }, + { + "bom-ref": "02ad88301776db65", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Tehran", + "hashes": [ + { + "alg": "SHA-1", + "content": "a7cb8bf300b3177e2506a838f7fd218880350e57" + }, + { + "alg": "SHA-256", + "content": "a996eb28d87f8c73af608beada143b344fc2e9c297d84da7915d731ba97566b4" + } + ] + }, + { + "bom-ref": "13240979e9b0a02b", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Thimbu", + "hashes": [ + { + "alg": "SHA-1", + "content": "16dc4bbfe2b3668b9b737033f4ecb2a9c1ee7e6a" + }, + { + "alg": "SHA-256", + "content": "ba26bca2be5db4393155466b70bc248db4f3f42ed984bab44f88e513862fbaf4" + } + ] + }, + { + "bom-ref": "2af6995ed37d66e2", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Tokyo", + "hashes": [ + { + "alg": "SHA-1", + "content": "41852e7fc829ff3ace521bc3ebc60b6e43b56da6" + }, + { + "alg": "SHA-256", + "content": "a02b9e66044dc5c35c5f76467627fdcba4aee1cc958606b85c777095cad82ceb" + } + ] + }, + { + "bom-ref": "fef4f22ce4e0a641", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Tomsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "5e7464939be7db8572e95aea8381f94bca70f91d" + }, + { + "alg": "SHA-256", + "content": "efb6207492f111344a8d08e76871dfe78c4102a372c130f0410999e6fe80ab6f" + } + ] + }, + { + "bom-ref": "3d4aa454e7520182", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Ust-Nera", + "hashes": [ + { + "alg": "SHA-1", + "content": "0040f6ac898a101ca796115d646c4825833c0290" + }, + { + "alg": "SHA-256", + "content": "2406614403dd6ce2fd00bf961ce2fc6998f1759c4b9860cd046302c3d4cab51f" + } + ] + }, + { + "bom-ref": "4599e19ac72591d0", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Vladivostok", + "hashes": [ + { + "alg": "SHA-1", + "content": "7480790ddac173ba580e52d0f8754eeacbff02b6" + }, + { + "alg": "SHA-256", + "content": "5a892182d8f69f0523f7dda1ed2c9f07f7d134700a7cf37386c7ffa19a629bc7" + } + ] + }, + { + "bom-ref": "0486da6e1e56e929", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Yakutsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "79d6a645076e873ce22c53a10b3de9e27df7b2fe" + }, + { + "alg": "SHA-256", + "content": "455088979d84bccae9d911b6860d9c8c34abf5086cb1c6804fe355f35c70ef37" + } + ] + }, + { + "bom-ref": "7354ff083fb2caea", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Yekaterinburg", + "hashes": [ + { + "alg": "SHA-1", + "content": "16f2954e67502e5e98391383ab4712700e456ee8" + }, + { + "alg": "SHA-256", + "content": "37355cd8388f7b2c3415d307c123d0245f64dedbd676dac44d988de7ca72c4b9" + } + ] + }, + { + "bom-ref": "6f27318e991b55ff", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Asia/Yerevan", + "hashes": [ + { + "alg": "SHA-1", + "content": "f10e1a31e38b267009bed042efd8a54c7b2043a2" + }, + { + "alg": "SHA-256", + "content": "934587b56416fdc0428dc12ff273f4d5c54f79354395fd7c950d3fbba7229f5a" + } + ] + }, + { + "bom-ref": "c3326ed61922a612", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Atlantic/Azores", + "hashes": [ + { + "alg": "SHA-1", + "content": "088e1a1365d0e0c8091f595e30e1791b5f468313" + }, + { + "alg": "SHA-256", + "content": "5daae581a2cbfa4926b50ac964e31f453141d0d3803ca4a4eea06a993d53c76f" + } + ] + }, + { + "bom-ref": "340f6ac7059eaca6", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Atlantic/Bermuda", + "hashes": [ + { + "alg": "SHA-1", + "content": "44e7011574ab916094cc410221bcff4960831155" + }, + { + "alg": "SHA-256", + "content": "2cd18a7ccb2762fc089a34f2cd7acb84c3871c3bbba88ebb45b60d2afbc8d792" + } + ] + }, + { + "bom-ref": "70ae1d36282a9c44", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Atlantic/Canary", + "hashes": [ + { + "alg": "SHA-1", + "content": "395c4e66b52d9181e31450d07b5365a10ec26aa3" + }, + { + "alg": "SHA-256", + "content": "ca62bdb9faa986f3630cade1ce290de067e4711dd07820623cac9573a16395b0" + } + ] + }, + { + "bom-ref": "ac38ff5072279c22", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Atlantic/Cape_Verde", + "hashes": [ + { + "alg": "SHA-1", + "content": "897189e0cda96bfb3248ee7f48706fe94d687fc1" + }, + { + "alg": "SHA-256", + "content": "11242f13775e308fa5c7d986d3224b12c157e4a465fbb73a803e4eda1d199bd4" + } + ] + }, + { + "bom-ref": "a80940ed5b5ba2cc", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Atlantic/Faeroe", + "hashes": [ + { + "alg": "SHA-1", + "content": "dd6b1178a2066e496edfcd2426d44ea5dd23a3d8" + }, + { + "alg": "SHA-256", + "content": "3626dd64f66d6a99d847f9b22199cc753692286b0e04682e8e3d3f4f636f033b" + } + ] + }, + { + "bom-ref": "f477ad75112e2997", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Atlantic/Madeira", + "hashes": [ + { + "alg": "SHA-1", + "content": "e8dce3b2d2a4db52d0b3d19afd01d5b5473cd179" + }, + { + "alg": "SHA-256", + "content": "4cac333702082b0d818dede51b57dde86e68f3e2fcb6d897a20d5b844ecdcc46" + } + ] + }, + { + "bom-ref": "3b0bede735021781", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Atlantic/South_Georgia", + "hashes": [ + { + "alg": "SHA-1", + "content": "b2acac8196001a9458b5e6c6921d781df3290d78" + }, + { + "alg": "SHA-256", + "content": "419ef67d12a9e8a82fcbb0dfc871a1b753159f31a048fba32d07785cc8cdaeb7" + } + ] + }, + { + "bom-ref": "9a10afe86413fe1b", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Atlantic/Stanley", + "hashes": [ + { + "alg": "SHA-1", + "content": "f612730123deabdd609145696adeea2ea26f499f" + }, + { + "alg": "SHA-256", + "content": "7b128c2f0f8ff79db04b5153c558e7514d66903d8ebca503c2d0edf081a07fcc" + } + ] + }, + { + "bom-ref": "47b76754d929de5f", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Australia/ACT", + "hashes": [ + { + "alg": "SHA-1", + "content": "ca9f55088c536a5cb6993b1a5fe361c0617bc4fd" + }, + { + "alg": "SHA-256", + "content": "42c3857585b16db2f8ffd47ba19faa60f473340de8d4fe9320ea7be861605906" + } + ] + }, + { + "bom-ref": "124bba0ca3ded7a4", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Australia/Adelaide", + "hashes": [ + { + "alg": "SHA-1", + "content": "91e31f0fe53950a7e8ac0bd66964069d4d7dabe9" + }, + { + "alg": "SHA-256", + "content": "95dd846f153be6856098f7bbd37cfe23a6aa2e0d0a9afeb665c086ce44f9476d" + } + ] + }, + { + "bom-ref": "61870667349de61b", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Australia/Brisbane", + "hashes": [ + { + "alg": "SHA-1", + "content": "d1cae3c294b3bc9e1d4a1e1e5457f63abb6b554e" + }, + { + "alg": "SHA-256", + "content": "796e90cf37b6b74faca5e2669afb7524ccdb91269d20a744f385c773b254b467" + } + ] + }, + { + "bom-ref": "ff3491878d8985ba", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Australia/Broken_Hill", + "hashes": [ + { + "alg": "SHA-1", + "content": "7f8d2d9322173a3390737371410592ecbcb9e858" + }, + { + "alg": "SHA-256", + "content": "de4ff79634ef4b91927e8ed787ac3bd54811dda03060f06c9c227e9a51180aa4" + } + ] + }, + { + "bom-ref": "b6b2b2ff2c14c4f7", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Australia/Currie", + "hashes": [ + { + "alg": "SHA-1", + "content": "db8884f4beb55ae0c292403cdb8ffc47c18effcd" + }, + { + "alg": "SHA-256", + "content": "18b412ce021fb16c4ebe628eae1a5fa1f5aa20d41fea1dfa358cb799caba81c8" + } + ] + }, + { + "bom-ref": "b941d058a9e60caf", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Australia/Darwin", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa21b92f3596419128a660acccf2f1cf6aa66ab0" + }, + { + "alg": "SHA-256", + "content": "7e7d08661216f7c1409f32e283efc606d5b92c0e788da8dd79e533838b421afa" + } + ] + }, + { + "bom-ref": "14653b642de8a981", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Australia/Eucla", + "hashes": [ + { + "alg": "SHA-1", + "content": "abf9ae83cf5720d60dfc849f06ea666b6e6c1a0f" + }, + { + "alg": "SHA-256", + "content": "2f112e156c8cb1efdc00b56d4560a47fab08204935de34382575bc9366a049df" + } + ] + }, + { + "bom-ref": "e46d52a77ffd2012", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Australia/LHI", + "hashes": [ + { + "alg": "SHA-1", + "content": "2304257244b530bcd036aae724f99aff416198f8" + }, + { + "alg": "SHA-256", + "content": "2ee7f42f1fe2247ba1de465de0bc518dfdfab4b179fb05b650531534a353ee08" + } + ] + }, + { + "bom-ref": "4e8cc4fdeeac808a", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Australia/Lindeman", + "hashes": [ + { + "alg": "SHA-1", + "content": "8ac554523fc5300e535323ce58e46f8adb72c2e5" + }, + { + "alg": "SHA-256", + "content": "c4ce94771db6a0b3682d1d58ec64211ce628bfc9f0df140daa073f35543624ae" + } + ] + }, + { + "bom-ref": "5a5b31c6ed441c58", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Australia/Melbourne", + "hashes": [ + { + "alg": "SHA-1", + "content": "d6f744692e6c8b73de1eef051814f00e0d159e6a" + }, + { + "alg": "SHA-256", + "content": "96fc7f31072e9cc73abb6b2622b97c5f8dbb6cbb17be3920a4249d8d80933413" + } + ] + }, + { + "bom-ref": "4af1abc60ed4b3ae", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Australia/Perth", + "hashes": [ + { + "alg": "SHA-1", + "content": "bb00a26c7ab0df1054fa1c4a71f0bd836a9be5f8" + }, + { + "alg": "SHA-256", + "content": "025d4339487853fa1f3144127959734b20f7c7b4948cff5d72149a0541a67968" + } + ] + }, + { + "bom-ref": "a7395e2e631fe286", + "type": "file", + "name": "/usr/share/zoneinfo/posix/CET", + "hashes": [ + { + "alg": "SHA-1", + "content": "d90f3247c4716c2e1068d5ad9c88ca2091bec4e8" + }, + { + "alg": "SHA-256", + "content": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + } + ] + }, + { + "bom-ref": "2b4e7cf7323c8867", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Chile/EasterIsland", + "hashes": [ + { + "alg": "SHA-1", + "content": "17b3f0bf160601c93bdda3e7a0b834ecc1e06f20" + }, + { + "alg": "SHA-256", + "content": "64eefdb1ed60766dd954d0fdaf98b5162ad501313612ce55f61fdd506b0788d3" + } + ] + }, + { + "bom-ref": "d67ac102d34d7339", + "type": "file", + "name": "/usr/share/zoneinfo/posix/EET", + "hashes": [ + { + "alg": "SHA-1", + "content": "fd241e817c1f999471c30d301238211a16f95866" + }, + { + "alg": "SHA-256", + "content": "5c363e14151d751c901cdf06c502d9e1ac23b8e956973954763bfb39d5c53730" + } + ] + }, + { + "bom-ref": "3d800320aae0d855", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Eire", + "hashes": [ + { + "alg": "SHA-1", + "content": "dbd27ca1fc5b5d8b864c48e92bb42dc49a8f442b" + }, + { + "alg": "SHA-256", + "content": "75b0b9a6bad4fb50a098ebfffb8afdf1f0ffe6a9908fdd3d108f7148b647c889" + } + ] + }, + { + "bom-ref": "df34fa3daf0ac99c", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT", + "hashes": [ + { + "alg": "SHA-1", + "content": "2a8483df5c2809f1dfe0c595102c474874338379" + }, + { + "alg": "SHA-256", + "content": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + } + ] + }, + { + "bom-ref": "b30ea32dd3503666", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT+1", + "hashes": [ + { + "alg": "SHA-1", + "content": "694bd47ee2b5d93fd043dd144c5dce214e163dd8" + }, + { + "alg": "SHA-256", + "content": "d50ce5d97f6b43f45711fd75c87d3dc10642affa61e947453fb134caef6cf884" + } + ] + }, + { + "bom-ref": "e6730eb41efbdecf", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT+10", + "hashes": [ + { + "alg": "SHA-1", + "content": "df25f8ee32cd9ac7f9d3fdafb6ccc897e0675a5c" + }, + { + "alg": "SHA-256", + "content": "244432432425902d28e994dd7958d984220e87a70ae5317b1f4d0f925b3eb142" + } + ] + }, + { + "bom-ref": "adba9de770a57ed4", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT+11", + "hashes": [ + { + "alg": "SHA-1", + "content": "326fa090be74ccc8e561a72ff2833a9a80460977" + }, + { + "alg": "SHA-256", + "content": "b56bdcbd830509a13ad27255bc3aeba2feecb49becd4a4183b2ae1977773714b" + } + ] + }, + { + "bom-ref": "5eaeeecf47e10af1", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT+12", + "hashes": [ + { + "alg": "SHA-1", + "content": "9813523e1f092d2f0c0cd3e5f13e2738a51cb350" + }, + { + "alg": "SHA-256", + "content": "6fbd0712112babc2099aaf31edc399cb8791fffddfab9b871e98ef3c1107a8c0" + } + ] + }, + { + "bom-ref": "085b8e3d17b13241", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT+2", + "hashes": [ + { + "alg": "SHA-1", + "content": "e3c40ede5206526dd50a7f8d710afad3da46c12e" + }, + { + "alg": "SHA-256", + "content": "4fa129e7386c94129b61a10215407a8142a1de24d93f23285b59238689f1ad4a" + } + ] + }, + { + "bom-ref": "1118f4bdea71fa15", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT+3", + "hashes": [ + { + "alg": "SHA-1", + "content": "8f68d2cb81ec1c386f80f820d6aaf54b7444f5cd" + }, + { + "alg": "SHA-256", + "content": "406a18ac4d386d427e3b32f7eddb763194f917158d2e92433d55e025bb2d6190" + } + ] + }, + { + "bom-ref": "abd2c8452b9b1897", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT+4", + "hashes": [ + { + "alg": "SHA-1", + "content": "32cfcd637174d91744d7dff4744e199750faf9d1" + }, + { + "alg": "SHA-256", + "content": "456ae43648bec15ed7f9ca1ed15bee7c17ba2eb595a643c98226b94106049c1a" + } + ] + }, + { + "bom-ref": "3f71bb83b42bf7fe", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT+5", + "hashes": [ + { + "alg": "SHA-1", + "content": "cef7ce7bf61e746cc1ae39bbab9112bf1dfdc455" + }, + { + "alg": "SHA-256", + "content": "a1199e0b8d5d8185d3fb3cf264844a5cdf48bdd2f60dae674eec261b6fe9ac80" + } + ] + }, + { + "bom-ref": "98fb9bceea211a42", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT+6", + "hashes": [ + { + "alg": "SHA-1", + "content": "750271da92432a39887c376cd346144d785d4445" + }, + { + "alg": "SHA-256", + "content": "77a7409f089e8f2148da7ec0cc59455b4685013eb360d123048106d2ebb4b1b4" + } + ] + }, + { + "bom-ref": "2116c5a9302e3f0a", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT+7", + "hashes": [ + { + "alg": "SHA-1", + "content": "6ca6def25e8ec04a636003be3f3642e9b165b5f0" + }, + { + "alg": "SHA-256", + "content": "4ea8d86f3774607a71d708ac160d3c275f704e983aced24b2e89e0658fe5a33b" + } + ] + }, + { + "bom-ref": "c1c398fa2c623ea8", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT+8", + "hashes": [ + { + "alg": "SHA-1", + "content": "5c83913964f148a5e9d5add7eb511586880f4373" + }, + { + "alg": "SHA-256", + "content": "b61ffc6c832662044f09eb01adb981851af48d03bbc2177bd0b898f477f02729" + } + ] + }, + { + "bom-ref": "3e587927663bf2d2", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT+9", + "hashes": [ + { + "alg": "SHA-1", + "content": "fefc384f96a7e856e72e7d723eb2638cb3e7d469" + }, + { + "alg": "SHA-256", + "content": "42ae44ea2512ec9309232993ed8a2a948f0cb6ab55cb49abf6deb3585b5673d6" + } + ] + }, + { + "bom-ref": "e75e96a04cbc7bad", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT-1", + "hashes": [ + { + "alg": "SHA-1", + "content": "0ab7ceaed57872977f2162ead3e08b3a2984757c" + }, + { + "alg": "SHA-256", + "content": "ef7175794f2e01018fde6728076abdf428df31a9c61479377de7e58e9f69602e" + } + ] + }, + { + "bom-ref": "0b6064d0ab67205f", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT-10", + "hashes": [ + { + "alg": "SHA-1", + "content": "4081769004bdca6d05daa595d53c5e64e9da7dfd" + }, + { + "alg": "SHA-256", + "content": "7ca5963702c13a9d4e90a8ed735c3d2c85c94759934c3f8976f61f951cb522b5" + } + ] + }, + { + "bom-ref": "4f362059c2bd5a60", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT-11", + "hashes": [ + { + "alg": "SHA-1", + "content": "268a542f171d142870c273ea63d2b297e9132424" + }, + { + "alg": "SHA-256", + "content": "0f64bbf67ea9b1af6df7fdaf8f9c08ac5a471f63892dc08a3fabedc3315920d6" + } + ] + }, + { + "bom-ref": "ed031e2497e62995", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT-12", + "hashes": [ + { + "alg": "SHA-1", + "content": "7a7f58e042a671281dbf35baa7db93fc4661a80b" + }, + { + "alg": "SHA-256", + "content": "99ee15ea599623c812afc1fb378d56003d04c30d5a9e1fc4177e10afd5284a72" + } + ] + }, + { + "bom-ref": "5447e42cb615d2d3", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT-13", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f692f0a177436496fa8381438ee7ed1f9ae3f1a" + }, + { + "alg": "SHA-256", + "content": "c5b99b1b505003a0e5a5afe2530106c89c56e1adedea599ac1d3ca004f2f6d1f" + } + ] + }, + { + "bom-ref": "4df260a5a6d61b81", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT-14", + "hashes": [ + { + "alg": "SHA-1", + "content": "f073c38db02ac6096f4f32948eda1574a34d9d0b" + }, + { + "alg": "SHA-256", + "content": "3e95e8444061d36a85a6fc55323da957d200cd242f044ed73ef9cdf6a499f8a7" + } + ] + }, + { + "bom-ref": "0e3d7fa5ccaa00b8", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT-2", + "hashes": [ + { + "alg": "SHA-1", + "content": "44c80b54e02666339300ec84db1f6f5566b5ba92" + }, + { + "alg": "SHA-256", + "content": "bdeea158b75eba22e1a9a81a58ba8c0fa1cdc9b4b57214708ee75f4d9d9b6011" + } + ] + }, + { + "bom-ref": "4773fa53cdd52e44", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT-3", + "hashes": [ + { + "alg": "SHA-1", + "content": "3de0e41581d474c91db326d9e755fe1b11172983" + }, + { + "alg": "SHA-256", + "content": "37bee320b6a7b8b0d590bb1dba35d94aef9db078b0379308a7087b7cc5227eca" + } + ] + }, + { + "bom-ref": "c89f38590453da25", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT-4", + "hashes": [ + { + "alg": "SHA-1", + "content": "b81f76f5a16830f56841502d65c3d271a0d94ee4" + }, + { + "alg": "SHA-256", + "content": "2d2928e5f547a8f979cdfc231aa91b31afce167beda53ea8ff8c58c4dcfd9f9a" + } + ] + }, + { + "bom-ref": "e4a6f4a56ddcfb16", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT-5", + "hashes": [ + { + "alg": "SHA-1", + "content": "4978924cbee929c87b2726c9d9b4d2d5d7590da6" + }, + { + "alg": "SHA-256", + "content": "b8b69247931bd7c1d14ec000e52bde63d3c027dedd3bc433216a8d5dedf065be" + } + ] + }, + { + "bom-ref": "f1956bd1a3691380", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT-6", + "hashes": [ + { + "alg": "SHA-1", + "content": "773e9072d36b0f3dca58dc5de24b9947f3fefdeb" + }, + { + "alg": "SHA-256", + "content": "25237e454029849e747e922fedc602eae9ebb6bcfd4b55a66bea620c79467bb7" + } + ] + }, + { + "bom-ref": "21e63581b7b02e9f", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT-7", + "hashes": [ + { + "alg": "SHA-1", + "content": "6c3c180b690aee6c0320e6703f2f781618c4221e" + }, + { + "alg": "SHA-256", + "content": "bd500e17cc54f53f444a7c3af1cd12157a5cbe4a28a5a8b04d1d336de7c71d25" + } + ] + }, + { + "bom-ref": "cbf72f5b9543b190", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT-8", + "hashes": [ + { + "alg": "SHA-1", + "content": "280e22a595351b1fa0fdc3b3a3deed4e4840e31a" + }, + { + "alg": "SHA-256", + "content": "4bbc4541b14ca620d9cb8bf92f80fd7c2ae3448cf3a0b0b9a7c49edb7c62eeeb" + } + ] + }, + { + "bom-ref": "4cc17f4e31664845", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/GMT-9", + "hashes": [ + { + "alg": "SHA-1", + "content": "f62a1c06f8a901efa933208ae9501c9a2f78a269" + }, + { + "alg": "SHA-256", + "content": "239bc736650af98ca0fd2d6c905378e15195cc1824b6316055088320a3b868c2" + } + ] + }, + { + "bom-ref": "4834666be23b0336", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Etc/UCT", + "hashes": [ + { + "alg": "SHA-1", + "content": "d0b8991654116e9395714102c41d858c1454b3bd" + }, + { + "alg": "SHA-256", + "content": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + } + ] + }, + { + "bom-ref": "909799b37a21942e", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Andorra", + "hashes": [ + { + "alg": "SHA-1", + "content": "4fbea0614a049786c42ba65ea8bea4b12a7a6ef3" + }, + { + "alg": "SHA-256", + "content": "8130798c2426bc8c372498b5fef01c398ba1b733c147a457531f60555ea9eae8" + } + ] + }, + { + "bom-ref": "9afaa370e1493930", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Astrakhan", + "hashes": [ + { + "alg": "SHA-1", + "content": "6bdbac46bf6de697e0cb750be284973b05035877" + }, + { + "alg": "SHA-256", + "content": "cb0b732fdd8a55fa326ce980844f5e1ea98c72f2599b96f48ece460dd5882444" + } + ] + }, + { + "bom-ref": "5c421e73c56aad12", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Belfast", + "hashes": [ + { + "alg": "SHA-1", + "content": "1beba7108ea93c7111dabc9d7f4e4bfdea383992" + }, + { + "alg": "SHA-256", + "content": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + } + ] + }, + { + "bom-ref": "51cdda05f997befc", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Belgrade", + "hashes": [ + { + "alg": "SHA-1", + "content": "961a2223fd1573ab344930109fbd905336175c5f" + }, + { + "alg": "SHA-256", + "content": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + } + ] + }, + { + "bom-ref": "7052a3c37eb89373", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Bratislava", + "hashes": [ + { + "alg": "SHA-1", + "content": "396eb952fc9ee942964181ca4e5a2dcdb5e92901" + }, + { + "alg": "SHA-256", + "content": "fadd1d112954ec192506fb9421d7a22a80764fe4ae7b2eb116290437fec33167" + } + ] + }, + { + "bom-ref": "1ecc2805c23bda81", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Bucharest", + "hashes": [ + { + "alg": "SHA-1", + "content": "7176e5201942e3b2db81c853b0215abc86fd0ae7" + }, + { + "alg": "SHA-256", + "content": "9df83af9b5360fa0cc1166fd10c2014799319cdb1b0d2c7450a7c71ff673a857" + } + ] + }, + { + "bom-ref": "4e0f832ccffb5bf8", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Budapest", + "hashes": [ + { + "alg": "SHA-1", + "content": "91adb207dce9a1bfffd91c527c87591862b5befa" + }, + { + "alg": "SHA-256", + "content": "94dc2ac5672206fc3d7a2f35550c082876c2fd90c98e980753a1c5838c025246" + } + ] + }, + { + "bom-ref": "d527689295f8a310", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Busingen", + "hashes": [ + { + "alg": "SHA-1", + "content": "782d7d6812933a263ebfff012a0120d480071b1b" + }, + { + "alg": "SHA-256", + "content": "2b9418ed48e3d9551c84a4786e185bd2181d009866c040fbd729170d038629ef" + } + ] + }, + { + "bom-ref": "463fd1185acb3ea7", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Chisinau", + "hashes": [ + { + "alg": "SHA-1", + "content": "3c7ec1a8e357d2bbaead94d299dbe16db67b43ba" + }, + { + "alg": "SHA-256", + "content": "a7527faea144d77a4bf1ca4146b1057beb5e088f1fd1f28ae2e4d4cbfe1d885e" + } + ] + }, + { + "bom-ref": "e0ede8868e534771", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Gibraltar", + "hashes": [ + { + "alg": "SHA-1", + "content": "122f8383ab55c80eb33fe83cb2c8e870104260ee" + }, + { + "alg": "SHA-256", + "content": "6bced6a5a065bf123880053d3a940e90df155096e2ad55987fe55f14b4c8a12e" + } + ] + }, + { + "bom-ref": "0ba296fdbd0793ad", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Helsinki", + "hashes": [ + { + "alg": "SHA-1", + "content": "3f01ceaf46492fcbd8753bc6cff72ca73df6d1f1" + }, + { + "alg": "SHA-256", + "content": "184901ecbb158667a0b7b62eb9685e083bc3182edbecdc3d6d3743192f6a9097" + } + ] + }, + { + "bom-ref": "d75f7a1687554234", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Kaliningrad", + "hashes": [ + { + "alg": "SHA-1", + "content": "a02a78fd9fd74fa6cd9abe6546273519018d5030" + }, + { + "alg": "SHA-256", + "content": "b3b19749ed58bcc72cec089484735303a2389c03909ff2a6cff66a2583be2cc3" + } + ] + }, + { + "bom-ref": "373ae748a8cbcd46", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Kiev", + "hashes": [ + { + "alg": "SHA-1", + "content": "946d9ae0ff7ee36e2d8809629da945ae868f4d65" + }, + { + "alg": "SHA-256", + "content": "fb0ae91bd8cfb882853f5360055be7c6c3117fd2ff879cf727a4378e3d40c0d3" + } + ] + }, + { + "bom-ref": "d705fc609541cf5f", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Kirov", + "hashes": [ + { + "alg": "SHA-1", + "content": "22357ac98d315c82d585badfb9afe934a709f107" + }, + { + "alg": "SHA-256", + "content": "3fb4f665fe44a3aa382f80db83f05f8858d48138f47505e5af063e419d5e0559" + } + ] + }, + { + "bom-ref": "ba21fd1aa2af3853", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Lisbon", + "hashes": [ + { + "alg": "SHA-1", + "content": "b9298daf385db9e18080b3d9f46be2c944714ec1" + }, + { + "alg": "SHA-256", + "content": "92b07cb24689226bf934308d1f1bd33c306aa4da610c52cd5bce25077960502c" + } + ] + }, + { + "bom-ref": "f2d3cfaacbb01880", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Madrid", + "hashes": [ + { + "alg": "SHA-1", + "content": "373ee9e3d0ba9edf1ebd6497d5f1ffb50a62984f" + }, + { + "alg": "SHA-256", + "content": "9a42d7d37ad6dedd2d9b328120f7bf9e852f6850c4af00baff964f659b161cea" + } + ] + }, + { + "bom-ref": "70b83a93e0a21641", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Malta", + "hashes": [ + { + "alg": "SHA-1", + "content": "eede4ec7a48fc8ada059d1462e2c090eda8c6c91" + }, + { + "alg": "SHA-256", + "content": "12129c6cf2f8efbeb9b56022439edcbac68ad9368842a64282d268119b3751dd" + } + ] + }, + { + "bom-ref": "d93c522207cbf1bf", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Minsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "e36f1daec8979122825de4903770b79e0eabcd88" + }, + { + "alg": "SHA-256", + "content": "9a7f3acddacd5a92580df139d48cbd9f5f998b6a624f26fd10f692d80fae1894" + } + ] + }, + { + "bom-ref": "211f559c0f4bbf4a", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Monaco", + "hashes": [ + { + "alg": "SHA-1", + "content": "f065dd54ad27c008caa5e96b7fec1e7859fcc003" + }, + { + "alg": "SHA-256", + "content": "ab77a1488a2dd4667a4f23072236e0d2845fe208405eec1b4834985629ba7af8" + } + ] + }, + { + "bom-ref": "f78d3bb4be66b75b", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Moscow", + "hashes": [ + { + "alg": "SHA-1", + "content": "d4d01723421789b2d2b54ffedee60283e94f5e65" + }, + { + "alg": "SHA-256", + "content": "2a69287d1723e93f0f876f0f242866f09569d77b91bde7fa4d9d06b8fcd4883c" + } + ] + }, + { + "bom-ref": "fcef089df6ff596a", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Riga", + "hashes": [ + { + "alg": "SHA-1", + "content": "799671bdcad326eb5707eb620342c69bac5e6580" + }, + { + "alg": "SHA-256", + "content": "849dbfd26d6d696f48b80fa13323f99fe597ed83ab47485e2accc98609634569" + } + ] + }, + { + "bom-ref": "194c99d5c6dfd860", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Rome", + "hashes": [ + { + "alg": "SHA-1", + "content": "2ef35f507ab176828a5c751f702144ede463e385" + }, + { + "alg": "SHA-256", + "content": "d5ade82cc4a232949b87d43157c84b2c355b66a6ac87cf6250ed6ead80b5018f" + } + ] + }, + { + "bom-ref": "fa730dd75d64d5a3", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Samara", + "hashes": [ + { + "alg": "SHA-1", + "content": "a8bab29224d52a19e5960c2c66557748fb55c4e5" + }, + { + "alg": "SHA-256", + "content": "cf68a79ea499f3f964132f1c23217d24cfc57e73b6b1665aa9e16a3a1f290fb3" + } + ] + }, + { + "bom-ref": "48f8c2a987661df7", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Saratov", + "hashes": [ + { + "alg": "SHA-1", + "content": "916029e1ff74b86bd860098a43bacbac34677fb5" + }, + { + "alg": "SHA-256", + "content": "04c7a3e3d1e5406db80960a1e5538436b0778cfb893d270fb3346d6fb32b2772" + } + ] + }, + { + "bom-ref": "c817df2401644d95", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Simferopol", + "hashes": [ + { + "alg": "SHA-1", + "content": "f1773f7624c418081fb3ab76ac1a64ab60f2e9be" + }, + { + "alg": "SHA-256", + "content": "b7397bc5d355499a6b342ba5e181392d2a6847d268ba398eabc55b6c1f301e27" + } + ] + }, + { + "bom-ref": "385f39c9f2fe1333", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Sofia", + "hashes": [ + { + "alg": "SHA-1", + "content": "541f61fa9ef15b102f8661b684ad9976bd81b929" + }, + { + "alg": "SHA-256", + "content": "84240a5df30dae7039c47370feecd38cacd5c38f81becab9a063b8c940afe6d6" + } + ] + }, + { + "bom-ref": "5fc0468959b8e2ca", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Tallinn", + "hashes": [ + { + "alg": "SHA-1", + "content": "dff1b1743ddf6474e691fae0a6dab8ee93d81789" + }, + { + "alg": "SHA-256", + "content": "e1ae890b4688a4ccea215ecedf9ce81b42cb270910ab90285d9da2be489cebec" + } + ] + }, + { + "bom-ref": "514cb52107ce34ed", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Tirane", + "hashes": [ + { + "alg": "SHA-1", + "content": "3b9be3df7968b0c46feed0a46349324179daaa84" + }, + { + "alg": "SHA-256", + "content": "ced959c824bd5825de556f2706e9f74f28b91d463412d15b8816c473582e72ec" + } + ] + }, + { + "bom-ref": "a179fa54cf5c4c26", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Ulyanovsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "f5d943bf83a0dffa86018b8512df7179536fb4ae" + }, + { + "alg": "SHA-256", + "content": "9c5b207154e64e2885cc7b722434673bedc7e064407c079c79be9bda31472d44" + } + ] + }, + { + "bom-ref": "ee42227bc84df0ea", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Vienna", + "hashes": [ + { + "alg": "SHA-1", + "content": "1da9833989405bd5ff21d58013704f9f00cefd7b" + }, + { + "alg": "SHA-256", + "content": "6662379000c4e9b9eb24471caa1ef75d7058dfa2f51b80e4a624d0226b4dad49" + } + ] + }, + { + "bom-ref": "2eac927b46cddaa0", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Vilnius", + "hashes": [ + { + "alg": "SHA-1", + "content": "88bfe2ba142bad0856984a813ac8b93939fd6b3e" + }, + { + "alg": "SHA-256", + "content": "505cd15f7a2b09307c77d23397124fcb9794036a013ee0aed54265fb60fb0b75" + } + ] + }, + { + "bom-ref": "0011d80650bd57b7", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Volgograd", + "hashes": [ + { + "alg": "SHA-1", + "content": "a4deb32b25919c4fbeec94d043abbdcc27b45bd6" + }, + { + "alg": "SHA-256", + "content": "46016fb7b9b367e4ed20a2fd0551e6a0d64b21e2c8ba20dd5de635d20dbfbe4b" + } + ] + }, + { + "bom-ref": "d5106c46a9567f39", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Europe/Warsaw", + "hashes": [ + { + "alg": "SHA-1", + "content": "011e06118f3e209794b175332ffb109e2583e4f7" + }, + { + "alg": "SHA-256", + "content": "4e22c33db79517472480b54491a49e0da299f3072d7490ce97f1c4fd6779acab" + } + ] + }, + { + "bom-ref": "066e06135920a3fe", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Factory", + "hashes": [ + { + "alg": "SHA-1", + "content": "d970812ef3dca71b59cc3dab08ba3391d4dd1418" + }, + { + "alg": "SHA-256", + "content": "6851652b1f771d7a09a05e124ae4e50fc719b4903e9dee682b301ae9e5f65789" + } + ] + }, + { + "bom-ref": "fa4e8eab62182cad", + "type": "file", + "name": "/usr/share/zoneinfo/posix/HST", + "hashes": [ + { + "alg": "SHA-1", + "content": "5d5313bee3a467f7b5311b263c7d38b52f182164" + }, + { + "alg": "SHA-256", + "content": "7f03d1bf5264e7ab023a2ef9b997ddfc8cb6936692407c770762b9c549523f33" + } + ] + }, + { + "bom-ref": "6d6688aea27fa8fa", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Indian/Chagos", + "hashes": [ + { + "alg": "SHA-1", + "content": "e56a740e0b4703426b63bf2ea71650a2ae0defda" + }, + { + "alg": "SHA-256", + "content": "db7076ea9c302b48315bb4cfefa1a5b7263e454fe8e911864ab17dde917b4b51" + } + ] + }, + { + "bom-ref": "4f21c2134ca3699d", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Indian/Kerguelen", + "hashes": [ + { + "alg": "SHA-1", + "content": "a77b20e17ce1c1f9c4767d1ddf03a67b0312ce6c" + }, + { + "alg": "SHA-256", + "content": "7544016eb9a8077a1d5ac32ddcad58527078e3b03a9e45b7691d5a1f374b17b3" + } + ] + }, + { + "bom-ref": "d1c10e34d3aafde3", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Indian/Mauritius", + "hashes": [ + { + "alg": "SHA-1", + "content": "1c264edb46f9058fb482a727ec95bb67807ec804" + }, + { + "alg": "SHA-256", + "content": "93abd651571f537812d4ad767bf68cc3a05e49d32f74bc822510802fb083d20a" + } + ] + }, + { + "bom-ref": "dbdc3b07da2deabb", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Kwajalein", + "hashes": [ + { + "alg": "SHA-1", + "content": "6c90cce9681748e9c5c59ba8a9070c1425a71f79" + }, + { + "alg": "SHA-256", + "content": "2f89c7deac6fe4404a551c58b7aedbf487d97c1ce0e4a264d7d8aeef1de804c9" + } + ] + }, + { + "bom-ref": "94958ba44fa043aa", + "type": "file", + "name": "/usr/share/zoneinfo/posix/NZ-CHAT", + "hashes": [ + { + "alg": "SHA-1", + "content": "cb54cbb65da9481265fbb1005f8860efa5170042" + }, + { + "alg": "SHA-256", + "content": "96456a692175596a6ffc1d8afa4dae269dac7ad4552ba5db8ec437f200c65448" + } + ] + }, + { + "bom-ref": "ac704fff8d045cef", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Apia", + "hashes": [ + { + "alg": "SHA-1", + "content": "442116a1776e38b80a519df388e5e3e992081f74" + }, + { + "alg": "SHA-256", + "content": "726e92e83d15747b1da8b264ba95091faa4bca76a8e50970a4c99123d9b9647e" + } + ] + }, + { + "bom-ref": "c985cb2dc1a169bc", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Bougainville", + "hashes": [ + { + "alg": "SHA-1", + "content": "4438f6699a844ec19aabc63f4ea9df91e1714ffb" + }, + { + "alg": "SHA-256", + "content": "64a0dafd2ff68129663968b35750eac47df06c4e7cadf2b5bca64766aaebb632" + } + ] + }, + { + "bom-ref": "2cf98fe7a8654079", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Efate", + "hashes": [ + { + "alg": "SHA-1", + "content": "dfcdfadd0146e60fdfa6c9a457f4fd94c062fb1a" + }, + { + "alg": "SHA-256", + "content": "a46e0d31578cde10494d99d99aa78bab3dd0e680a08135b81cef91f457bddba0" + } + ] + }, + { + "bom-ref": "f049ddb3599ce35d", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Enderbury", + "hashes": [ + { + "alg": "SHA-1", + "content": "ae7f372f20b1ed3a9bbc2eeabd3a67156f9e65f4" + }, + { + "alg": "SHA-256", + "content": "52f13b7d5b79bc64bb968297d7489b84d8a596288dab0bd001757d3518588603" + } + ] + }, + { + "bom-ref": "057a5f6ec928791d", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Fakaofo", + "hashes": [ + { + "alg": "SHA-1", + "content": "4ae0c959818fd9aad8518baa00dab9172c77f1d7" + }, + { + "alg": "SHA-256", + "content": "828c3e4a0139af973c27f020e67bc9e5250f0e0eb21fca6d87f6be40b0dc3eff" + } + ] + }, + { + "bom-ref": "c6de8cfabb0d2d20", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Fiji", + "hashes": [ + { + "alg": "SHA-1", + "content": "3c657bce2b4fd4ebd6fbf6e435eac77d0704d3a0" + }, + { + "alg": "SHA-256", + "content": "c955305c2fc9c0bc9f929adf08d4e7580add30ba925c600e7a479ee37b191a23" + } + ] + }, + { + "bom-ref": "6cec62463126b762", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Funafuti", + "hashes": [ + { + "alg": "SHA-1", + "content": "cb335dbaaa6de98cf1f54d4a9e665c21e2cd4088" + }, + { + "alg": "SHA-256", + "content": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + } + ] + }, + { + "bom-ref": "4205f8b4e25f7938", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Galapagos", + "hashes": [ + { + "alg": "SHA-1", + "content": "e4dac5e58655145a568ed53ebe3c2acf5f4a3724" + }, + { + "alg": "SHA-256", + "content": "31db650be7dfa7cade202cc3c6c43cb5632c4e4ab965c37e8f73b2ca18e8915f" + } + ] + }, + { + "bom-ref": "7daee65cf4a04418", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Gambier", + "hashes": [ + { + "alg": "SHA-1", + "content": "1fb4054e9a560e58b8e482bc29621d1e88201a75" + }, + { + "alg": "SHA-256", + "content": "cfa79817cb2cccb8e47e9aa65a76c1040501fa26da4799e874a68061bbd739ed" + } + ] + }, + { + "bom-ref": "18dea002d13130a1", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Guadalcanal", + "hashes": [ + { + "alg": "SHA-1", + "content": "5011d0291e183a54b67e5cffba2d54278478ebe5" + }, + { + "alg": "SHA-256", + "content": "e865fe5e9c5c0b203ae2a50c77124c14cab8b0f93466385ec6a19baf2cdf8231" + } + ] + }, + { + "bom-ref": "44028b6bb5dd7fc0", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Guam", + "hashes": [ + { + "alg": "SHA-1", + "content": "e89887209cf2ea7f4223ca7298e9377b233eaba6" + }, + { + "alg": "SHA-256", + "content": "131f739e67faacd7c6cdeea036964908caf54d3e2b925d929eb85e72b749b9f2" + } + ] + }, + { + "bom-ref": "90771ac81ab468b8", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Kiritimati", + "hashes": [ + { + "alg": "SHA-1", + "content": "37395a0b6f3d7510d03c13e1a0a92b399f7b303c" + }, + { + "alg": "SHA-256", + "content": "5474778aec22bf7b71eb95ad8ad5470a840483754977cd76559e5d8ee4b25317" + } + ] + }, + { + "bom-ref": "7ead89c2b331912b", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Kosrae", + "hashes": [ + { + "alg": "SHA-1", + "content": "59dabc00195b0e9a26c1304e866284e7c9963d09" + }, + { + "alg": "SHA-256", + "content": "566e40288e8dbee612cf9f2cf3ddb658d2225a8a8f722c7624e24e8b1d669525" + } + ] + }, + { + "bom-ref": "2ee3a5a33392d02c", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Marquesas", + "hashes": [ + { + "alg": "SHA-1", + "content": "57ac5495306a7ca1ce93df12ef67956ed2d81c44" + }, + { + "alg": "SHA-256", + "content": "bb3b2356896eb46457a7f1519ef5e85340290c46f865a628cffafad03ee3b9f8" + } + ] + }, + { + "bom-ref": "21aebeff396d90d6", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Midway", + "hashes": [ + { + "alg": "SHA-1", + "content": "4c388c7f9a7700517fc6577943f3efe3bdddd3eb" + }, + { + "alg": "SHA-256", + "content": "7c262b62985863aad47f13b0ef5db2e5cc917b5d38002de9a2ea83ddb0883458" + } + ] + }, + { + "bom-ref": "46d8ffd21be5a635", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Nauru", + "hashes": [ + { + "alg": "SHA-1", + "content": "58548fa30aafa75c04f88b266404875a11a2c6f0" + }, + { + "alg": "SHA-256", + "content": "a06c68718b2ab2c67f11e4077f77143f9720d2ab6acf1d41ce81235568c4ffb8" + } + ] + }, + { + "bom-ref": "c276e24691787eff", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Niue", + "hashes": [ + { + "alg": "SHA-1", + "content": "d65969431f77c6ed51c69499305c8bacad1e8ba6" + }, + { + "alg": "SHA-256", + "content": "29cd01460b2eee0d904d1f5edfb0eea91a35b140960c5328c00438c0ee98350d" + } + ] + }, + { + "bom-ref": "72bd1bf6a1f8325a", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Norfolk", + "hashes": [ + { + "alg": "SHA-1", + "content": "0f70543c0407a341ec68b97c13354ad6bc5f5000" + }, + { + "alg": "SHA-256", + "content": "09d11733d48a602f569fb68cc43dac5798bccc4f3c350a36e59fcbf3be09b612" + } + ] + }, + { + "bom-ref": "ac44ce4edaa057c8", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Noumea", + "hashes": [ + { + "alg": "SHA-1", + "content": "d8e75639c5dbd5aacc617f37e2d5003747a8a2e7" + }, + { + "alg": "SHA-256", + "content": "1526a7a4038213b58741e8a8a78404aca57d642dd3ceed86c641fcfad217b076" + } + ] + }, + { + "bom-ref": "f889562e18d25a1a", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Palau", + "hashes": [ + { + "alg": "SHA-1", + "content": "5d7598739759a6bc5a4907695beebb6c41a8d045" + }, + { + "alg": "SHA-256", + "content": "0915bffcc7173e539ac68d92f641cc1da05d8efeeee7d65613062e242a27ce64" + } + ] + }, + { + "bom-ref": "26f1e9f423da2438", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Pitcairn", + "hashes": [ + { + "alg": "SHA-1", + "content": "e650a33fa02e1507b3b1720fa483a3a505784d67" + }, + { + "alg": "SHA-256", + "content": "3bae4477514e085ff4ac48e960f02ab83c2d005de1c7224d8ae8e0a60655d247" + } + ] + }, + { + "bom-ref": "5e58792604a2de92", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Rarotonga", + "hashes": [ + { + "alg": "SHA-1", + "content": "dbdac5a429cf392f51c37a685c51690e4ff97263" + }, + { + "alg": "SHA-256", + "content": "deeaf48e2050a94db457228c2376d27c0f8705a43e1e18c4953aac1d69359227" + } + ] + }, + { + "bom-ref": "2ba0227f0817622e", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Tahiti", + "hashes": [ + { + "alg": "SHA-1", + "content": "c38a00fdc386eabc2c267e49cf2b84f7f5b5e7ba" + }, + { + "alg": "SHA-256", + "content": "f62a335d11580e104e2e28e60e4da6452e0c6fe2d7596d6eee7efdd2304d2b13" + } + ] + }, + { + "bom-ref": "86b1760d0094da18", + "type": "file", + "name": "/usr/share/zoneinfo/posix/Pacific/Tongatapu", + "hashes": [ + { + "alg": "SHA-1", + "content": "2948107fca9a51b432da408630a8507d5c6a1a59" + }, + { + "alg": "SHA-256", + "content": "6f44db6da6015031243c8a5c4be12720a099e4a4a0d8734e188649f4f6bc4c42" + } + ] + }, + { + "bom-ref": "1e12e2b7baffc502", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Abidjan", + "hashes": [ + { + "alg": "SHA-1", + "content": "e7548658d1a556108a7d589d4a6b1f25f04f6b08" + }, + { + "alg": "SHA-256", + "content": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + } + ] + }, + { + "bom-ref": "28a58a71753afd9d", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Addis_Ababa", + "hashes": [ + { + "alg": "SHA-1", + "content": "44b45d7471b73915facdce9fdc9970ce60b96931" + }, + { + "alg": "SHA-256", + "content": "0452df41e535930e88a7c4783bd33c4284d5cae96daa6915fffb9a27ccf2f4d6" + } + ] + }, + { + "bom-ref": "0caf887c9a2180c1", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Algiers", + "hashes": [ + { + "alg": "SHA-1", + "content": "bfc4f856b5cac64495446fac945078961f54dd49" + }, + { + "alg": "SHA-256", + "content": "b82210ca1dcb1915525fe6ecb6447113998bb3848e6d9c6129908894b9cf69dd" + } + ] + }, + { + "bom-ref": "12ae5e9461e3b5ae", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Bangui", + "hashes": [ + { + "alg": "SHA-1", + "content": "e5d3299b0b6f60a64c4b4df90740be055967fc7d" + }, + { + "alg": "SHA-256", + "content": "b498fd4a1c3b46c690f2b78e39afd2f8c31e4b1506115e12a82c89260dfce48e" + } + ] + }, + { + "bom-ref": "1ea40f38c3af340f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Bissau", + "hashes": [ + { + "alg": "SHA-1", + "content": "2943c4a3ec06a4966a3971b3bb8d815f46f64452" + }, + { + "alg": "SHA-256", + "content": "69cb21ce2a4876370726a0d53384cb91070b3b5395957017eb8e3baf1545bf5a" + } + ] + }, + { + "bom-ref": "81ab02364bf1f697", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Blantyre", + "hashes": [ + { + "alg": "SHA-1", + "content": "0500a5fe71a16431b84e65d0f5f99c77530f0d9d" + }, + { + "alg": "SHA-256", + "content": "50e495f300ed648bcd599326561fa29edc695ba8cdb27469b2008460406e0aaa" + } + ] + }, + { + "bom-ref": "8aca294312e655c7", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Cairo", + "hashes": [ + { + "alg": "SHA-1", + "content": "3b3134acbe48516f6813276fa36d9236df991dfa" + }, + { + "alg": "SHA-256", + "content": "0cf2295a003fcdf7e72d5254f968c7f9b9fee98fba0fca1aeef2630d898ac313" + } + ] + }, + { + "bom-ref": "43ecffc436a18913", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Casablanca", + "hashes": [ + { + "alg": "SHA-1", + "content": "9366ebbee7b43a448d279d54cc0085d26034d2da" + }, + { + "alg": "SHA-256", + "content": "7308ffbd19caeb2e0236505cb098f2771a518d5f49dd7b5087bb67ad5716cc16" + } + ] + }, + { + "bom-ref": "0515ffe984f626d8", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Ceuta", + "hashes": [ + { + "alg": "SHA-1", + "content": "cee9b26d6ed72dd814fab10daace29b72b351fd7" + }, + { + "alg": "SHA-256", + "content": "c24c8fd8f15c5cfd8a0af1c6f82ddb123376866eb592ae8e2ae3b729d5ed1142" + } + ] + }, + { + "bom-ref": "27f5c384e6257312", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/El_Aaiun", + "hashes": [ + { + "alg": "SHA-1", + "content": "dd6645412fb1a7ee30a59c9eae83ac765e76fd0f" + }, + { + "alg": "SHA-256", + "content": "4b87e565d279ef251825c24160a0e4975fb46c390838159e3d82246d5890eb08" + } + ] + }, + { + "bom-ref": "eafe51e1e824cc94", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Johannesburg", + "hashes": [ + { + "alg": "SHA-1", + "content": "b20061340f101ac794048fa8766100a024975d9f" + }, + { + "alg": "SHA-256", + "content": "23430ce1b491d37d0cf263434c913117b38588a7bcd3d19644733d94c24c3d80" + } + ] + }, + { + "bom-ref": "b2cfd17a18d5a1bd", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Juba", + "hashes": [ + { + "alg": "SHA-1", + "content": "3ff4e966824737fa7aa81adf5f45666ef639b82a" + }, + { + "alg": "SHA-256", + "content": "95f824cbcdef20db8f196141d752f3a745a67377d1c42d81c1b305a13dfbbf75" + } + ] + }, + { + "bom-ref": "967e3a10ec37458f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Khartoum", + "hashes": [ + { + "alg": "SHA-1", + "content": "2b7f24674b1ea7f9e36ec487ef3a6fb65ccd1f0b" + }, + { + "alg": "SHA-256", + "content": "e2f1a0bfcda4b70b929a141d995899ea42b717ece0c3c5d2b30fa7eadee4185f" + } + ] + }, + { + "bom-ref": "3dc2ade608bb09da", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Monrovia", + "hashes": [ + { + "alg": "SHA-1", + "content": "5197b4769725d1519361d251e989640fc15dd012" + }, + { + "alg": "SHA-256", + "content": "23c47fbe43d31c1c2eab3fc40909480a9f797368d8fa8e429774e16f8202d33a" + } + ] + }, + { + "bom-ref": "673d21dbd2158552", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Ndjamena", + "hashes": [ + { + "alg": "SHA-1", + "content": "1466337323b061589dd7cc745374281199aaf05d" + }, + { + "alg": "SHA-256", + "content": "72b90718f783f47d1194762dfdf1e9476f1272c92e3e674221605191ba9642ce" + } + ] + }, + { + "bom-ref": "b97a7a2f3fbf4c36", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Sao_Tome", + "hashes": [ + { + "alg": "SHA-1", + "content": "dc20e74114c7db3a25a850d085b51b29b0433a82" + }, + { + "alg": "SHA-256", + "content": "eac39b97f89cb5c9a5a6e8188fcdc2254c5e470bdba79cfd7dcc430f86ab23e3" + } + ] + }, + { + "bom-ref": "63f5243af314e0b5", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Tripoli", + "hashes": [ + { + "alg": "SHA-1", + "content": "82bc65e952b18495bfb2098430c0cbc2ddd97aac" + }, + { + "alg": "SHA-256", + "content": "bb5d4058b24832f4d9d47f2464b01b458efabc17243252c13cb1f7732eab4d0e" + } + ] + }, + { + "bom-ref": "996f559bdbcdf702", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Tunis", + "hashes": [ + { + "alg": "SHA-1", + "content": "e6665aa405449ac0c941f56c0c9217d117314ca1" + }, + { + "alg": "SHA-256", + "content": "5e2b3f9e67dba3db5f16186bb601bf9eddc930026bd9729a87de1e67b9215d7d" + } + ] + }, + { + "bom-ref": "3efdc5b032bda724", + "type": "file", + "name": "/usr/share/zoneinfo/right/Africa/Windhoek", + "hashes": [ + { + "alg": "SHA-1", + "content": "ac60a291de8bb89d63a4e622da21b394f446cacb" + }, + { + "alg": "SHA-256", + "content": "423d39a12510b844303818beaf7ca9bbab64f1d89bc74693dff4cc3538c7208a" + } + ] + }, + { + "bom-ref": "644aa8c946738c20", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Adak", + "hashes": [ + { + "alg": "SHA-1", + "content": "c921275cc32abe4f70a1ea81fd0d458801a5c744" + }, + { + "alg": "SHA-256", + "content": "eda5938e2a7bcf04fe49e8f88a54725faa398319b93206dfaeb2d0915887d560" + } + ] + }, + { + "bom-ref": "545524b58c8b745e", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Anchorage", + "hashes": [ + { + "alg": "SHA-1", + "content": "a73d9214b762c019f498661d08cacfddc44f6afc" + }, + { + "alg": "SHA-256", + "content": "822caa627009cfbaec50af294a81c1e237ac690033f0f424468f1fa29ca60bf8" + } + ] + }, + { + "bom-ref": "5d7943c7e30119bb", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Anguilla", + "hashes": [ + { + "alg": "SHA-1", + "content": "3dcef79cf8beabaffc49ae9d4e988d96501e4b20" + }, + { + "alg": "SHA-256", + "content": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + } + ] + }, + { + "bom-ref": "0d9f97c062a39e17", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Araguaina", + "hashes": [ + { + "alg": "SHA-1", + "content": "bfdb939a148ce3f185acabd6c07f559662ae19e2" + }, + { + "alg": "SHA-256", + "content": "48d382d8c4965a56dd7385bdf6b751c369359681530fdf04115ea1394b5bbee7" + } + ] + }, + { + "bom-ref": "fba85d57dfe36e70", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", + "hashes": [ + { + "alg": "SHA-1", + "content": "697701087c7ac1a4b746a296a2283dc3b5493a7d" + }, + { + "alg": "SHA-256", + "content": "2e14211d1ef17ff25d3e08567e9e53ef9ef4d1f81db55396a8e5cdff73d6a9ef" + } + ] + }, + { + "bom-ref": "a9fee61f29c681de", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Argentina/Catamarca", + "hashes": [ + { + "alg": "SHA-1", + "content": "9bbede667590f00caee022f7167f82dbc8db3cf7" + }, + { + "alg": "SHA-256", + "content": "905ae931fb0eaada8c616b75e4df4d37499c4086cac66edd0ee9b16d0cbebbe5" + } + ] + }, + { + "bom-ref": "ee089b91a7005898", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Argentina/Cordoba", + "hashes": [ + { + "alg": "SHA-1", + "content": "0835c7d8517c8f6a686b7e3087a61f1d54f9a13b" + }, + { + "alg": "SHA-256", + "content": "8484fedab6db3db014c76102c714037f36dbc2577448550f7ab0162ee918c3ca" + } + ] + }, + { + "bom-ref": "4a3eda6da3ff252c", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Argentina/Jujuy", + "hashes": [ + { + "alg": "SHA-1", + "content": "d875cc4a963602e78a4409759b0c5d3195785400" + }, + { + "alg": "SHA-256", + "content": "33ca10a968a8b941e09fd3fe3af2ea04309c7fe62f46d3a38b592767ef73f681" + } + ] + }, + { + "bom-ref": "9f31d5e035978451", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", + "hashes": [ + { + "alg": "SHA-1", + "content": "0cecc54e7f53eb376d2d8edb011ad46e858c3b78" + }, + { + "alg": "SHA-256", + "content": "c874c359a6133f8d351124e131096e560c85745697b855a0dc7c39349a0f8816" + } + ] + }, + { + "bom-ref": "749cbcc52c60375e", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Argentina/Mendoza", + "hashes": [ + { + "alg": "SHA-1", + "content": "7c2cf695ed4e8c9c070d49b0e2866ec006d3abfe" + }, + { + "alg": "SHA-256", + "content": "c8f0a41e270f3428b7266e7b5286811b0c5a649b7e54f91e3e31f254c59154bb" + } + ] + }, + { + "bom-ref": "82f885559c79e03e", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", + "hashes": [ + { + "alg": "SHA-1", + "content": "a9adafc9a85f01105bf5052887ebeed030f5d9f8" + }, + { + "alg": "SHA-256", + "content": "eff23fa4ef928a02ece1a45edda3c609d87b20e89739e6e6583d9a4270b53773" + } + ] + }, + { + "bom-ref": "7775c68823622bef", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Argentina/Salta", + "hashes": [ + { + "alg": "SHA-1", + "content": "0f3c89361fb6564234176d775fcbdcaf7108158b" + }, + { + "alg": "SHA-256", + "content": "4afc8318be82f56fbc93b31cfeb5d14be09bbe8a06c769184da425fa923025c9" + } + ] + }, + { + "bom-ref": "dc9f06d4ba7b9f7c", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Argentina/San_Juan", + "hashes": [ + { + "alg": "SHA-1", + "content": "ce97e1aaa2abdca23a4dc4cdaa28cc454e286f13" + }, + { + "alg": "SHA-256", + "content": "3bd8dea3ac42e9a2d1a0163bfe8f016fe2fc646a1ab6fc140a9f773bab427e46" + } + ] + }, + { + "bom-ref": "79bced351aedbd0c", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Argentina/San_Luis", + "hashes": [ + { + "alg": "SHA-1", + "content": "937abcdeac1c95cbd38515b9119063150ede536c" + }, + { + "alg": "SHA-256", + "content": "2de51d378aa922263bbc8f8dd76127d4ad696a6fd477d7951c6f0fa4cb3f919f" + } + ] + }, + { + "bom-ref": "c63555534c04dfd9", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Argentina/Tucuman", + "hashes": [ + { + "alg": "SHA-1", + "content": "dee2141bb5a8bc7287a9d0467f341549aa8bcd3f" + }, + { + "alg": "SHA-256", + "content": "f459b3b4bdbd76e51a8058fcee5e33edc125ad05a7aab1c942d00d0ba720d24c" + } + ] + }, + { + "bom-ref": "765160302ae1e137", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", + "hashes": [ + { + "alg": "SHA-1", + "content": "68351592dc160973545d19bcba752dd9ec38285b" + }, + { + "alg": "SHA-256", + "content": "0819bab11849a3ecc0c9bcea0859010c658df967ef0f223d2d6f9cfe2f9bc160" + } + ] + }, + { + "bom-ref": "91904eed74ebab7c", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Asuncion", + "hashes": [ + { + "alg": "SHA-1", + "content": "908416e61183e5a1131a46c66936100262634180" + }, + { + "alg": "SHA-256", + "content": "2af7198626a523401b074059d12974998b644d8e1e5bebfd27e78bb4ac64e740" + } + ] + }, + { + "bom-ref": "74c4ec0cba7629ee", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Atikokan", + "hashes": [ + { + "alg": "SHA-1", + "content": "77c866c688c3c37eb3272ae5270f7e60c2f03c5d" + }, + { + "alg": "SHA-256", + "content": "52d82dae24e548fb8be6b53a7c8bf2f6a008600afb7c4616caf40f620f191174" + } + ] + }, + { + "bom-ref": "0ade089dd60c5f85", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Bahia", + "hashes": [ + { + "alg": "SHA-1", + "content": "a38a14db8a11570310d7c8a449caec651c63d4dc" + }, + { + "alg": "SHA-256", + "content": "5e242c35d73d4f3bdabe156f23b114144f9cc359d3400ab7d7464b86b16d21c5" + } + ] + }, + { + "bom-ref": "6c1e03e0ff4c5fc4", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Bahia_Banderas", + "hashes": [ + { + "alg": "SHA-1", + "content": "2b6c1b1ef8512fa0c5692083e4940676163339ff" + }, + { + "alg": "SHA-256", + "content": "3b928d2fea6733afd52890678319e08e13112bb79a96ece242ed0d3c96235ef9" + } + ] + }, + { + "bom-ref": "68dc887745847a95", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Barbados", + "hashes": [ + { + "alg": "SHA-1", + "content": "76deee72250ee11d6cf49901ebac9fe5bd0257be" + }, + { + "alg": "SHA-256", + "content": "978e1e4bb9e907b25efd9c990c7e2fa4cce322aa08063ebd73983187d7db033d" + } + ] + }, + { + "bom-ref": "ccf81edcc32a4f29", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Belem", + "hashes": [ + { + "alg": "SHA-1", + "content": "584bcbc5b5a22a963ce7beeceb1d4f59238a113b" + }, + { + "alg": "SHA-256", + "content": "30fedc0e5f3334ab4cbd939be48d7d8ef22d3d79927c136b88fd7bfee27601ab" + } + ] + }, + { + "bom-ref": "6b00277688781bab", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Belize", + "hashes": [ + { + "alg": "SHA-1", + "content": "2297abc95b74ebe5736627f3a3136ef00f5bd964" + }, + { + "alg": "SHA-256", + "content": "7c378a7a12875e3dc0e8ec6232c6d057f7bf03335dcf9aa59afb4c3fcda21b26" + } + ] + }, + { + "bom-ref": "d34cf2a21c861c20", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Boa_Vista", + "hashes": [ + { + "alg": "SHA-1", + "content": "06b9a02570482a74fb0e9941e94654a75ffa414d" + }, + { + "alg": "SHA-256", + "content": "d727d0877afc200e80e9ce5c2e5b77bdb21b6f01a2b52854f392b5bf1c45f9ee" + } + ] + }, + { + "bom-ref": "64fd9f51d9d2fe9a", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Bogota", + "hashes": [ + { + "alg": "SHA-1", + "content": "600f9b4e22da9f75a8cc72db02c9d5a8ef9765fd" + }, + { + "alg": "SHA-256", + "content": "a7e9b73f5a0e6c85c3823c4da7336b0863ed53d62410c721e6cac0cdf5133991" + } + ] + }, + { + "bom-ref": "bbb1f2b3570b915e", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Boise", + "hashes": [ + { + "alg": "SHA-1", + "content": "7afeb0784832e7cac3aa7fdd3cb82c913e3a31f0" + }, + { + "alg": "SHA-256", + "content": "dd82ebade8f4b3c53cb5eae589c1061aa473cdae1b9f39076569e168f349a618" + } + ] + }, + { + "bom-ref": "c0252d612386b659", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Cambridge_Bay", + "hashes": [ + { + "alg": "SHA-1", + "content": "58e50b3cb9c3bc35ab3c63c41d21393d1ac29547" + }, + { + "alg": "SHA-256", + "content": "43b852b08512ed5a2eed675bfd74dfd8be60427b531bcfe77a443d8ebf0a5583" + } + ] + }, + { + "bom-ref": "cdb7c18c637626be", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Campo_Grande", + "hashes": [ + { + "alg": "SHA-1", + "content": "5bbaa1ccd86d7ce5a8e88c6318cffff0074c9222" + }, + { + "alg": "SHA-256", + "content": "de2c0178c7d83e45a841ad3747e791804738aae41ad147ce8a88c0aea562361a" + } + ] + }, + { + "bom-ref": "f385e92015c773bf", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Cancun", + "hashes": [ + { + "alg": "SHA-1", + "content": "b9ff7c91a88e941b25ec9fc713f13a555d14042b" + }, + { + "alg": "SHA-256", + "content": "20096d8861f681fbcc5f4347a53ad0f163a470edabcb25add585a2ab078e024f" + } + ] + }, + { + "bom-ref": "6db85fd6485015b1", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Caracas", + "hashes": [ + { + "alg": "SHA-1", + "content": "f830943f35569a6c4caa9389aff6b432e23ba7e7" + }, + { + "alg": "SHA-256", + "content": "d43948c2d59a0dec759017b9c336ea5b44f1d24c487ee0938fcca43e0328264f" + } + ] + }, + { + "bom-ref": "491311a52b2465d3", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Cayenne", + "hashes": [ + { + "alg": "SHA-1", + "content": "b51196e45252291d6a2c72fac46a8679728cdc08" + }, + { + "alg": "SHA-256", + "content": "0409a1d87a48254170b4561e085e4c4b39af2f257bdf440f1664861972eed754" + } + ] + }, + { + "bom-ref": "2a187ef845ab494a", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Chicago", + "hashes": [ + { + "alg": "SHA-1", + "content": "0159261005c43775514868a401bef85696f021a5" + }, + { + "alg": "SHA-256", + "content": "508cca4fb0cd8f8c0fa7cbcd2bef318dd1c13234733675f18c353e39190888f7" + } + ] + }, + { + "bom-ref": "ce9ff7ae1a540ba3", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Chihuahua", + "hashes": [ + { + "alg": "SHA-1", + "content": "b46090c2ced7fff1031172e0d6edb3c402e9b44c" + }, + { + "alg": "SHA-256", + "content": "4b7c51f5b3eb517fedaa16555abc06f2c9eef1bd74f13338dcfd1d2d813b1ad9" + } + ] + }, + { + "bom-ref": "acaf22218730a5df", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Ciudad_Juarez", + "hashes": [ + { + "alg": "SHA-1", + "content": "e1a620d5713bcfda1f83dde1d4a765086df2cfcc" + }, + { + "alg": "SHA-256", + "content": "53a22d0f650666a63c4dea821d59578c6eaee0fff02e0e264eed8ac58d72defc" + } + ] + }, + { + "bom-ref": "a318b559e8ec5e01", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Costa_Rica", + "hashes": [ + { + "alg": "SHA-1", + "content": "2d20e8fa36a69086733d1323fbee627c6a594195" + }, + { + "alg": "SHA-256", + "content": "3b1c0b45d274ae11b0d6b804f36aa49130434f81e936b6d3221c344d432665c7" + } + ] + }, + { + "bom-ref": "8979cba7762ce8f1", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Coyhaique", + "hashes": [ + { + "alg": "SHA-1", + "content": "06dbe6b92e4e0c9b4d33b011b73c980a94a984a8" + }, + { + "alg": "SHA-256", + "content": "5840f696649edae1ff3a58946e5a1cfe1b79cfc2d3999f2277c35724ef08b239" + } + ] + }, + { + "bom-ref": "87a32bf8148754ae", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Creston", + "hashes": [ + { + "alg": "SHA-1", + "content": "472714da56acdc186179da8421a6b2b64bbc5cd5" + }, + { + "alg": "SHA-256", + "content": "2c497e17c3ec106cd3b05bcc0fc89f225cac710c30874b2443ef5e9247f171cb" + } + ] + }, + { + "bom-ref": "a0f2d7770002fb9c", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Cuiaba", + "hashes": [ + { + "alg": "SHA-1", + "content": "38a3118cffe4ad6d6779dc4783345a6ee33138ac" + }, + { + "alg": "SHA-256", + "content": "61f4864f28eab14abc8dfbd85af412514f117c9970c9351d14d6e8dade5f59ce" + } + ] + }, + { + "bom-ref": "b57e758310e08e08", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Danmarkshavn", + "hashes": [ + { + "alg": "SHA-1", + "content": "fcd423f8c7dce5c588425ed82ca8b8167cfe68ce" + }, + { + "alg": "SHA-256", + "content": "5a2614344b77a66b5cb9f736165ecbff65a459d5dc5c4fc2a6eb65cdb162a878" + } + ] + }, + { + "bom-ref": "ef3d410ae8f703b8", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Dawson", + "hashes": [ + { + "alg": "SHA-1", + "content": "2ea70cf070e6dd99b02ce8399109d036fc80d008" + }, + { + "alg": "SHA-256", + "content": "3adb27eb1135311a63552717850232daadd5f47f6b10871fc42625a5c4b044e8" + } + ] + }, + { + "bom-ref": "5abb4c317c67493e", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Dawson_Creek", + "hashes": [ + { + "alg": "SHA-1", + "content": "d1ba3f6b477ced812a1d1b6dbc4ba54ad54b877c" + }, + { + "alg": "SHA-256", + "content": "caae6cca9f37e6f82a0d32eeb7a4f0b9cbad2b610647714e8fc3380e3f3fe5ea" + } + ] + }, + { + "bom-ref": "2e3d233ce4bf3668", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Denver", + "hashes": [ + { + "alg": "SHA-1", + "content": "652c1b3ce219d090bb9bd7df5e454ae2b869fd17" + }, + { + "alg": "SHA-256", + "content": "009b1d983df4e7e214c72eb8b510fb1a7793c6f6765a14fb82d1a00ca1dacf4f" + } + ] + }, + { + "bom-ref": "e10bb262a37a0d1a", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Detroit", + "hashes": [ + { + "alg": "SHA-1", + "content": "38c72887d68bb438f0d62619369f608fde90ebde" + }, + { + "alg": "SHA-256", + "content": "36ca32bc9140609c6ebabf35e479741fc2e98fed91eea751fe591e0a26689633" + } + ] + }, + { + "bom-ref": "27e84291ee71ad39", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Edmonton", + "hashes": [ + { + "alg": "SHA-1", + "content": "fe293bdc69734c07ce6253da5a2633ec653c641e" + }, + { + "alg": "SHA-256", + "content": "afa6d497bc5818c957d3808fd514e1c9d8c3d5dc6d73eb827fd9887a706f0236" + } + ] + }, + { + "bom-ref": "43c2072ca7c33906", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Eirunepe", + "hashes": [ + { + "alg": "SHA-1", + "content": "2da18cea3f9a57d84e370e59773935f0b2f6adfe" + }, + { + "alg": "SHA-256", + "content": "245360c9d41ad26bcfa74c470afe94960a4ef9856ad135fb9409c632bf4110d4" + } + ] + }, + { + "bom-ref": "4032531ee2615597", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/El_Salvador", + "hashes": [ + { + "alg": "SHA-1", + "content": "3e5c42f7a2f4ab21c4d6bc1d2a13a171eec08d55" + }, + { + "alg": "SHA-256", + "content": "2340aa52619e7a57372cbe9ae51f7ebb1b9ce83aa63ca0fd7f62c070eec378ce" + } + ] + }, + { + "bom-ref": "b47ee08b9c7d4905", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Ensenada", + "hashes": [ + { + "alg": "SHA-1", + "content": "4e378e5b45ade3d44884b1be2689f652b0d5188f" + }, + { + "alg": "SHA-256", + "content": "9b7623823f34274fcf498f5d4dcad2c1998f01a41cac6d1503df53fcd6b30e98" + } + ] + }, + { + "bom-ref": "ce5074f2b7cd35e5", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Fort_Nelson", + "hashes": [ + { + "alg": "SHA-1", + "content": "8aaeba56dd53d64512593248417dbf2e7bbb58f8" + }, + { + "alg": "SHA-256", + "content": "90cdaf661b23c31d02c3117f15f784d862722edee856ef88d596770b56545e43" + } + ] + }, + { + "bom-ref": "cd4926f945491db3", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Fort_Wayne", + "hashes": [ + { + "alg": "SHA-1", + "content": "0dbe0809406c5c01c56598dd9a942d71938d2191" + }, + { + "alg": "SHA-256", + "content": "95f90a543d0cbb550509c74f43492a26efc3160d4cecf10dc01e4412e0b77d32" + } + ] + }, + { + "bom-ref": "25a4abe4eaf7d07e", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Fortaleza", + "hashes": [ + { + "alg": "SHA-1", + "content": "cc66ef1c941c2a5972d28c40d444f30bd486ec99" + }, + { + "alg": "SHA-256", + "content": "6fb50feee952dd0613a9c3ac25174d154287cd24dddeec0aac7ec1b088dd4e8d" + } + ] + }, + { + "bom-ref": "3e1cf308907ffd0d", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Glace_Bay", + "hashes": [ + { + "alg": "SHA-1", + "content": "a3b7b9a8876e86be894779811c0ad62e70fba77a" + }, + { + "alg": "SHA-256", + "content": "8689c6d71429789da2e34330e7da391e0e7b814478e882870edd4d67a03d05d0" + } + ] + }, + { + "bom-ref": "2835b9af3f19e1d2", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Godthab", + "hashes": [ + { + "alg": "SHA-1", + "content": "76136c44d149fcbd5bbf67f79a0d33c36ccb874f" + }, + { + "alg": "SHA-256", + "content": "b2268d9af4acbba78fbeb12253078472f1c32694c2b9c288c292bfc565559c7f" + } + ] + }, + { + "bom-ref": "f9fb5ff594c9fda7", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Goose_Bay", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad81fab24be9adc389cf5d3d73962a0e3b99ac8e" + }, + { + "alg": "SHA-256", + "content": "e7493665d2774ac378e7ddc0e229027e8682d78374fe2484459b57da6fa52d2b" + } + ] + }, + { + "bom-ref": "1f9eb38b4f39d50b", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Grand_Turk", + "hashes": [ + { + "alg": "SHA-1", + "content": "5e6ea65b02b0dc20c429171109e872062a3aada6" + }, + { + "alg": "SHA-256", + "content": "39845b71ff73d93286d04e50434d2a604cdc546ed5976af2b991f16e88dd6866" + } + ] + }, + { + "bom-ref": "f7a89b46185949c9", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Guatemala", + "hashes": [ + { + "alg": "SHA-1", + "content": "d25689c45457893cedaa5b6370c8382401e1049f" + }, + { + "alg": "SHA-256", + "content": "bbe6000920225bd9f2dc14ae1f6a52e017e053764e651f8bc9b95c1bcf5a8f1a" + } + ] + }, + { + "bom-ref": "bd312d7e54bbf346", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Guayaquil", + "hashes": [ + { + "alg": "SHA-1", + "content": "f41324e19c60617f63c9a37f77e4de530de4ea20" + }, + { + "alg": "SHA-256", + "content": "27667cee3f74c7cf1136efc77a5ab4efcda8bb441427250fb9a083bc7696c423" + } + ] + }, + { + "bom-ref": "6c7ce05349566d0b", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Guyana", + "hashes": [ + { + "alg": "SHA-1", + "content": "593de97913b7cd7a2413a5cf2605a4644afe08d8" + }, + { + "alg": "SHA-256", + "content": "6e579e187207c29c2900788fa37af2bdc3f30e55d386a37c02b7bdac3cacb19c" + } + ] + }, + { + "bom-ref": "a8012fc33e8f27f8", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Halifax", + "hashes": [ + { + "alg": "SHA-1", + "content": "9d70b78f098b98ac64c205e2d7f02a519e9dbc33" + }, + { + "alg": "SHA-256", + "content": "e3d54dd2fc3666188c6b90bfbcc18901b65c37f6c77e19a4839a1e72a33bf824" + } + ] + }, + { + "bom-ref": "fd82b327989fca18", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Havana", + "hashes": [ + { + "alg": "SHA-1", + "content": "987225f29fb9969a25dd273a6fc2038a90c4ba42" + }, + { + "alg": "SHA-256", + "content": "8028af31cdd0d78b7df66f5226e6bc41fd7ac6f565bb6223a3ad2e2dcdacfc28" + } + ] + }, + { + "bom-ref": "831849ec1a38a628", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Hermosillo", + "hashes": [ + { + "alg": "SHA-1", + "content": "d2973f5f78cb43b9a7e9abac2d4cc63db40be64d" + }, + { + "alg": "SHA-256", + "content": "c9570d55caed4ccd2bc1f01b2ccd8bea0c4874a5ebfa480b20291fee76176493" + } + ] + }, + { + "bom-ref": "acdc2927b4f053b0", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Indiana/Knox", + "hashes": [ + { + "alg": "SHA-1", + "content": "41e5a20fd811e8ab112588ec78e30aefe2aa68f9" + }, + { + "alg": "SHA-256", + "content": "b253321849d846469f82aaabc9024d51a5d9d9255e923dbdd9e87dbfe4417a0b" + } + ] + }, + { + "bom-ref": "8f79201038155384", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Indiana/Marengo", + "hashes": [ + { + "alg": "SHA-1", + "content": "8fa595ebd0d9d8d26e498031ad840e1b216d94ec" + }, + { + "alg": "SHA-256", + "content": "1614069da3538889f0a7e4f1bc7e4debfe09e7faa035858ae7367e6680a3c8e3" + } + ] + }, + { + "bom-ref": "179ff93f13c1cfb2", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Indiana/Petersburg", + "hashes": [ + { + "alg": "SHA-1", + "content": "21d8613f527ae64a2263dfd3ea36cfaed1e24770" + }, + { + "alg": "SHA-256", + "content": "8d7aa8f6495d9216d239780c0690f7517bb0ba582cc555568c50cbfb628bf5d5" + } + ] + }, + { + "bom-ref": "3347c3874ec8f3f8", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Indiana/Tell_City", + "hashes": [ + { + "alg": "SHA-1", + "content": "37472457ca146eba959d24831544220823626cc7" + }, + { + "alg": "SHA-256", + "content": "9dd5ecf8014dfbd548457fde23d6b11edba3a9e4e61409b34d840bcd7bfc6e53" + } + ] + }, + { + "bom-ref": "af4a7dc03fc61093", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Indiana/Vevay", + "hashes": [ + { + "alg": "SHA-1", + "content": "b5ceaa12f5e0a12fb18c7970f939d4eaf4999147" + }, + { + "alg": "SHA-256", + "content": "4dd0b872317af6466735bd2957516de64ad3c9ffc32153f67314eeb73a8a1de3" + } + ] + }, + { + "bom-ref": "09ccf06d5abdc234", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Indiana/Vincennes", + "hashes": [ + { + "alg": "SHA-1", + "content": "eaf4a307ff6fddf05b6464a962ce6a12a151c9d5" + }, + { + "alg": "SHA-256", + "content": "7741c4fb0b37e5bf498cfdf3d86450732e5a048a591274a43dc93903d819fae8" + } + ] + }, + { + "bom-ref": "3b2083b83dd7a371", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Indiana/Winamac", + "hashes": [ + { + "alg": "SHA-1", + "content": "7968813220b5afea6dab72d5c5e1692bff7be909" + }, + { + "alg": "SHA-256", + "content": "d8cd67020740116a33c551b2c1d99f2a1134c344d99772753590d9aeb15bf7d9" + } + ] + }, + { + "bom-ref": "af64189d59f68a6c", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Inuvik", + "hashes": [ + { + "alg": "SHA-1", + "content": "ce0425c5991acb3975d5760cc3215acaf9ab5451" + }, + { + "alg": "SHA-256", + "content": "1727c844eb1ae4ba69d85272788b825c53ea4dfad2bce3f0769da92834b84129" + } + ] + }, + { + "bom-ref": "c6c2b5321e7e8d16", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Iqaluit", + "hashes": [ + { + "alg": "SHA-1", + "content": "432aed15c0c1624b4e41f90a7c3513660768f658" + }, + { + "alg": "SHA-256", + "content": "5599db0e4a8dff27506e5e116957712b4448075dc6f615286232559d3ce772b8" + } + ] + }, + { + "bom-ref": "fc2e43f73453940e", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Jamaica", + "hashes": [ + { + "alg": "SHA-1", + "content": "673a476e6ef1a447b2a5e11f0677aff2bbcde6b7" + }, + { + "alg": "SHA-256", + "content": "066c0660cb97453bf01c9107491f05eb45de90f34c9b001530a5af69b728b312" + } + ] + }, + { + "bom-ref": "a7047fe6e2fe36b1", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Juneau", + "hashes": [ + { + "alg": "SHA-1", + "content": "ea83593dc2454cf3390dac9673a959f0e75484ce" + }, + { + "alg": "SHA-256", + "content": "90013fbad458645176b558a153cfa76886766a90f6bd5f9f13ad13611ac59115" + } + ] + }, + { + "bom-ref": "801d2a76dc576570", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Kentucky/Louisville", + "hashes": [ + { + "alg": "SHA-1", + "content": "e2ac7afd5078586f930c5719cd4af5ba31e49fce" + }, + { + "alg": "SHA-256", + "content": "7eacfbe7dc579d0b6419ff0ffbce9b492ed9ea146bea00062e2baed4c8007b44" + } + ] + }, + { + "bom-ref": "c67e353ca5e7bbeb", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Kentucky/Monticello", + "hashes": [ + { + "alg": "SHA-1", + "content": "5550d22dd61c2df81bb4b0f8859f7c14f839de69" + }, + { + "alg": "SHA-256", + "content": "f00f8fe3447b51bd50317d7a042a5e549f486f027077a6c85a9b161f0baba943" + } + ] + }, + { + "bom-ref": "d477339a413ab91d", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/La_Paz", + "hashes": [ + { + "alg": "SHA-1", + "content": "7abe95660e0ae53088bcfaa9995efe2ddce17225" + }, + { + "alg": "SHA-256", + "content": "218d77afcba8a419201babfa27d0cdd559a32954dee4600d593e8155dd30cdc6" + } + ] + }, + { + "bom-ref": "d759c5b545415d1d", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Lima", + "hashes": [ + { + "alg": "SHA-1", + "content": "9b51698eea57efed5ac42c614e1a0d4c339af160" + }, + { + "alg": "SHA-256", + "content": "61ae3c588fed2c476275e1fff7d4e45ef8541655540e1abe52066c9a97e83d53" + } + ] + }, + { + "bom-ref": "1a08dc105bfa3288", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Los_Angeles", + "hashes": [ + { + "alg": "SHA-1", + "content": "41cf7ff3426c66723c909d9f5c24c477538c8c3f" + }, + { + "alg": "SHA-256", + "content": "b40a39d8debb895ca0e5ef0cd6bc4521d867c3b45f404d1226a1cb1cda5eb922" + } + ] + }, + { + "bom-ref": "43db8d93cbb13f3c", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Maceio", + "hashes": [ + { + "alg": "SHA-1", + "content": "28e5118b9b9d712031f8f15143e6def19bf0cda3" + }, + { + "alg": "SHA-256", + "content": "64e2ac99140770e8a99706abaa8bbc04ed11e1c48fddefeb3252d66c192de87a" + } + ] + }, + { + "bom-ref": "af628877550cb038", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Managua", + "hashes": [ + { + "alg": "SHA-1", + "content": "8907cb6a010110a224c29cae20e2cb22f22950d8" + }, + { + "alg": "SHA-256", + "content": "498566bab900866aabc7d189349de4276e268d62ef51c07f192209246fc6c945" + } + ] + }, + { + "bom-ref": "c9676d8f122f5c89", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Manaus", + "hashes": [ + { + "alg": "SHA-1", + "content": "06c5d81e39e1b5d90ea834728a6b4c355ee4fe44" + }, + { + "alg": "SHA-256", + "content": "f162c969260f6bfb6e26478b8750959119262a6aa36ae5878bae7500f0b145ff" + } + ] + }, + { + "bom-ref": "3110956f3338d30e", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Martinique", + "hashes": [ + { + "alg": "SHA-1", + "content": "767c3b069b6881dc6c1dc7c65968b5acaa19dc5e" + }, + { + "alg": "SHA-256", + "content": "a835d8b3c5e8e11e669ebb8bb256753516a3c593ae84618c37c77f81e737b1ea" + } + ] + }, + { + "bom-ref": "8750144d13781f83", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Matamoros", + "hashes": [ + { + "alg": "SHA-1", + "content": "9ea5b306db64166aa7c592d3c5ff5d6ffb53c74b" + }, + { + "alg": "SHA-256", + "content": "d898fcbdf925555508486e707010dfcb2e3866fa55d70274e83eff51f7b5c178" + } + ] + }, + { + "bom-ref": "9d50067b8f8ca339", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Mazatlan", + "hashes": [ + { + "alg": "SHA-1", + "content": "54e58fcebebb4202b740390e0b6f35b308e4076d" + }, + { + "alg": "SHA-256", + "content": "50f02ec5dbf826efdb74219c2e548f72f8a693bd03ae8661fa65ce8c7574859c" + } + ] + }, + { + "bom-ref": "a09763c9eea2c126", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Menominee", + "hashes": [ + { + "alg": "SHA-1", + "content": "bdac4beec27e7ceaeb136994fe6ec54875c6730f" + }, + { + "alg": "SHA-256", + "content": "0f5590586230464a1e9b1d5b9fcb4ebc71cf9edbf095b5fda3043579e331b42c" + } + ] + }, + { + "bom-ref": "b6d69186fa08c51a", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Merida", + "hashes": [ + { + "alg": "SHA-1", + "content": "a5bbff9178b835318c1b5427ea7cdd7e6427dd9f" + }, + { + "alg": "SHA-256", + "content": "c50cba406c5824dfc5cbdd47b592ea54a78240eb86bcd96c95a351fdf90cb3cd" + } + ] + }, + { + "bom-ref": "7f2410592e4e0a98", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Metlakatla", + "hashes": [ + { + "alg": "SHA-1", + "content": "ff900f28ca3cda52767e3734481759c1504f745d" + }, + { + "alg": "SHA-256", + "content": "a5d691ffae4be4257acb5583e9dd9f72d296514f14d906aea1ba69bd5754b22b" + } + ] + }, + { + "bom-ref": "9e4be64056e719aa", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Mexico_City", + "hashes": [ + { + "alg": "SHA-1", + "content": "5636591856979234e77bcf0b7c03fd956f6d8561" + }, + { + "alg": "SHA-256", + "content": "38cf0b0b9baf9ddd8c236c22d47ce8c73766d2946586caca1a91530f7fed0182" + } + ] + }, + { + "bom-ref": "1ee20c6134fae95f", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Miquelon", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa6f7418d2b96e141c4797c8d6b4c0b92e37805b" + }, + { + "alg": "SHA-256", + "content": "1d7cbad8c75bc9b6cc7db5d0c43a872066bf3fb6b623a20d53575c4757237949" + } + ] + }, + { + "bom-ref": "185090340733aeea", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Moncton", + "hashes": [ + { + "alg": "SHA-1", + "content": "e01021897660839b22ca4cc8fc31d65f1f64756b" + }, + { + "alg": "SHA-256", + "content": "e4e6c11b1dc04ac8e3148f38c4e3d205924a9a6d2d666cda0a7f9678f391cfbf" + } + ] + }, + { + "bom-ref": "bbd67870ff51785b", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Monterrey", + "hashes": [ + { + "alg": "SHA-1", + "content": "b2f72b9e5744d5ee790f331f6b3c2e7382f4c655" + }, + { + "alg": "SHA-256", + "content": "2f853ca6bbd3d0b113a5128a025cfdd84d7b6318541208522c3372fc48495c76" + } + ] + }, + { + "bom-ref": "efd33b0c03f7f2d1", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Montevideo", + "hashes": [ + { + "alg": "SHA-1", + "content": "889f62f38b9bd34741de0dc09a48335bd1287a1f" + }, + { + "alg": "SHA-256", + "content": "3321c222a35086ee3eabf562076e3c4cb0eaf800976b721e08c32b253b4d085f" + } + ] + }, + { + "bom-ref": "6106ccc4337dac51", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Montreal", + "hashes": [ + { + "alg": "SHA-1", + "content": "7be4ae7afcdac48c0853d5993a69014b12eaf0ba" + }, + { + "alg": "SHA-256", + "content": "48d64bfabc72975ed46e01ed1a2420ebfbaa219c776afa5c9aefb369c707e39c" + } + ] + }, + { + "bom-ref": "ae8194cca135c514", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/New_York", + "hashes": [ + { + "alg": "SHA-1", + "content": "cdd3021d116fee74b8d201456a8c7ef744534a96" + }, + { + "alg": "SHA-256", + "content": "f7f1a62c6b3c2ef445eb4f8e2d79480623b927eb218b5d56c32f4c0bb6747e02" + } + ] + }, + { + "bom-ref": "59b4af6842b248c3", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Nome", + "hashes": [ + { + "alg": "SHA-1", + "content": "46f8a75493b35b02424350d56a23577c8f252bb9" + }, + { + "alg": "SHA-256", + "content": "71c2fdd3fc2daa3670b40994d5b0132507879b69cbddc5e0445b2c90a11087c6" + } + ] + }, + { + "bom-ref": "5828e12a7f5886ad", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Noronha", + "hashes": [ + { + "alg": "SHA-1", + "content": "17b452b638a45ac66fa0c37dac73647322b580c9" + }, + { + "alg": "SHA-256", + "content": "d47c47c7faba76d805fadb6fde14087023df5bff9b9dae7cb49a2907efea8537" + } + ] + }, + { + "bom-ref": "050892a3c53da237", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", + "hashes": [ + { + "alg": "SHA-1", + "content": "f56da4a372e09fddb4b21529dd236ceded7aae3c" + }, + { + "alg": "SHA-256", + "content": "33e570d57ff43a8ecc4eb2b5fff849c37fcb488d18dfbf5da9961acc989ee248" + } + ] + }, + { + "bom-ref": "67c098182522533e", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/North_Dakota/Center", + "hashes": [ + { + "alg": "SHA-1", + "content": "212d1613e8e744716c1098ed56816a8026f63db4" + }, + { + "alg": "SHA-256", + "content": "75847a6592b29c5f010bfd063ae285cee2c4990331b31c0eeaa4f02197b063d8" + } + ] + }, + { + "bom-ref": "f887330ad2508114", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", + "hashes": [ + { + "alg": "SHA-1", + "content": "2dcf86f09a933961680ff5a819bd0cb4aaa5b58a" + }, + { + "alg": "SHA-256", + "content": "63a7e424c49f9cc222424e6857ce09d909319aec22285ebfbef7d16f6c2afc61" + } + ] + }, + { + "bom-ref": "fffd5cb4f74e83f6", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Ojinaga", + "hashes": [ + { + "alg": "SHA-1", + "content": "60ac2b7e95cf5ace3dbfe8f85c032da8f67c2e3e" + }, + { + "alg": "SHA-256", + "content": "1d7e9c203e1876396d4f554b69111994472f185d682cfd3d7bba9dea957e21db" + } + ] + }, + { + "bom-ref": "d4614fe385f00f79", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Paramaribo", + "hashes": [ + { + "alg": "SHA-1", + "content": "a2942764c9bc9e8deab17ca740881f7a84521535" + }, + { + "alg": "SHA-256", + "content": "e56d27942c7770d739698012db60f59808bc59a59638d2961c55590cfe693ee6" + } + ] + }, + { + "bom-ref": "12a05d87e75dab27", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Port-au-Prince", + "hashes": [ + { + "alg": "SHA-1", + "content": "44d4b0e2a9cf0054e954327c627d9f8c86b7d0c4" + }, + { + "alg": "SHA-256", + "content": "2a2e9854608f9c5e984399ed7ee325a5632165e7a8e8fb5aa3b0afbf65e7ed9e" + } + ] + }, + { + "bom-ref": "395ebb726ab52116", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Porto_Acre", + "hashes": [ + { + "alg": "SHA-1", + "content": "59a07fb803d31728c2750def5532643c7cc1a6c5" + }, + { + "alg": "SHA-256", + "content": "d3c4b22423c1999a0b2a1aaf11967b27df7d7d3ae095313c14b1eb190a74bcf2" + } + ] + }, + { + "bom-ref": "3c8284764dc0f389", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Porto_Velho", + "hashes": [ + { + "alg": "SHA-1", + "content": "e9508588ee1dbd3f35b2ccc9847c82288e1c8efd" + }, + { + "alg": "SHA-256", + "content": "686e94634d729f9aa8307bc248431a43c1ec476515c3e5c0e73b57d74e3f14cd" + } + ] + }, + { + "bom-ref": "6a3f7d2a8302e01a", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Punta_Arenas", + "hashes": [ + { + "alg": "SHA-1", + "content": "9aec5b58d2bc70ade6a554363c2548e7f6ffa451" + }, + { + "alg": "SHA-256", + "content": "a13d6ed6df004a5761a851d49f48360f98c21a184eba51578c4d0be7ed496cdb" + } + ] + }, + { + "bom-ref": "f13a66478d1d4f7f", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Rainy_River", + "hashes": [ + { + "alg": "SHA-1", + "content": "f9dc02d184bdb9a6569cc1692fd05b66515c7c52" + }, + { + "alg": "SHA-256", + "content": "d319be96dde3c4101f61279e1d11487b5257e5231ab4aa3edf14cadf149097f2" + } + ] + }, + { + "bom-ref": "e4284902313b756c", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Rankin_Inlet", + "hashes": [ + { + "alg": "SHA-1", + "content": "ace24220687586e910d6fc64dfa49d0eba7ac247" + }, + { + "alg": "SHA-256", + "content": "6a4a295ef6c89d44cc4ff815c6d8589440f64c531dea4f0a09c91f1439fa5e9f" + } + ] + }, + { + "bom-ref": "5fb70be249c632ec", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Recife", + "hashes": [ + { + "alg": "SHA-1", + "content": "dbc7eba08a96c826476c38bba06344a37916d052" + }, + { + "alg": "SHA-256", + "content": "764feb407ef17a1fd465a69be32f25669ca09f25cfe686bbc111bbcab88031c9" + } + ] + }, + { + "bom-ref": "394f853a78e79d09", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Regina", + "hashes": [ + { + "alg": "SHA-1", + "content": "16cb13021bb4c482433af3f758793f86fba79213" + }, + { + "alg": "SHA-256", + "content": "ec572e3bd6fea3d591fd296ef3e2e95adf12e929ac5516c3800a960105d035e5" + } + ] + }, + { + "bom-ref": "8fac2a05f0ced3b9", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Resolute", + "hashes": [ + { + "alg": "SHA-1", + "content": "de2c2dd8ca96f2a42fc05032a9fd66dc161f5b63" + }, + { + "alg": "SHA-256", + "content": "73b701dea80faffe0cfb8172a99b7bab90a77666e71ddc712a0c5273c305e40d" + } + ] + }, + { + "bom-ref": "0fb73c464008585a", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Santarem", + "hashes": [ + { + "alg": "SHA-1", + "content": "414ab4090f546c9a12c5c5941d321125091f5fb5" + }, + { + "alg": "SHA-256", + "content": "91d7fc19bfecb703a724ad11a17f67a7095cd9d494ccebdd506bc2bc776e000d" + } + ] + }, + { + "bom-ref": "e7bef37a1e89212c", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Santiago", + "hashes": [ + { + "alg": "SHA-1", + "content": "da7cfc0c9348276da6a369cfb57e98f24bb6d5bd" + }, + { + "alg": "SHA-256", + "content": "30acb9f36104eb92e583e873f2daa58abacda173d476d7d0433d811cef20dcfc" + } + ] + }, + { + "bom-ref": "f98ad82667182c2e", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Santo_Domingo", + "hashes": [ + { + "alg": "SHA-1", + "content": "4c3d3548c87c381ca3c8f6920d2626793ffa6b2e" + }, + { + "alg": "SHA-256", + "content": "14f58c692f142bdcb59cf3d700aa9604be1ff22827c6c17140953d0611b9a924" + } + ] + }, + { + "bom-ref": "99c5c1db23551e10", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Sao_Paulo", + "hashes": [ + { + "alg": "SHA-1", + "content": "1dba6b1e8a63ce0e93829f2421ec318205bff3b0" + }, + { + "alg": "SHA-256", + "content": "fede3897f0ae7fe27958092c4ac1848b45c6443898883096702eea92f1c63edb" + } + ] + }, + { + "bom-ref": "d6f4c046a9800974", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Scoresbysund", + "hashes": [ + { + "alg": "SHA-1", + "content": "f08b8257e0a581fc83ded1927d7a0b360c840f8d" + }, + { + "alg": "SHA-256", + "content": "4e01cc705341e29b44036a82cff81732b50b3e540d55ccd087433918d27f0da6" + } + ] + }, + { + "bom-ref": "f1b33c0757415541", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Sitka", + "hashes": [ + { + "alg": "SHA-1", + "content": "0ebbf1b0654e6a259715df1def2f1e0c7c4fa229" + }, + { + "alg": "SHA-256", + "content": "3236f77d934ce9d5a591961e15838a0b5e7c2134edf43cce18c0ccd7d0b37955" + } + ] + }, + { + "bom-ref": "522bcaed0e9fdeef", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/St_Johns", + "hashes": [ + { + "alg": "SHA-1", + "content": "4934b83930525c3c309352f6af496e087faf9948" + }, + { + "alg": "SHA-256", + "content": "c981661bea74f4fb22944f78424489cec690f056a5dc2b9255fe0fabd24f041c" + } + ] + }, + { + "bom-ref": "fc3b98a8f6d637fb", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Swift_Current", + "hashes": [ + { + "alg": "SHA-1", + "content": "099493700a99ed9851592b991123b3a8cc8781a2" + }, + { + "alg": "SHA-256", + "content": "2ef279908fc95e3d2a430c7201b837b2763e56e8650b767c2641f557d1461681" + } + ] + }, + { + "bom-ref": "88f0454222a38655", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Tegucigalpa", + "hashes": [ + { + "alg": "SHA-1", + "content": "008d8db61342a3e193eb1b8e1a053e8f20e616ce" + }, + { + "alg": "SHA-256", + "content": "a08df830c1e23a5f1bf1469ee4fa780aafaf25ff94894d28cfae7bce83b9b9f1" + } + ] + }, + { + "bom-ref": "85e8535fbb307dd2", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Thule", + "hashes": [ + { + "alg": "SHA-1", + "content": "a3080d45c06e80045b2031b1e8c025bc53fb1382" + }, + { + "alg": "SHA-256", + "content": "c52d066a190b66826c90f918412d1723846983693c4193a571bb6f51a3fdca36" + } + ] + }, + { + "bom-ref": "2da65ec945716182", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Vancouver", + "hashes": [ + { + "alg": "SHA-1", + "content": "037c0602a89e54427c6f83f271162a765291cd3c" + }, + { + "alg": "SHA-256", + "content": "656726b667e9b7abce63ab5788c32152b1bcd20ddf3e9fd7056ec39a4df2542c" + } + ] + }, + { + "bom-ref": "83cd44460d30719d", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Whitehorse", + "hashes": [ + { + "alg": "SHA-1", + "content": "d3fa562af8fbe7b14d6ee9913557a483b5806b4d" + }, + { + "alg": "SHA-256", + "content": "413ee9b56dcd0788468a0ae8d5d2d3b55a7186c054d2917b2b7dd94200f9921c" + } + ] + }, + { + "bom-ref": "cd64b079efb31e36", + "type": "file", + "name": "/usr/share/zoneinfo/right/America/Yakutat", + "hashes": [ + { + "alg": "SHA-1", + "content": "c7956e7d9ac30efe42af9cdb330410782e3abc88" + }, + { + "alg": "SHA-256", + "content": "5cde21c64c156969bd1b2983d1ad9d608b0de21ca2da793c6c48db21f3543f11" + } + ] + }, + { + "bom-ref": "124763e4f24095a1", + "type": "file", + "name": "/usr/share/zoneinfo/right/Antarctica/Casey", + "hashes": [ + { + "alg": "SHA-1", + "content": "1699ff811a5392d13da6e21f372a6b3e66716dae" + }, + { + "alg": "SHA-256", + "content": "9407c27aea0e373d4c9c9d3b5e97bc269135adcd82569e8a1fa8324dfd17efbe" + } + ] + }, + { + "bom-ref": "35cd04a7b1fcde3f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Antarctica/Davis", + "hashes": [ + { + "alg": "SHA-1", + "content": "6109ff72cda1e276f699111987f26e9d8bd22b51" + }, + { + "alg": "SHA-256", + "content": "32917626152dcdd9eb7279663fe0b33ff383f2a8e07ce5b10cd53fd26aba0bcb" + } + ] + }, + { + "bom-ref": "2f2ed61fb4309f30", + "type": "file", + "name": "/usr/share/zoneinfo/right/Antarctica/DumontDUrville", + "hashes": [ + { + "alg": "SHA-1", + "content": "672b5118da5f67bee1a6df1ce396367dda086852" + }, + { + "alg": "SHA-256", + "content": "dfcbe211275b20b5959c160ac363d99dbd25ef6ae357e2bcf161a9ed9eca6f0d" + } + ] + }, + { + "bom-ref": "54c6380fa829bb2d", + "type": "file", + "name": "/usr/share/zoneinfo/right/Antarctica/Macquarie", + "hashes": [ + { + "alg": "SHA-1", + "content": "545f2a975c9c40e02f06e24fea94f246aad7d1ff" + }, + { + "alg": "SHA-256", + "content": "3e03e6ffa22cbdf5d509e165100d10b3b80f8c5dc5e53fa2346eb894fc1fd060" + } + ] + }, + { + "bom-ref": "2f0f0490c9bb437a", + "type": "file", + "name": "/usr/share/zoneinfo/right/Antarctica/Mawson", + "hashes": [ + { + "alg": "SHA-1", + "content": "1c5b016e9f0583ba5f1ca79852a1456fd05f5146" + }, + { + "alg": "SHA-256", + "content": "293a4db864cd6373b3862a753d10c5e66801365dc9e6343e9fb427f2915ff96b" + } + ] + }, + { + "bom-ref": "59f00c4a6afaeca3", + "type": "file", + "name": "/usr/share/zoneinfo/right/Antarctica/McMurdo", + "hashes": [ + { + "alg": "SHA-1", + "content": "16f941f3eba51cec1909197d1def8e981c90c95d" + }, + { + "alg": "SHA-256", + "content": "6cf0475f637a0105f80af3aed943f6c86ccec3dd8d7aa3a0882147a54001e69a" + } + ] + }, + { + "bom-ref": "ced3c624b6bc6637", + "type": "file", + "name": "/usr/share/zoneinfo/right/Antarctica/Palmer", + "hashes": [ + { + "alg": "SHA-1", + "content": "c57dff985f208423be9acbb1cbc83ede8b9f83dc" + }, + { + "alg": "SHA-256", + "content": "9e60db920af40199feb2c3b32901b596c8a7fd710e34ff44b298259fddd637b0" + } + ] + }, + { + "bom-ref": "b567b01303e388da", + "type": "file", + "name": "/usr/share/zoneinfo/right/Antarctica/Rothera", + "hashes": [ + { + "alg": "SHA-1", + "content": "138923d95b5e8a57b673c54c8621188d0f6d2641" + }, + { + "alg": "SHA-256", + "content": "881b79a6f03a9cb3ff504b40ff4307c3b1ee2440b504fca46b00efbb7c11a352" + } + ] + }, + { + "bom-ref": "07ed7d3b280f15db", + "type": "file", + "name": "/usr/share/zoneinfo/right/Antarctica/Syowa", + "hashes": [ + { + "alg": "SHA-1", + "content": "96520ac840c70593586f6a4a6a147bf7a6ed8aa5" + }, + { + "alg": "SHA-256", + "content": "a0fe59eb5abbde35b25c7daa4ae408c7efb3668be6a0ed8d6b341ec2c30b0bcf" + } + ] + }, + { + "bom-ref": "45d19be0cbb7d625", + "type": "file", + "name": "/usr/share/zoneinfo/right/Antarctica/Troll", + "hashes": [ + { + "alg": "SHA-1", + "content": "5ea49961c1b0a81c70bf70a67500c3228cb91915" + }, + { + "alg": "SHA-256", + "content": "76825c28587b56d36bfcbe02ac96979f3633bcddff0ab8b00da0edc1e9a81c8f" + } + ] + }, + { + "bom-ref": "b678bb63d669a6a1", + "type": "file", + "name": "/usr/share/zoneinfo/right/Antarctica/Vostok", + "hashes": [ + { + "alg": "SHA-1", + "content": "9b070ff80d6b53034fbcc06f7f47317e0f0ea6db" + }, + { + "alg": "SHA-256", + "content": "29a5a255c288f672ee381983970da9090c81b4056b9506db3d67a453ae739dc5" + } + ] + }, + { + "bom-ref": "b2efc539cf50ff1e", + "type": "file", + "name": "/usr/share/zoneinfo/right/Arctic/Longyearbyen", + "hashes": [ + { + "alg": "SHA-1", + "content": "75502b16b3d1e853d5586c71ff73e94f4f665017" + }, + { + "alg": "SHA-256", + "content": "485189e858e34ea0dc8467797379074240effd120e3cf71a3d64b830888b6d8d" + } + ] + }, + { + "bom-ref": "4007c15f993f184f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Almaty", + "hashes": [ + { + "alg": "SHA-1", + "content": "d2f6672521c36d12a25e96400adf46bd649d2420" + }, + { + "alg": "SHA-256", + "content": "2af708dde05b31b79c1df7a3b656c4e9b0cef50c4db8e458afd3e029dc89a0da" + } + ] + }, + { + "bom-ref": "78a9c1310740c8aa", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Amman", + "hashes": [ + { + "alg": "SHA-1", + "content": "3009c0144755c35fb50c5bba84b231ceb645ee50" + }, + { + "alg": "SHA-256", + "content": "c4870a6a4221ff72066f8aa21499a2bb92d452a3b50576fa7f4e2203bd8517da" + } + ] + }, + { + "bom-ref": "7b07abce48102625", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Anadyr", + "hashes": [ + { + "alg": "SHA-1", + "content": "84c139bd92c0debc37a2b7212c81bc31cebb5de7" + }, + { + "alg": "SHA-256", + "content": "72d3c61e7fbae5c1374d5eff46194ee654a074f4cc85adfe12de8094b260348c" + } + ] + }, + { + "bom-ref": "b0b15fae3ce98719", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Aqtau", + "hashes": [ + { + "alg": "SHA-1", + "content": "78e3bbab2f5f5b757bd0c27789c77bc2610eef5f" + }, + { + "alg": "SHA-256", + "content": "0a722faee98ac9e960da4978754434daf29921a1a5758920eb098940c0f20cdf" + } + ] + }, + { + "bom-ref": "4bf08701e5e976fd", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Aqtobe", + "hashes": [ + { + "alg": "SHA-1", + "content": "640135b378d540b8c5cd82bf9b53fb7996be7b26" + }, + { + "alg": "SHA-256", + "content": "ed7b46d90e245917536bc492068a7dc4b123df5ad90cd586a055139bf8e1f5ae" + } + ] + }, + { + "bom-ref": "20897921da67aa61", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Ashgabat", + "hashes": [ + { + "alg": "SHA-1", + "content": "0a2d482cc7977bee041d4782384724ab74f255b1" + }, + { + "alg": "SHA-256", + "content": "20eda1eddf2d458e73637f4504a7756b071f4ac39403e726c023b606395e7c4d" + } + ] + }, + { + "bom-ref": "9c27a24c4e4022cf", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Atyrau", + "hashes": [ + { + "alg": "SHA-1", + "content": "ff442cd1c0cd3ec8862463c37e0b37b7b13735ee" + }, + { + "alg": "SHA-256", + "content": "a0baa3c0f54e9c5972aaeceaaed4f5bf256be1747728cbe2d334175363e771c1" + } + ] + }, + { + "bom-ref": "11347187883af73d", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Baghdad", + "hashes": [ + { + "alg": "SHA-1", + "content": "f2d497edd20f89908a7861a896d12a54009cb7e6" + }, + { + "alg": "SHA-256", + "content": "bfc112458498dfd4b6965d5538b164b568d923505c6d6b12aee5f58b692dc047" + } + ] + }, + { + "bom-ref": "b0e384f6d27da550", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Bahrain", + "hashes": [ + { + "alg": "SHA-1", + "content": "b1786773a9fc906067a20ab4b8d13bd5fb7b928f" + }, + { + "alg": "SHA-256", + "content": "b183e0ed340781649a8870e63bd860aba246a0924f5c318e7cac551f2ae82b78" + } + ] + }, + { + "bom-ref": "a41093a0e71bc7c5", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Baku", + "hashes": [ + { + "alg": "SHA-1", + "content": "c8b2e461264483de94495bb176a8abf43755156e" + }, + { + "alg": "SHA-256", + "content": "b213a1ba26f4f9684ba98ee41f988dfa780d348b28a94fcb85898fe3cd5ce4ab" + } + ] + }, + { + "bom-ref": "dc37220cbb44f0d2", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Bangkok", + "hashes": [ + { + "alg": "SHA-1", + "content": "0a3f4c0d17550194b24f4b9ada015be8cb6fc0b5" + }, + { + "alg": "SHA-256", + "content": "6a9ab5fcd3ec2c28ba6de7223f5e036219dcbfb8c12cf180095268be1e03f969" + } + ] + }, + { + "bom-ref": "a64a0b29550b0350", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Barnaul", + "hashes": [ + { + "alg": "SHA-1", + "content": "146cfbda228a6e302e4fc47f2e9a9ab6d03b0318" + }, + { + "alg": "SHA-256", + "content": "a811724f90d0d3b317fec7844eeca62f481e40b55723f7c49adbbb3b66dcd9e7" + } + ] + }, + { + "bom-ref": "e366832f15f000fb", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Beirut", + "hashes": [ + { + "alg": "SHA-1", + "content": "91631f4be4a1d64ddbdee7cb915d9b013bda6f8a" + }, + { + "alg": "SHA-256", + "content": "12facfe95d656a35dde148d2e220e01a0aafa1e7b9b71b40396c91abfcb4c140" + } + ] + }, + { + "bom-ref": "43b40b3dc6d5af7f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Bishkek", + "hashes": [ + { + "alg": "SHA-1", + "content": "d2be9177efcc3ff48369d6d55ca99dd07047dbcf" + }, + { + "alg": "SHA-256", + "content": "742d9eb1d99e5183e33c817af952ac5a54f8d73b1b5e6c6ab676ce048b47ea79" + } + ] + }, + { + "bom-ref": "f184a8de6446ce39", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Brunei", + "hashes": [ + { + "alg": "SHA-1", + "content": "aca968c21717c987da3ae47008c8549470b83f84" + }, + { + "alg": "SHA-256", + "content": "1378d7bffa56e11bd0a5185b50264ce7deb763051a80b84e6015c2dcb5abc46d" + } + ] + }, + { + "bom-ref": "5b7463d3a87f99ef", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Calcutta", + "hashes": [ + { + "alg": "SHA-1", + "content": "b53017fc884b3d75cef1f966d48b4c81b1b0bbf8" + }, + { + "alg": "SHA-256", + "content": "8c4b2523c8fbf932c166659e8545f8e130c007436643bae5d87b493fbec00618" + } + ] + }, + { + "bom-ref": "b8952e82b53fd6c8", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Chita", + "hashes": [ + { + "alg": "SHA-1", + "content": "1d5e51e255bb40d3c5723605b9fb54f9b747b4af" + }, + { + "alg": "SHA-256", + "content": "d432791b40f33a27d26fa8015da821cbbbd342e5f0f446f08dcb335f61114480" + } + ] + }, + { + "bom-ref": "91442d4b20abbb1f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Choibalsan", + "hashes": [ + { + "alg": "SHA-1", + "content": "55b3eaa0a380d475b0f79f30c2c2d7247275b644" + }, + { + "alg": "SHA-256", + "content": "a85c3f8409af204452a090c8f8dc073ba63ef07f9c54abc647bdd3d73320f84f" + } + ] + }, + { + "bom-ref": "a6d8fd571d0c2a85", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Chongqing", + "hashes": [ + { + "alg": "SHA-1", + "content": "5340ad3c4a745aa72e53c45730f5d37ef9595247" + }, + { + "alg": "SHA-256", + "content": "3dabb2cbd654bfeff65ce40f9e3e6e1f8905196bf11dbb7d09da90bfee0902dc" + } + ] + }, + { + "bom-ref": "97ed177bcc7d9709", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Colombo", + "hashes": [ + { + "alg": "SHA-1", + "content": "3f2ad711403100a37148a39dd3eefab62f7d932b" + }, + { + "alg": "SHA-256", + "content": "9568be7d3c15c035fe21d134fcf3e4cbbe9fb88630669e1d5a82856045a1894e" + } + ] + }, + { + "bom-ref": "b0545a2e8bf99f5a", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Dacca", + "hashes": [ + { + "alg": "SHA-1", + "content": "d3f2af008bc8df50bb2d2de41d9f14cfd4e974a2" + }, + { + "alg": "SHA-256", + "content": "883255334c7a560186731a994545992a58ddb7ebe0046d9bfac5d9bc0404fc31" + } + ] + }, + { + "bom-ref": "89257e7dc821cd7b", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Damascus", + "hashes": [ + { + "alg": "SHA-1", + "content": "176a3b5071cb03b245ad878bcdc92c1ce8dc439c" + }, + { + "alg": "SHA-256", + "content": "905ca552d118390d8a55d110ccc510fd8ca62ee1c924b8fedb6e51ee06723bfd" + } + ] + }, + { + "bom-ref": "6ef9a3f0d37591ae", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Dili", + "hashes": [ + { + "alg": "SHA-1", + "content": "a54f0751e09c9141f190d1205a760ef6b6b0767d" + }, + { + "alg": "SHA-256", + "content": "7f774195ded2dcae0fd35ad7c8631e25592b1dfaf7adf2f1a6fdfc57a756117d" + } + ] + }, + { + "bom-ref": "d02947be782f9df4", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Dubai", + "hashes": [ + { + "alg": "SHA-1", + "content": "077ec02fa7bda3c9f944ed47697c01b65180b80e" + }, + { + "alg": "SHA-256", + "content": "e81a84a54de891c2d04582ff7df63e4216f7b8da850a85f408295e5d4563cbd7" + } + ] + }, + { + "bom-ref": "531fb4d3a25e9d01", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Dushanbe", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f0215b35da9609585714253883b2c4380371661" + }, + { + "alg": "SHA-256", + "content": "ea635b2d543c7cef8e22a7f5e4908237b7b0f9c0d0913e0fac541005034e449c" + } + ] + }, + { + "bom-ref": "33b6e90ad7e50c5c", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Famagusta", + "hashes": [ + { + "alg": "SHA-1", + "content": "defd649b9777d729621e77010ea776b2791b0475" + }, + { + "alg": "SHA-256", + "content": "20091893b43e49e89146c6565d0354a3e66eddf8cd7a684543516320cc43df79" + } + ] + }, + { + "bom-ref": "79077984a7a6c0be", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Gaza", + "hashes": [ + { + "alg": "SHA-1", + "content": "da2270f493b9e2357ea72c2a270885792746a648" + }, + { + "alg": "SHA-256", + "content": "9944849e649605ade7f9135704640d03377e79ec844685baedd067dd089df7fc" + } + ] + }, + { + "bom-ref": "7b4af5d654131a8d", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Hebron", + "hashes": [ + { + "alg": "SHA-1", + "content": "70db72dfdaa561ddc6c56bf23aca11f67df4cffa" + }, + { + "alg": "SHA-256", + "content": "c14954909bece0963016e16fe991109861c3f321423dd66f8f079294a7a1763e" + } + ] + }, + { + "bom-ref": "c709cc0873ef5444", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", + "hashes": [ + { + "alg": "SHA-1", + "content": "a51e212d56cdab39de95f9e7eac13f67e759b40d" + }, + { + "alg": "SHA-256", + "content": "2506d16a1e40756e93071eeb87eb390d80677e97af93cfba0a8db85c0c30a78a" + } + ] + }, + { + "bom-ref": "371522ecf1be2592", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Hong_Kong", + "hashes": [ + { + "alg": "SHA-1", + "content": "587a8219541e44b0459a210ba7b625cc06b624d7" + }, + { + "alg": "SHA-256", + "content": "7b7d0ca6c638c25f978f1634aa550dbc6b581fc68c7fb8fc8206f185916d13d5" + } + ] + }, + { + "bom-ref": "574ad9a4c8b3c8b5", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Hovd", + "hashes": [ + { + "alg": "SHA-1", + "content": "e2ecdd163565c11c67efb1198a68bddb71ad0588" + }, + { + "alg": "SHA-256", + "content": "65ae13b140b91e71ad833667bfc7f2e6800fc302b58226ef423fc1ecbda4d604" + } + ] + }, + { + "bom-ref": "3ff198d678ddcf52", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Irkutsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "b15464ed6ab87ebb0c8f6be715daf95119b672d5" + }, + { + "alg": "SHA-256", + "content": "e949dd759bcfadcb7222bfc64add3bc627604ca295a6550295d4d15a1610f7d3" + } + ] + }, + { + "bom-ref": "0a387cdfe63b745c", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Istanbul", + "hashes": [ + { + "alg": "SHA-1", + "content": "b06cbed22013bddcc7a8af2f850737f65ed40a7b" + }, + { + "alg": "SHA-256", + "content": "79e7252772bb1e751c4051a881290654a091b48eb6c5f7e8dbd75b902e9b69e3" + } + ] + }, + { + "bom-ref": "5afcb57400b1d273", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Jakarta", + "hashes": [ + { + "alg": "SHA-1", + "content": "3cacbf372d92a7c42c564f6859e97cee44b4911d" + }, + { + "alg": "SHA-256", + "content": "4a01dcddf56ccd3dce9bd268e1a9c2f8f45d01599ad1d2756e24b322c88ddf81" + } + ] + }, + { + "bom-ref": "78fcf48c6bbbb712", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Jayapura", + "hashes": [ + { + "alg": "SHA-1", + "content": "265b7fc6621a75620d91291e1b71761046de7304" + }, + { + "alg": "SHA-256", + "content": "aab37ddf857fffe26ae3c74d6b0be399d4315c1f3e626b51d7c371ca33aa632b" + } + ] + }, + { + "bom-ref": "713b27e7e4132849", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Jerusalem", + "hashes": [ + { + "alg": "SHA-1", + "content": "e63bea2777e898f46d31d48fb58620ac679df656" + }, + { + "alg": "SHA-256", + "content": "b0148f8add566bc74f6812b19c7b6ab83946b49391062d57594b48ff68b4a579" + } + ] + }, + { + "bom-ref": "70bcd976ef21e4ce", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Kabul", + "hashes": [ + { + "alg": "SHA-1", + "content": "e0df8d7ae7f8e92d34378048011ca397e4b5167e" + }, + { + "alg": "SHA-256", + "content": "b6801f8238f3facc093d3599d29a938743de04c8bd02a34232b47e2902da0a75" + } + ] + }, + { + "bom-ref": "5d2df31116d2dd9b", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Kamchatka", + "hashes": [ + { + "alg": "SHA-1", + "content": "5a01c1b5aa80e6fa206d7bbc36567ec3524ac5ff" + }, + { + "alg": "SHA-256", + "content": "59e32ed392ec42cdd6a82e8442393d7a26cff5a4efa91463e853ea341bfb9ebd" + } + ] + }, + { + "bom-ref": "3dca7d224d87d7d8", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Karachi", + "hashes": [ + { + "alg": "SHA-1", + "content": "bf60ac118bf88a296775eeb8694559d7618b165e" + }, + { + "alg": "SHA-256", + "content": "d553bc3c156e678388d870fb20fec1f3a5fafd6df697c16764303d549a0bbc5d" + } + ] + }, + { + "bom-ref": "5c026a85d6a1887f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Kashgar", + "hashes": [ + { + "alg": "SHA-1", + "content": "7d625fc50ef3a86a76f0f01604d21602f9f32b6a" + }, + { + "alg": "SHA-256", + "content": "e89dcc179fd438c7f0bfdd7c36386e1ef6ade581a140444a799c36c739218bf8" + } + ] + }, + { + "bom-ref": "5de4946ca871786c", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Kathmandu", + "hashes": [ + { + "alg": "SHA-1", + "content": "d56400746ef3b83c38c9ecd2071817065252fe08" + }, + { + "alg": "SHA-256", + "content": "6d72acb61184a8dd4aeb228b7df667a1af8e3166bcd2f942b1500d0c487605b9" + } + ] + }, + { + "bom-ref": "40bd8c2c972b948c", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Khandyga", + "hashes": [ + { + "alg": "SHA-1", + "content": "344e5db35ac3ed8eb0341e1cccbc2b87d9b8dc45" + }, + { + "alg": "SHA-256", + "content": "34541fa47299957178a872c4b5a406acca305eb0491a505397590de3790b87a7" + } + ] + }, + { + "bom-ref": "35ec5541946df3cd", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "43a289f8733c46b541869d84e1c4a77f934df252" + }, + { + "alg": "SHA-256", + "content": "3af7c4abd423ffcfbb41c76ce325460e94806b01670507a84d24479a743bc57a" + } + ] + }, + { + "bom-ref": "ca1e99cc58ec3d45", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Kuala_Lumpur", + "hashes": [ + { + "alg": "SHA-1", + "content": "2c388208210d01c39a9bf79d6afead374663deda" + }, + { + "alg": "SHA-256", + "content": "9aae6b3d02b5d8e625f614d3db703803868cbfd6307370c1ec8f189d23d38e86" + } + ] + }, + { + "bom-ref": "7b7d0bc6cc970d9d", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Macao", + "hashes": [ + { + "alg": "SHA-1", + "content": "db0ecdfdd50b43906fb3592143a868c0dbfe7dfd" + }, + { + "alg": "SHA-256", + "content": "1bca990b0f1a5a1cd670a97844a919313f001fcd1300e759646b07777464afc0" + } + ] + }, + { + "bom-ref": "ad6d58d932f042d8", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Magadan", + "hashes": [ + { + "alg": "SHA-1", + "content": "4ae22b2290bd04ca166c0a812ff1377e54631241" + }, + { + "alg": "SHA-256", + "content": "e5c4dc15e34614bb39258cf6c02e86e42ceb62ec7af0b5ca925d34ff2b838de3" + } + ] + }, + { + "bom-ref": "d3868b101b37c63b", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Makassar", + "hashes": [ + { + "alg": "SHA-1", + "content": "b79b9b60fcaf395c3341ec0c41d4fb65b63ac746" + }, + { + "alg": "SHA-256", + "content": "9baf5051a31815f8e742137b58b84d39d2e18f7523e31c661154e98cc94236ab" + } + ] + }, + { + "bom-ref": "2311536ec353a770", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Manila", + "hashes": [ + { + "alg": "SHA-1", + "content": "e67d75f88df518cb33bca6c471a26450adb86af0" + }, + { + "alg": "SHA-256", + "content": "da9a7302d5e020e9c8a25de5c2658913221c6ee6de2fd3c73a9f916d9e092ac6" + } + ] + }, + { + "bom-ref": "8ff5c8f99542c1c7", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Nicosia", + "hashes": [ + { + "alg": "SHA-1", + "content": "a0da0714d20196df2041f5b5a2a3b2d6ae43bc29" + }, + { + "alg": "SHA-256", + "content": "816ece597d51a1dc8fb9f2b5f704fb92ca46f39193c82d203b3e0f76022bfe6f" + } + ] + }, + { + "bom-ref": "1b6367971456eec2", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Novokuznetsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "07d3d5334fe7e49ceb735707b9edc9ba0115ab9a" + }, + { + "alg": "SHA-256", + "content": "ecd1e87524dbea8b32301ab86d801059ea058c4a44ef91413366d0ea1e55a7dd" + } + ] + }, + { + "bom-ref": "1dad11ed20ccd12e", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Novosibirsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "5574778e4f064d3d26a6703294fa021235df3ad8" + }, + { + "alg": "SHA-256", + "content": "4bc8670b03af61f39638e08b06b3233505dd623976ab72df7382989687ac3cfa" + } + ] + }, + { + "bom-ref": "7b73295968c5c5b6", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Omsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "202ff5a4e480ff3b4a077d5eb5e81effdeb3865b" + }, + { + "alg": "SHA-256", + "content": "ba4e12684ef834b2d8fd16eec35fc1f7e742ec9880203294572bdab53d3b5684" + } + ] + }, + { + "bom-ref": "b6134efb4ea8a235", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Oral", + "hashes": [ + { + "alg": "SHA-1", + "content": "3bd92541768138fa2551d1459103a6d9c3ea71da" + }, + { + "alg": "SHA-256", + "content": "8dab88f61eba53c08e408d58d78c4c18dfc34d03bfdea4ac75b6c69c110227d0" + } + ] + }, + { + "bom-ref": "d33f966ebcd34c24", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Pontianak", + "hashes": [ + { + "alg": "SHA-1", + "content": "e5896712386099f47f8df07d3909eea0c54be1e9" + }, + { + "alg": "SHA-256", + "content": "24665b40a1d184b383861fb511ac1842c9697b172aa95553cdbeee510e85207b" + } + ] + }, + { + "bom-ref": "1b00c1885d3691e0", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Pyongyang", + "hashes": [ + { + "alg": "SHA-1", + "content": "ced971b1b3eec6699ff05f271586ea5c0f5fbf9e" + }, + { + "alg": "SHA-256", + "content": "2e6cd3912e92ad2ab9de080ad938668ca91dee96f5ff3dc16236e92411cd4970" + } + ] + }, + { + "bom-ref": "f03b09dbcd6e79f9", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Qostanay", + "hashes": [ + { + "alg": "SHA-1", + "content": "e7ac0c5da28e5f4f4710a6825655004397a48156" + }, + { + "alg": "SHA-256", + "content": "f0c637df806e7d9b767f035b731651d98766fffbacdfbe46427317142c1c5e18" + } + ] + }, + { + "bom-ref": "9c820b6005b1fd42", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Qyzylorda", + "hashes": [ + { + "alg": "SHA-1", + "content": "5c38ccea287faba02ab1a07bdd5a207bbbc80ae8" + }, + { + "alg": "SHA-256", + "content": "a1f7f65b16b26a0ee985c46961fdf72b555a11c8179c07dd07178c45950f33cc" + } + ] + }, + { + "bom-ref": "4c1da9027422da97", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Rangoon", + "hashes": [ + { + "alg": "SHA-1", + "content": "990c68c465dd9fff8f342b00f254a26f685c9b01" + }, + { + "alg": "SHA-256", + "content": "1cfd8f0fa6de43e4e9ed265490c9456349f6d1432d16df8b800d6f05523cd652" + } + ] + }, + { + "bom-ref": "4fdb123fe106361d", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Sakhalin", + "hashes": [ + { + "alg": "SHA-1", + "content": "94cebfc4a48a7c51ba46a3a203d3de3c3de42622" + }, + { + "alg": "SHA-256", + "content": "200016884eeb4dd0e79b6510428bf4abf98b7a2f7ceb9b01c1243b71a019b4c1" + } + ] + }, + { + "bom-ref": "947292ead3b1c9f5", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Samarkand", + "hashes": [ + { + "alg": "SHA-1", + "content": "19a0174685ff5936c6be38d45d347a0bf00c5f20" + }, + { + "alg": "SHA-256", + "content": "0a16a07b835821e5d7df7d673e31e8c23f73a9566756810728c1a714254963ff" + } + ] + }, + { + "bom-ref": "659a69b949b557bc", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Seoul", + "hashes": [ + { + "alg": "SHA-1", + "content": "6d292554fd0aeaf5985d169df46a41588618723b" + }, + { + "alg": "SHA-256", + "content": "ada505a6950423e64d3dc95d6fb5e49035d9c0660f45196f379fb98ef2db464d" + } + ] + }, + { + "bom-ref": "cb7e4d427ef498c2", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Srednekolymsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "b6fca82b92113e65f6c65b3f2b125dc8e5c1f07d" + }, + { + "alg": "SHA-256", + "content": "b71e39c85bc690caa7d5eff6cd8812de59147ae3d734327fa93c6c161541081d" + } + ] + }, + { + "bom-ref": "5f6f49aadfb5db41", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Taipei", + "hashes": [ + { + "alg": "SHA-1", + "content": "8d4be4d3b722864b1f536d03b2a70e018f118fba" + }, + { + "alg": "SHA-256", + "content": "2e0fab6e1dc06ffab787f03fbedb00bfba79cd7e24111d4bba043941951da401" + } + ] + }, + { + "bom-ref": "d6fa85942ba9725e", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Tashkent", + "hashes": [ + { + "alg": "SHA-1", + "content": "3210cb6407d585cc697a2d9bc389d379305a1d8c" + }, + { + "alg": "SHA-256", + "content": "a401a4c5888b6a017118b63716cd5d511601ee0414546facf1c6b13b11e2d778" + } + ] + }, + { + "bom-ref": "c2f4ae12b0131be4", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Tbilisi", + "hashes": [ + { + "alg": "SHA-1", + "content": "49a179a3182d043b2dfa369a00622d7574e72da0" + }, + { + "alg": "SHA-256", + "content": "6a88a837d9b4cfe9763a39074af7cee568b4b8301ce76f554648cfd591bb2c40" + } + ] + }, + { + "bom-ref": "41cde13c4321af41", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Tehran", + "hashes": [ + { + "alg": "SHA-1", + "content": "81e8997961e94c1c42e96a58f792efd6a66eb341" + }, + { + "alg": "SHA-256", + "content": "51517431e87fc787c60334fea3fdcac3212d69cfe68efdfab1af7078db475421" + } + ] + }, + { + "bom-ref": "5d03d5cceb52edcb", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Thimbu", + "hashes": [ + { + "alg": "SHA-1", + "content": "631dd80eab2ce1452fdc509a5cd697a2fd5bf8f7" + }, + { + "alg": "SHA-256", + "content": "8b68b1bd1b172cc41d1182634f6396d1883a07472294a1b9b08b53f22c7d526b" + } + ] + }, + { + "bom-ref": "79f74fce7309437f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Tokyo", + "hashes": [ + { + "alg": "SHA-1", + "content": "7e4053e2e29443711029309c48578ca7f62b1414" + }, + { + "alg": "SHA-256", + "content": "ebd0981ce34f6067ae2a1ac10cb93045e2c53207739cd4c4e5a5182c1e58eb29" + } + ] + }, + { + "bom-ref": "9f2344594005c427", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Tomsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "96da6262867933a3013a35be44ddbadc699ee94a" + }, + { + "alg": "SHA-256", + "content": "d097fcdc0791e3ad95b57007487139d569daa9cc454201a3b5a9e23eabc5ad12" + } + ] + }, + { + "bom-ref": "1bfda69ae0d15947", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Ust-Nera", + "hashes": [ + { + "alg": "SHA-1", + "content": "1bd1dea8749ad76123c9dcb37f3dcb751e97b0c9" + }, + { + "alg": "SHA-256", + "content": "2e5ae847187fe508b769c504e5374d1849bb96538dbc8c37734c8e0fe7fe0d64" + } + ] + }, + { + "bom-ref": "462943816575345e", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Vladivostok", + "hashes": [ + { + "alg": "SHA-1", + "content": "3d89cafa4a299c829df4f12872113f0822cf38eb" + }, + { + "alg": "SHA-256", + "content": "3169967b2fdc43cf45958af33ba6f68d1b21e77483de43a4c2e7bb9937ae09e0" + } + ] + }, + { + "bom-ref": "773da227ed26a95c", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Yakutsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "3ca9614080780401f816ba7ef31281f6b7c1d163" + }, + { + "alg": "SHA-256", + "content": "6a008c10551d500021b9656ac0275359050f7dfeeb95c6f09a5e92ff947a929c" + } + ] + }, + { + "bom-ref": "61975e0fc245b5fd", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Yekaterinburg", + "hashes": [ + { + "alg": "SHA-1", + "content": "6f1c15a33f56104325f5a7986e0c41675f673343" + }, + { + "alg": "SHA-256", + "content": "a38ccdd3308be5ba8d0d05a194034f8f878df83efae43f9542f2bf32d12f371e" + } + ] + }, + { + "bom-ref": "c69343349cab865d", + "type": "file", + "name": "/usr/share/zoneinfo/right/Asia/Yerevan", + "hashes": [ + { + "alg": "SHA-1", + "content": "5b0d5cc2fa7bcf8e12eb1f5cdb666add3baebb6f" + }, + { + "alg": "SHA-256", + "content": "eb1d78885ef08e71fbd252a8a94211a75ef5945df8d13cef0a2b7ecb1b4327db" + } + ] + }, + { + "bom-ref": "1da72657d491b1fe", + "type": "file", + "name": "/usr/share/zoneinfo/right/Atlantic/Azores", + "hashes": [ + { + "alg": "SHA-1", + "content": "4a8a3046c83115427014d718232321dfb529bb6f" + }, + { + "alg": "SHA-256", + "content": "8d43571970c544ffa840bf6a6c36e22ba2e61f0a08f305b872550533cdbbe84d" + } + ] + }, + { + "bom-ref": "01626c7aa79391d6", + "type": "file", + "name": "/usr/share/zoneinfo/right/Atlantic/Bermuda", + "hashes": [ + { + "alg": "SHA-1", + "content": "497f4fdb96607af07ad67240e4158ade5450621e" + }, + { + "alg": "SHA-256", + "content": "acde2d95e4d36821033d1dabbc8a8411b9e6350c23a2ad2d80801f7fec87a6d0" + } + ] + }, + { + "bom-ref": "e7e899b1ce982e9c", + "type": "file", + "name": "/usr/share/zoneinfo/right/Atlantic/Canary", + "hashes": [ + { + "alg": "SHA-1", + "content": "4a4e277bfe3e7523b5d5e874249f1e4613117c56" + }, + { + "alg": "SHA-256", + "content": "9c494307b553c65f8b98288d007d865588e17f02fccd5198dae5d8a304506df7" + } + ] + }, + { + "bom-ref": "8697e4a748fbd08f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", + "hashes": [ + { + "alg": "SHA-1", + "content": "36fe56da97a23c6a4cd48e284dac698d2969ed5f" + }, + { + "alg": "SHA-256", + "content": "80298c8e9532d3c7f14575b254803ee66856504126bdec0c78bbea9a5c11023d" + } + ] + }, + { + "bom-ref": "a1df52b82f376959", + "type": "file", + "name": "/usr/share/zoneinfo/right/Atlantic/Faeroe", + "hashes": [ + { + "alg": "SHA-1", + "content": "ecd696a5d84c7b21495e64362be3986c8daf4e7d" + }, + { + "alg": "SHA-256", + "content": "e4bc706cbf76ac1b6af63a674384a5b29bce64d961cc701453de33a9df2da140" + } + ] + }, + { + "bom-ref": "3c62995ac83b64e2", + "type": "file", + "name": "/usr/share/zoneinfo/right/Atlantic/Madeira", + "hashes": [ + { + "alg": "SHA-1", + "content": "fce98afb032cef8850ec9b2772823f7cc7ece926" + }, + { + "alg": "SHA-256", + "content": "c9d7c63adae12bd3b067d9da920e70b46c80918958f66fe8e58e763fe39b9e3d" + } + ] + }, + { + "bom-ref": "4bd39480910fe7cd", + "type": "file", + "name": "/usr/share/zoneinfo/right/Atlantic/South_Georgia", + "hashes": [ + { + "alg": "SHA-1", + "content": "15dcfd9b6d4f1e8ca1621b42696dfff5db443b4a" + }, + { + "alg": "SHA-256", + "content": "230b5565a00d4a87d68c1aa7f36316522fb46f2b10de37b8ba6f03276c40851f" + } + ] + }, + { + "bom-ref": "5a07402af5bd1e09", + "type": "file", + "name": "/usr/share/zoneinfo/right/Atlantic/Stanley", + "hashes": [ + { + "alg": "SHA-1", + "content": "c8cd11ae9b9598e3b0e65f696bd387c2a1f3ed26" + }, + { + "alg": "SHA-256", + "content": "8e17fa24405bdeab427f31d715b75aad22ff767bca0f421f47a0c1ea57410bba" + } + ] + }, + { + "bom-ref": "340e43cc61beadc0", + "type": "file", + "name": "/usr/share/zoneinfo/right/Australia/ACT", + "hashes": [ + { + "alg": "SHA-1", + "content": "c1b019759c3304c37cff6105c21ff7be8bef593c" + }, + { + "alg": "SHA-256", + "content": "642e4c43482e65d17e43cbc5fe2c665bcfc6500fbd7be117997a958519357c54" + } + ] + }, + { + "bom-ref": "59e5eb2178088d7e", + "type": "file", + "name": "/usr/share/zoneinfo/right/Australia/Adelaide", + "hashes": [ + { + "alg": "SHA-1", + "content": "ab180f8298580a42f5ed6abd9a863fb670ba90a5" + }, + { + "alg": "SHA-256", + "content": "ba3b9c88bef36f4b814ca5049c06b5eb2a1935a61c237c79aa2c88b2292819a3" + } + ] + }, + { + "bom-ref": "c8e1ea9e021b8c14", + "type": "file", + "name": "/usr/share/zoneinfo/right/Australia/Brisbane", + "hashes": [ + { + "alg": "SHA-1", + "content": "cfc68f176bd8111ac8b958d4eb46e035e210c963" + }, + { + "alg": "SHA-256", + "content": "0d0dd2a38a62d3fe7b8d7b26719631363df500dd58c34194c7615bd369465309" + } + ] + }, + { + "bom-ref": "60abe0e813d2f612", + "type": "file", + "name": "/usr/share/zoneinfo/right/Australia/Broken_Hill", + "hashes": [ + { + "alg": "SHA-1", + "content": "e54f8b79e01a528999736c56ac706ed8dd81779a" + }, + { + "alg": "SHA-256", + "content": "2f15cd9d3c530060a73b2bb4a5f6e9d88cadd4eee4fa132a688fe592a7a24e66" + } + ] + }, + { + "bom-ref": "b31d04042b9abaf5", + "type": "file", + "name": "/usr/share/zoneinfo/right/Australia/Currie", + "hashes": [ + { + "alg": "SHA-1", + "content": "fcc12af93d2a8076f2a17bca6524e4a3d586a284" + }, + { + "alg": "SHA-256", + "content": "ed21235521d7650b7ab9c2fbac6670b52ef1c316a7d3387c3468ffcc2f1c4e56" + } + ] + }, + { + "bom-ref": "9794c76a6eab5ba0", + "type": "file", + "name": "/usr/share/zoneinfo/right/Australia/Darwin", + "hashes": [ + { + "alg": "SHA-1", + "content": "13e1296d4be729fb8d9a86919df1f195f7218d91" + }, + { + "alg": "SHA-256", + "content": "e6a593646f567712af1a334e9386b4e2b12af1bfbb84478bfa03a1a752ed1041" + } + ] + }, + { + "bom-ref": "3cb1bec0eab9a923", + "type": "file", + "name": "/usr/share/zoneinfo/right/Australia/Eucla", + "hashes": [ + { + "alg": "SHA-1", + "content": "c4844badf7172980dc1503f8830d88e926a8d94e" + }, + { + "alg": "SHA-256", + "content": "b7d2a342295c3224ba9d297b001af131566ef88a3546cbe8c225ce5053414a8c" + } + ] + }, + { + "bom-ref": "8d77a21b60654221", + "type": "file", + "name": "/usr/share/zoneinfo/right/Australia/LHI", + "hashes": [ + { + "alg": "SHA-1", + "content": "f3a4cd1061d946c78e1967a6f915fb2e3f0dc9c5" + }, + { + "alg": "SHA-256", + "content": "76162efac0f2925905052ab5cf35988527658a004db0d2c441ad97db8a3e22d7" + } + ] + }, + { + "bom-ref": "39a1cf12e24e2f4f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Australia/Lindeman", + "hashes": [ + { + "alg": "SHA-1", + "content": "05a8ef9490a9c58d3ea4e86aa511215d1d775785" + }, + { + "alg": "SHA-256", + "content": "a8d5b962760b0cfd9dd1f008029b15ae5e074855e82ec66d742563027eb55d24" + } + ] + }, + { + "bom-ref": "670e6465ecf7620e", + "type": "file", + "name": "/usr/share/zoneinfo/right/Australia/Melbourne", + "hashes": [ + { + "alg": "SHA-1", + "content": "003ff467e9e0c888fb7cedfa58e1b36ca95fa8d3" + }, + { + "alg": "SHA-256", + "content": "84ab5e18504d4001ee4e97c6008760e6851ec1b81ff2fac5c33a5551cbb1001e" + } + ] + }, + { + "bom-ref": "b53344cb3ffb3226", + "type": "file", + "name": "/usr/share/zoneinfo/right/Australia/Perth", + "hashes": [ + { + "alg": "SHA-1", + "content": "88a7b56f6c36745706c5035e016c88c14b92d328" + }, + { + "alg": "SHA-256", + "content": "27a4964d7927ddd70e9940a5b0bd82611825ec6e505195cd4a4a46605e5d6b2d" + } + ] + }, + { + "bom-ref": "9e2ad02256d0b761", + "type": "file", + "name": "/usr/share/zoneinfo/right/CET", + "hashes": [ + { + "alg": "SHA-1", + "content": "9cb0d4b1bf570da2aafc521c224a0076cbad101b" + }, + { + "alg": "SHA-256", + "content": "f335b2e2a80f9fa6c01a7ab22bff2167484a28c1dd50fbeb24921e7b78d19ab7" + } + ] + }, + { + "bom-ref": "3698970716458c61", + "type": "file", + "name": "/usr/share/zoneinfo/right/Chile/EasterIsland", + "hashes": [ + { + "alg": "SHA-1", + "content": "9967efcbbd039d1b943aa7c9a774f55a84c874a5" + }, + { + "alg": "SHA-256", + "content": "b0635e8bb3a3efb07b5e4955576082a7ea8886d6ccc9a7b7eb80792e75a81aae" + } + ] + }, + { + "bom-ref": "6d7e70e2ecdac341", + "type": "file", + "name": "/usr/share/zoneinfo/right/EET", + "hashes": [ + { + "alg": "SHA-1", + "content": "8e411b27520abf1944f05001a51366011b2a4659" + }, + { + "alg": "SHA-256", + "content": "51319031e6a4e42a4c15c2952140f2d428a71255bfd4ad0dce25b8fde7d00585" + } + ] + }, + { + "bom-ref": "33a9f4a242c7ac02", + "type": "file", + "name": "/usr/share/zoneinfo/right/Eire", + "hashes": [ + { + "alg": "SHA-1", + "content": "34b501693409050c81f7e6a862e2f99a9fda73e2" + }, + { + "alg": "SHA-256", + "content": "2cd23fa1542d2e8f07e27e17560d1f6283b8b525e8a9ca4be9f0c16ce66aa7dd" + } + ] + }, + { + "bom-ref": "98e838ae849e045b", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT", + "hashes": [ + { + "alg": "SHA-1", + "content": "5d11e5d055b0cfce4cb63d5bca81cfd4ef55eb09" + }, + { + "alg": "SHA-256", + "content": "c0ae0c488922dfe5baff09fea6c5d252a8f2d5cdd8f3cd280c68e31d2d8ac6fb" + } + ] + }, + { + "bom-ref": "e0797c1b8a059c87", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT+1", + "hashes": [ + { + "alg": "SHA-1", + "content": "dc800a1905e6bde8f42a1ea7ecf7bf9a704744ae" + }, + { + "alg": "SHA-256", + "content": "16ea18914e1676430fee370b242d86587d3117b432482ec8a497db8bd14453ba" + } + ] + }, + { + "bom-ref": "6ba439dbb90f5c3f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT+10", + "hashes": [ + { + "alg": "SHA-1", + "content": "b8845ee6ea17122ce40fa360c14c9d24149cbee0" + }, + { + "alg": "SHA-256", + "content": "c683654d0864baadc2f98ba9fa75b5f203af117c4e611cc8cc4c73eaac254cd5" + } + ] + }, + { + "bom-ref": "1246b723e35244d7", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT+11", + "hashes": [ + { + "alg": "SHA-1", + "content": "0941313052cbfa8accf728c69863a5437e8906e7" + }, + { + "alg": "SHA-256", + "content": "5fea7c2d91940b17e15f78137ab3d40073ea161c858899498a7b90c79d84d48d" + } + ] + }, + { + "bom-ref": "e9f47ff9032019c5", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT+12", + "hashes": [ + { + "alg": "SHA-1", + "content": "6b30c13e7049e88b5e0016af86b62a81b0f51a39" + }, + { + "alg": "SHA-256", + "content": "24bbfaa6ff8159d3012fe838b6db32b77c13164f652c84dc43d7d3dc6a25f265" + } + ] + }, + { + "bom-ref": "ee1f0d09827619d5", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT+2", + "hashes": [ + { + "alg": "SHA-1", + "content": "e1aeb70315ae8d7fceca5287ec0d3f8269121c83" + }, + { + "alg": "SHA-256", + "content": "580fa5dae9587a6a260d0933985575b20cfefc9e7e17ce0587c24df848b82700" + } + ] + }, + { + "bom-ref": "4e0485fa464e8a3a", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT+3", + "hashes": [ + { + "alg": "SHA-1", + "content": "271eb39e95bd06b8c97934fe4ac5516427d3d7e8" + }, + { + "alg": "SHA-256", + "content": "4e52fa3acf4d068ab35ec9d0fb5c10122bee012c6fd0bc1fbb3ed6419d2d8db9" + } + ] + }, + { + "bom-ref": "caf0ea4d1eb037ab", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT+4", + "hashes": [ + { + "alg": "SHA-1", + "content": "f8e307c55d9665cc75744b2ed80937bfc0ae2101" + }, + { + "alg": "SHA-256", + "content": "ec22c8e01edffa45b339dedcbcbdf8be615094f09b649213183cd75a5ab29800" + } + ] + }, + { + "bom-ref": "ed6e7e869c1525c3", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT+5", + "hashes": [ + { + "alg": "SHA-1", + "content": "ed1e43a6942cf3e9c52ca3730c75bf3bcbd037c4" + }, + { + "alg": "SHA-256", + "content": "46fdd6be7520a43a5465619781bdd047e72c0b1a8e6a16a5b31b00b758221a57" + } + ] + }, + { + "bom-ref": "e475ca363045a9d6", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT+6", + "hashes": [ + { + "alg": "SHA-1", + "content": "950c2c31bb8ace71a719fa73b49ed46bd4d19500" + }, + { + "alg": "SHA-256", + "content": "0439857b0b94981df61fbf4070041d0f3f26f6102012843bca69e750e5b49ad8" + } + ] + }, + { + "bom-ref": "ec0a17f08b1c7038", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT+7", + "hashes": [ + { + "alg": "SHA-1", + "content": "2f0211b60ac2b4e2b2e3827930dfb025a0675f99" + }, + { + "alg": "SHA-256", + "content": "75138491c3bd0ac7b172c3cf9c878159f557d7346144d71c89001fa0b5434eef" + } + ] + }, + { + "bom-ref": "307bb7c30af3573a", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT+8", + "hashes": [ + { + "alg": "SHA-1", + "content": "9abd61d2abe5b7e131d6736950497f70400f6f01" + }, + { + "alg": "SHA-256", + "content": "65f78112a4e299dd478d06bef4569e93ca88781f5a7aca82861aca64f2a54921" + } + ] + }, + { + "bom-ref": "9c17adc7a7394b19", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT+9", + "hashes": [ + { + "alg": "SHA-1", + "content": "00d5ff8a8ce24a0f1080f33ab566a3e830cc439b" + }, + { + "alg": "SHA-256", + "content": "14fa76a891398da90e64238f578675169038c2aabdece2bdd807c7e5c8014423" + } + ] + }, + { + "bom-ref": "b2ebeea47dd5475f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT-1", + "hashes": [ + { + "alg": "SHA-1", + "content": "6316c3634f21e6bf13d207a591033a271d94eb8e" + }, + { + "alg": "SHA-256", + "content": "bd9f157a6d4ed2edaecc9986c6a37a15b4cf24b4ec285d1fb033f60a8b6b40ea" + } + ] + }, + { + "bom-ref": "1d82694b1ecba6e9", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT-10", + "hashes": [ + { + "alg": "SHA-1", + "content": "062ab53272e54f1769b6f995b655e322f4aa4acb" + }, + { + "alg": "SHA-256", + "content": "31ad29ec2374b91ee2c65ec4a3d55a9a349f656cf147e88ceab2078866118555" + } + ] + }, + { + "bom-ref": "6741fb1bc0959778", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT-11", + "hashes": [ + { + "alg": "SHA-1", + "content": "78b796490451519ed6c6ffa51b451769c4589ac2" + }, + { + "alg": "SHA-256", + "content": "7e8147d18a82011ce5c40cfdb3e72ee7c9f663a36319c769ff34c861c07d46e0" + } + ] + }, + { + "bom-ref": "15cafed9eea83afd", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT-12", + "hashes": [ + { + "alg": "SHA-1", + "content": "2a14e214d1402045660aff1597c1d453ef7e51d2" + }, + { + "alg": "SHA-256", + "content": "1643f375f77a9cfa4f5a43a7edc5b1c9aaf6b142e38f5f11a5ad424d3c3bc50e" + } + ] + }, + { + "bom-ref": "5d4a7c3f72373cd3", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT-13", + "hashes": [ + { + "alg": "SHA-1", + "content": "140541627964666ae10d5711e792f057b8a39189" + }, + { + "alg": "SHA-256", + "content": "ae045edea58729a07bf482af7f0514ef1f58cf0229da64203d847cbd73091ced" + } + ] + }, + { + "bom-ref": "6d909f42127f418d", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT-14", + "hashes": [ + { + "alg": "SHA-1", + "content": "f489ecbc9b0b1b9f9ea2eeb722f750869d3d4856" + }, + { + "alg": "SHA-256", + "content": "6cfd1aea860e6e5bdc9acf61fb9d73b8157a184699af09ec60a7ac9105129d09" + } + ] + }, + { + "bom-ref": "b6e3181a3e6614ee", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT-2", + "hashes": [ + { + "alg": "SHA-1", + "content": "8e159ada07f1178c4535b0dd44e022030bc3d55a" + }, + { + "alg": "SHA-256", + "content": "ab411c42f81cf32921ba066b3fd207c19f8fadfc7a645ac498d0cd99403e08b4" + } + ] + }, + { + "bom-ref": "178617aa61acb30a", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT-3", + "hashes": [ + { + "alg": "SHA-1", + "content": "7dc6d972313812676501ed51d41af4f2e7fe5869" + }, + { + "alg": "SHA-256", + "content": "456321d4535e73ea2f90d57b4c6a01985b6c61975d3192079010ecba1756319a" + } + ] + }, + { + "bom-ref": "7730cbb1fd359e9b", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT-4", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f2e5d838282a6bf1aa35598a125aa2c24bc5c15" + }, + { + "alg": "SHA-256", + "content": "3bd4a880605600d48d2c6a66bb8c06f8311517e66ab8f36033712637741804aa" + } + ] + }, + { + "bom-ref": "29e48de2cfb8b31b", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT-5", + "hashes": [ + { + "alg": "SHA-1", + "content": "a8e2f8a4a1101008e9dcffed0f6879935341a22b" + }, + { + "alg": "SHA-256", + "content": "1d1c996246907f0f3a9acd5e718e2081d09fa9302db8cdba699970f042ec2bb7" + } + ] + }, + { + "bom-ref": "a6a2bc1498452340", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT-6", + "hashes": [ + { + "alg": "SHA-1", + "content": "d9d202e8903ebdcbf04072991b0996f0b0539291" + }, + { + "alg": "SHA-256", + "content": "240967a18e32890d63fbf85c36a4f68ee7e34ee2e74369ca7cc302e8d5628081" + } + ] + }, + { + "bom-ref": "a8f39bbe81d9520e", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT-7", + "hashes": [ + { + "alg": "SHA-1", + "content": "a1a6365d8ff5442395e22ef58c2ea8c9aafdac99" + }, + { + "alg": "SHA-256", + "content": "d64bfa44a85bf15af2bae860eb7c983d37e105feec38bbac7abdb68e7301db9e" + } + ] + }, + { + "bom-ref": "0ab86e68732c77f6", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT-8", + "hashes": [ + { + "alg": "SHA-1", + "content": "40c731d7f7e968f858d51e7144576cdff2def224" + }, + { + "alg": "SHA-256", + "content": "5a45eb9a1793d21016cca402103fc96cada05665bb04419479a8c16dfb2d127d" + } + ] + }, + { + "bom-ref": "91a6a39db5404ccc", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/GMT-9", + "hashes": [ + { + "alg": "SHA-1", + "content": "9725dcf44d5eaa7324839093a4b0fe8407250ca7" + }, + { + "alg": "SHA-256", + "content": "7b073597e60378b11510062f4763f5b028665d89a202f460f8076a66ce9c1e86" + } + ] + }, + { + "bom-ref": "d551f7fcc01926ec", + "type": "file", + "name": "/usr/share/zoneinfo/right/Etc/UCT", + "hashes": [ + { + "alg": "SHA-1", + "content": "4babbaada1d584e9a3e28f98cb69eb7b10e860cb" + }, + { + "alg": "SHA-256", + "content": "d8ae7a9298ef0de0e84b7cbe5988f476d9ac76168506ad4a15ba2a4c77d0f882" + } + ] + }, + { + "bom-ref": "b92545c8f9a22670", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Andorra", + "hashes": [ + { + "alg": "SHA-1", + "content": "9ef865d4570c9281fabd04323b6ac113646d09ea" + }, + { + "alg": "SHA-256", + "content": "636f35db63ba2d24513234d0aaeac9176dffe5c59b992fb8ec284306fc1e8e55" + } + ] + }, + { + "bom-ref": "bad99f1041412d06", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Astrakhan", + "hashes": [ + { + "alg": "SHA-1", + "content": "8031b764ca3ceb16cda37326490e43d364371877" + }, + { + "alg": "SHA-256", + "content": "db0f7db18f4422f75f50905bbe3e1385d9beb785ac3ab4830c95e60ed6d26663" + } + ] + }, + { + "bom-ref": "d0e7561284493ba4", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Belfast", + "hashes": [ + { + "alg": "SHA-1", + "content": "8202180a4ee1e918ddd75ed206143b34886acaf4" + }, + { + "alg": "SHA-256", + "content": "46b7d10bfe167c8abbe0a6b9568a56254b1d32bf709c59f79730d434c01f620a" + } + ] + }, + { + "bom-ref": "eebe74989742d15d", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Belgrade", + "hashes": [ + { + "alg": "SHA-1", + "content": "72f2469525d821fe40ae93906dac331aa4e6a353" + }, + { + "alg": "SHA-256", + "content": "424a31c5076e7e8df83719bef2256bfc462950cb25dbe4757ec6bf2bffc73407" + } + ] + }, + { + "bom-ref": "8211995d747ee077", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Bratislava", + "hashes": [ + { + "alg": "SHA-1", + "content": "6cb5e7db1f99c055196d9de1dda31791a357e602" + }, + { + "alg": "SHA-256", + "content": "2724db32864ac46c3519d2e65ceaab5c5aa47ea40fc7ef223b0e95f1d6123478" + } + ] + }, + { + "bom-ref": "1b1888dd3d110bb1", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Bucharest", + "hashes": [ + { + "alg": "SHA-1", + "content": "06a411a4631ed971e9151302d5ecb4da38760ebc" + }, + { + "alg": "SHA-256", + "content": "1c344ffd880bb10fab22505e6a155ede7966118ffe8154f9823d636f539f1fad" + } + ] + }, + { + "bom-ref": "4c6b58c8cfeb69bb", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Budapest", + "hashes": [ + { + "alg": "SHA-1", + "content": "0907d069c1491bce06d4a3c159f9e5a1fc421a35" + }, + { + "alg": "SHA-256", + "content": "b794eb2756f3064a56dc6d69b6283d782c4fe5b847f08e8f01791febc2aa7d64" + } + ] + }, + { + "bom-ref": "93a77504158cd24d", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Busingen", + "hashes": [ + { + "alg": "SHA-1", + "content": "2919e708ebcfd645a1fca479db8d9da144622cd3" + }, + { + "alg": "SHA-256", + "content": "c7933f897854ae9ba3f186d4e69e6a4d8c83a7aadeac05bfc6ad24b352902c87" + } + ] + }, + { + "bom-ref": "4c04952207bfba6c", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Chisinau", + "hashes": [ + { + "alg": "SHA-1", + "content": "8459d95aa0efd7870ebf490143f02cde3dc95aef" + }, + { + "alg": "SHA-256", + "content": "7f5a8ec399f624b8c76af090704ff395e751d5a1b01d97d591e6bb7456e50707" + } + ] + }, + { + "bom-ref": "3ed169a32febde4c", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Gibraltar", + "hashes": [ + { + "alg": "SHA-1", + "content": "2fb18702fea92748f0e68e346f08457574e106c2" + }, + { + "alg": "SHA-256", + "content": "bfa36a2a92509b37f9ce349039b318cfacd1a8f42b8d45a90123441b0bc5f614" + } + ] + }, + { + "bom-ref": "f225389200f0e315", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Helsinki", + "hashes": [ + { + "alg": "SHA-1", + "content": "633ba90f4a99c66bc44c66a8e4be1c276bbfcb9b" + }, + { + "alg": "SHA-256", + "content": "99774635d3673503f5f9a68bfa0a8ed22904a6aa240a54ca146c769a6b44f04f" + } + ] + }, + { + "bom-ref": "eacd3bb0a1f85734", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Kaliningrad", + "hashes": [ + { + "alg": "SHA-1", + "content": "7a867ecfbc653667d2c2792a668e5f0af91ae86e" + }, + { + "alg": "SHA-256", + "content": "4e9d028d6e75c1d8dee0ea1d2911be263c15986ce0d85f7962fc3a74980abea3" + } + ] + }, + { + "bom-ref": "f6fd23d435484c92", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Kiev", + "hashes": [ + { + "alg": "SHA-1", + "content": "ee04aa646c89c29b550a518214803d26e5db56e9" + }, + { + "alg": "SHA-256", + "content": "2908feb1a02054053d38f4237fef440ecb8c4823532447f37dd40496081a7aab" + } + ] + }, + { + "bom-ref": "023abd2d44bed68c", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Kirov", + "hashes": [ + { + "alg": "SHA-1", + "content": "3b690fe08dc1e06a508cf8fba1b63db998b0a13b" + }, + { + "alg": "SHA-256", + "content": "cd4ce071df873475dae25a8f9bc6669f210ffb2f59459177ba85cecdb1066869" + } + ] + }, + { + "bom-ref": "94da58a2c071562e", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Lisbon", + "hashes": [ + { + "alg": "SHA-1", + "content": "6f602fd5c09c3445a92f17f53ec85d406f937702" + }, + { + "alg": "SHA-256", + "content": "a36f7b5c14745fcf1ce8d81bd69ddf2a5f54acb42ae257b4f9a76979af60d2fd" + } + ] + }, + { + "bom-ref": "dc2b397038a0500b", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Madrid", + "hashes": [ + { + "alg": "SHA-1", + "content": "1b90f061a2bc9f220d6e57b22bc5fae57a5b3ed3" + }, + { + "alg": "SHA-256", + "content": "60a674aaf464d0c1c6449054d431dbf18e3530563279b8a504816f3652a16d24" + } + ] + }, + { + "bom-ref": "c9d4c510e981e36d", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Malta", + "hashes": [ + { + "alg": "SHA-1", + "content": "be80e8ebb0f0a88fac52cf2cf1efbf79f6560a8f" + }, + { + "alg": "SHA-256", + "content": "cff70fde0bb281552820a88054c3474f60421052182e1f5c5dfc6f79d9964d20" + } + ] + }, + { + "bom-ref": "8dce2c711372eb31", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Minsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "50dc57fce2464261b4c032870b5fcce6e195e768" + }, + { + "alg": "SHA-256", + "content": "2143110d5ab8d697694075f8a9f9e6e4db2e9ae3fc864588dc4aaf06bd215940" + } + ] + }, + { + "bom-ref": "920898bb95373af4", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Monaco", + "hashes": [ + { + "alg": "SHA-1", + "content": "96625c03b0e4ac66d5f325769c475d7c964feae5" + }, + { + "alg": "SHA-256", + "content": "843e7e61f730fd653c286c01cbc9cd290b79e3e61d2fb2e9f216bbe3f7db31f8" + } + ] + }, + { + "bom-ref": "680b9e96e231e221", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Moscow", + "hashes": [ + { + "alg": "SHA-1", + "content": "8ec8d15220779bf4ceeaf6814c5542031c68d483" + }, + { + "alg": "SHA-256", + "content": "fbe286e4e8b537f98c782958f935e648f86643a4db89bf8566f4037afe216d15" + } + ] + }, + { + "bom-ref": "a80c7b5ed6f75459", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Riga", + "hashes": [ + { + "alg": "SHA-1", + "content": "fc0350b614040545ac06259e2a92a8ec9a9dc2b2" + }, + { + "alg": "SHA-256", + "content": "8ba637f5e64e2e7ec5c3f78b2e60905d33107a9ef6f81ed9d7c4f4e0c3a5f1c6" + } + ] + }, + { + "bom-ref": "f297d7e288331d68", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Rome", + "hashes": [ + { + "alg": "SHA-1", + "content": "33ffe1aff43f2af208c9f04dc79e801b2d9f22a5" + }, + { + "alg": "SHA-256", + "content": "c5891612c9a5e83e5ed103fe82045826dcd6c82c7c566622fdb9e77eafc7d50a" + } + ] + }, + { + "bom-ref": "e64353ec62870cf0", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Samara", + "hashes": [ + { + "alg": "SHA-1", + "content": "2cf00481bef1b358434913d33d679b084885e832" + }, + { + "alg": "SHA-256", + "content": "82f9a27b9f643a01a4dc1da68b08864a6713345326309721466b128e72c32231" + } + ] + }, + { + "bom-ref": "d35cc7feb6820a60", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Saratov", + "hashes": [ + { + "alg": "SHA-1", + "content": "20228b853bba740b6cc6205d650ac0eeada223e9" + }, + { + "alg": "SHA-256", + "content": "bf2199a05b90cb3b923d20bc669acf2f86fd843130a1d9dfe3383807d5245941" + } + ] + }, + { + "bom-ref": "39ac364a9c3507b7", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Simferopol", + "hashes": [ + { + "alg": "SHA-1", + "content": "5200c2fb1e905aecbef1eddb41a9a1af95b6a464" + }, + { + "alg": "SHA-256", + "content": "58dbfa564500222376adbd40333a91130fa799752e66bdf1a45551c726e27faa" + } + ] + }, + { + "bom-ref": "d229438e006fa531", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Sofia", + "hashes": [ + { + "alg": "SHA-1", + "content": "893df349a8c4ccd2f07ec0e45925b2c11df032e9" + }, + { + "alg": "SHA-256", + "content": "37bbdd3d0a1bbb85dddaf9bd9379405f1c7ccda6b319f0344818e1a92731aed8" + } + ] + }, + { + "bom-ref": "5fd92881aac7828d", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Tallinn", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad32f4c0baca3b9e0711042ec04f507c1fe5c617" + }, + { + "alg": "SHA-256", + "content": "fe35837b7201844c0f4cc40926df64aca256425ef499bafb5d4dddac7231fbb9" + } + ] + }, + { + "bom-ref": "18b452a763fa2e4f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Tirane", + "hashes": [ + { + "alg": "SHA-1", + "content": "c198540a74d481f47672421b8b0aa12c6f05369f" + }, + { + "alg": "SHA-256", + "content": "728eeba75e4e7c47d50342c1d0cb77442d5433ec082942f4291d404af86e9b38" + } + ] + }, + { + "bom-ref": "760e015bda49528c", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Ulyanovsk", + "hashes": [ + { + "alg": "SHA-1", + "content": "6dbadd79da1915515246c07efd473fadb711e6da" + }, + { + "alg": "SHA-256", + "content": "178ebea5ec84691a5e29c09f05b268bb6a3839bd2b6069537acab096b2608dce" + } + ] + }, + { + "bom-ref": "9aae9fa192834b5f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Vienna", + "hashes": [ + { + "alg": "SHA-1", + "content": "3a6106f78fa6d278254ed381107f79f1f72ae590" + }, + { + "alg": "SHA-256", + "content": "1978e5d57f4ae3db762ad0cc8d9b1825467ddb6e7b37add40589ad88d67dcf12" + } + ] + }, + { + "bom-ref": "a446144c2a8db246", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Vilnius", + "hashes": [ + { + "alg": "SHA-1", + "content": "dd4651522a8fc50fbfeab9138139c0a98be78160" + }, + { + "alg": "SHA-256", + "content": "9e0346c05bd62e5062c3e9c1af6abb3a76cac647d69904414df525dc699a8da1" + } + ] + }, + { + "bom-ref": "7081a0e34a6b350e", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Volgograd", + "hashes": [ + { + "alg": "SHA-1", + "content": "87ff92ee927befd36a5776064b50a60b015cc344" + }, + { + "alg": "SHA-256", + "content": "c0a89c4186f6cb4116f953bee1e96336d76a95fe242958b36f1d343d3feae1ae" + } + ] + }, + { + "bom-ref": "a2ed9481b9ffb2f0", + "type": "file", + "name": "/usr/share/zoneinfo/right/Europe/Warsaw", + "hashes": [ + { + "alg": "SHA-1", + "content": "8425ef070f27439d0e75b3cd1907a26833f06efc" + }, + { + "alg": "SHA-256", + "content": "9e8225d49707e4b369634eb200212e63222e6ea0a8ef16a346ea6e32a12ca651" + } + ] + }, + { + "bom-ref": "b350ce7ab7810a11", + "type": "file", + "name": "/usr/share/zoneinfo/right/Factory", + "hashes": [ + { + "alg": "SHA-1", + "content": "6db6f78bd95bed7639ecfa9fbcb32e5e53fae236" + }, + { + "alg": "SHA-256", + "content": "1562a07bd51e51e00a99a8db7ceac2bc5d473008d9798b66d1046ff7ca69f2e3" + } + ] + }, + { + "bom-ref": "50f76fc25a911876", + "type": "file", + "name": "/usr/share/zoneinfo/right/HST", + "hashes": [ + { + "alg": "SHA-1", + "content": "dcfa0711611efd412cfc39a00e06a7a651c24f39" + }, + { + "alg": "SHA-256", + "content": "3cd58372124c8149411f3b1e7a923096293afb60d234258ae9230e768f906175" + } + ] + }, + { + "bom-ref": "7d27e81560137a98", + "type": "file", + "name": "/usr/share/zoneinfo/right/Indian/Chagos", + "hashes": [ + { + "alg": "SHA-1", + "content": "58a379fb0376e5abbb370c26f5311d1daec2498f" + }, + { + "alg": "SHA-256", + "content": "a56c856698ed900dd9f105de3ecfa7c02a47d3e0a72cf9b0b2dda8d78e1ca668" + } + ] + }, + { + "bom-ref": "a5d6c087f1ce0421", + "type": "file", + "name": "/usr/share/zoneinfo/right/Indian/Kerguelen", + "hashes": [ + { + "alg": "SHA-1", + "content": "836b7f8b8924e979f9d150043ed836fb9e031066" + }, + { + "alg": "SHA-256", + "content": "6f460c82f439e2d45a82af8290775e71ebe2ee472d802c2fc36ca477151ed03a" + } + ] + }, + { + "bom-ref": "948a7edf6e965ad2", + "type": "file", + "name": "/usr/share/zoneinfo/right/Indian/Mauritius", + "hashes": [ + { + "alg": "SHA-1", + "content": "ae6aa848ebef8ed4b361a36ff2760a1d05ccacbb" + }, + { + "alg": "SHA-256", + "content": "392bac1d8217b660b7affe6623ef563ab1deefd077661e4ca48746f20ff07e73" + } + ] + }, + { + "bom-ref": "27e20379fcc146d1", + "type": "file", + "name": "/usr/share/zoneinfo/right/Kwajalein", + "hashes": [ + { + "alg": "SHA-1", + "content": "34af0076af4a4341be0f8b2abc0ebfda3b1371bb" + }, + { + "alg": "SHA-256", + "content": "fe0269639dfeb4da4a29422764e8ce5d131bceb70eb858288feacb33adb93357" + } + ] + }, + { + "bom-ref": "bda3f09d4ce029a2", + "type": "file", + "name": "/usr/share/zoneinfo/right/NZ-CHAT", + "hashes": [ + { + "alg": "SHA-1", + "content": "cd84961c4d50e4185f3a741815a51c13b712ff01" + }, + { + "alg": "SHA-256", + "content": "7418e8e399cac56ecc7db3b17dd98b99af2a78c01009f6090b81fa74bb9ed1be" + } + ] + }, + { + "bom-ref": "47d47bfe9daa28df", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Apia", + "hashes": [ + { + "alg": "SHA-1", + "content": "9b7740ef01a83771a188c6a3eea515420a4b1e7e" + }, + { + "alg": "SHA-256", + "content": "9232e8d2e7c4b0851c24b934806eed6ad8c782b70b5f8077ecd085a344cf21a6" + } + ] + }, + { + "bom-ref": "78855593e2583a9e", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Bougainville", + "hashes": [ + { + "alg": "SHA-1", + "content": "52def485011a03bf0630796589a006350826d7fe" + }, + { + "alg": "SHA-256", + "content": "3424ec28a42e16e2aecfedcb0e9460623e322ef6e91b0cbcd0f30ea3f81a38ea" + } + ] + }, + { + "bom-ref": "799f8d5301678c96", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Efate", + "hashes": [ + { + "alg": "SHA-1", + "content": "a8ee1e5ccf78182632c20c0b8017100c83a66c3a" + }, + { + "alg": "SHA-256", + "content": "2c3fa89e70a1e6f04d32a1425a7c4a17ea831bdb2991e2b2e7a6207eb2a2da34" + } + ] + }, + { + "bom-ref": "7a1210001590214a", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Enderbury", + "hashes": [ + { + "alg": "SHA-1", + "content": "c3800c386333b9234fe998a348859ef6800892ab" + }, + { + "alg": "SHA-256", + "content": "0d861c486407a2cfa76dcb792e29ab6b5a7dc23fc88e436fcf0e91aa934ce50f" + } + ] + }, + { + "bom-ref": "17c26a924f613a8f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Fakaofo", + "hashes": [ + { + "alg": "SHA-1", + "content": "242e87d997bca50490a5963afbd296e9db98d42d" + }, + { + "alg": "SHA-256", + "content": "310746ea8f1df6f1fda801edfd8bf9dbe668ff0d67fc8f2ee6b09d13e08b1342" + } + ] + }, + { + "bom-ref": "d8442b79c9bb211f", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Fiji", + "hashes": [ + { + "alg": "SHA-1", + "content": "003ab2f2e58a95975dc0bedb26c6239f5f63ca2d" + }, + { + "alg": "SHA-256", + "content": "61d9791f14bdcd80003cc510d466349ddddae5425da99a15ff54363e61c82663" + } + ] + }, + { + "bom-ref": "10ecd7443a2e0f8d", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Funafuti", + "hashes": [ + { + "alg": "SHA-1", + "content": "264561f06a4b450a54c2958aa0a31c9aab233fd2" + }, + { + "alg": "SHA-256", + "content": "a19599331d7971282a3d99d552f3580e18e1a3f291fe1c2a724b732b28d19dda" + } + ] + }, + { + "bom-ref": "d755b234f0f5e121", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Galapagos", + "hashes": [ + { + "alg": "SHA-1", + "content": "063fd61ea477769597792730fcb4e1db44da00e3" + }, + { + "alg": "SHA-256", + "content": "e11d59240fad0b7863207bf94d2a3b1a1bee3dd638562cd52ad82dff0c5500cc" + } + ] + }, + { + "bom-ref": "e3be249111356540", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Gambier", + "hashes": [ + { + "alg": "SHA-1", + "content": "a7bdf929ff895c8fd766a9b01ec7768a55239487" + }, + { + "alg": "SHA-256", + "content": "e740a7ffbc13dd2ceba41ad306ef0ea8648404f94647a5f0acb6a53cc7fd07bd" + } + ] + }, + { + "bom-ref": "6669f53a5e886496", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Guadalcanal", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f1ae4c71492393dd281cca4c25fb9c02d9424cb" + }, + { + "alg": "SHA-256", + "content": "395078e1bda2f361dadc972e7cac74766378db47e93ab0eb40831c1bd3cd0eb4" + } + ] + }, + { + "bom-ref": "de70877551d180b8", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Guam", + "hashes": [ + { + "alg": "SHA-1", + "content": "96217fa9b9e0900f36df167e05a1be6285e7304c" + }, + { + "alg": "SHA-256", + "content": "dd2618ab40e4937e8a7e77ee99cb16850d680dd751fbafbc7f1315910c1c654d" + } + ] + }, + { + "bom-ref": "86462bf7cfae9fca", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Kiritimati", + "hashes": [ + { + "alg": "SHA-1", + "content": "5c23c7d62279762fdc99e27b913b4e5614131095" + }, + { + "alg": "SHA-256", + "content": "174e89b399cdcb099e3fbdb56726bcd5e4ff5407143375bbe3f325c2d9681ec7" + } + ] + }, + { + "bom-ref": "7846ce6f1446a572", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Kosrae", + "hashes": [ + { + "alg": "SHA-1", + "content": "badfb6360e23281f1586f8cc31f9bf0ddead03f0" + }, + { + "alg": "SHA-256", + "content": "f3e0ee73aa07ea88079d523f04e18013c2faa1f451c16e84d8ce44b508ed1e7c" + } + ] + }, + { + "bom-ref": "f42ed6977c96b3f6", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Marquesas", + "hashes": [ + { + "alg": "SHA-1", + "content": "f9ab84a187a3dc1bd186524d4b475544aed3297f" + }, + { + "alg": "SHA-256", + "content": "ec00139c96225da5c430689485dad62c37f3ea2a44bbfdbba984779ec39898ab" + } + ] + }, + { + "bom-ref": "009ece66b505db9a", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Midway", + "hashes": [ + { + "alg": "SHA-1", + "content": "a22abb4b6195611dfb909670078c38c2fcd02a7e" + }, + { + "alg": "SHA-256", + "content": "123dc0bb0c84f740272684766dfe16f0bc190dbf9c221b944e4df2c98788d95c" + } + ] + }, + { + "bom-ref": "bc1dc5a11617ff3b", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Nauru", + "hashes": [ + { + "alg": "SHA-1", + "content": "38b372bc34a518151fdbb18bd40313f9f1003331" + }, + { + "alg": "SHA-256", + "content": "bd939db4129d29f0b99daaa023926e04a75f26de36dd4bde3af05093998da477" + } + ] + }, + { + "bom-ref": "287406beb3a9c308", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Niue", + "hashes": [ + { + "alg": "SHA-1", + "content": "219ce89833abdfb6f7900ef96259a079b33f98bb" + }, + { + "alg": "SHA-256", + "content": "30cc62073dfdf73d40c8ba8cac33a52f7313e04a431a48f0576772745565afa4" + } + ] + }, + { + "bom-ref": "893640ffaadb3fd7", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Norfolk", + "hashes": [ + { + "alg": "SHA-1", + "content": "771eb27866fb346a346dc123dad325bd0406dee2" + }, + { + "alg": "SHA-256", + "content": "5c71894f23b70d59b166ba89cd77cc2f5e04587b07dff3db877ba131ec16e1dd" + } + ] + }, + { + "bom-ref": "5b3923f8e2b41631", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Noumea", + "hashes": [ + { + "alg": "SHA-1", + "content": "3a634960055fea8fa21f3c7335ca008e7e8ad7c5" + }, + { + "alg": "SHA-256", + "content": "2c0159163af1753811f401a39dec7e715cd509e0240350bf4509319894f09a01" + } + ] + }, + { + "bom-ref": "92cfdd5827806bea", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Palau", + "hashes": [ + { + "alg": "SHA-1", + "content": "3616d2b603942be1a069e138538be2a2554ef30f" + }, + { + "alg": "SHA-256", + "content": "77b1aa8530b84c1e02080129746a797d03c2b34dab1c40f97067774e13e3c2fc" + } + ] + }, + { + "bom-ref": "5eb1e4f5972cf9c2", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Pitcairn", + "hashes": [ + { + "alg": "SHA-1", + "content": "32772a169319c0efe77169ddfdc6c7882306db47" + }, + { + "alg": "SHA-256", + "content": "1a54aed7b3405c034a9d551e64c096b46e7edada97236f17844998ea7cd19665" + } + ] + }, + { + "bom-ref": "b94bacb68e7641d6", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Rarotonga", + "hashes": [ + { + "alg": "SHA-1", + "content": "0bff8c5944b3830f71a3aa7a904c209d2786db6f" + }, + { + "alg": "SHA-256", + "content": "1a0b149b0644a1079e60c30e2568dc33201afabf080753a8ae61163c9f6614f3" + } + ] + }, + { + "bom-ref": "0a7fb6e5bfc5fc19", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Tahiti", + "hashes": [ + { + "alg": "SHA-1", + "content": "16b52774376b3b8dcb2ae812ef0f28bce49abd88" + }, + { + "alg": "SHA-256", + "content": "692b326779d3a5f9ce9469353c2646ccfcba1c22ec790d06a76c382d41f8ac7f" + } + ] + }, + { + "bom-ref": "c10ae445b88bd9c2", + "type": "file", + "name": "/usr/share/zoneinfo/right/Pacific/Tongatapu", + "hashes": [ + { + "alg": "SHA-1", + "content": "4a9cc0b35e2db131553cd7f89e9a2d8e8ecac8c1" + }, + { + "alg": "SHA-256", + "content": "c5c1bed0f54f756cff29ebb9d7b1ffef96bd0d121b0cb0dbf9722c9181917601" + } + ] + }, + { + "bom-ref": "ffa40bf00111bcc1", + "type": "file", + "name": "/usr/share/zoneinfo/tzdata.zi", + "hashes": [ + { + "alg": "SHA-1", + "content": "e106ccbb7aaf0cafd1b2faa80616fafb5674fa66" + }, + { + "alg": "SHA-256", + "content": "b707de303ec6cb982b853d30430970fd5cac7cd6086396d911b6fe5e66a746e0" + } + ] + }, + { + "bom-ref": "7439d6928726b505", + "type": "file", + "name": "/usr/share/zoneinfo/zone.tab", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f9c2681dad62e7eb99c7ed3a376a04d2cc581e9" + }, + { + "alg": "SHA-256", + "content": "586b4207e6c76722de82adcda6bf49d761f668517f45a673f64da83b333eecc4" + } + ] + }, + { + "bom-ref": "2e80788a46bd1d3a", + "type": "file", + "name": "/usr/share/zoneinfo/zone1970.tab", + "hashes": [ + { + "alg": "SHA-1", + "content": "0409ecccab58b2cd0d5aa758d2a518354dd83bdb" + }, + { + "alg": "SHA-256", + "content": "e9d9fe30942a880f756b73f649667d8647a1ecf2131149445d9cc24c65e4ee8f" + } + ] + }, + { + "bom-ref": "084238eeedbaeb04", + "type": "file", + "name": "/var/lib/rpm/rpmdb.sqlite", + "hashes": [ + { + "alg": "SHA-1", + "content": "7a8c03d5b08705a280360933df7cd1976094ba4a" + }, + { + "alg": "SHA-256", + "content": "6888185a33db9606643fcd280b7a8e3e306125aa168dd3f9cf607e49018cf6e9" + } + ] + }, + { + "bom-ref": "9e643efa3244df62", + "type": "file", + "name": "/var/lib/rpm/rpmdb.sqlite-shm", + "hashes": [ + { + "alg": "SHA-1", + "content": "608eeb7488042453c9ca40f7e1398fc1a270f3f4" + }, + { + "alg": "SHA-256", + "content": "fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb" + } + ] + }, + { + "bom-ref": "42347261e3296811", + "type": "file", + "name": "/var/lib/rpm/rpmdb.sqlite-wal" + }, + { + "bom-ref": "886a39eba3384970", + "type": "file", + "name": "/fluent-bit/bin/fluent-bit", + "hashes": [ + { + "alg": "SHA-1", + "content": "5efb3de1ded928596bca4048f3472b768bb3feba" + }, + { + "alg": "SHA-256", + "content": "891223001e144cac4c62809b340aaab6bd50ff4fc8ab3c32253732a8e6277b1b" + } + ] + }, + { + "bom-ref": "76f1c9985254e2be", + "type": "file", + "name": "/etc/ld.so.cache", + "hashes": [ + { + "alg": "SHA-1", + "content": "36b8c3b64d37014908e77572188954aa3cb20f14" + }, + { + "alg": "SHA-256", + "content": "c81f81c0014895d5f3d4c6a18352d7cec8d84c7545d02e03ca9f978848bb00ee" + } + ] + }, + { + "bom-ref": "f7b1ca91de4b87e3", + "type": "file", + "name": "/var/cache/ldconfig/aux-cache", + "hashes": [ + { + "alg": "SHA-1", + "content": "e262a9b428960942bd73da550bc313c4e8595c8c" + }, + { + "alg": "SHA-256", + "content": "b7e9580a23b413e77efbb2b5ece1629ba22a45c22802c754f90ac5b3dc4f3fa8" + } + ] + }, + { + "bom-ref": "17f0452d88c35045", + "type": "file", + "name": "/etc/group", + "hashes": [ + { + "alg": "SHA-1", + "content": "d43893aba8e1f7ac50d31350f0c6749c1d74f34d" + }, + { + "alg": "SHA-256", + "content": "cd480d020fa833ee740993a401310b59092e696c462d7b5a386996a5af403f5e" + } + ] + }, + { + "bom-ref": "0d2d3ea44fec0394", + "type": "file", + "name": "/etc/gshadow", + "hashes": [ + { + "alg": "SHA-1", + "content": "fb399da662da4f767b177d7101dc37f7ee7abccb" + }, + { + "alg": "SHA-256", + "content": "57b2c179c1d1a435610d1ea0bfb5bed7eb6d6ced6c0e2f17bfe6362356be1706" + } + ] + }, + { + "bom-ref": "645eceef84258f08", + "type": "file", + "name": "/etc/passwd", + "hashes": [ + { + "alg": "SHA-1", + "content": "bf7007eebcb9840ffbed9e1cb7bc6807fcb367c4" + }, + { + "alg": "SHA-256", + "content": "1dec20adb7cfa5c2800dab6921bd133f7959b9ad359530f9b38291c6a2dee424" + } + ] + }, + { + "bom-ref": "14b36bc2e9d50e6f", + "type": "file", + "name": "/etc/shadow", + "hashes": [ + { + "alg": "SHA-1", + "content": "095e6a4cc33051a79e9d1c6442ae92d4ea72c488" + }, + { + "alg": "SHA-256", + "content": "aae87b88360de60fd8f5a49b2313bf3fc24458e4fa861b822c2f427b44c1fed7" + } + ] + }, + { + "bom-ref": "4765190f6febf036", + "type": "file", + "name": "/etc/subgid", + "hashes": [ + { + "alg": "SHA-1", + "content": "7ca1e92216dc341b70ef97d68a951c8e93db2a7e" + }, + { + "alg": "SHA-256", + "content": "f079cf47cb24bbdf98490c506bac4718f374566f28abd90f85bb07bab919d8bc" + } + ] + }, + { + "bom-ref": "45437c0792f4c201", + "type": "file", + "name": "/etc/subuid", + "hashes": [ + { + "alg": "SHA-1", + "content": "7ca1e92216dc341b70ef97d68a951c8e93db2a7e" + }, + { + "alg": "SHA-256", + "content": "f079cf47cb24bbdf98490c506bac4718f374566f28abd90f85bb07bab919d8bc" + } + ] + } + ], + "dependencies": [ + { + "ref": "pkg:rpm/redhat/alternatives@1.24-2.el9?arch=x86_64&distro=rhel-9.7&package-id=22d0e7bdd9bb8c1a&upstream=chkconfig-1.24-2.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/audit-libs@3.1.5-7.el9?arch=x86_64&distro=rhel-9.7&package-id=394eda196ea9cc18&upstream=audit-3.1.5-7.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libcap-ng@0.8.2-7.el9?arch=x86_64&distro=rhel-9.7&package-id=a3aa75d8273e1cac&upstream=libcap-ng-0.8.2-7.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/basesystem@11-13.el9?arch=noarch&distro=rhel-9.7&package-id=2cedbe7bd36d2161&upstream=basesystem-11-13.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/filesystem@3.16-5.el9?arch=x86_64&distro=rhel-9.7&package-id=35298adfca223979&upstream=filesystem-3.16-5.el9.src.rpm", + "pkg:rpm/redhat/setup@2.13.7-10.el9?arch=noarch&distro=rhel-9.7&package-id=5e411c4e4f6d3d56&upstream=setup-2.13.7-10.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/filesystem@3.16-5.el9?arch=x86_64&distro=rhel-9.7&package-id=35298adfca223979&upstream=filesystem-3.16-5.el9.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&package-id=9dc1b34cdde2c695&upstream=ncurses-6.2-12.20210508.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/bzip2-libs@1.0.8-10.el9_5?arch=x86_64&distro=rhel-9.7&package-id=17802e5820eaaec1&upstream=bzip2-1.0.8-10.el9_5.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/ca-certificates@2025.2.80_v9.0.305-91.el9?arch=noarch&distro=rhel-9.7&package-id=6be629e4a12f87af&upstream=ca-certificates-2025.2.80_v9.0.305-91.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm", + "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&package-id=8ef168befafd7b27&upstream=coreutils-8.32-39.el9.src.rpm", + "pkg:rpm/redhat/findutils@4.8.0-7.el9?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=23c842a484ebcfd5&upstream=findutils-4.8.0-7.el9.src.rpm", + "pkg:rpm/redhat/grep@3.6-5.el9?arch=x86_64&distro=rhel-9.7&package-id=196df9cad96e380f&upstream=grep-3.6-5.el9.src.rpm", + "pkg:rpm/redhat/libffi@3.4.2-8.el9?arch=x86_64&distro=rhel-9.7&package-id=090027c7d7254e53&upstream=libffi-3.4.2-8.el9.src.rpm", + "pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&package-id=546bedf3e2fa6b85&upstream=p11-kit-0.25.3-3.el9_5.src.rpm", + "pkg:rpm/redhat/sed@4.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=e21cb9e7dda039e1&upstream=sed-4.8-9.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&package-id=8ef168befafd7b27&upstream=coreutils-8.32-39.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libacl@2.3.1-4.el9?arch=x86_64&distro=rhel-9.7&package-id=efaae8c603855dcd&upstream=acl-2.3.1-4.el9.src.rpm", + "pkg:rpm/redhat/libattr@2.5.1-3.el9?arch=x86_64&distro=rhel-9.7&package-id=304e2047f10e5c4f&upstream=attr-2.5.1-3.el9.src.rpm", + "pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=rhel-9.7&package-id=b3389bc8d420d9cb&upstream=libcap-2.48-10.el9.src.rpm", + "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ccc2461d41d72dde&upstream=libselinux-3.6-3.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/crypto-policies@20250905-1.git377cc42.el9_7?arch=noarch&distro=rhel-9.7&package-id=db4134870a686c23&upstream=crypto-policies-20250905-1.git377cc42.el9_7.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&package-id=eb5d2c76ed21fa8e&upstream=curl-7.76.1-34.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&package-id=dbb58be7b5652cc7&upstream=curl-7.76.1-34.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/cyrus-sasl-lib@2.1.27-22.el9?arch=x86_64&distro=rhel-9.7&package-id=bace04fe1571465a&upstream=cyrus-sasl-2.1.27-22.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/gdbm-libs@1.23-1.el9?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=fcfdc07fd546a72e&upstream=gdbm-1.23-1.el9.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=rhel-9.7&package-id=b888bcdc2051543e&upstream=krb5-1.21.1-8.el9_6.src.rpm", + "pkg:rpm/redhat/libcom_err@1.46.5-8.el9?arch=x86_64&distro=rhel-9.7&package-id=cf7d0f71948121ea&upstream=e2fsprogs-1.46.5-8.el9.src.rpm", + "pkg:rpm/redhat/libxcrypt@4.4.18-3.el9?arch=x86_64&distro=rhel-9.7&package-id=726407ce9205c669&upstream=libxcrypt-4.4.18-3.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/dejavu-sans-fonts@2.37-18.el9?arch=noarch&distro=rhel-9.7&package-id=dfd23518c3ae46b3&upstream=dejavu-fonts-2.37-18.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/fonts-filesystem@2.0.5-7.el9.1?arch=noarch&distro=rhel-9.7&epoch=1&package-id=2635452dfff4321d&upstream=fonts-rpm-macros-2.0.5-7.el9.1.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/dnf-data@4.14.0-31.el9?arch=noarch&distro=rhel-9.7&package-id=9fcab3ada3c25f5e&upstream=dnf-4.14.0-31.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/libreport-filesystem@2.15.2-6.el9?arch=noarch&distro=rhel-9.7&package-id=53232b1db4311718&upstream=libreport-2.15.2-6.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/file-libs@5.39-16.el9?arch=x86_64&distro=rhel-9.7&package-id=2bd21e0156fe2aa0&upstream=file-5.39-16.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&package-id=3b95a370d9cbeb72&upstream=zlib-1.2.11-40.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/filesystem@3.16-5.el9?arch=x86_64&distro=rhel-9.7&package-id=35298adfca223979&upstream=filesystem-3.16-5.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm", + "pkg:rpm/redhat/setup@2.13.7-10.el9?arch=noarch&distro=rhel-9.7&package-id=5e411c4e4f6d3d56&upstream=setup-2.13.7-10.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/findutils@4.8.0-7.el9?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=23c842a484ebcfd5&upstream=findutils-4.8.0-7.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ccc2461d41d72dde&upstream=libselinux-3.6-3.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&package-id=9dcf052ea12fdad7&upstream=gawk-5.1.0-6.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/filesystem@3.16-5.el9?arch=x86_64&distro=rhel-9.7&package-id=35298adfca223979&upstream=filesystem-3.16-5.el9.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/gmp@6.2.0-13.el9?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=5530ff7e4715e8b5&upstream=gmp-6.2.0-13.el9.src.rpm", + "pkg:rpm/redhat/libsigsegv@2.13-4.el9?arch=x86_64&distro=rhel-9.7&package-id=2baa82c983b30582&upstream=libsigsegv-2.13-4.el9.src.rpm", + "pkg:rpm/redhat/mpfr@4.1.0-7.el9?arch=x86_64&distro=rhel-9.7&package-id=9606bf2c1d407bed&upstream=mpfr-4.1.0-7.el9.src.rpm", + "pkg:rpm/redhat/readline@8.1-4.el9?arch=x86_64&distro=rhel-9.7&package-id=86bb1c48d046cf90&upstream=readline-8.1-4.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/gdbm-libs@1.23-1.el9?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=fcfdc07fd546a72e&upstream=gdbm-1.23-1.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&package-id=bcbac17c560ff49d&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&package-id=a65fe92a04ecf6ce&upstream=gnutls-3.8.3-9.el9.src.rpm", + "pkg:rpm/redhat/libffi@3.4.2-8.el9?arch=x86_64&distro=rhel-9.7&package-id=090027c7d7254e53&upstream=libffi-3.4.2-8.el9.src.rpm", + "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&package-id=403e3b854fc89f1e&upstream=util-linux-2.37.4-21.el9.src.rpm", + "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ccc2461d41d72dde&upstream=libselinux-3.6-3.el9.src.rpm", + "pkg:rpm/redhat/pcre@8.44-4.el9?arch=x86_64&distro=rhel-9.7&package-id=eed46dd832bd62c9&upstream=pcre-8.44-4.el9.src.rpm", + "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&package-id=3b95a370d9cbeb72&upstream=zlib-1.2.11-40.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=daddd35181720871&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/tzdata@2025c-1.el9?arch=noarch&distro=rhel-9.7&package-id=a08e57c8715e4d05&upstream=tzdata-2025c-1.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=5adaf9930b0243ad&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=daddd35181720871&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b75c9ce4cb4a4d36&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=daddd35181720871&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/basesystem@11-13.el9?arch=noarch&distro=rhel-9.7&package-id=2cedbe7bd36d2161&upstream=basesystem-11-13.el9.src.rpm", + "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=daddd35181720871&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=5adaf9930b0243ad&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b75c9ce4cb4a4d36&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=06e2c48d975ea1da&upstream=gcc-11.5.0-11.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/gmp@6.2.0-13.el9?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=5530ff7e4715e8b5&upstream=gmp-6.2.0-13.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&package-id=4796aaf427df0782&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm", + "pkg:rpm/redhat/bzip2-libs@1.0.8-10.el9_5?arch=x86_64&distro=rhel-9.7&package-id=17802e5820eaaec1&upstream=bzip2-1.0.8-10.el9_5.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&package-id=a65fe92a04ecf6ce&upstream=gnutls-3.8.3-9.el9.src.rpm", + "pkg:rpm/redhat/libassuan@2.5.5-3.el9?arch=x86_64&distro=rhel-9.7&package-id=a799ab1600e49872&upstream=libassuan-2.5.5-3.el9.src.rpm", + "pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=bdcb3bee3b1ed812&upstream=libgcrypt-1.10.0-11.el9.src.rpm", + "pkg:rpm/redhat/libgpg-error@1.42-5.el9?arch=x86_64&distro=rhel-9.7&package-id=102fca6f01ef28cf&upstream=libgpg-error-1.42-5.el9.src.rpm", + "pkg:rpm/redhat/libksba@1.5.1-7.el9?arch=x86_64&distro=rhel-9.7&package-id=b0dd457df676ceac&upstream=libksba-1.5.1-7.el9.src.rpm", + "pkg:rpm/redhat/npth@1.6-8.el9?arch=x86_64&distro=rhel-9.7&package-id=e8d4429184219587&upstream=npth-1.6-8.el9.src.rpm", + "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&package-id=f8bdc202e20abd5b&upstream=openldap-2.6.8-4.el9.src.rpm", + "pkg:rpm/redhat/readline@8.1-4.el9?arch=x86_64&distro=rhel-9.7&package-id=86bb1c48d046cf90&upstream=readline-8.1-4.el9.src.rpm", + "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&package-id=87ad778255840d3f&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&package-id=3b95a370d9cbeb72&upstream=zlib-1.2.11-40.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&package-id=a65fe92a04ecf6ce&upstream=gnutls-3.8.3-9.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/crypto-policies@20250905-1.git377cc42.el9_7?arch=noarch&distro=rhel-9.7&package-id=db4134870a686c23&upstream=crypto-policies-20250905-1.git377cc42.el9_7.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libidn2@2.3.0-7.el9?arch=x86_64&distro=rhel-9.7&package-id=6a3c1818891dac67&upstream=libidn2-2.3.0-7.el9.src.rpm", + "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&package-id=4fbfd80d85bb460e&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "pkg:rpm/redhat/libunistring@0.9.10-15.el9?arch=x86_64&distro=rhel-9.7&package-id=e1c9803b20913af1&upstream=libunistring-0.9.10-15.el9.src.rpm", + "pkg:rpm/redhat/nettle@3.10.1-1.el9?arch=x86_64&distro=rhel-9.7&package-id=d95be7a40dea16b9&upstream=nettle-3.10.1-1.el9.src.rpm", + "pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&package-id=546bedf3e2fa6b85&upstream=p11-kit-0.25.3-3.el9_5.src.rpm", + "pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&package-id=39edf0f240a77402&upstream=p11-kit-0.25.3-3.el9_5.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/gobject-introspection@1.68.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=a940b80fe4b46c8b&upstream=gobject-introspection-1.68.0-11.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&package-id=bcbac17c560ff49d&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libffi@3.4.2-8.el9?arch=x86_64&distro=rhel-9.7&package-id=090027c7d7254e53&upstream=libffi-3.4.2-8.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/gpgme@1.15.1-6.el9?arch=x86_64&distro=rhel-9.7&package-id=f1b53ce035ee04b6&upstream=gpgme-1.15.1-6.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&package-id=4796aaf427df0782&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "pkg:rpm/redhat/libassuan@2.5.5-3.el9?arch=x86_64&distro=rhel-9.7&package-id=a799ab1600e49872&upstream=libassuan-2.5.5-3.el9.src.rpm", + "pkg:rpm/redhat/libgpg-error@1.42-5.el9?arch=x86_64&distro=rhel-9.7&package-id=102fca6f01ef28cf&upstream=libgpg-error-1.42-5.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/grep@3.6-5.el9?arch=x86_64&distro=rhel-9.7&package-id=196df9cad96e380f&upstream=grep-3.6-5.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libsigsegv@2.13-4.el9?arch=x86_64&distro=rhel-9.7&package-id=2baa82c983b30582&upstream=libsigsegv-2.13-4.el9.src.rpm", + "pkg:rpm/redhat/pcre@8.44-4.el9?arch=x86_64&distro=rhel-9.7&package-id=eed46dd832bd62c9&upstream=pcre-8.44-4.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64&distro=rhel-9.7&package-id=e2e600817bb6e830&upstream=json-c-0.14-11.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/json-glib@1.6.6-1.el9?arch=x86_64&distro=rhel-9.7&package-id=32dc8d9385f596a8&upstream=json-glib-1.6.6-1.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&package-id=bcbac17c560ff49d&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/keyutils-libs@1.6.3-1.el9?arch=x86_64&distro=rhel-9.7&package-id=4422e914738c17ef&upstream=keyutils-1.6.3-1.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=rhel-9.7&package-id=b888bcdc2051543e&upstream=krb5-1.21.1-8.el9_6.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm", + "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&package-id=8ef168befafd7b27&upstream=coreutils-8.32-39.el9.src.rpm", + "pkg:rpm/redhat/crypto-policies@20250905-1.git377cc42.el9_7?arch=noarch&distro=rhel-9.7&package-id=db4134870a686c23&upstream=crypto-policies-20250905-1.git377cc42.el9_7.src.rpm", + "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&package-id=9dcf052ea12fdad7&upstream=gawk-5.1.0-6.el9.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/grep@3.6-5.el9?arch=x86_64&distro=rhel-9.7&package-id=196df9cad96e380f&upstream=grep-3.6-5.el9.src.rpm", + "pkg:rpm/redhat/keyutils-libs@1.6.3-1.el9?arch=x86_64&distro=rhel-9.7&package-id=4422e914738c17ef&upstream=keyutils-1.6.3-1.el9.src.rpm", + "pkg:rpm/redhat/libcom_err@1.46.5-8.el9?arch=x86_64&distro=rhel-9.7&package-id=cf7d0f71948121ea&upstream=e2fsprogs-1.46.5-8.el9.src.rpm", + "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ccc2461d41d72dde&upstream=libselinux-3.6-3.el9.src.rpm", + "pkg:rpm/redhat/libverto@0.3.2-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ec9dd0ac24b8d8c2&upstream=libverto-0.3.2-3.el9.src.rpm", + "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=9620df42e45abf0c&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "pkg:rpm/redhat/sed@4.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=e21cb9e7dda039e1&upstream=sed-4.8-9.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/langpacks-core-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&package-id=df5d3ce64e6dc98c&upstream=langpacks-3.0-16.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/langpacks-core-font-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&package-id=d73e936743b685e7&upstream=langpacks-3.0-16.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/langpacks-core-font-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&package-id=d73e936743b685e7&upstream=langpacks-3.0-16.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/dejavu-sans-fonts@2.37-18.el9?arch=noarch&distro=rhel-9.7&package-id=dfd23518c3ae46b3&upstream=dejavu-fonts-2.37-18.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/langpacks-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&package-id=27488b456777ffc1&upstream=langpacks-3.0-16.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/langpacks-core-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&package-id=df5d3ce64e6dc98c&upstream=langpacks-3.0-16.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libacl@2.3.1-4.el9?arch=x86_64&distro=rhel-9.7&package-id=efaae8c603855dcd&upstream=acl-2.3.1-4.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libattr@2.5.1-3.el9?arch=x86_64&distro=rhel-9.7&package-id=304e2047f10e5c4f&upstream=attr-2.5.1-3.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&package-id=5fe8b53173092253&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/bzip2-libs@1.0.8-10.el9_5?arch=x86_64&distro=rhel-9.7&package-id=17802e5820eaaec1&upstream=bzip2-1.0.8-10.el9_5.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libacl@2.3.1-4.el9?arch=x86_64&distro=rhel-9.7&package-id=efaae8c603855dcd&upstream=acl-2.3.1-4.el9.src.rpm", + "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&package-id=79cdbcbd3d61afd9&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "pkg:rpm/redhat/libzstd@1.5.5-1.el9?arch=x86_64&distro=rhel-9.7&package-id=88eb82cde1f0760c&upstream=zstd-1.5.5-1.el9.src.rpm", + "pkg:rpm/redhat/lz4-libs@1.9.3-5.el9?arch=x86_64&distro=rhel-9.7&package-id=0fc14552c6652ab5&upstream=lz4-1.9.3-5.el9.src.rpm", + "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=9620df42e45abf0c&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.7&package-id=f3e667a0375f3959&upstream=xz-5.2.5-8.el9_0.src.rpm", + "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&package-id=3b95a370d9cbeb72&upstream=zlib-1.2.11-40.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libassuan@2.5.5-3.el9?arch=x86_64&distro=rhel-9.7&package-id=a799ab1600e49872&upstream=libassuan-2.5.5-3.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libgpg-error@1.42-5.el9?arch=x86_64&distro=rhel-9.7&package-id=102fca6f01ef28cf&upstream=libgpg-error-1.42-5.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libattr@2.5.1-3.el9?arch=x86_64&distro=rhel-9.7&package-id=304e2047f10e5c4f&upstream=attr-2.5.1-3.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&package-id=09371eedc2b9d95d&upstream=util-linux-2.37.4-21.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm", + "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&package-id=8ef168befafd7b27&upstream=coreutils-8.32-39.el9.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&package-id=07c41562e2bee55f&upstream=util-linux-2.37.4-21.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libcap-ng@0.8.2-7.el9?arch=x86_64&distro=rhel-9.7&package-id=a3aa75d8273e1cac&upstream=libcap-ng-0.8.2-7.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=rhel-9.7&package-id=b3389bc8d420d9cb&upstream=libcap-2.48-10.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=06e2c48d975ea1da&upstream=gcc-11.5.0-11.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libcom_err@1.46.5-8.el9?arch=x86_64&distro=rhel-9.7&package-id=cf7d0f71948121ea&upstream=e2fsprogs-1.46.5-8.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&package-id=dbb58be7b5652cc7&upstream=curl-7.76.1-34.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=rhel-9.7&package-id=b888bcdc2051543e&upstream=krb5-1.21.1-8.el9_6.src.rpm", + "pkg:rpm/redhat/libcom_err@1.46.5-8.el9?arch=x86_64&distro=rhel-9.7&package-id=cf7d0f71948121ea&upstream=e2fsprogs-1.46.5-8.el9.src.rpm", + "pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=rhel-9.7&package-id=8f40faa2a3bf3018&upstream=nghttp2-1.43.0-6.el9.src.rpm", + "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=9620df42e45abf0c&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&package-id=3b95a370d9cbeb72&upstream=zlib-1.2.11-40.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libdnf@0.69.0-16.el9?arch=x86_64&distro=rhel-9.7&package-id=5cff8fae12ce3677&upstream=libdnf-0.69.0-16.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&package-id=bcbac17c560ff49d&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/gpgme@1.15.1-6.el9?arch=x86_64&distro=rhel-9.7&package-id=f1b53ce035ee04b6&upstream=gpgme-1.15.1-6.el9.src.rpm", + "pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64&distro=rhel-9.7&package-id=e2e600817bb6e830&upstream=json-c-0.14-11.el9.src.rpm", + "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=06e2c48d975ea1da&upstream=gcc-11.5.0-11.el9.src.rpm", + "pkg:rpm/redhat/libmodulemd@2.13.0-2.el9?arch=x86_64&distro=rhel-9.7&package-id=b47dd00953817b05&upstream=libmodulemd-2.13.0-2.el9.src.rpm", + "pkg:rpm/redhat/librepo@1.14.5-3.el9?arch=x86_64&distro=rhel-9.7&package-id=32c854c70c4b9bc6&upstream=librepo-1.14.5-3.el9.src.rpm", + "pkg:rpm/redhat/librhsm@0.0.3-9.el9?arch=x86_64&distro=rhel-9.7&package-id=3bba3fa15b959901&upstream=librhsm-0.0.3-9.el9.src.rpm", + "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ccc2461d41d72dde&upstream=libselinux-3.6-3.el9.src.rpm", + "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&package-id=7069d90382d7c593&upstream=util-linux-2.37.4-21.el9.src.rpm", + "pkg:rpm/redhat/libsolv@0.7.24-3.el9?arch=x86_64&distro=rhel-9.7&package-id=79ba35edcc44da5f&upstream=libsolv-0.7.24-3.el9.src.rpm", + "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=e66b7275c6659e9c&upstream=gcc-11.5.0-11.el9.src.rpm", + "pkg:rpm/redhat/rpm-libs@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&package-id=81412860457969fe&upstream=rpm-4.16.1.3-39.el9.src.rpm", + "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&package-id=87ad778255840d3f&upstream=sqlite-3.34.1-9.el9_7.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libevent@2.1.12-8.el9_4?arch=x86_64&distro=rhel-9.7&package-id=0299e311fe243bca&upstream=libevent-2.1.12-8.el9_4.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=9620df42e45abf0c&upstream=openssl-3.5.1-4.el9_7.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libffi@3.4.2-8.el9?arch=x86_64&distro=rhel-9.7&package-id=090027c7d7254e53&upstream=libffi-3.4.2-8.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=06e2c48d975ea1da&upstream=gcc-11.5.0-11.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=bdcb3bee3b1ed812&upstream=libgcrypt-1.10.0-11.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libgpg-error@1.42-5.el9?arch=x86_64&distro=rhel-9.7&package-id=102fca6f01ef28cf&upstream=libgpg-error-1.42-5.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libgpg-error@1.42-5.el9?arch=x86_64&distro=rhel-9.7&package-id=102fca6f01ef28cf&upstream=libgpg-error-1.42-5.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libidn2@2.3.0-7.el9?arch=x86_64&distro=rhel-9.7&package-id=6a3c1818891dac67&upstream=libidn2-2.3.0-7.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libunistring@0.9.10-15.el9?arch=x86_64&distro=rhel-9.7&package-id=e1c9803b20913af1&upstream=libunistring-0.9.10-15.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libksba@1.5.1-7.el9?arch=x86_64&distro=rhel-9.7&package-id=b0dd457df676ceac&upstream=libksba-1.5.1-7.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libgpg-error@1.42-5.el9?arch=x86_64&distro=rhel-9.7&package-id=102fca6f01ef28cf&upstream=libgpg-error-1.42-5.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libmodulemd@2.13.0-2.el9?arch=x86_64&distro=rhel-9.7&package-id=b47dd00953817b05&upstream=libmodulemd-2.13.0-2.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/file-libs@5.39-16.el9?arch=x86_64&distro=rhel-9.7&package-id=2bd21e0156fe2aa0&upstream=file-5.39-16.el9.src.rpm", + "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&package-id=bcbac17c560ff49d&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=06e2c48d975ea1da&upstream=gcc-11.5.0-11.el9.src.rpm", + "pkg:rpm/redhat/libyaml@0.2.5-7.el9?arch=x86_64&distro=rhel-9.7&package-id=a495c2a7de1ac993&upstream=libyaml-0.2.5-7.el9.src.rpm", + "pkg:rpm/redhat/rpm-libs@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&package-id=81412860457969fe&upstream=rpm-4.16.1.3-39.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&package-id=403e3b854fc89f1e&upstream=util-linux-2.37.4-21.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&package-id=09371eedc2b9d95d&upstream=util-linux-2.37.4-21.el9.src.rpm", + "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ccc2461d41d72dde&upstream=libselinux-3.6-3.el9.src.rpm", + "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&package-id=07c41562e2bee55f&upstream=util-linux-2.37.4-21.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=rhel-9.7&package-id=8f40faa2a3bf3018&upstream=nghttp2-1.43.0-6.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libpeas@1.30.0-4.el9?arch=x86_64&distro=rhel-9.7&package-id=bd201f1503e17989&upstream=libpeas-1.30.0-4.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&package-id=bcbac17c560ff49d&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/gobject-introspection@1.68.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=a940b80fe4b46c8b&upstream=gobject-introspection-1.68.0-11.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/librepo@1.14.5-3.el9?arch=x86_64&distro=rhel-9.7&package-id=32c854c70c4b9bc6&upstream=librepo-1.14.5-3.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&package-id=bcbac17c560ff49d&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/gpgme@1.15.1-6.el9?arch=x86_64&distro=rhel-9.7&package-id=f1b53ce035ee04b6&upstream=gpgme-1.15.1-6.el9.src.rpm", + "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&package-id=dbb58be7b5652cc7&upstream=curl-7.76.1-34.el9.src.rpm", + "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=06e2c48d975ea1da&upstream=gcc-11.5.0-11.el9.src.rpm", + "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ccc2461d41d72dde&upstream=libselinux-3.6-3.el9.src.rpm", + "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&package-id=79cdbcbd3d61afd9&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=9620df42e45abf0c&upstream=openssl-3.5.1-4.el9_7.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/librhsm@0.0.3-9.el9?arch=x86_64&distro=rhel-9.7&package-id=3bba3fa15b959901&upstream=librhsm-0.0.3-9.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&package-id=bcbac17c560ff49d&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/json-glib@1.6.6-1.el9?arch=x86_64&distro=rhel-9.7&package-id=32dc8d9385f596a8&upstream=json-glib-1.6.6-1.el9.src.rpm", + "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=06e2c48d975ea1da&upstream=gcc-11.5.0-11.el9.src.rpm", + "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=9620df42e45abf0c&upstream=openssl-3.5.1-4.el9_7.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ccc2461d41d72dde&upstream=libselinux-3.6-3.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libsepol@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=cecb06c03b371de6&upstream=libsepol-3.6-3.el9.src.rpm", + "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&package-id=d52857c4436af57f&upstream=pcre2-10.40-6.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libsemanage@3.6-5.el9_6?arch=x86_64&distro=rhel-9.7&package-id=1d43a3fb8f185afb&upstream=libsemanage-3.6-5.el9_6.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/audit-libs@3.1.5-7.el9?arch=x86_64&distro=rhel-9.7&package-id=394eda196ea9cc18&upstream=audit-3.1.5-7.el9.src.rpm", + "pkg:rpm/redhat/bzip2-libs@1.0.8-10.el9_5?arch=x86_64&distro=rhel-9.7&package-id=17802e5820eaaec1&upstream=bzip2-1.0.8-10.el9_5.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ccc2461d41d72dde&upstream=libselinux-3.6-3.el9.src.rpm", + "pkg:rpm/redhat/libsepol@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=cecb06c03b371de6&upstream=libsepol-3.6-3.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libsepol@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=cecb06c03b371de6&upstream=libsepol-3.6-3.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libsigsegv@2.13-4.el9?arch=x86_64&distro=rhel-9.7&package-id=2baa82c983b30582&upstream=libsigsegv-2.13-4.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&package-id=7069d90382d7c593&upstream=util-linux-2.37.4-21.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libsolv@0.7.24-3.el9?arch=x86_64&distro=rhel-9.7&package-id=79ba35edcc44da5f&upstream=libsolv-0.7.24-3.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/bzip2-libs@1.0.8-10.el9_5?arch=x86_64&distro=rhel-9.7&package-id=17802e5820eaaec1&upstream=bzip2-1.0.8-10.el9_5.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&package-id=79cdbcbd3d61afd9&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "pkg:rpm/redhat/libzstd@1.5.5-1.el9?arch=x86_64&distro=rhel-9.7&package-id=88eb82cde1f0760c&upstream=zstd-1.5.5-1.el9.src.rpm", + "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=9620df42e45abf0c&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "pkg:rpm/redhat/rpm-libs@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&package-id=81412860457969fe&upstream=rpm-4.16.1.3-39.el9.src.rpm", + "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.7&package-id=f3e667a0375f3959&upstream=xz-5.2.5-8.el9_0.src.rpm", + "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&package-id=3b95a370d9cbeb72&upstream=zlib-1.2.11-40.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=e66b7275c6659e9c&upstream=gcc-11.5.0-11.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=06e2c48d975ea1da&upstream=gcc-11.5.0-11.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&package-id=4fbfd80d85bb460e&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libtool-ltdl@2.4.6-46.el9?arch=x86_64&distro=rhel-9.7&package-id=923f2a036f9ecf65&upstream=libtool-2.4.6-46.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libunistring@0.9.10-15.el9?arch=x86_64&distro=rhel-9.7&package-id=e1c9803b20913af1&upstream=libunistring-0.9.10-15.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libusbx@1.0.26-1.el9?arch=x86_64&distro=rhel-9.7&package-id=2f1e24780cfea663&upstream=libusbx-1.0.26-1.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/systemd-libs@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&package-id=e28c009b2c72d8a9&upstream=systemd-252-55.el9_7.7.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&package-id=07c41562e2bee55f&upstream=util-linux-2.37.4-21.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libverto@0.3.2-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ec9dd0ac24b8d8c2&upstream=libverto-0.3.2-3.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libxcrypt@4.4.18-3.el9?arch=x86_64&distro=rhel-9.7&package-id=726407ce9205c669&upstream=libxcrypt-4.4.18-3.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&package-id=79cdbcbd3d61afd9&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.7&package-id=f3e667a0375f3959&upstream=xz-5.2.5-8.el9_0.src.rpm", + "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&package-id=3b95a370d9cbeb72&upstream=zlib-1.2.11-40.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libyaml@0.2.5-7.el9?arch=x86_64&distro=rhel-9.7&package-id=a495c2a7de1ac993&upstream=libyaml-0.2.5-7.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/libzstd@1.5.5-1.el9?arch=x86_64&distro=rhel-9.7&package-id=88eb82cde1f0760c&upstream=zstd-1.5.5-1.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/lua-libs@5.4.4-4.el9?arch=x86_64&distro=rhel-9.7&package-id=b9930935983f5330&upstream=lua-5.4.4-4.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/lz4-libs@1.9.3-5.el9?arch=x86_64&distro=rhel-9.7&package-id=0fc14552c6652ab5&upstream=lz4-1.9.3-5.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/microdnf@3.9.1-3.el9?arch=x86_64&distro=rhel-9.7&package-id=9564ca1ffe7fce37&upstream=microdnf-3.9.1-3.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/dnf-data@4.14.0-31.el9?arch=noarch&distro=rhel-9.7&package-id=9fcab3ada3c25f5e&upstream=dnf-4.14.0-31.el9.src.rpm", + "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&package-id=bcbac17c560ff49d&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libdnf@0.69.0-16.el9?arch=x86_64&distro=rhel-9.7&package-id=5cff8fae12ce3677&upstream=libdnf-0.69.0-16.el9.src.rpm", + "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=06e2c48d975ea1da&upstream=gcc-11.5.0-11.el9.src.rpm", + "pkg:rpm/redhat/libpeas@1.30.0-4.el9?arch=x86_64&distro=rhel-9.7&package-id=bd201f1503e17989&upstream=libpeas-1.30.0-4.el9.src.rpm", + "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&package-id=7069d90382d7c593&upstream=util-linux-2.37.4-21.el9.src.rpm", + "pkg:rpm/redhat/rpm-libs@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&package-id=81412860457969fe&upstream=rpm-4.16.1.3-39.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/mpfr@4.1.0-7.el9?arch=x86_64&distro=rhel-9.7&package-id=9606bf2c1d407bed&upstream=mpfr-4.1.0-7.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/gmp@6.2.0-13.el9?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=5530ff7e4715e8b5&upstream=gmp-6.2.0-13.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&package-id=9dc1b34cdde2c695&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&package-id=0215995764e9f654&upstream=ncurses-6.2-12.20210508.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/nettle@3.10.1-1.el9?arch=x86_64&distro=rhel-9.7&package-id=d95be7a40dea16b9&upstream=nettle-3.10.1-1.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/npth@1.6-8.el9?arch=x86_64&distro=rhel-9.7&package-id=e8d4429184219587&upstream=npth-1.6-8.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&package-id=f8bdc202e20abd5b&upstream=openldap-2.6.8-4.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/cyrus-sasl-lib@2.1.27-22.el9?arch=x86_64&distro=rhel-9.7&package-id=bace04fe1571465a&upstream=cyrus-sasl-2.1.27-22.el9.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libevent@2.1.12-8.el9_4?arch=x86_64&distro=rhel-9.7&package-id=0299e311fe243bca&upstream=libevent-2.1.12-8.el9_4.src.rpm", + "pkg:rpm/redhat/libtool-ltdl@2.4.6-46.el9?arch=x86_64&distro=rhel-9.7&package-id=923f2a036f9ecf65&upstream=libtool-2.4.6-46.el9.src.rpm", + "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=9620df42e45abf0c&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "pkg:rpm/redhat/shadow-utils@4.9-15.el9?arch=x86_64&distro=rhel-9.7&epoch=2&package-id=4e01ddd4ea86a505&upstream=shadow-utils-4.9-15.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&package-id=039e508ce9d5da38&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&package-id=8ef168befafd7b27&upstream=coreutils-8.32-39.el9.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&package-id=3f743355082e9e4b&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&package-id=039e508ce9d5da38&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=9620df42e45abf0c&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/ca-certificates@2025.2.80_v9.0.305-91.el9?arch=noarch&distro=rhel-9.7&package-id=6be629e4a12f87af&upstream=ca-certificates-2025.2.80_v9.0.305-91.el9.src.rpm", + "pkg:rpm/redhat/crypto-policies@20250905-1.git377cc42.el9_7?arch=noarch&distro=rhel-9.7&package-id=db4134870a686c23&upstream=crypto-policies-20250905-1.git377cc42.el9_7.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&package-id=3f743355082e9e4b&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&package-id=3b95a370d9cbeb72&upstream=zlib-1.2.11-40.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=25e16a00909d33d5&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm", + "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&package-id=8ef168befafd7b27&upstream=coreutils-8.32-39.el9.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=9620df42e45abf0c&upstream=openssl-3.5.1-4.el9_7.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&package-id=546bedf3e2fa6b85&upstream=p11-kit-0.25.3-3.el9_5.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/alternatives@1.24-2.el9?arch=x86_64&distro=rhel-9.7&package-id=22d0e7bdd9bb8c1a&upstream=chkconfig-1.24-2.el9.src.rpm", + "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&package-id=4fbfd80d85bb460e&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&package-id=39edf0f240a77402&upstream=p11-kit-0.25.3-3.el9_5.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&package-id=39edf0f240a77402&upstream=p11-kit-0.25.3-3.el9_5.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libffi@3.4.2-8.el9?arch=x86_64&distro=rhel-9.7&package-id=090027c7d7254e53&upstream=libffi-3.4.2-8.el9.src.rpm", + "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&package-id=4fbfd80d85bb460e&upstream=libtasn1-4.16.0-9.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&package-id=d52857c4436af57f&upstream=pcre2-10.40-6.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&package-id=79b3a388130aa9b9&upstream=pcre2-10.40-6.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/pcre@8.44-4.el9?arch=x86_64&distro=rhel-9.7&package-id=eed46dd832bd62c9&upstream=pcre-8.44-4.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/popt@1.18-8.el9?arch=x86_64&distro=rhel-9.7&package-id=81dc18ef79d2b2cb&upstream=popt-1.18-8.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/readline@8.1-4.el9?arch=x86_64&distro=rhel-9.7&package-id=86bb1c48d046cf90&upstream=readline-8.1-4.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&package-id=9dc1b34cdde2c695&upstream=ncurses-6.2-12.20210508.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/rootfiles@8.1-35.el9?arch=noarch&distro=rhel-9.7&package-id=f180d99433c6c3a0&upstream=rootfiles-8.1-35.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/rpm-libs@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&package-id=81412860457969fe&upstream=rpm-4.16.1.3-39.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/audit-libs@3.1.5-7.el9?arch=x86_64&distro=rhel-9.7&package-id=394eda196ea9cc18&upstream=audit-3.1.5-7.el9.src.rpm", + "pkg:rpm/redhat/bzip2-libs@1.0.8-10.el9_5?arch=x86_64&distro=rhel-9.7&package-id=17802e5820eaaec1&upstream=bzip2-1.0.8-10.el9_5.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libacl@2.3.1-4.el9?arch=x86_64&distro=rhel-9.7&package-id=efaae8c603855dcd&upstream=acl-2.3.1-4.el9.src.rpm", + "pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=rhel-9.7&package-id=b3389bc8d420d9cb&upstream=libcap-2.48-10.el9.src.rpm", + "pkg:rpm/redhat/libzstd@1.5.5-1.el9?arch=x86_64&distro=rhel-9.7&package-id=88eb82cde1f0760c&upstream=zstd-1.5.5-1.el9.src.rpm", + "pkg:rpm/redhat/lua-libs@5.4.4-4.el9?arch=x86_64&distro=rhel-9.7&package-id=b9930935983f5330&upstream=lua-5.4.4-4.el9.src.rpm", + "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=9620df42e45abf0c&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "pkg:rpm/redhat/popt@1.18-8.el9?arch=x86_64&distro=rhel-9.7&package-id=81dc18ef79d2b2cb&upstream=popt-1.18-8.el9.src.rpm", + "pkg:rpm/redhat/rpm@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&package-id=6fc4f99cb27a629a&upstream=rpm-4.16.1.3-39.el9.src.rpm", + "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&package-id=87ad778255840d3f&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.7&package-id=f3e667a0375f3959&upstream=xz-5.2.5-8.el9_0.src.rpm", + "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&package-id=3b95a370d9cbeb72&upstream=zlib-1.2.11-40.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/rpm@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&package-id=6fc4f99cb27a629a&upstream=rpm-4.16.1.3-39.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm", + "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&package-id=8ef168befafd7b27&upstream=coreutils-8.32-39.el9.src.rpm", + "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&package-id=eb5d2c76ed21fa8e&upstream=curl-7.76.1-34.el9.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&package-id=5fe8b53173092253&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "pkg:rpm/redhat/popt@1.18-8.el9?arch=x86_64&distro=rhel-9.7&package-id=81dc18ef79d2b2cb&upstream=popt-1.18-8.el9.src.rpm", + "pkg:rpm/redhat/rpm-libs@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&package-id=81412860457969fe&upstream=rpm-4.16.1.3-39.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/sed@4.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=e21cb9e7dda039e1&upstream=sed-4.8-9.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libacl@2.3.1-4.el9?arch=x86_64&distro=rhel-9.7&package-id=efaae8c603855dcd&upstream=acl-2.3.1-4.el9.src.rpm", + "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ccc2461d41d72dde&upstream=libselinux-3.6-3.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/setup@2.13.7-10.el9?arch=noarch&distro=rhel-9.7&package-id=5e411c4e4f6d3d56&upstream=setup-2.13.7-10.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/redhat-release@9.7-0.7.el9?arch=x86_64&distro=rhel-9.7&package-id=734e3b82978b46ed&upstream=redhat-release-9.7-0.7.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/shadow-utils@4.9-15.el9?arch=x86_64&distro=rhel-9.7&epoch=2&package-id=4e01ddd4ea86a505&upstream=shadow-utils-4.9-15.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/audit-libs@3.1.5-7.el9?arch=x86_64&distro=rhel-9.7&package-id=394eda196ea9cc18&upstream=audit-3.1.5-7.el9.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/libacl@2.3.1-4.el9?arch=x86_64&distro=rhel-9.7&package-id=efaae8c603855dcd&upstream=acl-2.3.1-4.el9.src.rpm", + "pkg:rpm/redhat/libattr@2.5.1-3.el9?arch=x86_64&distro=rhel-9.7&package-id=304e2047f10e5c4f&upstream=attr-2.5.1-3.el9.src.rpm", + "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ccc2461d41d72dde&upstream=libselinux-3.6-3.el9.src.rpm", + "pkg:rpm/redhat/libsemanage@3.6-5.el9_6?arch=x86_64&distro=rhel-9.7&package-id=1d43a3fb8f185afb&upstream=libsemanage-3.6-5.el9_6.src.rpm", + "pkg:rpm/redhat/libxcrypt@4.4.18-3.el9?arch=x86_64&distro=rhel-9.7&package-id=726407ce9205c669&upstream=libxcrypt-4.4.18-3.el9.src.rpm", + "pkg:rpm/redhat/setup@2.13.7-10.el9?arch=noarch&distro=rhel-9.7&package-id=5e411c4e4f6d3d56&upstream=setup-2.13.7-10.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&package-id=87ad778255840d3f&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&package-id=3b95a370d9cbeb72&upstream=zlib-1.2.11-40.el9.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&package-id=e28c009b2c72d8a9&upstream=systemd-252-55.el9_7.7.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=0515b52ebbb5144c&upstream=bash-5.1.8-9.el9.src.rpm", + "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&package-id=8ef168befafd7b27&upstream=coreutils-8.32-39.el9.src.rpm", + "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=daddd35181720871&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "pkg:rpm/redhat/grep@3.6-5.el9?arch=x86_64&distro=rhel-9.7&package-id=196df9cad96e380f&upstream=grep-3.6-5.el9.src.rpm", + "pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=rhel-9.7&package-id=b3389bc8d420d9cb&upstream=libcap-2.48-10.el9.src.rpm", + "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=06e2c48d975ea1da&upstream=gcc-11.5.0-11.el9.src.rpm", + "pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=rhel-9.7&package-id=bdcb3bee3b1ed812&upstream=libgcrypt-1.10.0-11.el9.src.rpm", + "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&package-id=ccc2461d41d72dde&upstream=libselinux-3.6-3.el9.src.rpm", + "pkg:rpm/redhat/libxcrypt@4.4.18-3.el9?arch=x86_64&distro=rhel-9.7&package-id=726407ce9205c669&upstream=libxcrypt-4.4.18-3.el9.src.rpm", + "pkg:rpm/redhat/libzstd@1.5.5-1.el9?arch=x86_64&distro=rhel-9.7&package-id=88eb82cde1f0760c&upstream=zstd-1.5.5-1.el9.src.rpm", + "pkg:rpm/redhat/lz4-libs@1.9.3-5.el9?arch=x86_64&distro=rhel-9.7&package-id=0fc14552c6652ab5&upstream=lz4-1.9.3-5.el9.src.rpm", + "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&package-id=9620df42e45abf0c&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&package-id=39edf0f240a77402&upstream=p11-kit-0.25.3-3.el9_5.src.rpm", + "pkg:rpm/redhat/sed@4.8-9.el9?arch=x86_64&distro=rhel-9.7&package-id=e21cb9e7dda039e1&upstream=sed-4.8-9.el9.src.rpm", + "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.7&package-id=f3e667a0375f3959&upstream=xz-5.2.5-8.el9_0.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.7&package-id=f3e667a0375f3959&upstream=xz-5.2.5-8.el9_0.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + }, + { + "ref": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&package-id=3b95a370d9cbeb72&upstream=zlib-1.2.11-40.el9.src.rpm", + "dependsOn": [ + "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&package-id=b22efca5f0bac92d&upstream=glibc-2.34-231.el9_7.2.src.rpm" + ] + } + ] +} diff --git a/docs/security/agent/grype-25.10.1.json b/docs/security/agent/grype-25.10.1.json index 92aa8b7..b3202bd 100644 --- a/docs/security/agent/grype-25.10.1.json +++ b/docs/security/agent/grype-25.10.1.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1736,8 +1736,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1901,8 +1901,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1976,8 +1976,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -2073,9 +2073,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2103,7 +2103,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2169,9 +2169,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2251,31 +2251,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2283,48 +2291,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2332,21 +2357,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2360,59 +2385,56 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2420,41 +2442,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2469,21 +2508,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2497,48 +2536,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2546,18 +2585,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2565,58 +2604,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2631,21 +2661,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2659,56 +2689,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2716,65 +2746,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2782,21 +2801,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2810,65 +2829,54 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2878,30 +2886,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2909,16 +2915,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2927,7 +2933,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2935,21 +2941,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2963,14 +2969,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2980,39 +2997,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3020,28 +3029,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3049,25 +3061,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3075,21 +3079,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3103,14 +3107,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3120,39 +3135,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3160,28 +3167,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3189,18 +3199,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3215,21 +3217,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3243,23 +3245,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3271,31 +3273,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3303,49 +3313,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3353,21 +3369,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3381,25 +3397,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3409,12 +3414,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3430,10 +3435,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3441,25 +3454,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3473,17 +3483,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3491,21 +3509,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3519,25 +3537,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3547,39 +3554,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3587,159 +3594,18 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.022779999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ @@ -3772,8 +3638,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3869,8 +3735,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3930,8 +3796,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4027,8 +3893,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4069,6 +3935,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4100,8 +3968,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4183,20 +4051,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4204,115 +4075,231 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01955 + "risk": 0.01785 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.1" + } }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "b2050fe1de2cbb81", + "name": "fluent-bit", + "version": "25.10.1", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:github/fluent/fluent-bit@25.10.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4323,97 +4310,367 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.1" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "b2050fe1de2cbb81", - "name": "fluent-bit", - "version": "25.10.1", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -4440,9 +4697,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4472,7 +4729,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -4517,9 +4774,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4601,260 +4858,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,23 +4953,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -4894,24 +4979,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4925,104 +5010,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5039,24 +5090,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -5071,24 +5108,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5102,122 +5136,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5225,25 +5227,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5251,24 +5245,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5285,11 +5276,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5322,8 +5324,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5376,8 +5378,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5477,8 +5479,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5569,8 +5571,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5619,8 +5621,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5711,8 +5713,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5753,8 +5755,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5848,8 +5850,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5890,8 +5892,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5985,8 +5987,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6047,8 +6049,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6138,9 +6140,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6156,7 +6158,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6191,9 +6193,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6283,9 +6285,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6301,7 +6303,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6336,9 +6338,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6417,20 +6419,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6438,16 +6440,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6457,42 +6459,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6500,16 +6494,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6518,7 +6512,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6526,21 +6520,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6554,14 +6548,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6571,20 +6576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6592,73 +6597,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6666,21 +6695,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6694,19 +6723,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6716,39 +6740,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6756,54 +6780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6811,21 +6849,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6839,19 +6877,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6884,8 +6917,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6932,8 +6965,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6968,8 +7001,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6987,10 +7020,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7029,8 +7062,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7077,8 +7110,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,8 +7146,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7129,13 +7162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7151,39 +7184,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7191,53 +7224,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -7252,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7280,23 +7307,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7308,20 +7329,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7329,97 +7350,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7427,21 +7424,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7458,11 +7455,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7495,8 +7497,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7556,8 +7558,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7648,8 +7650,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7716,8 +7718,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7825,8 +7827,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7887,8 +7889,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7978,9 +7980,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8002,7 +8004,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -8048,9 +8050,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8147,8 +8149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8209,8 +8211,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8301,8 +8303,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8362,8 +8364,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8429,109 +8431,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -8905,87 +8804,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.10.1.md b/docs/security/agent/grype-25.10.1.md index c6b144d..4654cd3 100644 --- a/docs/security/agent/grype-25.10.1.md +++ b/docs/security/agent/grype-25.10.1.md @@ -7,32 +7,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.10.10.json b/docs/security/agent/grype-25.10.10.json new file mode 100644 index 0000000..187b346 --- /dev/null +++ b/docs/security/agent/grype-25.10.10.json @@ -0,0 +1,7838 @@ +{ + "matches": [ + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.4165200000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.4165200000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74262, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.35997500000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + ], + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74262, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-34459", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.33034 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" + ], + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-7264", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.33034 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" + ], + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-7264", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.6819, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.20009999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" + ], + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.6819, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-9681", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.6819, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.20009999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" + ], + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.6819, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-9681", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00337, + "percentile": 0.5603, + "date": "2025-12-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.14996500000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00337, + "percentile": 0.5603, + "date": "2025-12-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-11053", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00337, + "percentile": 0.5603, + "date": "2025-12-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.14996500000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00337, + "percentile": 0.5603, + "date": "2025-12-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-11053", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14087", + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.13727 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + ], + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14087", + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14087", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0759 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" + ], + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-32636", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.066185 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" + ], + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-1632", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.047355 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.047355 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-45322", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.025315 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "0:10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.025315 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.022779999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + ], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-3360", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021274999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + ], + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00034, + "percentile": 0.09506, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.01785 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.10" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "af1ef2b90efeccfe", + "name": "fluent-bit", + "version": "25.10.10", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.10", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01133 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01133 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04762, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04762, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00019, + "percentile": 0.04185, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.009975000000000001 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.10" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "af1ef2b90efeccfe", + "name": "fluent-bit", + "version": "25.10.10", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.10", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00015, + "percentile": 0.02481, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009525 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00015, + "percentile": 0.02481, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-10966", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009265000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-10966", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-10966", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009265000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-10966", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.00026, + "percentile": 0.0657, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.00026, + "percentile": 0.0657, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008539999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008539999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00846 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "coreutils", + "version": "8.32-39.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.00824 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" + ], + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007935 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007769999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007769999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007769999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007769999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06084, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007125000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + ], + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06084, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03819, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00693 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" + ], + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03819, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5918", + "epss": 0.00019, + "percentile": 0.0421, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006554999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5918", + "epss": 0.00019, + "percentile": 0.0421, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00019, + "percentile": 0.04461, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00551 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00019, + "percentile": 0.04461, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5917", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6170", + "epss": 0.00017, + "percentile": 0.03434, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.004675 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + ], + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6170", + "epss": 0.00017, + "percentile": 0.03434, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-62813", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-62813", + "namespace": "redhat:distro:redhat:9", + "severity": "Unknown", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-62813", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-62813", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [], + "description": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", + "cvss": [] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "lz4", + "version": "1.9.3-5.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-62813", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "0fc14552c6652ab5", + "name": "lz4-libs", + "version": "1.9.3-5.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:lz4-libs:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:lz4-libs:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:lz4_libs:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:lz4_libs:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:lz4:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:lz4:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/lz4-libs@1.9.3-5.el9?arch=x86_64&distro=rhel-9.7&upstream=lz4-1.9.3-5.el9.src.rpm", + "upstreams": [ + { + "name": "lz4", + "version": "1.9.3-5.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + } + ], + "source": { + "type": "image", + "target": { + "userInput": "ghcr.io/fluentdo/agent:25.10.10", + "imageID": "sha256:c57809c3a3be7c65bf41a3194075ffa4a5197712b505ae92bb91807cf488ea64", + "manifestDigest": "sha256:2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "tags": [ + "ghcr.io/fluentdo/agent:25.10.10" + ], + "imageSize": 216848737, + "layers": [ + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2", + "size": 104377261 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "size": 83235445 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:dfacb86663237a701a02e011b9bd7b2890d174e5bb4a63bdd26039e1aa8439f1", + "size": 10174 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:5da4ab47a35ef3ffb3db4fad31c699e45ca6919bc50484c00c9858e83cbb5f23", + "size": 7542 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", + "size": 20260055 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:2dd56835d8c56f3444b57498c321c66c12efecb37d70724c051dbcb9346de8f9", + "size": 5193552 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:6c7de3a89a06cc6fb80f8ce2113fe04dc919d7de7c58c25f62b245e61b77e73e", + "size": 3333024 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:9bc7c492562f465ba19a77b35e5f630d7559005d0753b2d888b175a07126b785", + "size": 15286 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:007d2f3ef5cff9621ab68f63b78cd170545e3614d5d5103815476281db1fcbdc", + "size": 0 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:cd9daa1c72bb01c32db0fbbea799682f034ecdf5d6eb4e959966a6942c99f249", + "size": 581 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:04bb136ff849c7eedf927a287b5f734c14738f541819ba94eba61331ad0b05c1", + "size": 581 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:08d5321f8651f6848b036e4ece4303b6a5d05029c9355e0a1ad4a6fec5c60adb", + "size": 411708 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:63c0de0eafb982af6b23145c1fadacccc45db5ddba5c9c570c9ecd891f744168", + "size": 3528 + } + ], + "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjoxMTY5NCwiZGlnZXN0Ijoic2hhMjU2OmM1NzgwOWMzYTNiZTdjNjViZjQxYTMxOTQwNzVmZmE0YTUxOTc3MTJiNTA1YWU5MmJiOTE4MDdjZjQ4OGVhNjQifSwibGF5ZXJzIjpbeyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTA2MDc4MjA4LCJkaWdlc3QiOiJzaGEyNTY6N2I5ZDhlZTA2YmViODc5NGQxNDM1YWNhMjVlZDc2MTNlNDI4YjAwYTg2YTZmODBlYjVmMWE2NzFiNWNiOWRjMiJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjg2NDUwNjg4LCJkaWdlc3QiOiJzaGEyNTY6NGYyNWU2MDVlOTA5MjRlY2FkNDU5ZTE1YzgyM2JlNjk4YTliZDI3NmQ5YWUxZmQxNmI4YzMwMWMzZTM4YzA5ZSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjEyMjg4LCJkaWdlc3QiOiJzaGEyNTY6ZGZhY2I4NjY2MzIzN2E3MDFhMDJlMDExYjliZDdiMjg5MGQxNzRlNWJiNGE2M2JkZDI2MDM5ZTFhYTg0MzlmMSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjkyMTYsImRpZ2VzdCI6InNoYTI1Njo1ZGE0YWI0N2EzNWVmM2ZmYjNkYjRmYWQzMWM2OTllNDVjYTY5MTliYzUwNDg0YzAwYzk4NThlODNjYmI1ZjIzIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjAyODU0NDAsImRpZ2VzdCI6InNoYTI1NjplZGZkZmQ5ZjQ2OTZjM2YzZWM3N2U4MTQwMzQzYjE0ZmY3NjE0ODE1NGUwZWU0ZDljMWM0ODllYjQxYjM1NzY0In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NTE5ODg0OCwiZGlnZXN0Ijoic2hhMjU2OjJkZDU2ODM1ZDhjNTZmMzQ0NGI1NzQ5OGMzMjFjNjZjMTJlZmVjYjM3ZDcwNzI0YzA1MWRiY2I5MzQ2ZGU4ZjkifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozMzM3MjE2LCJkaWdlc3QiOiJzaGEyNTY6NmM3ZGUzYTg5YTA2Y2M2ZmI4MGY4Y2UyMTEzZmUwNGRjOTE5ZDdkZTdjNThjMjVmNjJiMjQ1ZTYxYjc3ZTczZSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIxNTA0LCJkaWdlc3QiOiJzaGEyNTY6OWJjN2M0OTI1NjJmNDY1YmExOWE3N2IzNWU1ZjYzMGQ3NTU5MDA1ZDA3NTNiMmQ4ODhiMTc1YTA3MTI2Yjc4NSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjI1NjAsImRpZ2VzdCI6InNoYTI1NjowMDdkMmYzZWY1Y2ZmOTYyMWFiNjhmNjNiNzhjZDE3MDU0NWUzNjE0ZDVkNTEwMzgxNTQ3NjI4MWRiMWZjYmRjIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2OmNkOWRhYTFjNzJiYjAxYzMyZGIwZmJiZWE3OTk2ODJmMDM0ZWNkZjVkNmViNGU5NTk5NjZhNjk0MmM5OWYyNDkifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozNTg0LCJkaWdlc3QiOiJzaGEyNTY6MDRiYjEzNmZmODQ5YzdlZWRmOTI3YTI4N2I1ZjczNGMxNDczOGY1NDE4MTliYTk0ZWJhNjEzMzFhZDBiMDVjMSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjQxNzI4MCwiZGlnZXN0Ijoic2hhMjU2OjA4ZDUzMjFmODY1MWY2ODQ4YjAzNmU0ZWNlNDMwM2I2YTVkMDUwMjljOTM1NWUwYTFhZDRhNmZlYzVjNjBhZGIifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyMDQ4MCwiZGlnZXN0Ijoic2hhMjU2OjYzYzBkZTBlYWZiOTgyYWY2YjIzMTQ1YzFmYWRhY2NjYzQ1ZGI1ZGRiYTVjOWM1NzBjOWVjZDg5MWY3NDQxNjgifV19", + "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJVc2VyIjoiOTg3NiIsIkV4cG9zZWRQb3J0cyI6eyIyMDIwL3RjcCI6e319LCJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iLCJjb250YWluZXI9b2NpIiwiRkxVRU5UQklUX1ZFUlNJT049IiwiRkxVRU5URE9fQUdFTlRfVkVSU0lPTj0yNS4xMC4xMCJdLCJFbnRyeXBvaW50IjpbIi9mbHVlbnQtYml0L2Jpbi9mbHVlbnQtYml0Il0sIkNtZCI6WyIvZmx1ZW50LWJpdC9iaW4vZmx1ZW50LWJpdCIsIi1jIiwiL2ZsdWVudC1iaXQvZXRjL2ZsdWVudC1iaXQuY29uZiJdLCJXb3JraW5nRGlyIjoiLyIsIkxhYmVscyI6eyJhcmNoaXRlY3R1cmUiOiJ4ODZfNjQiLCJidWlsZC1kYXRlIjoiMjAyNTEyMjItMTAwMzMxIiwiY29tLnJlZGhhdC5jb21wb25lbnQiOiJ1Ymk5LW1pbmltYWwtY29udGFpbmVyIiwiY29tLnJlZGhhdC5saWNlbnNlX3Rlcm1zIjoiaHR0cHM6Ly93d3cucmVkaGF0LmNvbS9lbi9hYm91dC9yZWQtaGF0LWVuZC11c2VyLWxpY2Vuc2UtYWdyZWVtZW50cyNVQkkiLCJkZXNjcmlwdGlvbiI6IkZsdWVudERvIEFnZW50IGlzIGEgc3RhYmxlLCBzZWN1cmUgYnkgZGVmYXVsdCwgT1NTIChBcGFjaGUtbGljZW5zZWQpIGRvd25zdHJlYW0gZGlzdHJpYnV0aW9uIG9mIEZsdWVudCBCaXQgd2l0aCBwcmVkaWN0YWJsZSByZWxlYXNlcyBhbmQgbG9uZy10ZXJtIHN1cHBvcnRlZCB2ZXJzaW9ucyBmb3IgMjQgbW9udGhzLiIsImRpc3RyaWJ1dGlvbi1zY29wZSI6InB1YmxpYyIsImlvLmJ1aWxkYWgudmVyc2lvbiI6IjEuMzkuMC1kZXYiLCJpby5rOHMuZGVzY3JpcHRpb24iOiJGbHVlbnREbyBBZ2VudCBpcyBhIHN0YWJsZSwgc2VjdXJlIGJ5IGRlZmF1bHQsIE9TUyAoQXBhY2hlLWxpY2Vuc2VkKSBkb3duc3RyZWFtIGRpc3RyaWJ1dGlvbiBvZiBGbHVlbnQgQml0IHdpdGggcHJlZGljdGFibGUgcmVsZWFzZXMgYW5kIGxvbmctdGVybSBzdXBwb3J0ZWQgdmVyc2lvbnMgZm9yIDI0IG1vbnRocy4iLCJpby5rOHMuZGlzcGxheS1uYW1lIjoiRmx1ZW50RG8gQWdlbnQiLCJpby5vcGVuc2hpZnQuZXhwb3NlLXNlcnZpY2VzIjoiIiwiaW8ub3BlbnNoaWZ0LnRhZ3MiOiJvYnNlcnZhYmlsaXR5LGxvZ2dpbmcsbG9nLWFnZ3JlZ2F0aW9uLGZsdWVudGRvLGZsdWVudC1iaXQiLCJtYWludGFpbmVyIjoiRmx1ZW50RG8gdmlhIGluZm9AZmx1ZW50LmRvIiwibmFtZSI6IkZsdWVudERvIEFnZW50Iiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLmNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjAzOjMxLjgwOVoiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UuZGVzY3JpcHRpb24iOiJGbHVlbnREbyBBZ2VudCBpcyBhIHN0YWJsZSwgc2VjdXJlIGJ5IGRlZmF1bHQsIE9TUyAoQXBhY2hlLWxpY2Vuc2VkKSBkb3duc3RyZWFtIGRpc3RyaWJ1dGlvbiBvZiBGbHVlbnQgQml0IHdpdGggcHJlZGljdGFibGUgcmVsZWFzZXMgYW5kIGxvbmctdGVybSBzdXBwb3J0ZWQgdmVyc2lvbnMgZm9yIDI0IG1vbnRocy4iLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UubGljZW5zZXMiOiIiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UucmV2aXNpb24iOiJlNGExYjRlYmM4YWNlYzhlNDQ3MzQ0YzkyNTE1MjhhNzEwZGY3YjExIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnNvdXJjZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9GbHVlbnREby9hZ2VudCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS50aXRsZSI6ImFnZW50Iiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9GbHVlbnREby9hZ2VudCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uIjoidjI1LjEwLjEwIiwicmVsZWFzZSI6IjE3NDcxMTEyNjciLCJzdW1tYXJ5IjoiRmx1ZW50RG8gQWdlbnQgaXMgYW4gRW50ZXJwcmlzZSBoYXJkZW5lZCB2ZXJzaW9uIG9mIEZsdWVudCBCaXQiLCJ1cmwiOiJodHRwczovL2ZsdWVudC5kbyIsInZjcy1yZWYiOiI3NTc1ZDdlYjQ1ZWI3ZjU0NWZlZjMxYmEwNjdkZmUzZDhlNTJjNGViIiwidmNzLXR5cGUiOiJnaXQiLCJ2ZW5kb3IiOiJGbHVlbnREbyBhdCBodHRwczovL2ZsdWVudC5kbyIsInZlcnNpb24iOiIyNS4xMC4xMCJ9LCJBcmdzRXNjYXBlZCI6dHJ1ZX0sImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjA4OjIyLjQ2NjkwNDQyOVoiLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNS42Njg0MzA3MDRaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIG1haW50YWluZXI9XCJSZWQgSGF0LCBJbmMuXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNS42ODM2ODQ1ODFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIHZlbmRvcj1cIlJlZCBIYXQsIEluYy5cIiIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI1LjcwMjkyOTI2WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBMQUJFTCB1cmw9XCJodHRwczovL3d3dy5yZWRoYXQuY29tXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNS43MjAzNjM1MDdaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIGNvbS5yZWRoYXQuY29tcG9uZW50PVwidWJpOS1taW5pbWFsLWNvbnRhaW5lclwiICAgICAgIG5hbWU9XCJ1Ymk5LW1pbmltYWxcIiAgICAgICB2ZXJzaW9uPVwiOS41XCIgICAgICAgZGlzdHJpYnV0aW9uLXNjb3BlPVwicHVibGljXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNS43MzYwMDkzMzFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIGNvbS5yZWRoYXQubGljZW5zZV90ZXJtcz1cImh0dHBzOi8vd3d3LnJlZGhhdC5jb20vZW4vYWJvdXQvcmVkLWhhdC1lbmQtdXNlci1saWNlbnNlLWFncmVlbWVudHMjVUJJXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNS43NTI1NjExNjFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIHN1bW1hcnk9XCJQcm92aWRlcyB0aGUgbGF0ZXN0IHJlbGVhc2Ugb2YgdGhlIG1pbmltYWwgUmVkIEhhdCBVbml2ZXJzYWwgQmFzZSBJbWFnZSA5LlwiIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDUtMTNUMDQ6NDI6MjUuNzY3OTI5OThaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIGRlc2NyaXB0aW9uPVwiVGhlIFVuaXZlcnNhbCBCYXNlIEltYWdlIE1pbmltYWwgaXMgYSBzdHJpcHBlZCBkb3duIGltYWdlIHRoYXQgdXNlcyBtaWNyb2RuZiBhcyBhIHBhY2thZ2UgbWFuYWdlci4gVGhpcyBiYXNlIGltYWdlIGlzIGZyZWVseSByZWRpc3RyaWJ1dGFibGUsIGJ1dCBSZWQgSGF0IG9ubHkgc3VwcG9ydHMgUmVkIEhhdCB0ZWNobm9sb2dpZXMgdGhyb3VnaCBzdWJzY3JpcHRpb25zIGZvciBSZWQgSGF0IHByb2R1Y3RzLiBUaGlzIGltYWdlIGlzIG1haW50YWluZWQgYnkgUmVkIEhhdCBhbmQgdXBkYXRlZCByZWd1bGFybHkuXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNS43ODMzNTU5OTFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIGlvLms4cy5kZXNjcmlwdGlvbj1cIlRoZSBVbml2ZXJzYWwgQmFzZSBJbWFnZSBNaW5pbWFsIGlzIGEgc3RyaXBwZWQgZG93biBpbWFnZSB0aGF0IHVzZXMgbWljcm9kbmYgYXMgYSBwYWNrYWdlIG1hbmFnZXIuIFRoaXMgYmFzZSBpbWFnZSBpcyBmcmVlbHkgcmVkaXN0cmlidXRhYmxlLCBidXQgUmVkIEhhdCBvbmx5IHN1cHBvcnRzIFJlZCBIYXQgdGVjaG5vbG9naWVzIHRocm91Z2ggc3Vic2NyaXB0aW9ucyBmb3IgUmVkIEhhdCBwcm9kdWN0cy4gVGhpcyBpbWFnZSBpcyBtYWludGFpbmVkIGJ5IFJlZCBIYXQgYW5kIHVwZGF0ZWQgcmVndWxhcmx5LlwiIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDUtMTNUMDQ6NDI6MjUuODAyMjgyNDU0WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBMQUJFTCBpby5rOHMuZGlzcGxheS1uYW1lPVwiUmVkIEhhdCBVbml2ZXJzYWwgQmFzZSBJbWFnZSA5IE1pbmltYWxcIiIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI1LjgyMDQyODA5M1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgaW8ub3BlbnNoaWZ0LmV4cG9zZS1zZXJ2aWNlcz1cIlwiIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDUtMTNUMDQ6NDI6MjUuODM3MjI4NzM5WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBMQUJFTCBpby5vcGVuc2hpZnQudGFncz1cIm1pbmltYWwgcmhlbDlcIiIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI1Ljg1MzgyNTcyWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBFTlYgY29udGFpbmVyIG9jaSIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI2LjM1NDEwOTA3NVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgQ09QWSBkaXI6MmRjMjUyODljM2IxMGY2ZmFlNjgxZDA4NTQ1MjQ3NGJmNGQxMzNkOGY0MzU1MTBlMGU5YWE2NDExNGI4NjFhYiBpbiAvICIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI2LjQ0NzEyMzIyM1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgQ09QWSBmaWxlOmIzN2Q1OTM3MTNlZTIxYWQ1MmE0Y2QxNDI0ZGMwMTlhMjRmNzk2NmY4NWRmMGFjNGI4NmQyMzQzMDI2OTUzMjggaW4gL2V0Yy95dW0ucmVwb3MuZC8uICIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI2LjQ2MzI3Mjg0N1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgQ01EIFtcIi9iaW4vYmFzaFwiXSIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI2Ljc2NzkwNzA1OFoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAuIC9jYWNoaTIvY2FjaGkyLmVudiBcdTAwMjZcdTAwMjYgICAgIHJtIC1yZiAvdmFyL2xvZy8qIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDUtMTNUMDQ6NDI6MjYuODU3OTg0MjU0WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBDT1BZIGZpbGU6NThjYzk0ZjViM2IyZDYwZGUyYzc3YTZlZDRiMTc5N2RjZWRlNTAyY2NkYjQyOWE3MmU3YTcyZDk5NDIzNWIzYyBpbiAvdXNyL3NoYXJlL2J1aWxkaW5mby9jb250ZW50LXNldHMuanNvbiAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNy4xNjIzNjEyOTFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIFwiYnVpbGQtZGF0ZVwiPVwiMjAyNS0wNS0xM1QwNDo0MjoxMFwiIFwiYXJjaGl0ZWN0dXJlXCI9XCJ4ODZfNjRcIiBcInZjcy10eXBlXCI9XCJnaXRcIiBcInZjcy1yZWZcIj1cIjc1NzVkN2ViNDVlYjdmNTQ1ZmVmMzFiYTA2N2RmZTNkOGU1MmM0ZWJcIiBcInJlbGVhc2VcIj1cIjE3NDcxMTEyNjdcIiJ9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDM6NTAuODUxOTQzMDdaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIG1pY3JvZG5mIHVwZGF0ZSAteSBcdTAwMjZcdTAwMjYgbWljcm9kbmYgaW5zdGFsbCAteSBvcGVuc3NsIGxpYnlhbWwgXHUwMDI2XHUwMDI2IG1pY3JvZG5mIGNsZWFuIGFsbCAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjAzOjUwLjkwMDUwMzYzMVoiLCJjcmVhdGVkX2J5IjoiRVhQT1NFIFsyMDIwL3RjcF0iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjAzOjUwLjkwMDUwMzYzMVoiLCJjcmVhdGVkX2J5IjoiRU5UUllQT0lOVCBbXCIvZmx1ZW50LWJpdC9iaW4vZmx1ZW50LWJpdFwiXSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDM6NTAuOTAwNTAzNjMxWiIsImNyZWF0ZWRfYnkiOiJDTUQgW1wiL2ZsdWVudC1iaXQvYmluL2ZsdWVudC1iaXRcIiBcIi1jXCIgXCIvZmx1ZW50LWJpdC9ldGMvZmx1ZW50LWJpdC5jb25mXCJdIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowMzo1MC45MDA1MDM2MzFaIiwiY3JlYXRlZF9ieSI6IkNPUFkgbGljZW5zZXMvKiAvbGljZW5zZXMvICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDM6NTAuOTU4OTU1Mzc2WiIsImNyZWF0ZWRfYnkiOiJDT1BZIFJFQURNRS5tZCAvaGVscC4xICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMDkyMDA3NjM0WiIsImNyZWF0ZWRfYnkiOiJDT1BZIC9mbHVlbnQtYml0IC9mbHVlbnQtYml0ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMTA3Njk5MzUxWiIsImNyZWF0ZWRfYnkiOiJDT1BZIC91c3IvbG9jYWwvbGliNjQvbGliZ2l0Mi5zbyogL3Vzci9sb2NhbC9saWI2NC8gIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowODoyMi4xMjA3NDgwNDVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgL3Vzci9sb2NhbC9saWIvbGlic3NoMi5zbyogL3Vzci9sb2NhbC9saWIvICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMTk2NjE1MzkzWiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBlY2hvIFwiL3Vzci9sb2NhbC9saWI2NFwiIFx1MDAzZSAvZXRjL2xkLnNvLmNvbmYuZC9sb2NhbC1saWJzLmNvbmYgXHUwMDI2XHUwMDI2ICAgICBlY2hvIFwiL3Vzci9sb2NhbC9saWJcIiBcdTAwM2VcdTAwM2UgL2V0Yy9sZC5zby5jb25mLmQvbG9jYWwtbGlicy5jb25mIFx1MDAyNlx1MDAyNiAgICAgbGRjb25maWcgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowODoyMi4yNzYzOTIyMTRaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIG1rZGlyIC1wIC9vcHQvZmx1ZW50ZG8tYWdlbnQvZXRjICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMjg2OTI2MDUxWiIsImNyZWF0ZWRfYnkiOiJDT1BZIGNvbmZpZy8gL29wdC9mbHVlbnRkby1hZ2VudC9ldGMvICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMjk2NjU0NzA3WiIsImNyZWF0ZWRfYnkiOiJDT1BZIGNvbmZpZy8gL2ZsdWVudC1iaXQvZXRjLyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjA4OjIyLjM4MjE1NTgxOFoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgL2ZsdWVudC1iaXQvYmluL2ZsdWVudC1iaXQgLUogXHUwMDNlIC9mbHVlbnQtYml0L2V0Yy9zY2hlbWEuanNvbiBcdTAwMjZcdTAwMjYgICAgIC9mbHVlbnQtYml0L2Jpbi9mbHVlbnQtYml0IC1KIFx1MDAzZSAvb3B0L2ZsdWVudGRvLWFnZW50L2V0Yy9zY2hlbWEuanNvbiAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjA4OjIyLjM4MjE1NTgxOFoiLCJjcmVhdGVkX2J5IjoiQVJHIEZMVUVOVF9CSVRfVkVSU0lPTiIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMzgyMTU1ODE4WiIsImNyZWF0ZWRfYnkiOiJBUkcgRkxVRU5URE9fQUdFTlRfVkVSU0lPTj0yNS4xMC4xMCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMzgyMTU1ODE4WiIsImNyZWF0ZWRfYnkiOiJFTlYgRkxVRU5UQklUX1ZFUlNJT049IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowODoyMi4zODIxNTU4MThaIiwiY3JlYXRlZF9ieSI6IkVOViBGTFVFTlRET19BR0VOVF9WRVJTSU9OPTI1LjEwLjEwIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowODoyMi4zODIxNTU4MThaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIHZlbmRvcj1GbHVlbnREbyBhdCBodHRwczovL2ZsdWVudC5kbyIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMzgyMTU1ODE4WiIsImNyZWF0ZWRfYnkiOiJMQUJFTCBtYWludGFpbmVyPUZsdWVudERvIHZpYSBpbmZvQGZsdWVudC5kbyIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMzgyMTU1ODE4WiIsImNyZWF0ZWRfYnkiOiJMQUJFTCBuYW1lPUZsdWVudERvIEFnZW50IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowODoyMi4zODIxNTU4MThaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIGlvLms4cy5kaXNwbGF5LW5hbWU9Rmx1ZW50RG8gQWdlbnQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjA4OjIyLjM4MjE1NTgxOFoiLCJjcmVhdGVkX2J5IjoiTEFCRUwgc3VtbWFyeT1GbHVlbnREbyBBZ2VudCBpcyBhbiBFbnRlcnByaXNlIGhhcmRlbmVkIHZlcnNpb24gb2YgRmx1ZW50IEJpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMzgyMTU1ODE4WiIsImNyZWF0ZWRfYnkiOiJMQUJFTCB1cmw9aHR0cHM6Ly9mbHVlbnQuZG8iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjA4OjIyLjM4MjE1NTgxOFoiLCJjcmVhdGVkX2J5IjoiTEFCRUwgaW8ub3BlbnNoaWZ0LnRhZ3M9b2JzZXJ2YWJpbGl0eSxsb2dnaW5nLGxvZy1hZ2dyZWdhdGlvbixmbHVlbnRkbyxmbHVlbnQtYml0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowODoyMi4zODIxNTU4MThaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIHZlcnNpb249MjUuMTAuMTAiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjA4OjIyLjM4MjE1NTgxOFoiLCJjcmVhdGVkX2J5IjoiTEFCRUwgaW8uazhzLmRlc2NyaXB0aW9uPUZsdWVudERvIEFnZW50IGlzIGEgc3RhYmxlLCBzZWN1cmUgYnkgZGVmYXVsdCwgT1NTIChBcGFjaGUtbGljZW5zZWQpIGRvd25zdHJlYW0gZGlzdHJpYnV0aW9uIG9mIEZsdWVudCBCaXQgd2l0aCBwcmVkaWN0YWJsZSByZWxlYXNlcyBhbmQgbG9uZy10ZXJtIHN1cHBvcnRlZCB2ZXJzaW9ucyBmb3IgMjQgbW9udGhzLiIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuNDY2OTA0NDI5WiIsImNyZWF0ZWRfYnkiOiJSVU4gfDIgRkxVRU5UX0JJVF9WRVJTSU9OPSBGTFVFTlRET19BR0VOVF9WRVJTSU9OPTI1LjEwLjEwIC9iaW4vc2ggLWMgdXNlcmFkZCAtdSA5ODc2IC1tIC1zIC9iaW4vZmFsc2UgZmx1ZW50ZG8tYWdlbnQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowODoyMi40NjY5MDQ0MjlaIiwiY3JlYXRlZF9ieSI6IlVTRVIgOTg3NiIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9XSwib3MiOiJsaW51eCIsInJvb3RmcyI6eyJ0eXBlIjoibGF5ZXJzIiwiZGlmZl9pZHMiOlsic2hhMjU2OjdiOWQ4ZWUwNmJlYjg3OTRkMTQzNWFjYTI1ZWQ3NjEzZTQyOGIwMGE4NmE2ZjgwZWI1ZjFhNjcxYjVjYjlkYzIiLCJzaGEyNTY6NGYyNWU2MDVlOTA5MjRlY2FkNDU5ZTE1YzgyM2JlNjk4YTliZDI3NmQ5YWUxZmQxNmI4YzMwMWMzZTM4YzA5ZSIsInNoYTI1NjpkZmFjYjg2NjYzMjM3YTcwMWEwMmUwMTFiOWJkN2IyODkwZDE3NGU1YmI0YTYzYmRkMjYwMzllMWFhODQzOWYxIiwic2hhMjU2OjVkYTRhYjQ3YTM1ZWYzZmZiM2RiNGZhZDMxYzY5OWU0NWNhNjkxOWJjNTA0ODRjMDBjOTg1OGU4M2NiYjVmMjMiLCJzaGEyNTY6ZWRmZGZkOWY0Njk2YzNmM2VjNzdlODE0MDM0M2IxNGZmNzYxNDgxNTRlMGVlNGQ5YzFjNDg5ZWI0MWIzNTc2NCIsInNoYTI1NjoyZGQ1NjgzNWQ4YzU2ZjM0NDRiNTc0OThjMzIxYzY2YzEyZWZlY2IzN2Q3MDcyNGMwNTFkYmNiOTM0NmRlOGY5Iiwic2hhMjU2OjZjN2RlM2E4OWEwNmNjNmZiODBmOGNlMjExM2ZlMDRkYzkxOWQ3ZGU3YzU4YzI1ZjYyYjI0NWU2MWI3N2U3M2UiLCJzaGEyNTY6OWJjN2M0OTI1NjJmNDY1YmExOWE3N2IzNWU1ZjYzMGQ3NTU5MDA1ZDA3NTNiMmQ4ODhiMTc1YTA3MTI2Yjc4NSIsInNoYTI1NjowMDdkMmYzZWY1Y2ZmOTYyMWFiNjhmNjNiNzhjZDE3MDU0NWUzNjE0ZDVkNTEwMzgxNTQ3NjI4MWRiMWZjYmRjIiwic2hhMjU2OmNkOWRhYTFjNzJiYjAxYzMyZGIwZmJiZWE3OTk2ODJmMDM0ZWNkZjVkNmViNGU5NTk5NjZhNjk0MmM5OWYyNDkiLCJzaGEyNTY6MDRiYjEzNmZmODQ5YzdlZWRmOTI3YTI4N2I1ZjczNGMxNDczOGY1NDE4MTliYTk0ZWJhNjEzMzFhZDBiMDVjMSIsInNoYTI1NjowOGQ1MzIxZjg2NTFmNjg0OGIwMzZlNGVjZTQzMDNiNmE1ZDA1MDI5YzkzNTVlMGExYWQ0YTZmZWM1YzYwYWRiIiwic2hhMjU2OjYzYzBkZTBlYWZiOTgyYWY2YjIzMTQ1YzFmYWRhY2NjYzQ1ZGI1ZGRiYTVjOWM1NzBjOWVjZDg5MWY3NDQxNjgiXX19", + "repoDigests": [ + "ghcr.io/fluentdo/agent@sha256:36b800f0964925b6e7fd3c1dc8483798ce10dbb06bd098dc5309a9937318f6c0" + ], + "architecture": "amd64", + "os": "linux", + "labels": { + "architecture": "x86_64", + "build-date": "20251222-100331", + "com.redhat.component": "ubi9-minimal-container", + "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", + "description": "FluentDo Agent is a stable, secure by default, OSS (Apache-licensed) downstream distribution of Fluent Bit with predictable releases and long-term supported versions for 24 months.", + "distribution-scope": "public", + "io.buildah.version": "1.39.0-dev", + "io.k8s.description": "FluentDo Agent is a stable, secure by default, OSS (Apache-licensed) downstream distribution of Fluent Bit with predictable releases and long-term supported versions for 24 months.", + "io.k8s.display-name": "FluentDo Agent", + "io.openshift.expose-services": "", + "io.openshift.tags": "observability,logging,log-aggregation,fluentdo,fluent-bit", + "maintainer": "FluentDo via info@fluent.do", + "name": "FluentDo Agent", + "org.opencontainers.image.created": "2025-12-22T10:03:31.809Z", + "org.opencontainers.image.description": "FluentDo Agent is a stable, secure by default, OSS (Apache-licensed) downstream distribution of Fluent Bit with predictable releases and long-term supported versions for 24 months.", + "org.opencontainers.image.licenses": "", + "org.opencontainers.image.revision": "e4a1b4ebc8acec8e447344c9251528a710df7b11", + "org.opencontainers.image.source": "https://github.com/FluentDo/agent", + "org.opencontainers.image.title": "agent", + "org.opencontainers.image.url": "https://github.com/FluentDo/agent", + "org.opencontainers.image.version": "v25.10.10", + "release": "1747111267", + "summary": "FluentDo Agent is an Enterprise hardened version of Fluent Bit", + "url": "https://fluent.do", + "vcs-ref": "7575d7eb45eb7f545fef31ba067dfe3d8e52c4eb", + "vcs-type": "git", + "vendor": "FluentDo at https://fluent.do", + "version": "25.10.10" + } + } + }, + "distro": { + "name": "redhat", + "version": "9.7", + "idLike": [ + "fedora" + ] + }, + "descriptor": { + "name": "grype", + "version": "0.104.2", + "configuration": { + "output": [ + "json" + ], + "file": "security/agent/grype-25.10.10.json", + "pretty": true, + "distro": "", + "add-cpes-if-none": false, + "output-template-file": "", + "check-for-app-update": true, + "only-fixed": false, + "only-notfixed": false, + "ignore-wontfix": "", + "platform": "", + "search": { + "scope": "squashed", + "unindexed-archives": false, + "indexed-archives": true + }, + "ignore": [ + { + "vulnerability": "", + "include-aliases": false, + "reason": "", + "namespace": "", + "fix-state": "", + "package": { + "name": "kernel-headers", + "version": "", + "language": "", + "type": "rpm", + "location": "", + "upstream-name": "kernel" + }, + "vex-status": "", + "vex-justification": "", + "match-type": "exact-indirect-match" + }, + { + "vulnerability": "", + "include-aliases": false, + "reason": "", + "namespace": "", + "fix-state": "", + "package": { + "name": "linux(-.*)?-headers-.*", + "version": "", + "language": "", + "type": "deb", + "location": "", + "upstream-name": "linux.*" + }, + "vex-status": "", + "vex-justification": "", + "match-type": "exact-indirect-match" + }, + { + "vulnerability": "", + "include-aliases": false, + "reason": "", + "namespace": "", + "fix-state": "", + "package": { + "name": "linux-libc-dev", + "version": "", + "language": "", + "type": "deb", + "location": "", + "upstream-name": "linux" + }, + "vex-status": "", + "vex-justification": "", + "match-type": "exact-indirect-match" + } + ], + "exclude": [], + "externalSources": { + "enable": false, + "maven": { + "searchUpstreamBySha1": true, + "baseUrl": "https://search.maven.org/solrsearch/select", + "rateLimit": 300000000 + } + }, + "match": { + "java": { + "using-cpes": false + }, + "jvm": { + "using-cpes": true + }, + "dotnet": { + "using-cpes": false + }, + "golang": { + "using-cpes": false, + "always-use-cpe-for-stdlib": true, + "allow-main-module-pseudo-version-comparison": false + }, + "javascript": { + "using-cpes": false + }, + "python": { + "using-cpes": false + }, + "ruby": { + "using-cpes": false + }, + "rust": { + "using-cpes": false + }, + "stock": { + "using-cpes": true + } + }, + "fail-on-severity": "", + "registry": { + "insecure-skip-tls-verify": false, + "insecure-use-http": false, + "ca-cert": "" + }, + "show-suppressed": false, + "by-cve": false, + "SortBy": { + "sort-by": "risk" + }, + "name": "", + "default-image-pull-source": "", + "from": null, + "vex-documents": [], + "vex-add": [], + "match-upstream-kernel-headers": false, + "fix-channel": { + "redhat-eus": { + "apply": "auto", + "versions": ">= 8.0" + } + }, + "timestamp": false, + "db": { + "cache-dir": ".cache/grype/db", + "update-url": "https://grype.anchore.io/databases", + "ca-cert": "", + "auto-update": true, + "validate-by-hash-on-start": true, + "validate-age": true, + "max-allowed-built-age": 432000000000000, + "require-update-check": false, + "update-available-timeout": 30000000000, + "update-download-timeout": 300000000000, + "max-update-check-frequency": 7200000000000 + }, + "exp": {}, + "dev": { + "db": { + "debug": false + } + } + }, + "db": { + "status": { + "schemaVersion": "v6.1.3", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", + "path": ".cache/grype/db/6/vulnerability.db", + "valid": true + }, + "providers": { + "alma": { + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" + }, + "alpine": { + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" + }, + "amazon": { + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" + }, + "bitnami": { + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" + }, + "chainguard": { + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" + }, + "chainguard-libraries": { + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" + }, + "debian": { + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" + }, + "echo": { + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" + }, + "epss": { + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" + }, + "github": { + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" + }, + "kev": { + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" + }, + "mariner": { + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" + }, + "minimos": { + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" + }, + "nvd": { + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" + }, + "oracle": { + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" + }, + "rhel": { + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" + }, + "sles": { + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" + }, + "ubuntu": { + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" + }, + "wolfi": { + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" + } + } + } + } +} diff --git a/docs/security/agent/grype-25.10.10.md b/docs/security/agent/grype-25.10.10.md new file mode 100644 index 0000000..5503b97 --- /dev/null +++ b/docs/security/agent/grype-25.10.10.md @@ -0,0 +1,57 @@ +# Grype Vulnerabilities for ghcr.io/fluentdo/agent:25.10.10 + +Unfiltered vulnerability scan results for ghcr.io/fluentdo/agent:25.10.10 using Grype. +Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.html) or [VEX endpoint](https://docs.fluent.do/security/vex.json) for more information on vulnerabilities that have been reviewed. + +| Package | Version Installed | Vulnerability ID | Severity | +| --- | --- | --- | --- | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.10.10 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| fluent-bit | 25.10.10 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.2.json b/docs/security/agent/grype-25.10.2.json index 298e7d4..0ebb190 100644 --- a/docs/security/agent/grype-25.10.2.json +++ b/docs/security/agent/grype-25.10.2.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1736,8 +1736,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1901,8 +1901,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1976,8 +1976,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -2073,9 +2073,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2103,7 +2103,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2169,9 +2169,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2251,31 +2251,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2283,48 +2291,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2332,21 +2357,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2360,59 +2385,56 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2420,41 +2442,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2469,21 +2508,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2497,48 +2536,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2546,18 +2585,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2565,58 +2604,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2631,21 +2661,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2659,56 +2689,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2716,65 +2746,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2782,21 +2801,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2810,65 +2829,54 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2878,30 +2886,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2909,16 +2915,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2927,7 +2933,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2935,21 +2941,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2963,14 +2969,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2980,39 +2997,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3020,28 +3029,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3049,25 +3061,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3075,21 +3079,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3103,14 +3107,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3120,39 +3135,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3160,28 +3167,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3189,18 +3199,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3215,21 +3217,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3243,23 +3245,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3271,31 +3273,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3303,49 +3313,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3353,21 +3369,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3381,25 +3397,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3409,12 +3414,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3430,10 +3435,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3441,25 +3454,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3473,17 +3483,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3491,21 +3509,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3519,25 +3537,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3547,39 +3554,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3587,159 +3594,18 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.022779999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ @@ -3772,8 +3638,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3869,8 +3735,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3930,8 +3796,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4027,8 +3893,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4069,6 +3935,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4100,8 +3968,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4183,20 +4051,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4204,115 +4075,231 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01955 + "risk": 0.01785 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.2" + } }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "04d33236b6f59eb8", + "name": "fluent-bit", + "version": "25.10.2", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:github/fluent/fluent-bit@25.10.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4323,97 +4310,367 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.2" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "04d33236b6f59eb8", - "name": "fluent-bit", - "version": "25.10.2", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -4440,9 +4697,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4472,7 +4729,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -4517,9 +4774,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4601,260 +4858,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,23 +4953,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -4894,24 +4979,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4925,104 +5010,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5039,24 +5090,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -5071,24 +5108,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5102,122 +5136,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5225,25 +5227,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5251,24 +5245,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5285,11 +5276,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5322,8 +5324,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5376,8 +5378,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5477,8 +5479,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5569,8 +5571,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5619,8 +5621,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5711,8 +5713,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5753,8 +5755,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5848,8 +5850,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5890,8 +5892,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5985,8 +5987,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6047,8 +6049,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6138,9 +6140,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6156,7 +6158,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6191,9 +6193,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6283,9 +6285,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6301,7 +6303,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6336,9 +6338,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6417,20 +6419,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6438,16 +6440,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6457,42 +6459,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6500,16 +6494,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6518,7 +6512,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6526,21 +6520,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6554,14 +6548,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6571,20 +6576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6592,73 +6597,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6666,21 +6695,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6694,19 +6723,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6716,39 +6740,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6756,54 +6780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6811,21 +6849,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6839,19 +6877,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6884,8 +6917,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6932,8 +6965,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6968,8 +7001,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6987,10 +7020,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7029,8 +7062,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7077,8 +7110,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,8 +7146,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7129,13 +7162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7151,39 +7184,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7191,53 +7224,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -7252,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7280,23 +7307,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7308,20 +7329,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7329,97 +7350,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7427,21 +7424,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7458,11 +7455,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7495,8 +7497,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7556,8 +7558,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7648,8 +7650,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7716,8 +7718,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7825,8 +7827,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7887,8 +7889,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7978,9 +7980,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8002,7 +8004,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -8048,9 +8050,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8147,8 +8149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8209,8 +8211,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8301,8 +8303,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8362,8 +8364,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8429,109 +8431,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -8913,87 +8812,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.10.2.md b/docs/security/agent/grype-25.10.2.md index 6b2926a..7aa2378 100644 --- a/docs/security/agent/grype-25.10.2.md +++ b/docs/security/agent/grype-25.10.2.md @@ -7,32 +7,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.10.3.json b/docs/security/agent/grype-25.10.3.json index 00f9ef2..22be7a3 100644 --- a/docs/security/agent/grype-25.10.3.json +++ b/docs/security/agent/grype-25.10.3.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1736,8 +1736,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1901,8 +1901,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1976,8 +1976,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -2073,9 +2073,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2103,7 +2103,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2169,9 +2169,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2251,31 +2251,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2283,48 +2291,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2332,21 +2357,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2360,59 +2385,56 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2420,41 +2442,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2469,21 +2508,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2497,48 +2536,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2546,18 +2585,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2565,58 +2604,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2631,21 +2661,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2659,56 +2689,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2716,65 +2746,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2782,21 +2801,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2810,65 +2829,54 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2878,30 +2886,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2909,16 +2915,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2927,7 +2933,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2935,21 +2941,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2963,14 +2969,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2980,39 +2997,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3020,28 +3029,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3049,25 +3061,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3075,21 +3079,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3103,14 +3107,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3120,39 +3135,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3160,28 +3167,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3189,18 +3199,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3215,21 +3217,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3243,23 +3245,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3271,31 +3273,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3303,49 +3313,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3353,21 +3369,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3381,25 +3397,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3409,12 +3414,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3430,10 +3435,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3441,25 +3454,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3473,17 +3483,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3491,21 +3509,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3519,25 +3537,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3547,39 +3554,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3587,159 +3594,18 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.022779999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ @@ -3772,8 +3638,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3869,8 +3735,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3930,8 +3796,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4027,8 +3893,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4069,6 +3935,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4100,8 +3968,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4183,20 +4051,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4204,115 +4075,231 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01955 + "risk": 0.01785 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.3" + } }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "58605501f0a6c108", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4323,97 +4310,367 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.3" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "58605501f0a6c108", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -4440,9 +4697,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4472,7 +4729,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -4517,9 +4774,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4601,260 +4858,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,23 +4953,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -4894,24 +4979,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4925,104 +5010,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5039,24 +5090,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -5071,24 +5108,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5102,122 +5136,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5225,25 +5227,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5251,24 +5245,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5285,11 +5276,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5322,8 +5324,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5376,8 +5378,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5477,8 +5479,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5569,8 +5571,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5619,8 +5621,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5711,8 +5713,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5753,8 +5755,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5848,8 +5850,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5890,8 +5892,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5985,8 +5987,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6047,8 +6049,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6138,9 +6140,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6156,7 +6158,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6191,9 +6193,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6283,9 +6285,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6301,7 +6303,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6336,9 +6338,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6417,20 +6419,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6438,16 +6440,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6457,42 +6459,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6500,16 +6494,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6518,7 +6512,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6526,21 +6520,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6554,14 +6548,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6571,20 +6576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6592,73 +6597,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6666,21 +6695,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6694,19 +6723,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6716,39 +6740,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6756,54 +6780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6811,21 +6849,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6839,19 +6877,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6884,8 +6917,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6932,8 +6965,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6968,8 +7001,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6987,10 +7020,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7029,8 +7062,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7077,8 +7110,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,8 +7146,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7129,13 +7162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7151,39 +7184,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7191,53 +7224,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -7252,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7280,23 +7307,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7308,20 +7329,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7329,97 +7350,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7427,21 +7424,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7458,11 +7455,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7495,8 +7497,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7556,8 +7558,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7648,8 +7650,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7716,8 +7718,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7825,8 +7827,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7887,8 +7889,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7978,9 +7980,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8002,7 +8004,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -8048,9 +8050,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8147,8 +8149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8209,8 +8211,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8301,8 +8303,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8362,8 +8364,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8429,109 +8431,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -8913,87 +8812,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.10.3.md b/docs/security/agent/grype-25.10.3.md index 35eb199..1e56422 100644 --- a/docs/security/agent/grype-25.10.3.md +++ b/docs/security/agent/grype-25.10.3.md @@ -7,32 +7,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.10.4.json b/docs/security/agent/grype-25.10.4.json index 05de93d..acc7c2a 100644 --- a/docs/security/agent/grype-25.10.4.json +++ b/docs/security/agent/grype-25.10.4.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1736,8 +1736,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1901,8 +1901,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1976,8 +1976,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -2073,9 +2073,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2103,7 +2103,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2169,9 +2169,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2251,31 +2251,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2283,48 +2291,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2332,21 +2357,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2360,59 +2385,56 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2420,41 +2442,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2469,21 +2508,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2497,48 +2536,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2546,18 +2585,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2565,58 +2604,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2631,21 +2661,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2659,56 +2689,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2716,65 +2746,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2782,21 +2801,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2810,65 +2829,54 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2878,30 +2886,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2909,16 +2915,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2927,7 +2933,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2935,21 +2941,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2963,14 +2969,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2980,39 +2997,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3020,28 +3029,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3049,25 +3061,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3075,21 +3079,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3103,14 +3107,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3120,39 +3135,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3160,28 +3167,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3189,18 +3199,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3215,21 +3217,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3243,23 +3245,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3271,31 +3273,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3303,49 +3313,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3353,21 +3369,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3381,25 +3397,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3409,12 +3414,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3430,10 +3435,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3441,25 +3454,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3473,17 +3483,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3491,21 +3509,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3519,25 +3537,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3547,39 +3554,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3587,159 +3594,18 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.022779999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ @@ -3772,8 +3638,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3869,8 +3735,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3930,8 +3796,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4027,8 +3893,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4069,6 +3935,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4100,8 +3968,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4183,20 +4051,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4204,115 +4075,231 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01955 + "risk": 0.01785 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.3" + } }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "f3db967c04cd48f5", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4323,97 +4310,367 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.3" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "f3db967c04cd48f5", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -4440,9 +4697,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4472,7 +4729,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -4517,9 +4774,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4601,260 +4858,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,23 +4953,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -4894,24 +4979,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4925,104 +5010,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5039,24 +5090,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -5071,24 +5108,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5102,122 +5136,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5225,25 +5227,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5251,24 +5245,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5285,11 +5276,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5322,8 +5324,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5376,8 +5378,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5477,8 +5479,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5569,8 +5571,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5619,8 +5621,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5711,8 +5713,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5753,8 +5755,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5848,8 +5850,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5890,8 +5892,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5985,8 +5987,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6047,8 +6049,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6138,9 +6140,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6156,7 +6158,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6191,9 +6193,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6283,9 +6285,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6301,7 +6303,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6336,9 +6338,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6417,20 +6419,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6438,16 +6440,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6457,42 +6459,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6500,16 +6494,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6518,7 +6512,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6526,21 +6520,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6554,14 +6548,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6571,20 +6576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6592,73 +6597,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6666,21 +6695,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6694,19 +6723,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6716,39 +6740,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6756,54 +6780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6811,21 +6849,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6839,19 +6877,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6884,8 +6917,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6932,8 +6965,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6968,8 +7001,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6987,10 +7020,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7029,8 +7062,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7077,8 +7110,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,8 +7146,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7129,13 +7162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7151,39 +7184,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7191,53 +7224,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -7252,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7280,23 +7307,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7308,20 +7329,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7329,97 +7350,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7427,21 +7424,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7458,11 +7455,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7495,8 +7497,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7556,8 +7558,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7648,8 +7650,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7716,8 +7718,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7825,8 +7827,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7887,8 +7889,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7978,9 +7980,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8002,7 +8004,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -8048,9 +8050,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8147,8 +8149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8209,8 +8211,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8301,8 +8303,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8362,8 +8364,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8429,109 +8431,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -8913,87 +8812,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.10.4.md b/docs/security/agent/grype-25.10.4.md index 8db1701..e0d30e1 100644 --- a/docs/security/agent/grype-25.10.4.md +++ b/docs/security/agent/grype-25.10.4.md @@ -7,32 +7,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.10.5.json b/docs/security/agent/grype-25.10.5.json index 9d6c33a..e198704 100644 --- a/docs/security/agent/grype-25.10.5.json +++ b/docs/security/agent/grype-25.10.5.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1736,8 +1736,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1901,8 +1901,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1976,8 +1976,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -2073,9 +2073,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2103,7 +2103,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2169,9 +2169,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2251,31 +2251,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2283,48 +2291,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2332,21 +2357,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2360,59 +2385,56 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2420,41 +2442,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2469,21 +2508,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2497,48 +2536,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2546,18 +2585,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2565,58 +2604,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2631,21 +2661,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2659,56 +2689,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2716,65 +2746,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2782,21 +2801,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2810,65 +2829,54 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2878,30 +2886,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2909,16 +2915,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2927,7 +2933,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2935,21 +2941,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2963,14 +2969,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2980,39 +2997,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3020,28 +3029,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3049,25 +3061,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3075,21 +3079,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3103,14 +3107,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3120,39 +3135,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3160,28 +3167,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3189,18 +3199,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3215,21 +3217,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3243,23 +3245,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3271,31 +3273,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3303,49 +3313,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3353,21 +3369,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3381,25 +3397,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3409,12 +3414,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3430,10 +3435,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3441,25 +3454,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3473,17 +3483,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3491,21 +3509,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3519,25 +3537,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3547,39 +3554,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3587,159 +3594,18 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.022779999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ @@ -3772,8 +3638,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3869,8 +3735,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3930,8 +3796,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4027,8 +3893,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4069,6 +3935,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4100,8 +3968,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4183,20 +4051,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4204,115 +4075,231 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01955 + "risk": 0.01785 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.4" + } }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "41ad758bbe058560", + "name": "fluent-bit", + "version": "25.10.4", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:github/fluent/fluent-bit@25.10.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4323,97 +4310,367 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.4" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "41ad758bbe058560", - "name": "fluent-bit", - "version": "25.10.4", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.4", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -4440,9 +4697,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4472,7 +4729,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -4517,9 +4774,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4601,260 +4858,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,23 +4953,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -4894,24 +4979,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4925,104 +5010,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5039,24 +5090,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -5071,24 +5108,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5102,122 +5136,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5225,25 +5227,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5251,24 +5245,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5285,11 +5276,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5322,8 +5324,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5376,8 +5378,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5477,8 +5479,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5569,8 +5571,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5619,8 +5621,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5711,8 +5713,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5753,8 +5755,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5848,8 +5850,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5890,8 +5892,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5985,8 +5987,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6047,8 +6049,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6138,9 +6140,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6156,7 +6158,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6191,9 +6193,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6283,9 +6285,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6301,7 +6303,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6336,9 +6338,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6417,20 +6419,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6438,16 +6440,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6457,42 +6459,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6500,16 +6494,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6518,7 +6512,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6526,21 +6520,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6554,14 +6548,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6571,20 +6576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6592,73 +6597,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6666,21 +6695,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6694,19 +6723,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6716,39 +6740,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6756,54 +6780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6811,21 +6849,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6839,19 +6877,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6884,8 +6917,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6932,8 +6965,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6968,8 +7001,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6987,10 +7020,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7029,8 +7062,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7077,8 +7110,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,8 +7146,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7129,13 +7162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7151,39 +7184,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7191,53 +7224,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -7252,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7280,23 +7307,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7308,20 +7329,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7329,97 +7350,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7427,21 +7424,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7458,11 +7455,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7495,8 +7497,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7556,8 +7558,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7648,8 +7650,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7716,8 +7718,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7825,8 +7827,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7887,8 +7889,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7978,9 +7980,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8002,7 +8004,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -8048,9 +8050,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8147,8 +8149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8209,8 +8211,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8301,8 +8303,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8362,8 +8364,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8429,109 +8431,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -8913,87 +8812,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.10.5.md b/docs/security/agent/grype-25.10.5.md index 554c6be..29ac48f 100644 --- a/docs/security/agent/grype-25.10.5.md +++ b/docs/security/agent/grype-25.10.5.md @@ -7,32 +7,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.10.6.json b/docs/security/agent/grype-25.10.6.json index a2d3487..8da2a5f 100644 --- a/docs/security/agent/grype-25.10.6.json +++ b/docs/security/agent/grype-25.10.6.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1736,8 +1736,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1901,8 +1901,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1976,8 +1976,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -2073,9 +2073,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2103,7 +2103,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2169,9 +2169,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2251,31 +2251,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2283,48 +2291,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2332,21 +2357,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2360,59 +2385,56 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2420,41 +2442,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2469,21 +2508,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2497,48 +2536,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2546,18 +2585,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2565,58 +2604,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2631,21 +2661,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2659,56 +2689,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2716,65 +2746,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2782,21 +2801,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2810,65 +2829,54 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2878,30 +2886,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2909,16 +2915,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2927,7 +2933,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2935,21 +2941,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2963,14 +2969,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2980,39 +2997,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3020,28 +3029,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3049,25 +3061,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3075,21 +3079,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3103,14 +3107,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3120,39 +3135,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3160,28 +3167,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3189,18 +3199,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3215,21 +3217,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3243,23 +3245,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3271,31 +3273,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3303,49 +3313,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3353,21 +3369,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3381,25 +3397,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3409,12 +3414,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3430,10 +3435,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3441,25 +3454,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3473,17 +3483,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3491,21 +3509,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3519,25 +3537,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3547,39 +3554,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3587,159 +3594,18 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.022779999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ @@ -3772,8 +3638,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3869,8 +3735,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3930,8 +3796,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4027,8 +3893,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4069,6 +3935,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4100,8 +3968,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4183,20 +4051,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4204,115 +4075,231 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01955 + "risk": 0.01785 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.6" + } }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "7c565ae309ebd658", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4323,97 +4310,367 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.6" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "7c565ae309ebd658", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -4440,9 +4697,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4472,7 +4729,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -4517,9 +4774,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4601,260 +4858,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,23 +4953,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -4894,24 +4979,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4925,104 +5010,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5039,24 +5090,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -5071,24 +5108,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5102,122 +5136,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5225,25 +5227,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5251,24 +5245,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5285,11 +5276,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5322,8 +5324,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5376,8 +5378,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5477,8 +5479,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5569,8 +5571,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5619,8 +5621,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5711,8 +5713,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5753,8 +5755,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5848,8 +5850,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5890,8 +5892,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5985,8 +5987,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6047,8 +6049,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6138,9 +6140,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6156,7 +6158,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6191,9 +6193,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6283,9 +6285,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6301,7 +6303,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6336,9 +6338,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6417,20 +6419,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6438,16 +6440,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6457,42 +6459,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6500,16 +6494,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6518,7 +6512,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6526,21 +6520,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6554,14 +6548,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6571,20 +6576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6592,73 +6597,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6666,21 +6695,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6694,19 +6723,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6716,39 +6740,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6756,54 +6780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6811,21 +6849,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6839,19 +6877,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6884,8 +6917,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6932,8 +6965,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6968,8 +7001,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6987,10 +7020,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7029,8 +7062,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7077,8 +7110,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,8 +7146,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7129,13 +7162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7151,39 +7184,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7191,53 +7224,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -7252,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7280,23 +7307,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7308,20 +7329,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7329,97 +7350,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7427,21 +7424,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7458,11 +7455,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7495,8 +7497,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7556,8 +7558,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7648,8 +7650,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7716,8 +7718,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7825,8 +7827,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7887,8 +7889,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7978,9 +7980,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8002,7 +8004,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -8048,9 +8050,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8147,8 +8149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8209,8 +8211,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8301,8 +8303,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8362,8 +8364,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8429,109 +8431,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -8913,87 +8812,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.10.6.md b/docs/security/agent/grype-25.10.6.md index f4b6bc9..fb1cf67 100644 --- a/docs/security/agent/grype-25.10.6.md +++ b/docs/security/agent/grype-25.10.6.md @@ -7,32 +7,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.10.7.json b/docs/security/agent/grype-25.10.7.json index 0558d17..30b5605 100644 --- a/docs/security/agent/grype-25.10.7.json +++ b/docs/security/agent/grype-25.10.7.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1736,8 +1736,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1901,8 +1901,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1976,8 +1976,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -2073,9 +2073,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2103,7 +2103,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2169,9 +2169,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2251,31 +2251,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2283,48 +2291,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2332,21 +2357,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2360,59 +2385,56 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2420,41 +2442,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2469,21 +2508,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2497,48 +2536,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2546,18 +2585,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2565,58 +2604,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2631,21 +2661,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2659,56 +2689,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2716,65 +2746,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2782,21 +2801,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2810,65 +2829,54 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2878,30 +2886,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2909,16 +2915,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2927,7 +2933,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2935,21 +2941,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2963,14 +2969,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2980,39 +2997,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3020,28 +3029,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3049,25 +3061,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3075,21 +3079,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3103,14 +3107,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3120,39 +3135,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3160,28 +3167,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3189,18 +3199,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3215,21 +3217,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3243,23 +3245,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3271,31 +3273,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3303,49 +3313,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3353,21 +3369,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3381,25 +3397,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3409,12 +3414,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3430,10 +3435,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3441,25 +3454,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3473,17 +3483,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3491,21 +3509,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3519,25 +3537,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3547,39 +3554,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3587,159 +3594,18 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.022779999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ @@ -3772,8 +3638,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3869,8 +3735,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3930,8 +3796,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4027,8 +3893,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4069,6 +3935,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4100,8 +3968,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4183,20 +4051,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4204,115 +4075,231 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01955 + "risk": 0.01785 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.6" + } }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "3b096a4569cbd31e", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4323,97 +4310,367 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.6" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "3b096a4569cbd31e", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -4440,9 +4697,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4472,7 +4729,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -4517,9 +4774,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4601,260 +4858,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,23 +4953,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -4894,24 +4979,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4925,104 +5010,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5039,24 +5090,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -5071,24 +5108,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5102,122 +5136,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5225,25 +5227,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5251,24 +5245,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5285,11 +5276,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5322,8 +5324,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5376,8 +5378,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5477,8 +5479,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5569,8 +5571,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5619,8 +5621,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5711,8 +5713,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5753,8 +5755,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5848,8 +5850,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5890,8 +5892,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5985,8 +5987,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6047,8 +6049,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6138,9 +6140,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6156,7 +6158,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6191,9 +6193,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6283,9 +6285,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6301,7 +6303,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6336,9 +6338,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6417,20 +6419,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6438,16 +6440,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6457,42 +6459,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6500,16 +6494,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6518,7 +6512,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6526,21 +6520,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6554,14 +6548,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6571,20 +6576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6592,73 +6597,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6666,21 +6695,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6694,19 +6723,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6716,39 +6740,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6756,54 +6780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6811,21 +6849,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6839,19 +6877,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6884,8 +6917,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6932,8 +6965,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6968,8 +7001,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6987,10 +7020,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7029,8 +7062,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7077,8 +7110,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,8 +7146,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7129,13 +7162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7151,39 +7184,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7191,53 +7224,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -7252,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7280,23 +7307,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7308,20 +7329,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7329,97 +7350,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7427,21 +7424,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7458,11 +7455,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7495,8 +7497,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7556,8 +7558,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7648,8 +7650,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7716,8 +7718,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7825,8 +7827,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7887,8 +7889,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7978,9 +7980,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8002,7 +8004,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -8048,9 +8050,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8147,8 +8149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8209,8 +8211,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8301,8 +8303,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8362,8 +8364,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8429,109 +8431,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -8913,87 +8812,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.10.7.md b/docs/security/agent/grype-25.10.7.md index d7bee4e..e413885 100644 --- a/docs/security/agent/grype-25.10.7.md +++ b/docs/security/agent/grype-25.10.7.md @@ -7,32 +7,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.10.8.json b/docs/security/agent/grype-25.10.8.json index 416101f..26bbdc0 100644 --- a/docs/security/agent/grype-25.10.8.json +++ b/docs/security/agent/grype-25.10.8.json @@ -2,112 +2,95 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +98,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -143,133 +126,105 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -284,21 +239,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -312,28 +267,28 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -363,8 +318,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -419,8 +374,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -488,95 +443,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -584,21 +556,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -612,105 +584,133 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -725,21 +725,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -753,28 +753,28 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -804,8 +804,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -875,8 +875,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -978,8 +978,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1049,8 +1049,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1152,8 +1152,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1197,8 +1197,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1292,8 +1292,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1337,8 +1337,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1431,9 +1431,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1449,7 +1449,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1479,9 +1479,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1572,8 +1572,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1639,8 +1639,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1737,8 +1737,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1812,8 +1812,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1909,9 +1909,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -1939,7 +1939,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2005,9 +2005,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2087,31 +2087,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2119,48 +2127,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2168,21 +2193,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2196,59 +2221,56 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2256,41 +2278,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2305,21 +2344,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2333,48 +2372,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2382,18 +2421,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2401,58 +2440,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2467,21 +2497,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2495,56 +2525,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2552,65 +2582,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2618,21 +2637,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2646,65 +2665,54 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2714,30 +2722,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2745,16 +2751,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2763,7 +2769,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2771,21 +2777,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2799,14 +2805,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2816,39 +2833,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -2856,28 +2865,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2885,25 +2897,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2911,21 +2915,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -2939,14 +2943,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2956,39 +2971,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -2996,28 +3003,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3025,18 +3035,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3051,21 +3053,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -3079,23 +3081,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -3107,31 +3109,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3139,49 +3149,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3189,21 +3205,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3217,25 +3233,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3245,12 +3250,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3266,10 +3271,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3277,25 +3290,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3309,162 +3319,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "MIT" - ], - "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.022779999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -3485,7 +3351,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } @@ -3547,8 +3413,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3608,8 +3474,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3705,8 +3571,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3766,8 +3632,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3840,20 +3706,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3861,17 +3730,115 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.01785 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.8" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "92b9576bd60528c3", + "name": "fluent-bit", + "version": "25.10.8", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.8", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -3880,46 +3847,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01955 + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -3935,21 +3920,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -3963,13 +3948,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3980,140 +3965,168 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.01785 + "risk": 0.01133 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.8" - } + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "92b9576bd60528c3", - "name": "fluent-bit", - "version": "25.10.8", - "type": "binary", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" } ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.8", - "upstreams": [] + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { @@ -4121,72 +4134,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4194,21 +4183,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4222,14 +4211,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4262,8 +4262,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -4316,8 +4316,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -4417,8 +4417,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -4509,8 +4509,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -4559,8 +4559,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -4651,8 +4651,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -4693,8 +4693,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -4788,8 +4788,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -4830,8 +4830,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -4925,8 +4925,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -4987,8 +4987,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -5078,9 +5078,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5096,7 +5096,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -5131,9 +5131,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5223,9 +5223,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5241,7 +5241,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -5276,9 +5276,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5357,20 +5357,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -5378,16 +5378,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -5397,42 +5397,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -5440,16 +5432,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -5458,7 +5450,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5466,21 +5458,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5494,14 +5486,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5511,20 +5514,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -5532,73 +5535,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5606,21 +5633,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5634,19 +5661,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5656,39 +5678,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5696,54 +5718,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5751,21 +5787,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5779,19 +5815,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5824,8 +5855,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -5872,8 +5903,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -5908,8 +5939,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -5927,10 +5958,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -5969,8 +6000,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6017,8 +6048,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6053,8 +6084,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6069,13 +6100,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6091,39 +6122,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6131,53 +6162,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -6192,21 +6217,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6220,23 +6245,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -6248,20 +6267,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6269,97 +6288,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6367,21 +6362,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6398,11 +6393,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6435,8 +6435,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -6496,8 +6496,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -6588,8 +6588,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -6656,8 +6656,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -6765,8 +6765,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -6827,8 +6827,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -6918,9 +6918,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -6942,7 +6942,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -6988,9 +6988,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -7087,8 +7087,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -7149,8 +7149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -7241,8 +7241,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -7302,8 +7302,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -7369,109 +7369,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -7853,87 +7750,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.10.8.md b/docs/security/agent/grype-25.10.8.md index 264307e..b56e968 100644 --- a/docs/security/agent/grype-25.10.8.md +++ b/docs/security/agent/grype-25.10.8.md @@ -6,27 +6,26 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.8 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.8 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.10.9.json b/docs/security/agent/grype-25.10.9.json index 4f1e9c7..15e0544 100644 --- a/docs/security/agent/grype-25.10.9.json +++ b/docs/security/agent/grype-25.10.9.json @@ -2,112 +2,95 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +98,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -143,133 +126,105 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -284,21 +239,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -312,28 +267,28 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -363,8 +318,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -419,8 +374,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -488,95 +443,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -584,21 +556,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -612,105 +584,133 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -725,21 +725,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -753,28 +753,28 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -804,8 +804,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -875,8 +875,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -978,8 +978,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1049,8 +1049,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1152,8 +1152,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1197,8 +1197,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1292,8 +1292,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1337,8 +1337,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1431,9 +1431,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1449,7 +1449,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1479,9 +1479,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1572,8 +1572,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1639,8 +1639,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1737,8 +1737,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1812,8 +1812,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1909,9 +1909,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -1939,7 +1939,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2005,9 +2005,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2087,31 +2087,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2119,48 +2127,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2168,21 +2193,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2196,59 +2221,56 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2256,41 +2278,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2305,21 +2344,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2333,48 +2372,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2382,18 +2421,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2401,58 +2440,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2467,21 +2497,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2495,56 +2525,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2552,65 +2582,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2618,21 +2637,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2646,65 +2665,54 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2714,30 +2722,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2745,16 +2751,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2763,7 +2769,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2771,21 +2777,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2799,14 +2805,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2816,39 +2833,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -2856,28 +2865,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2885,25 +2897,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2911,21 +2915,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -2939,14 +2943,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2956,39 +2971,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -2996,28 +3003,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3025,18 +3035,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3051,21 +3053,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -3079,23 +3081,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -3107,31 +3109,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3139,49 +3149,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3189,21 +3205,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3217,25 +3233,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3245,12 +3250,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3266,10 +3271,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3277,25 +3290,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3309,162 +3319,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "MIT" - ], - "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.022779999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -3485,7 +3351,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } @@ -3547,8 +3413,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3608,8 +3474,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3705,8 +3571,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3766,8 +3632,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3863,8 +3729,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -3905,6 +3771,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -3936,8 +3804,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4019,20 +3887,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4040,184 +3911,41 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01955 + "risk": 0.01785 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.01785 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.9" - } + "name": "fluent-bit", + "version": "25.10.9" + } }, "found": { "vulnerabilityID": "CVE-2025-29478", @@ -4277,8 +4005,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" + "percentile": 0.08482, + "date": "2025-12-21" } ], "cwes": [ @@ -4343,8 +4071,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" + "percentile": 0.08482, + "date": "2025-12-21" } ], "cwes": [ @@ -4403,12 +4131,318 @@ "licenses": [ "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01344 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01133 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4418,94 +4452,62 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4513,25 +4515,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4539,24 +4533,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4573,11 +4564,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4610,8 +4612,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -4664,8 +4666,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -4765,8 +4767,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -4857,8 +4859,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -4907,8 +4909,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -4999,8 +5001,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5041,8 +5043,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5136,8 +5138,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5178,8 +5180,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5273,8 +5275,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -5335,8 +5337,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -5426,9 +5428,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5444,7 +5446,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -5479,9 +5481,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5571,9 +5573,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5589,7 +5591,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -5624,9 +5626,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5705,20 +5707,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -5726,16 +5728,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -5745,42 +5747,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -5788,16 +5782,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -5806,7 +5800,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5814,21 +5808,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5842,14 +5836,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5859,20 +5864,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -5880,73 +5885,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5954,21 +5983,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5982,19 +6011,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6004,39 +6028,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6044,54 +6068,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6099,21 +6137,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6127,19 +6165,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6172,8 +6205,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6220,8 +6253,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6256,8 +6289,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6275,10 +6308,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6317,8 +6350,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6365,8 +6398,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6401,8 +6434,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6417,13 +6450,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6439,39 +6472,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6479,53 +6512,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -6540,21 +6567,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6568,23 +6595,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -6596,20 +6617,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6617,97 +6638,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6715,21 +6712,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6746,11 +6743,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6783,8 +6785,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -6844,8 +6846,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -6936,8 +6938,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7004,8 +7006,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,8 +7115,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7175,8 +7177,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7266,9 +7268,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -7290,7 +7292,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -7336,9 +7338,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -7435,8 +7437,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -7497,8 +7499,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -7589,8 +7591,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -7650,8 +7652,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -7717,109 +7719,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -8201,87 +8100,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.10.9.md b/docs/security/agent/grype-25.10.9.md index 3dd2962..bd58d58 100644 --- a/docs/security/agent/grype-25.10.9.md +++ b/docs/security/agent/grype-25.10.9.md @@ -6,29 +6,28 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| systemd-libs | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.9 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.9 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.11.1.json b/docs/security/agent/grype-25.11.1.json index 132b6f3..ccd3fa1 100644 --- a/docs/security/agent/grype-25.11.1.json +++ b/docs/security/agent/grype-25.11.1.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1736,8 +1736,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1901,8 +1901,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1976,8 +1976,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -2073,9 +2073,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2103,7 +2103,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2169,9 +2169,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2251,31 +2251,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2283,48 +2291,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2332,21 +2357,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2360,59 +2385,56 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2420,41 +2442,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2469,21 +2508,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2497,48 +2536,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2546,18 +2585,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2565,58 +2604,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2631,21 +2661,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2659,56 +2689,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2716,65 +2746,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2782,21 +2801,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2810,65 +2829,54 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2878,30 +2886,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2909,16 +2915,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2927,7 +2933,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2935,21 +2941,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2963,14 +2969,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2980,39 +2997,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3020,28 +3029,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3049,25 +3061,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3075,21 +3079,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3103,14 +3107,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3120,39 +3135,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3160,28 +3167,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3189,18 +3199,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3215,21 +3217,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3243,23 +3245,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3271,31 +3273,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3303,49 +3313,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3353,21 +3369,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3381,25 +3397,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3409,12 +3414,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3430,10 +3435,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3441,25 +3454,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3473,17 +3483,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3491,21 +3509,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3519,25 +3537,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3547,39 +3554,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3587,159 +3594,18 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.022779999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ @@ -3772,8 +3638,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3869,8 +3735,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3930,8 +3796,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4027,8 +3893,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4069,6 +3935,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4100,8 +3968,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4183,20 +4051,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4204,115 +4075,231 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01955 + "risk": 0.01785 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.11.1" + } }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "09a7526d23e50ddd", + "name": "fluent-bit", + "version": "25.11.1", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:github/fluent/fluent-bit@25.11.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4323,97 +4310,367 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.11.1" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "09a7526d23e50ddd", - "name": "fluent-bit", - "version": "25.11.1", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.11.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -4440,9 +4697,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4472,7 +4729,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -4517,9 +4774,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4601,260 +4858,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,23 +4953,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -4894,24 +4979,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4925,104 +5010,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5039,24 +5090,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -5071,24 +5108,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5102,122 +5136,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5225,25 +5227,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5251,24 +5245,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5285,11 +5276,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5322,8 +5324,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5376,8 +5378,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5477,8 +5479,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5569,8 +5571,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5619,8 +5621,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5711,8 +5713,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5753,8 +5755,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5848,8 +5850,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5890,8 +5892,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5985,8 +5987,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6047,8 +6049,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6138,9 +6140,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6156,7 +6158,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6191,9 +6193,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6283,9 +6285,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6301,7 +6303,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6336,9 +6338,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6417,20 +6419,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6438,16 +6440,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6457,42 +6459,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6500,16 +6494,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6518,7 +6512,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6526,21 +6520,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6554,14 +6548,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6571,20 +6576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6592,73 +6597,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6666,21 +6695,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6694,19 +6723,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6716,39 +6740,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6756,54 +6780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6811,21 +6849,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6839,19 +6877,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6884,8 +6917,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6932,8 +6965,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6968,8 +7001,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6987,10 +7020,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7029,8 +7062,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7077,8 +7110,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,8 +7146,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7129,13 +7162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7151,39 +7184,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7191,53 +7224,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -7252,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7280,23 +7307,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7308,20 +7329,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7329,97 +7350,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7427,21 +7424,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7458,11 +7455,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7495,8 +7497,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7556,8 +7558,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7648,8 +7650,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7716,8 +7718,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7825,8 +7827,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7887,8 +7889,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7978,9 +7980,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8002,7 +8004,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -8048,9 +8050,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8147,8 +8149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8209,8 +8211,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8301,8 +8303,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8362,8 +8364,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8429,109 +8431,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -8913,87 +8812,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.11.1.md b/docs/security/agent/grype-25.11.1.md index 1e6883c..59815f2 100644 --- a/docs/security/agent/grype-25.11.1.md +++ b/docs/security/agent/grype-25.11.1.md @@ -7,32 +7,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.11.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.11.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.11.2.json b/docs/security/agent/grype-25.11.2.json index 3ba977b..384e669 100644 --- a/docs/security/agent/grype-25.11.2.json +++ b/docs/security/agent/grype-25.11.2.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1736,8 +1736,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1901,8 +1901,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1976,8 +1976,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -2073,9 +2073,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2103,7 +2103,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2169,9 +2169,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2251,31 +2251,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2283,48 +2291,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2332,21 +2357,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2360,59 +2385,56 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2420,41 +2442,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2469,21 +2508,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2497,48 +2536,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2546,18 +2585,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2565,58 +2604,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2631,21 +2661,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2659,56 +2689,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2716,65 +2746,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2782,21 +2801,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2810,65 +2829,54 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2878,30 +2886,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2909,16 +2915,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2927,7 +2933,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2935,21 +2941,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2963,14 +2969,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2980,39 +2997,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3020,28 +3029,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3049,25 +3061,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3075,21 +3079,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3103,14 +3107,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3120,39 +3135,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3160,28 +3167,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3189,18 +3199,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3215,21 +3217,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3243,23 +3245,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3271,31 +3273,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3303,49 +3313,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3353,21 +3369,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3381,25 +3397,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3409,12 +3414,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3430,10 +3435,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3441,25 +3454,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3473,17 +3483,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3491,21 +3509,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3519,25 +3537,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3547,39 +3554,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3587,159 +3594,18 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.022779999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ @@ -3772,8 +3638,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3869,8 +3735,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3930,8 +3796,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4027,8 +3893,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4069,6 +3935,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4100,8 +3968,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4183,20 +4051,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4204,115 +4075,231 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01955 + "risk": 0.01785 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.11.2" + } }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "b08e28436378359a", + "name": "fluent-bit", + "version": "25.11.2", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:github/fluent/fluent-bit@25.11.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4323,97 +4310,367 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.11.2" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "b08e28436378359a", - "name": "fluent-bit", - "version": "25.11.2", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.11.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -4440,9 +4697,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4472,7 +4729,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -4517,9 +4774,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4601,260 +4858,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,23 +4953,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -4894,24 +4979,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4925,104 +5010,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5039,24 +5090,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -5071,24 +5108,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5102,122 +5136,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5225,25 +5227,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5251,24 +5245,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5285,11 +5276,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5322,8 +5324,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5376,8 +5378,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5477,8 +5479,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5569,8 +5571,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5619,8 +5621,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5711,8 +5713,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5753,8 +5755,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5848,8 +5850,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5890,8 +5892,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5985,8 +5987,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6047,8 +6049,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6138,9 +6140,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6156,7 +6158,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6191,9 +6193,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6283,9 +6285,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6301,7 +6303,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6336,9 +6338,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6417,20 +6419,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6438,16 +6440,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6457,42 +6459,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6500,16 +6494,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6518,7 +6512,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6526,21 +6520,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6554,14 +6548,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6571,20 +6576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6592,73 +6597,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6666,21 +6695,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6694,19 +6723,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6716,39 +6740,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6756,54 +6780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6811,21 +6849,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6839,19 +6877,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6884,8 +6917,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6932,8 +6965,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6968,8 +7001,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6987,10 +7020,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7029,8 +7062,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7077,8 +7110,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,8 +7146,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7129,13 +7162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7151,39 +7184,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7191,53 +7224,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -7252,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7280,23 +7307,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7308,20 +7329,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7329,97 +7350,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7427,21 +7424,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7458,11 +7455,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7495,8 +7497,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7556,8 +7558,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7648,8 +7650,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7716,8 +7718,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7825,8 +7827,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7887,8 +7889,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7978,9 +7980,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8002,7 +8004,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -8048,9 +8050,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8147,8 +8149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8209,8 +8211,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8301,8 +8303,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8362,8 +8364,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8429,109 +8431,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -8913,87 +8812,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.11.2.md b/docs/security/agent/grype-25.11.2.md index 2cab146..f7891ac 100644 --- a/docs/security/agent/grype-25.11.2.md +++ b/docs/security/agent/grype-25.11.2.md @@ -7,32 +7,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.11.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.11.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.12.1.json b/docs/security/agent/grype-25.12.1.json index faef8a9..9aec9f5 100644 --- a/docs/security/agent/grype-25.12.1.json +++ b/docs/security/agent/grype-25.12.1.json @@ -2,112 +2,95 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +98,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -143,133 +126,105 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -284,21 +239,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -312,28 +267,28 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -363,8 +318,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -419,8 +374,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -488,95 +443,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -584,21 +556,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -612,105 +584,133 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -725,21 +725,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -753,28 +753,28 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -804,8 +804,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -875,8 +875,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -978,8 +978,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1049,8 +1049,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1152,8 +1152,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1197,8 +1197,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1292,8 +1292,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1337,8 +1337,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1431,9 +1431,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1449,7 +1449,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1479,9 +1479,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1572,8 +1572,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1639,8 +1639,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1737,8 +1737,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1812,8 +1812,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1909,9 +1909,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -1939,7 +1939,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2005,9 +2005,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2087,31 +2087,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2119,48 +2127,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2168,21 +2193,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2196,59 +2221,56 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2256,41 +2278,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2305,21 +2344,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2333,48 +2372,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2382,18 +2421,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2401,58 +2440,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2467,21 +2497,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2495,56 +2525,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2552,65 +2582,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2618,21 +2637,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2646,65 +2665,54 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2714,30 +2722,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2745,16 +2751,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2763,7 +2769,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2771,21 +2777,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2799,14 +2805,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2816,39 +2833,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -2856,28 +2865,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2885,25 +2897,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2911,21 +2915,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -2939,14 +2943,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2956,39 +2971,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -2996,28 +3003,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3025,18 +3035,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3051,21 +3053,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -3079,23 +3081,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -3107,31 +3109,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3139,49 +3149,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3189,21 +3205,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3217,25 +3233,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3245,12 +3250,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3266,10 +3271,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3277,25 +3290,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3309,162 +3319,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "MIT" - ], - "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.022779999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -3485,7 +3351,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } @@ -3547,8 +3413,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3608,8 +3474,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3705,8 +3571,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3766,8 +3632,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3863,8 +3729,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -3905,6 +3771,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -3936,8 +3804,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4031,8 +3899,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4073,6 +3941,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4104,8 +3974,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4210,8 +4080,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4252,6 +4122,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4283,8 +4155,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4389,8 +4261,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4431,6 +4303,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4462,8 +4336,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4549,20 +4423,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4570,17 +4447,115 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.01785 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "da8fb8ec75f41cac", + "name": "fluent-bit", + "version": "25.12.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -4589,46 +4564,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01955 + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -4644,21 +4637,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -4672,13 +4665,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4689,140 +4682,168 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.01785 + "risk": 0.01133 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.1" - } + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da8fb8ec75f41cac", - "name": "fluent-bit", - "version": "25.12.1", - "type": "binary", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { @@ -4830,72 +4851,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4903,21 +4900,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4931,14 +4928,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4971,8 +4979,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5025,8 +5033,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5126,8 +5134,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5218,8 +5226,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5268,8 +5276,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5360,8 +5368,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5402,8 +5410,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5497,8 +5505,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5539,8 +5547,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5634,8 +5642,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -5696,8 +5704,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -5787,9 +5795,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5805,7 +5813,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -5840,9 +5848,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5932,9 +5940,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5950,7 +5958,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -5985,9 +5993,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6066,20 +6074,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6087,16 +6095,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6106,42 +6114,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6149,16 +6149,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6167,7 +6167,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6175,21 +6175,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6203,14 +6203,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6220,20 +6231,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6241,73 +6252,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6315,21 +6350,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6343,19 +6378,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6365,39 +6395,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6405,54 +6435,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6460,21 +6504,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6488,19 +6532,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6533,8 +6572,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6581,8 +6620,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6617,8 +6656,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "31d143a38566e735", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6636,10 +6675,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6678,8 +6717,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6726,8 +6765,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6762,8 +6801,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "1bd147c6291221f2", + "name": "libfdisk", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6781,10 +6820,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6823,8 +6862,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6871,8 +6910,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6907,8 +6946,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6923,13 +6962,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6968,8 +7007,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7016,8 +7055,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7032,7 +7071,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7041,7 +7080,7 @@ }, "package": { "name": "util-linux", - "version": "0:2.37.4-21.el9" + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -7052,8 +7091,8 @@ } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7068,20 +7107,19 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7114,8 +7152,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7162,8 +7200,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7198,8 +7236,8 @@ } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7214,23 +7252,13 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "BSD" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7246,39 +7274,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7286,60 +7314,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7347,21 +7369,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7375,25 +7397,20 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7403,20 +7420,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7424,97 +7441,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7522,21 +7515,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7550,14 +7543,29 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + ], + "cpes": [ + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7590,8 +7598,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7651,8 +7659,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7743,8 +7751,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7811,8 +7819,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7920,8 +7928,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7982,8 +7990,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -8073,9 +8081,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8097,7 +8105,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -8143,9 +8151,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8242,8 +8250,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8304,8 +8312,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8371,146 +8379,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-66382", - "epss": 0.00017, - "percentile": 0.03381, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.005015 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" - ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", - "cvss": [ - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-66382", - "epss": 0.00017, - "percentile": 0.03381, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-66382", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "MIT" - ], - "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-6170", @@ -8536,8 +8404,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8597,8 +8465,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8666,46 +8534,106 @@ }, { "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], + "epss": [ + { + "cve": "CVE-2025-66382", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.003835 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] + "severity": "Medium", + "urls": [ + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" + ], + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66382", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8713,21 +8641,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-52099", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -8741,25 +8669,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9149,87 +9066,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.12.1.md b/docs/security/agent/grype-25.12.1.md index 842d9a4..065fa11 100644 --- a/docs/security/agent/grype-25.12.1.md +++ b/docs/security/agent/grype-25.12.1.md @@ -6,19 +6,21 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | systemd-libs | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | systemd-pam | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | systemd-rpm-macros | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.12.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.12.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libfdisk | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | @@ -26,14 +28,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -61,6 +60,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.2.json b/docs/security/agent/grype-25.12.2.json index 1c2e1cf..85a7f1a 100644 --- a/docs/security/agent/grype-25.12.2.json +++ b/docs/security/agent/grype-25.12.2.json @@ -2,112 +2,95 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +98,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -143,133 +126,105 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -284,21 +239,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -312,28 +267,28 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -363,8 +318,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -419,8 +374,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -488,95 +443,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -584,21 +556,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -612,105 +584,133 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -725,21 +725,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -753,28 +753,28 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -804,8 +804,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -875,8 +875,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -978,8 +978,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1049,8 +1049,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1152,8 +1152,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1197,8 +1197,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1292,8 +1292,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1337,8 +1337,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1431,9 +1431,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1449,7 +1449,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1479,9 +1479,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1572,8 +1572,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1639,8 +1639,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1737,8 +1737,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1812,8 +1812,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1909,9 +1909,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -1939,7 +1939,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2005,9 +2005,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2087,31 +2087,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2119,48 +2127,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2168,21 +2193,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2196,59 +2221,56 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2256,41 +2278,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2305,21 +2344,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2333,48 +2372,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2382,18 +2421,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2401,58 +2440,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2467,21 +2497,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2495,56 +2525,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2552,65 +2582,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2618,21 +2637,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2646,65 +2665,54 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2714,30 +2722,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2745,16 +2751,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2763,7 +2769,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2771,21 +2777,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2799,14 +2805,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2816,39 +2833,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -2856,28 +2865,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2885,25 +2897,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2911,21 +2915,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -2939,14 +2943,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2956,39 +2971,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -2996,28 +3003,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3025,18 +3035,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3051,21 +3053,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -3079,23 +3081,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -3107,31 +3109,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3139,49 +3149,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3189,21 +3205,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3217,25 +3233,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3245,12 +3250,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3266,10 +3271,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3277,25 +3290,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3309,162 +3319,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "MIT" - ], - "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.022779999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -3485,7 +3351,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } @@ -3547,8 +3413,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3608,8 +3474,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3705,8 +3571,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3766,8 +3632,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3840,20 +3706,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3861,17 +3730,115 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.01785 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "2c6970bb425bdccc", + "name": "fluent-bit", + "version": "25.12.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -3880,46 +3847,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01955 + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -3935,21 +3920,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -3963,13 +3948,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3980,140 +3965,168 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.01785 + "risk": 0.01133 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.2" - } + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c6970bb425bdccc", - "name": "fluent-bit", - "version": "25.12.2", - "type": "binary", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { @@ -4121,72 +4134,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4194,21 +4183,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4222,14 +4211,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4262,8 +4262,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -4316,8 +4316,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -4417,8 +4417,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -4509,8 +4509,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -4559,8 +4559,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -4651,8 +4651,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -4693,8 +4693,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -4788,8 +4788,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -4830,8 +4830,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -4925,8 +4925,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -4987,8 +4987,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -5078,9 +5078,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5096,7 +5096,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -5131,9 +5131,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5223,9 +5223,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5241,7 +5241,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -5276,9 +5276,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5357,20 +5357,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -5378,16 +5378,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -5397,42 +5397,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -5440,16 +5432,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -5458,7 +5450,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5466,21 +5458,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5494,14 +5486,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5511,20 +5514,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -5532,73 +5535,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5606,21 +5633,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5634,19 +5661,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5656,39 +5678,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5696,54 +5718,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5751,21 +5787,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5779,19 +5815,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5824,8 +5855,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -5872,8 +5903,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -5908,8 +5939,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "31d143a38566e735", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -5927,10 +5958,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -5969,8 +6000,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6017,8 +6048,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6053,8 +6084,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "1bd147c6291221f2", + "name": "libfdisk", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6072,10 +6103,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6114,8 +6145,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6162,8 +6193,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6198,8 +6229,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6214,13 +6245,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6259,8 +6290,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6307,8 +6338,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6323,7 +6354,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6332,7 +6363,7 @@ }, "package": { "name": "util-linux", - "version": "0:2.37.4-21.el9" + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -6343,8 +6374,8 @@ } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6359,20 +6390,19 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6405,8 +6435,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6453,8 +6483,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6489,8 +6519,8 @@ } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6505,23 +6535,13 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "BSD" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6537,39 +6557,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6577,60 +6597,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6638,21 +6652,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6666,25 +6680,20 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6694,20 +6703,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6715,97 +6724,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6813,21 +6798,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6841,14 +6826,29 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + ], + "cpes": [ + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6881,8 +6881,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -6942,8 +6942,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7034,8 +7034,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7102,8 +7102,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7211,8 +7211,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7273,8 +7273,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7364,9 +7364,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -7388,7 +7388,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -7434,9 +7434,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -7533,8 +7533,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -7595,8 +7595,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -7662,146 +7662,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-66382", - "epss": 0.00017, - "percentile": 0.03381, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.005015 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" - ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", - "cvss": [ - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-66382", - "epss": 0.00017, - "percentile": 0.03381, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-66382", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "MIT" - ], - "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-6170", @@ -7827,8 +7687,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -7888,8 +7748,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -7957,46 +7817,106 @@ }, { "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], + "epss": [ + { + "cve": "CVE-2025-66382", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.003835 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] + "severity": "Medium", + "urls": [ + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" + ], + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66382", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8004,21 +7924,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-52099", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -8032,25 +7952,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8440,87 +8349,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.12.2.md b/docs/security/agent/grype-25.12.2.md index 9a0a16c..3cd994a 100644 --- a/docs/security/agent/grype-25.12.2.md +++ b/docs/security/agent/grype-25.12.2.md @@ -6,15 +6,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.12.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.12.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libfdisk | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | @@ -22,14 +24,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -57,6 +56,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.3.json b/docs/security/agent/grype-25.12.3.json index f1ea6eb..572b2c1 100644 --- a/docs/security/agent/grype-25.12.3.json +++ b/docs/security/agent/grype-25.12.3.json @@ -2,112 +2,95 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +98,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -143,133 +126,105 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -284,21 +239,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -312,28 +267,28 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -363,8 +318,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -419,8 +374,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -488,95 +443,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -584,21 +556,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -612,105 +584,133 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -725,21 +725,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -753,28 +753,28 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -804,8 +804,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -875,8 +875,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -978,8 +978,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1049,8 +1049,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1152,8 +1152,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1197,8 +1197,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1292,8 +1292,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1337,8 +1337,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1431,9 +1431,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1449,7 +1449,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1479,9 +1479,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1572,8 +1572,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1639,8 +1639,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1737,8 +1737,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1812,8 +1812,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1909,9 +1909,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -1939,7 +1939,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2005,9 +2005,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2087,31 +2087,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2119,48 +2127,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2168,21 +2193,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2196,59 +2221,56 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2256,41 +2278,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2305,21 +2344,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2333,48 +2372,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2382,18 +2421,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2401,58 +2440,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2467,21 +2497,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2495,56 +2525,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2552,65 +2582,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2618,21 +2637,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2646,65 +2665,54 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2714,30 +2722,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2745,16 +2751,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2763,7 +2769,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2771,21 +2777,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2799,14 +2805,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2816,39 +2833,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -2856,28 +2865,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2885,25 +2897,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2911,21 +2915,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -2939,14 +2943,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2956,39 +2971,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -2996,28 +3003,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3025,18 +3035,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3051,21 +3053,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -3079,23 +3081,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -3107,31 +3109,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3139,49 +3149,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3189,21 +3205,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3217,25 +3233,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3245,12 +3250,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3266,10 +3271,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3277,25 +3290,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3309,162 +3319,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "MIT" - ], - "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.022779999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -3485,7 +3351,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } @@ -3547,8 +3413,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3608,8 +3474,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3705,8 +3571,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3766,8 +3632,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3840,20 +3706,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3861,17 +3730,115 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.01785 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c4aab225b8ee48d6", + "name": "fluent-bit", + "version": "25.12.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -3880,46 +3847,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01955 + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -3935,21 +3920,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -3963,13 +3948,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3980,140 +3965,168 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.01785 + "risk": 0.01133 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.3" - } + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c4aab225b8ee48d6", - "name": "fluent-bit", - "version": "25.12.3", - "type": "binary", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { @@ -4121,72 +4134,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4194,21 +4183,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4222,14 +4211,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4262,8 +4262,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -4316,8 +4316,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -4417,8 +4417,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -4509,8 +4509,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -4559,8 +4559,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -4651,8 +4651,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -4693,8 +4693,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -4788,8 +4788,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -4830,8 +4830,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -4925,8 +4925,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -4987,8 +4987,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -5078,9 +5078,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5096,7 +5096,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -5131,9 +5131,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5223,9 +5223,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5241,7 +5241,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -5276,9 +5276,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5357,20 +5357,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -5378,16 +5378,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -5397,42 +5397,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -5440,16 +5432,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -5458,7 +5450,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5466,21 +5458,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5494,14 +5486,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5511,20 +5514,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -5532,73 +5535,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5606,21 +5633,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5634,19 +5661,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5656,39 +5678,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5696,54 +5718,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5751,21 +5787,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5779,19 +5815,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5824,8 +5855,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -5872,8 +5903,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -5908,8 +5939,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "31d143a38566e735", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -5927,10 +5958,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -5969,8 +6000,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6017,8 +6048,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6053,8 +6084,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "1bd147c6291221f2", + "name": "libfdisk", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6072,10 +6103,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6114,8 +6145,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6162,8 +6193,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6198,8 +6229,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6214,13 +6245,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6259,8 +6290,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6307,8 +6338,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6323,7 +6354,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6332,7 +6363,7 @@ }, "package": { "name": "util-linux", - "version": "0:2.37.4-21.el9" + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -6343,8 +6374,8 @@ } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6359,20 +6390,19 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6405,8 +6435,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6453,8 +6483,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6489,8 +6519,8 @@ } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6505,23 +6535,13 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "BSD" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6537,39 +6557,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6577,60 +6597,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6638,21 +6652,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6666,25 +6680,20 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6694,20 +6703,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6715,97 +6724,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6813,21 +6798,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6841,14 +6826,29 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + ], + "cpes": [ + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6881,8 +6881,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -6942,8 +6942,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7034,8 +7034,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7102,8 +7102,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7211,8 +7211,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7273,8 +7273,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7364,9 +7364,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -7388,7 +7388,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -7434,9 +7434,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -7533,8 +7533,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -7595,8 +7595,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -7662,146 +7662,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-66382", - "epss": 0.00017, - "percentile": 0.03381, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.005015 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" - ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", - "cvss": [ - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-66382", - "epss": 0.00017, - "percentile": 0.03381, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-66382", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "MIT" - ], - "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-6170", @@ -7827,8 +7687,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -7888,8 +7748,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -7957,46 +7817,106 @@ }, { "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], + "epss": [ + { + "cve": "CVE-2025-66382", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.003835 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] + "severity": "Medium", + "urls": [ + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" + ], + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66382", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8004,21 +7924,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-52099", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -8032,25 +7952,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8440,87 +8349,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.12.3.md b/docs/security/agent/grype-25.12.3.md index c9b0d52..fcd4621 100644 --- a/docs/security/agent/grype-25.12.3.md +++ b/docs/security/agent/grype-25.12.3.md @@ -6,15 +6,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.12.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.12.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libfdisk | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | @@ -22,14 +24,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -57,6 +56,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.7.1.json b/docs/security/agent/grype-25.7.1.json index af0cfd2..3be5494 100644 --- a/docs/security/agent/grype-25.7.1.json +++ b/docs/security/agent/grype-25.7.1.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "6b7ebba723f3d1d6", - "name": "curl-minimal", - "version": "7.76.1-31.el9", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,135 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-52533", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-52533", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 7, + "exploitabilityScore": 2.3, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-52533", + "epss": 0.02743, + "percentile": 0.85519, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-52533", + "cwe": "CWE-120", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.68.4-16.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-16.el9_6.2", + "date": "2025-07-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:11140", + "link": "https://access.redhat.com/errata/RHSA-2025:11140" + } + ], + "risk": 1.6458 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-52533", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-52533", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://gitlab.gnome.org/GNOME/glib/-/issues/3461", + "https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1", + "https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home", + "http://www.openwall.com/lists/oss-security/2024/11/12/11", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00020.html", + "https://security.netapp.com/advisory/ntap-20241206-0009/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-52533", + "epss": 0.02743, + "percentile": 0.85519, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-52533", + "cwe": "CWE-120", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +279,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-52533", + "versionConstraint": "< 0:2.68.4-16.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-16.el9_6.2" } } ], "artifact": { - "id": "b20b4850f0fa0e54", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -312,25 +310,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -340,101 +327,87 @@ }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -450,24 +423,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,126 +451,103 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-52533", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-52533", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 4.8 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-52533", - "epss": 0.02455, - "percentile": 0.84749, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-52533", - "cwe": "CWE-120", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.68.4-16.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.68.4-16.el9_6.2", - "date": "2025-07-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:11140", - "link": "https://access.redhat.com/errata/RHSA-2025:11140" - } - ], - "risk": 1.4729999999999999 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-52533", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-52533", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/3461", - "https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1", - "https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home", - "http://www.openwall.com/lists/oss-security/2024/11/12/11", - "https://lists.debian.org/debian-lts-announce/2024/11/msg00020.html", - "https://security.netapp.com/advisory/ntap-20241206-0009/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 5.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-52533", - "epss": 0.02455, - "percentile": 0.84749, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-52533", - "cwe": "CWE-120", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -609,7 +556,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -617,24 +564,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-52533", - "versionConstraint": "< 0:2.68.4-16.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.68.4-16.el9_6.2" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -648,17 +592,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -688,8 +643,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -744,8 +699,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -813,95 +768,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -909,21 +881,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "6b7ebba723f3d1d6", + "name": "curl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -937,105 +909,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1050,21 +1050,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "b20b4850f0fa0e54", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -1078,28 +1078,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -1129,8 +1129,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1200,8 +1200,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1303,8 +1303,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1374,8 +1374,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1477,8 +1477,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1522,8 +1522,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1617,8 +1617,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1662,8 +1662,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1756,9 +1756,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1774,7 +1774,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1804,9 +1804,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1874,76 +1874,93 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-32990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0759 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", - "namespace": "nvd:cpe", + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.089125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-32990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", + "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -1951,35 +1968,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1994,21 +2005,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32990", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2022,13 +2036,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2039,43 +2053,43 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2085,28 +2099,20 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.0759 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", @@ -2121,36 +2127,36 @@ "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2167,21 +2173,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -2195,13 +2201,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2212,37 +2218,37 @@ }, { "vulnerability": { - "id": "CVE-2025-32990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2266,12 +2272,12 @@ "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.06325 + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ @@ -2283,12 +2289,12 @@ "https://access.redhat.com/errata/RHSA-2025:17415", "https://access.redhat.com/errata/RHSA-2025:19088", "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", "http://www.openwall.com/lists/oss-security/2025/07/11/3", "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", @@ -2306,27 +2312,27 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2349,7 +2355,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32990", + "vulnerabilityID": "CVE-2025-32988", "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" }, "fix": { @@ -2391,20 +2397,20 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -2412,27 +2418,21 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" @@ -2443,7 +2443,186 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.066185 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" + ], + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:9f0b79be8c39d3327229ddefe91179edad3699b9049708d43623f4203b3b67fb", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2509,9 +2688,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2614,8 +2793,8 @@ { "cve": "CVE-2025-4373", "epss": 0.00119, - "percentile": 0.31597, - "date": "2025-12-15" + "percentile": 0.31669, + "date": "2025-12-21" } ], "cwes": [ @@ -2689,8 +2868,8 @@ { "cve": "CVE-2025-4373", "epss": 0.00119, - "percentile": 0.31597, - "date": "2025-12-15" + "percentile": 0.31669, + "date": "2025-12-21" } ], "cwes": [ @@ -2761,80 +2940,118 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.048924999999999996 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.048299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-6395", + "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" } - ] - } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2842,21 +3059,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6395", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "6b7ebba723f3d1d6", - "name": "curl-minimal", - "version": "7.76.1-31.el9", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2870,25 +3090,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2898,31 +3107,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2930,48 +3147,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2979,21 +3213,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b20b4850f0fa0e54", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3007,150 +3241,114 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.047725 + "advisories": [], + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 8.2, - "exploitabilityScore": 3.9, - "impactScore": 4.3 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3158,7 +3356,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3166,24 +3364,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3197,114 +3392,136 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-32989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.047355 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.044289999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-32989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", + "http://www.openwall.com/lists/oss-security/2025/07/11/3" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -3320,21 +3537,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32989", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -3348,247 +3568,85 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-5914", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 7.3, + "exploitabilityScore": 1.4, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2025-5914", + "epss": 0.00054, + "percentile": 0.17165, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5914", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.5.3-6.el9_6" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.5.3-6.el9_6", + "date": "2025-08-21", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.047355 + "advisories": [ + { + "id": "RHSA-2025:14130", + "link": "https://access.redhat.com/errata/RHSA-2025:14130" + } + ], + "risk": 0.03996 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-5914", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" - ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:9f0b79be8c39d3327229ddefe91179edad3699b9049708d43623f4203b3b67fb", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": 1, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-5914", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", - "namespace": "redhat:distro:redhat:9", - "severity": "High", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 1.4, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5914", - "epss": 0.00054, - "percentile": 0.17023, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5914", - "cwe": "CWE-415", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:3.5.3-6.el9_6" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.5.3-6.el9_6", - "date": "2025-08-21", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2025:14130", - "link": "https://access.redhat.com/errata/RHSA-2025:14130" - } - ], - "risk": 0.03996 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5914", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", - "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Critical", "urls": [ "https://access.redhat.com/errata/RHSA-2025:14130", "https://access.redhat.com/errata/RHSA-2025:14135", @@ -3651,8 +3709,8 @@ { "cve": "CVE-2025-5914", "epss": 0.00054, - "percentile": 0.17023, - "date": "2025-12-15" + "percentile": 0.17165, + "date": "2025-12-21" } ], "cwes": [ @@ -3746,8 +3804,8 @@ { "cve": "CVE-2025-4207", "epss": 0.00067, - "percentile": 0.20798, - "date": "2025-12-15" + "percentile": 0.20933, + "date": "2025-12-21" } ], "cwes": [ @@ -3795,8 +3853,8 @@ { "cve": "CVE-2025-4207", "epss": 0.00067, - "percentile": 0.20798, - "date": "2025-12-15" + "percentile": 0.20933, + "date": "2025-12-21" } ], "cwes": [ @@ -3864,140 +3922,85 @@ }, { "vulnerability": { - "id": "CVE-2022-29458", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", + "id": "CVE-2025-12818", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-12818", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application segmentation fault or crash when using libpq to connect to a PostgreSQL server.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00079, - "percentile": 0.23812, - "date": "2025-12-15" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [ - "0:6.2-10.20210508.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:6.2-10.20210508.el9_6.2", - "date": "2025-08-06", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12876", - "link": "https://access.redhat.com/errata/RHSA-2025:12876" - } - ], - "risk": 0.035945 + "advisories": [], + "risk": 0.035625000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-29458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2022/Oct/28", - "http://seclists.org/fulldisclosure/2022/Oct/41", - "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", - "https://support.apple.com/kb/HT213488" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "metrics": { - "baseScore": 5.8, - "exploitabilityScore": 8.6, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00079, - "percentile": 0.23812, - "date": "2025-12-15" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] @@ -4005,7 +4008,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4013,24 +4016,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "libpq", + "version": "0:13.20-1.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-29458", - "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:6.2-10.20210508.el9_6.2" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f866293dd48b75b0", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9", + "id": "9e9440b1f6d978f7", + "name": "libpq", + "version": "13.20-1.el9_5", "type": "rpm", "locations": [ { @@ -4044,25 +4044,156 @@ ], "language": "", "licenses": [ - "MIT" + "PostgreSQL" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:libpq:13.20-1.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:libpq:libpq:13.20-1.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ + "purl": "pkg:rpm/redhat/libpq@13.20-1.el9_5?arch=x86_64&distro=rhel-9.6&upstream=libpq-13.20-1.el9_5.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-45322", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:9f0b79be8c39d3327229ddefe91179edad3699b9049708d43623f4203b3b67fb", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4094,9 +4225,9 @@ "epss": [ { "cve": "CVE-2022-29458", - "epss": 0.00079, - "percentile": 0.23812, - "date": "2025-12-15" + "epss": 0.00068, + "percentile": 0.21116, + "date": "2025-12-21" } ], "cwes": [ @@ -4132,7 +4263,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:12876" } ], - "risk": 0.035945 + "risk": 0.03094 }, "relatedVulnerabilities": [ { @@ -4190,9 +4321,9 @@ "epss": [ { "cve": "CVE-2022-29458", - "epss": 0.00079, - "percentile": 0.23812, - "date": "2025-12-15" + "epss": 0.00068, + "percentile": 0.21116, + "date": "2025-12-21" } ], "cwes": [ @@ -4236,8 +4367,8 @@ } ], "artifact": { - "id": "f3ef10418ec3cca6", - "name": "ncurses-libs", + "id": "f866293dd48b75b0", + "name": "ncurses-base", "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ @@ -4255,16 +4386,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", "upstreams": [ { "name": "ncurses", @@ -4280,85 +4411,140 @@ }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-12818", + "id": "CVE-2022-29458", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application segmentation fault or crash when using libpq to connect to a PostgreSQL server.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "cve": "CVE-2022-29458", + "epss": 0.00068, + "percentile": 0.21116, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:6.2-10.20210508.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:6.2-10.20210508.el9_6.2", + "date": "2025-08-06", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.035625000000000004 + "advisories": [ + { + "id": "RHSA-2025:12876", + "link": "https://access.redhat.com/errata/RHSA-2025:12876" + } + ], + "risk": 0.03094 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2022-29458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", + "https://support.apple.com/kb/HT213488" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "metrics": { + "baseScore": 5.8, + "exploitabilityScore": 8.6, + "impactScore": 5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "cve": "CVE-2022-29458", + "epss": 0.00068, + "percentile": 0.21116, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4366,7 +4552,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4374,21 +4560,24 @@ "version": "9.6" }, "package": { - "name": "libpq", - "version": "0:13.20-1.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2022-29458", + "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:6.2-10.20210508.el9_6.2" } } ], "artifact": { - "id": "9e9440b1f6d978f7", - "name": "libpq", - "version": "13.20-1.el9_5", + "id": "f3ef10418ec3cca6", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -4402,14 +4591,25 @@ ], "language": "", "licenses": [ - "PostgreSQL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:libpq:13.20-1.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:libpq:libpq:13.20-1.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/libpq@13.20-1.el9_5?arch=x86_64&distro=rhel-9.6&upstream=libpq-13.20-1.el9_5.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4419,111 +4619,87 @@ }, { "vulnerability": { - "id": "CVE-2025-6395", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.033925 + "advisories": [], + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6395", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-6395", - "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4538,24 +4714,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6395", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4569,13 +4742,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4586,37 +4759,37 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -4626,30 +4799,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4657,16 +4828,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -4675,7 +4846,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4683,21 +4854,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4711,14 +4882,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4728,116 +4910,81 @@ }, { "vulnerability": { - "id": "CVE-2025-32989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.028325000000000003 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", - "http://www.openwall.com/lists/oss-security/2025/07/11/3" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4845,24 +4992,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32989", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "f866293dd48b75b0", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -4876,14 +5020,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4893,39 +5048,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -4933,28 +5080,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4962,25 +5112,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4988,21 +5130,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "f3ef10418ec3cca6", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -5016,14 +5158,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5033,94 +5186,142 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-7425", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7425", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "cve": "CVE-2025-7425", + "epss": 0.0003, + "percentile": 0.08143, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7425", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-11.el9_6" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-11.el9_6", + "date": "2025-08-01", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.025315 + "advisories": [ + { + "id": "RHSA-2025:12447", + "link": "https://access.redhat.com/errata/RHSA-2025:12447" + } + ], + "risk": 0.022949999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-7425", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/errata/RHSA-2025:12447", + "https://access.redhat.com/errata/RHSA-2025:12450", + "https://access.redhat.com/errata/RHSA-2025:13267", + "https://access.redhat.com/errata/RHSA-2025:13308", + "https://access.redhat.com/errata/RHSA-2025:13309", + "https://access.redhat.com/errata/RHSA-2025:13310", + "https://access.redhat.com/errata/RHSA-2025:13311", + "https://access.redhat.com/errata/RHSA-2025:13312", + "https://access.redhat.com/errata/RHSA-2025:13313", + "https://access.redhat.com/errata/RHSA-2025:13314", + "https://access.redhat.com/errata/RHSA-2025:13335", + "https://access.redhat.com/errata/RHSA-2025:13464", + "https://access.redhat.com/errata/RHSA-2025:13622", + "https://access.redhat.com/errata/RHSA-2025:14059", + "https://access.redhat.com/errata/RHSA-2025:14396", + "https://access.redhat.com/errata/RHSA-2025:14818", + "https://access.redhat.com/errata/RHSA-2025:14819", + "https://access.redhat.com/errata/RHSA-2025:14853", + "https://access.redhat.com/errata/RHSA-2025:14858", + "https://access.redhat.com/errata/RHSA-2025:15308", + "https://access.redhat.com/errata/RHSA-2025:15672", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:21885", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/security/cve/CVE-2025-7425", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379274", + "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140", + "http://seclists.org/fulldisclosure/2025/Aug/0", + "http://seclists.org/fulldisclosure/2025/Jul/30", + "http://seclists.org/fulldisclosure/2025/Jul/32", + "http://seclists.org/fulldisclosure/2025/Jul/35", + "http://seclists.org/fulldisclosure/2025/Jul/37", + "http://www.openwall.com/lists/oss-security/2025/07/11/2", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "cve": "CVE-2025-7425", + "epss": 0.0003, + "percentile": 0.08143, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7425", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5128,21 +5329,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-7425", + "versionConstraint": "< 0:2.9.13-11.el9_6 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-11.el9_6" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -5156,25 +5360,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5184,31 +5377,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5216,49 +5417,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5266,21 +5473,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f866293dd48b75b0", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -5294,25 +5501,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5322,12 +5518,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -5343,156 +5539,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f3ef10418ec3cca6", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:9f0b79be8c39d3327229ddefe91179edad3699b9049708d43623f4203b3b67fb", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "MIT" - ], - "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5500,48 +5558,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.022779999999999998 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5562,7 +5619,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } @@ -5624,8 +5681,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -5685,8 +5742,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -5782,8 +5839,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -5843,8 +5900,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -5940,8 +5997,8 @@ { "cve": "CVE-2025-32414", "epss": 0.0004, - "percentile": 0.1197, - "date": "2025-12-15" + "percentile": 0.12083, + "date": "2025-12-21" } ], "cwes": [ @@ -6020,8 +6077,8 @@ { "cve": "CVE-2025-32414", "epss": 0.0004, - "percentile": 0.1197, - "date": "2025-12-15" + "percentile": 0.12083, + "date": "2025-12-21" } ], "cwes": [ @@ -6121,8 +6178,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -6163,6 +6220,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -6194,8 +6253,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -6277,20 +6336,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6298,142 +6360,91 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01955 + "risk": 0.01785 }, - "relatedVulnerabilities": [ + "relatedVulnerabilities": [], + "matchDetails": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.7.2" + } }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", - "type": "rpm", + "id": "12750b0154864a80", + "name": "fluent-bit", + "version": "25.7.2", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:9f0b79be8c39d3327229ddefe91179edad3699b9049708d43623f4203b3b67fb", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:b5cacb7493b82207944416629028f215df554c7ef8d27bea457ac23f17a089ae", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.7.2", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-32415", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32415", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6441,206 +6452,271 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-32415", + "epss": 0.00024, + "percentile": 0.05959, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-32415", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-32415", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "0:2.9.13-12.el9_6" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-12.el9_6", + "date": "2025-08-08", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:13428", + "link": "https://access.redhat.com/errata/RHSA-2025:13428" + } + ], + "risk": 0.015000000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-32415", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" + ], + "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-32415", + "epss": 0.00024, + "percentile": 0.05959, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32415", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-32415", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.7.2" - } + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-32415", + "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-12.el9_6" } } ], "artifact": { - "id": "12750b0154864a80", - "name": "fluent-bit", - "version": "25.7.2", - "type": "binary", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:b5cacb7493b82207944416629028f215df554c7ef8d27bea457ac23f17a089ae", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:9f0b79be8c39d3327229ddefe91179edad3699b9049708d43623f4203b3b67fb", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.7.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-7425", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7425", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7425", - "epss": 0.00022, - "percentile": 0.04984, - "date": "2025-12-15" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-7425", - "cwe": "CWE-416", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-11.el9_6" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-11.el9_6", - "date": "2025-08-01", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12447", - "link": "https://access.redhat.com/errata/RHSA-2025:12447" - } - ], - "risk": 0.01683 + "advisories": [], + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7425", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:12447", - "https://access.redhat.com/errata/RHSA-2025:12450", - "https://access.redhat.com/errata/RHSA-2025:13267", - "https://access.redhat.com/errata/RHSA-2025:13308", - "https://access.redhat.com/errata/RHSA-2025:13309", - "https://access.redhat.com/errata/RHSA-2025:13310", - "https://access.redhat.com/errata/RHSA-2025:13311", - "https://access.redhat.com/errata/RHSA-2025:13312", - "https://access.redhat.com/errata/RHSA-2025:13313", - "https://access.redhat.com/errata/RHSA-2025:13314", - "https://access.redhat.com/errata/RHSA-2025:13335", - "https://access.redhat.com/errata/RHSA-2025:13464", - "https://access.redhat.com/errata/RHSA-2025:13622", - "https://access.redhat.com/errata/RHSA-2025:14059", - "https://access.redhat.com/errata/RHSA-2025:14396", - "https://access.redhat.com/errata/RHSA-2025:14818", - "https://access.redhat.com/errata/RHSA-2025:14819", - "https://access.redhat.com/errata/RHSA-2025:14853", - "https://access.redhat.com/errata/RHSA-2025:14858", - "https://access.redhat.com/errata/RHSA-2025:15308", - "https://access.redhat.com/errata/RHSA-2025:15672", - "https://access.redhat.com/errata/RHSA-2025:15827", - "https://access.redhat.com/errata/RHSA-2025:15828", - "https://access.redhat.com/errata/RHSA-2025:18219", - "https://access.redhat.com/errata/RHSA-2025:21885", - "https://access.redhat.com/errata/RHSA-2025:21913", - "https://access.redhat.com/security/cve/CVE-2025-7425", - "https://bugzilla.redhat.com/show_bug.cgi?id=2379274", - "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140", - "http://seclists.org/fulldisclosure/2025/Aug/0", - "http://seclists.org/fulldisclosure/2025/Jul/30", - "http://seclists.org/fulldisclosure/2025/Jul/32", - "http://seclists.org/fulldisclosure/2025/Jul/35", - "http://seclists.org/fulldisclosure/2025/Jul/37", - "http://www.openwall.com/lists/oss-security/2025/07/11/2", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7425", - "epss": 0.00022, - "percentile": 0.04984, - "date": "2025-12-15" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-7425", - "cwe": "CWE-416", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6655,24 +6731,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7425", - "versionConstraint": "< 0:2.9.13-11.el9_6 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-11.el9_6" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6686,13 +6759,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6703,115 +6776,120 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.34.1-9.el9_7" + "1:3.5.1-4.el9_7" ], "state": "fixed", "available": [ { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "risk": 0.01672 + "risk": 0.013779999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "High", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -6819,7 +6897,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6827,24 +6905,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-7.el9_3" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "45f6f999e295a17b", - "name": "sqlite-libs", - "version": "3.34.1-7.el9_3", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6858,111 +6936,108 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-7.el9_3?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-7.el9_3.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-7.el9_3" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-32415", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32415", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32415", - "epss": 0.00024, - "percentile": 0.05692, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32415", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-32415", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { "versions": [ - "0:2.9.13-12.el9_6" + "1:3.5.1-4.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-12.el9_6", - "date": "2025-08-08", + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:13428", - "link": "https://access.redhat.com/errata/RHSA-2025:13428" + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "risk": 0.015000000000000001 + "risk": 0.013779999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32415", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6971,47 +7046,35 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32415", - "epss": 0.00024, - "percentile": 0.05692, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32415", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-32415", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7019,24 +7082,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32415", - "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-12.el9_6" + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7050,116 +7113,143 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2025-6965", + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-168.el9_6.23" + "0:3.34.1-9.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01426 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", "type": "Secondary", "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", "metrics": { - "baseScore": 5.9 + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2025-6965", + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ] @@ -7167,7 +7257,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7175,24 +7265,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.20" + "name": "sqlite", + "version": "3.34.1-7.el9_3" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "da5839ff511a0a9f", - "name": "glibc", - "version": "2.34-168.el9_6.20", + "id": "45f6f999e295a17b", + "name": "sqlite-libs", + "version": "3.34.1-7.el9_3", "type": "rpm", "locations": [ { @@ -7206,14 +7296,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-7.el9_3?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-7.el9_3.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-7.el9_3" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7223,99 +7324,112 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-168.el9_6.23" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.01426 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -7323,7 +7437,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7331,24 +7445,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "74f56e50def25fa2", - "name": "glibc-common", - "version": "2.34-168.el9_6.20", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -7362,25 +7476,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.20" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7390,100 +7493,73 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], - "epss": [ - { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "epss": [ { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], - "risk": 0.01426 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -7498,24 +7574,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dd1fd0cf3974da95", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.20", + "id": "6b7ebba723f3d1d6", + "name": "curl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -7529,27 +7602,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "curl", + "version": "7.76.1-31.el9" } ], "metadataType": "RpmMetadata", @@ -7561,100 +7630,73 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" - } - ], - "risk": 0.01426 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -7669,24 +7711,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b930958ae5e6f15d", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.20", + "id": "b20b4850f0fa0e54", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -7700,27 +7739,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "curl", + "version": "7.76.1-31.el9" } ], "metadataType": "RpmMetadata", @@ -7732,45 +7767,45 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" }, { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7778,65 +7813,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.0105 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" }, { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -7851,21 +7874,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -7879,13 +7902,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7896,120 +7919,183 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-29477", + "epss": 0.00019, + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "" }, - "advisories": [ + "advisories": [], + "risk": 0.009975000000000001 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.7.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "12750b0154864a80", + "name": "fluent-bit", + "version": "25.7.2", + "type": "binary", + "locations": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:b5cacb7493b82207944416629028f215df554c7ef8d27bea457ac23f17a089ae", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } } ], - "risk": 0.013779999999999999 + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.7.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00015, + "percentile": 0.02481, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009525 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-13601", + "epss": 0.00015, + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8025,24 +8111,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -8056,138 +8139,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-10966", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.009265000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -8202,24 +8237,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-10966", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "6b7ebba723f3d1d6", + "name": "curl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -8233,48 +8265,48 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-10966", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8282,99 +8314,59 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.009265000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" - ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8382,24 +8374,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-10966", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "b20b4850f0fa0e54", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -8416,11 +8405,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8430,45 +8430,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "cve": "CVE-2025-5915", + "epss": 0.00026, + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -8476,53 +8470,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "cve": "CVE-2025-5915", + "epss": 0.00026, + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -8543,7 +8545,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } @@ -8576,139 +8578,44 @@ "metadataType": "RpmMetadata", "metadata": { "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.7.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "12750b0154864a80", - "name": "fluent-bit", - "version": "25.7.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:b5cacb7493b82207944416629028f215df554c7ef8d27bea457ac23f17a089ae", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.7.2", - "upstreams": [] + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -8717,48 +8624,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8774,21 +8684,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8802,48 +8712,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -8851,41 +8769,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -8900,21 +8829,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6b7ebba723f3d1d6", - "name": "curl-minimal", - "version": "7.76.1-31.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8928,59 +8857,67 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8988,41 +8925,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -9037,21 +8986,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b20b4850f0fa0e54", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9065,23 +9014,23 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -9093,101 +9042,111 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -9208,7 +9167,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } @@ -9247,38 +9206,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9287,51 +9246,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9347,21 +9315,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -9375,108 +9343,116 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008235 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.00782 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9484,7 +9460,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9492,21 +9468,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "0:2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "da5839ff511a0a9f", + "name": "glibc", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9520,128 +9499,116 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007935 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.00782 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9649,7 +9616,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9657,21 +9624,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "74f56e50def25fa2", + "name": "glibc-common", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9685,14 +9655,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.20" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9702,87 +9683,100 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007769999999999997 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.00782 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -9797,21 +9791,24 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "dd1fd0cf3974da95", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9825,17 +9822,27 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" } ], "metadataType": "RpmMetadata", @@ -9847,87 +9854,100 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007769999999999997 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.00782 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -9942,21 +9962,24 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b930958ae5e6f15d", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9970,17 +9993,27 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" } ], "metadataType": "RpmMetadata", @@ -10015,8 +10048,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -10063,8 +10096,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -10099,8 +10132,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -10118,10 +10151,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -10160,8 +10193,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -10208,8 +10241,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -10244,8 +10277,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -10260,13 +10293,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -10282,39 +10315,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -10322,53 +10355,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -10383,21 +10410,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -10411,23 +10438,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -10439,20 +10460,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -10460,97 +10481,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10558,21 +10555,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -10589,11 +10586,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10626,8 +10628,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -10687,8 +10689,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -10779,8 +10781,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -10847,8 +10849,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -10956,8 +10958,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -11018,8 +11020,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -11109,9 +11111,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -11133,7 +11135,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -11179,9 +11181,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -11278,8 +11280,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -11340,8 +11342,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -11432,8 +11434,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -11493,8 +11495,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -11560,109 +11562,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-7.el9_3" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "45f6f999e295a17b", - "name": "sqlite-libs", - "version": "3.34.1-7.el9_3", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:9f0b79be8c39d3327229ddefe91179edad3699b9049708d43623f4203b3b67fb", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-7.el9_3?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-7.el9_3.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-7.el9_3" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -12016,87 +11915,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.7.1.md b/docs/security/agent/grype-25.7.1.md index a7ce025..bba590d 100644 --- a/docs/security/agent/grype-25.7.1.md +++ b/docs/security/agent/grype-25.7.1.md @@ -11,44 +11,43 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9 | [CVE-2024-52533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52533) | Medium | | glib2 | 2.68.4-16.el9 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | -| glib2 | 2.68.4-16.el9 | [CVE-2025-4373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4373) | Medium | -| curl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | Medium | -| libpq | 13.20-1.el9_5 | [CVE-2025-4207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4207) | Medium | -| libpq | 13.20-1.el9_5 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | +| glib2 | 2.68.4-16.el9 | [CVE-2025-4373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4373) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-6395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6395) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989) | Medium | +| libpq | 13.20-1.el9_5 | [CVE-2025-4207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4207) | Medium | +| libpq | 13.20-1.el9_5 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | +| glib2 | 2.68.4-16.el9 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-32414](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414) | Medium | | systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| glib2 | 2.68.4-16.el9 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.7.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-32415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415) | Medium | -| glibc | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | -| glibc-common | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | -| glibc-langpack-en | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | -| glibc-minimal-langpack | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-5.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.7.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-5.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| glibc | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | +| glibc-common | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | +| glibc-langpack-en | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | +| glibc-minimal-langpack | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-5.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-7.el9_3 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-10.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-10.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -58,9 +57,9 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-5.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| libxml2 | 2.9.13-10.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | ncurses-base | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | | ncurses-libs | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | -| libxml2 | 2.9.13-10.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | ncurses-base | 6.2-10.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | diff --git a/docs/security/agent/grype-25.7.2.json b/docs/security/agent/grype-25.7.2.json index 4198a90..b751855 100644 --- a/docs/security/agent/grype-25.7.2.json +++ b/docs/security/agent/grype-25.7.2.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "6b7ebba723f3d1d6", - "name": "curl-minimal", - "version": "7.76.1-31.el9", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,135 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-52533", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-52533", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 7, + "exploitabilityScore": 2.3, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-52533", + "epss": 0.02743, + "percentile": 0.85519, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-52533", + "cwe": "CWE-120", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.68.4-16.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-16.el9_6.2", + "date": "2025-07-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:11140", + "link": "https://access.redhat.com/errata/RHSA-2025:11140" + } + ], + "risk": 1.6458 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-52533", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-52533", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://gitlab.gnome.org/GNOME/glib/-/issues/3461", + "https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1", + "https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home", + "http://www.openwall.com/lists/oss-security/2024/11/12/11", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00020.html", + "https://security.netapp.com/advisory/ntap-20241206-0009/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-52533", + "epss": 0.02743, + "percentile": 0.85519, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-52533", + "cwe": "CWE-120", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +279,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-52533", + "versionConstraint": "< 0:2.68.4-16.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-16.el9_6.2" } } ], "artifact": { - "id": "b20b4850f0fa0e54", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -312,25 +310,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -340,101 +327,87 @@ }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -450,24 +423,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,126 +451,103 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-52533", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-52533", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 4.8 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-52533", - "epss": 0.02455, - "percentile": 0.84749, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-52533", - "cwe": "CWE-120", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.68.4-16.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.68.4-16.el9_6.2", - "date": "2025-07-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:11140", - "link": "https://access.redhat.com/errata/RHSA-2025:11140" - } - ], - "risk": 1.4729999999999999 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-52533", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-52533", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/3461", - "https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1", - "https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home", - "http://www.openwall.com/lists/oss-security/2024/11/12/11", - "https://lists.debian.org/debian-lts-announce/2024/11/msg00020.html", - "https://security.netapp.com/advisory/ntap-20241206-0009/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 5.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-52533", - "epss": 0.02455, - "percentile": 0.84749, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-52533", - "cwe": "CWE-120", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -609,7 +556,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -617,24 +564,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-52533", - "versionConstraint": "< 0:2.68.4-16.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.68.4-16.el9_6.2" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -648,17 +592,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -688,8 +643,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -744,8 +699,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -813,95 +768,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -909,21 +881,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "6b7ebba723f3d1d6", + "name": "curl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -937,105 +909,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1050,21 +1050,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "b20b4850f0fa0e54", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -1078,28 +1078,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -1129,8 +1129,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1200,8 +1200,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1303,8 +1303,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1374,8 +1374,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1477,8 +1477,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1522,8 +1522,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1617,8 +1617,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1662,8 +1662,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1756,9 +1756,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1774,7 +1774,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1804,9 +1804,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1874,76 +1874,93 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-32990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0759 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", - "namespace": "nvd:cpe", + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.089125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-32990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", + "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -1951,35 +1968,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1994,21 +2005,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32990", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2022,13 +2036,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2039,43 +2053,43 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2085,28 +2099,20 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.0759 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", @@ -2121,36 +2127,36 @@ "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2167,21 +2173,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -2195,13 +2201,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2212,37 +2218,37 @@ }, { "vulnerability": { - "id": "CVE-2025-32990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2266,12 +2272,12 @@ "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.06325 + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ @@ -2283,12 +2289,12 @@ "https://access.redhat.com/errata/RHSA-2025:17415", "https://access.redhat.com/errata/RHSA-2025:19088", "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", "http://www.openwall.com/lists/oss-security/2025/07/11/3", "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", @@ -2306,27 +2312,27 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2349,7 +2355,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32990", + "vulnerabilityID": "CVE-2025-32988", "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" }, "fix": { @@ -2391,20 +2397,20 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -2412,27 +2418,21 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" @@ -2443,7 +2443,186 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.066185 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" + ], + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ae5872a20ea86e6a5ad9645ef9a8b10c3a72f912eda3ccbf7db35c7bfa34be38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2509,9 +2688,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2614,8 +2793,8 @@ { "cve": "CVE-2025-4373", "epss": 0.00119, - "percentile": 0.31597, - "date": "2025-12-15" + "percentile": 0.31669, + "date": "2025-12-21" } ], "cwes": [ @@ -2689,8 +2868,8 @@ { "cve": "CVE-2025-4373", "epss": 0.00119, - "percentile": 0.31597, - "date": "2025-12-15" + "percentile": 0.31669, + "date": "2025-12-21" } ], "cwes": [ @@ -2761,80 +2940,118 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.048924999999999996 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.048299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-6395", + "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" } - ] - } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2842,21 +3059,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6395", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "6b7ebba723f3d1d6", - "name": "curl-minimal", - "version": "7.76.1-31.el9", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2870,25 +3090,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2898,31 +3107,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2930,48 +3147,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2979,21 +3213,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b20b4850f0fa0e54", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3007,150 +3241,114 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.047725 + "advisories": [], + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 8.2, - "exploitabilityScore": 3.9, - "impactScore": 4.3 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3158,7 +3356,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3166,24 +3364,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3197,114 +3392,136 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-32989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.047355 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.044289999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-32989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", + "http://www.openwall.com/lists/oss-security/2025/07/11/3" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -3320,21 +3537,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32989", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -3348,247 +3568,85 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-5914", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 7.3, + "exploitabilityScore": 1.4, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2025-5914", + "epss": 0.00054, + "percentile": 0.17165, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5914", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.5.3-6.el9_6" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.5.3-6.el9_6", + "date": "2025-08-21", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.047355 + "advisories": [ + { + "id": "RHSA-2025:14130", + "link": "https://access.redhat.com/errata/RHSA-2025:14130" + } + ], + "risk": 0.03996 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-5914", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" - ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ae5872a20ea86e6a5ad9645ef9a8b10c3a72f912eda3ccbf7db35c7bfa34be38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": 1, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-5914", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", - "namespace": "redhat:distro:redhat:9", - "severity": "High", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 1.4, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5914", - "epss": 0.00054, - "percentile": 0.17023, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5914", - "cwe": "CWE-415", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:3.5.3-6.el9_6" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.5.3-6.el9_6", - "date": "2025-08-21", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2025:14130", - "link": "https://access.redhat.com/errata/RHSA-2025:14130" - } - ], - "risk": 0.03996 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5914", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", - "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Critical", "urls": [ "https://access.redhat.com/errata/RHSA-2025:14130", "https://access.redhat.com/errata/RHSA-2025:14135", @@ -3651,8 +3709,8 @@ { "cve": "CVE-2025-5914", "epss": 0.00054, - "percentile": 0.17023, - "date": "2025-12-15" + "percentile": 0.17165, + "date": "2025-12-21" } ], "cwes": [ @@ -3746,8 +3804,8 @@ { "cve": "CVE-2025-4207", "epss": 0.00067, - "percentile": 0.20798, - "date": "2025-12-15" + "percentile": 0.20933, + "date": "2025-12-21" } ], "cwes": [ @@ -3795,8 +3853,8 @@ { "cve": "CVE-2025-4207", "epss": 0.00067, - "percentile": 0.20798, - "date": "2025-12-15" + "percentile": 0.20933, + "date": "2025-12-21" } ], "cwes": [ @@ -3864,140 +3922,85 @@ }, { "vulnerability": { - "id": "CVE-2022-29458", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", + "id": "CVE-2025-12818", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-12818", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application segmentation fault or crash when using libpq to connect to a PostgreSQL server.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00079, - "percentile": 0.23812, - "date": "2025-12-15" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [ - "0:6.2-10.20210508.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:6.2-10.20210508.el9_6.2", - "date": "2025-08-06", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12876", - "link": "https://access.redhat.com/errata/RHSA-2025:12876" - } - ], - "risk": 0.035945 + "advisories": [], + "risk": 0.035625000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-29458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2022/Oct/28", - "http://seclists.org/fulldisclosure/2022/Oct/41", - "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", - "https://support.apple.com/kb/HT213488" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "metrics": { - "baseScore": 5.8, - "exploitabilityScore": 8.6, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00079, - "percentile": 0.23812, - "date": "2025-12-15" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] @@ -4005,7 +4008,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4013,24 +4016,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "libpq", + "version": "0:13.20-1.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-29458", - "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:6.2-10.20210508.el9_6.2" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f866293dd48b75b0", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9", + "id": "9e9440b1f6d978f7", + "name": "libpq", + "version": "13.20-1.el9_5", "type": "rpm", "locations": [ { @@ -4044,25 +4044,156 @@ ], "language": "", "licenses": [ - "MIT" + "PostgreSQL" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:libpq:13.20-1.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:libpq:libpq:13.20-1.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ + "purl": "pkg:rpm/redhat/libpq@13.20-1.el9_5?arch=x86_64&distro=rhel-9.6&upstream=libpq-13.20-1.el9_5.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-45322", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ae5872a20ea86e6a5ad9645ef9a8b10c3a72f912eda3ccbf7db35c7bfa34be38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4094,9 +4225,9 @@ "epss": [ { "cve": "CVE-2022-29458", - "epss": 0.00079, - "percentile": 0.23812, - "date": "2025-12-15" + "epss": 0.00068, + "percentile": 0.21116, + "date": "2025-12-21" } ], "cwes": [ @@ -4132,7 +4263,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:12876" } ], - "risk": 0.035945 + "risk": 0.03094 }, "relatedVulnerabilities": [ { @@ -4190,9 +4321,9 @@ "epss": [ { "cve": "CVE-2022-29458", - "epss": 0.00079, - "percentile": 0.23812, - "date": "2025-12-15" + "epss": 0.00068, + "percentile": 0.21116, + "date": "2025-12-21" } ], "cwes": [ @@ -4236,8 +4367,8 @@ } ], "artifact": { - "id": "f3ef10418ec3cca6", - "name": "ncurses-libs", + "id": "f866293dd48b75b0", + "name": "ncurses-base", "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ @@ -4255,16 +4386,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", "upstreams": [ { "name": "ncurses", @@ -4280,85 +4411,140 @@ }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-12818", + "id": "CVE-2022-29458", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application segmentation fault or crash when using libpq to connect to a PostgreSQL server.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "cve": "CVE-2022-29458", + "epss": 0.00068, + "percentile": 0.21116, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:6.2-10.20210508.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:6.2-10.20210508.el9_6.2", + "date": "2025-08-06", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.035625000000000004 + "advisories": [ + { + "id": "RHSA-2025:12876", + "link": "https://access.redhat.com/errata/RHSA-2025:12876" + } + ], + "risk": 0.03094 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2022-29458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", + "https://support.apple.com/kb/HT213488" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "metrics": { + "baseScore": 5.8, + "exploitabilityScore": 8.6, + "impactScore": 5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "cve": "CVE-2022-29458", + "epss": 0.00068, + "percentile": 0.21116, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4366,7 +4552,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4374,21 +4560,24 @@ "version": "9.6" }, "package": { - "name": "libpq", - "version": "0:13.20-1.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2022-29458", + "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:6.2-10.20210508.el9_6.2" } } ], "artifact": { - "id": "9e9440b1f6d978f7", - "name": "libpq", - "version": "13.20-1.el9_5", + "id": "f3ef10418ec3cca6", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -4402,14 +4591,25 @@ ], "language": "", "licenses": [ - "PostgreSQL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:libpq:13.20-1.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:libpq:libpq:13.20-1.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/libpq@13.20-1.el9_5?arch=x86_64&distro=rhel-9.6&upstream=libpq-13.20-1.el9_5.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4419,111 +4619,87 @@ }, { "vulnerability": { - "id": "CVE-2025-6395", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.033925 + "advisories": [], + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6395", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-6395", - "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4538,24 +4714,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6395", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4569,13 +4742,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4586,37 +4759,37 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -4626,30 +4799,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4657,16 +4828,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -4675,7 +4846,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4683,21 +4854,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4711,14 +4882,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4728,116 +4910,81 @@ }, { "vulnerability": { - "id": "CVE-2025-32989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.028325000000000003 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", - "http://www.openwall.com/lists/oss-security/2025/07/11/3" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4845,24 +4992,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32989", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "f866293dd48b75b0", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -4876,14 +5020,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4893,39 +5048,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -4933,28 +5080,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4962,25 +5112,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4988,21 +5130,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "f3ef10418ec3cca6", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -5016,14 +5158,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5033,94 +5186,142 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-7425", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7425", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "cve": "CVE-2025-7425", + "epss": 0.0003, + "percentile": 0.08143, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7425", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-11.el9_6" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-11.el9_6", + "date": "2025-08-01", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.025315 + "advisories": [ + { + "id": "RHSA-2025:12447", + "link": "https://access.redhat.com/errata/RHSA-2025:12447" + } + ], + "risk": 0.022949999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-7425", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/errata/RHSA-2025:12447", + "https://access.redhat.com/errata/RHSA-2025:12450", + "https://access.redhat.com/errata/RHSA-2025:13267", + "https://access.redhat.com/errata/RHSA-2025:13308", + "https://access.redhat.com/errata/RHSA-2025:13309", + "https://access.redhat.com/errata/RHSA-2025:13310", + "https://access.redhat.com/errata/RHSA-2025:13311", + "https://access.redhat.com/errata/RHSA-2025:13312", + "https://access.redhat.com/errata/RHSA-2025:13313", + "https://access.redhat.com/errata/RHSA-2025:13314", + "https://access.redhat.com/errata/RHSA-2025:13335", + "https://access.redhat.com/errata/RHSA-2025:13464", + "https://access.redhat.com/errata/RHSA-2025:13622", + "https://access.redhat.com/errata/RHSA-2025:14059", + "https://access.redhat.com/errata/RHSA-2025:14396", + "https://access.redhat.com/errata/RHSA-2025:14818", + "https://access.redhat.com/errata/RHSA-2025:14819", + "https://access.redhat.com/errata/RHSA-2025:14853", + "https://access.redhat.com/errata/RHSA-2025:14858", + "https://access.redhat.com/errata/RHSA-2025:15308", + "https://access.redhat.com/errata/RHSA-2025:15672", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:21885", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/security/cve/CVE-2025-7425", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379274", + "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140", + "http://seclists.org/fulldisclosure/2025/Aug/0", + "http://seclists.org/fulldisclosure/2025/Jul/30", + "http://seclists.org/fulldisclosure/2025/Jul/32", + "http://seclists.org/fulldisclosure/2025/Jul/35", + "http://seclists.org/fulldisclosure/2025/Jul/37", + "http://www.openwall.com/lists/oss-security/2025/07/11/2", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "cve": "CVE-2025-7425", + "epss": 0.0003, + "percentile": 0.08143, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7425", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5128,21 +5329,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-7425", + "versionConstraint": "< 0:2.9.13-11.el9_6 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-11.el9_6" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -5156,25 +5360,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5184,31 +5377,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5216,49 +5417,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5266,21 +5473,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f866293dd48b75b0", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -5294,25 +5501,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5322,12 +5518,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -5343,156 +5539,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f3ef10418ec3cca6", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ae5872a20ea86e6a5ad9645ef9a8b10c3a72f912eda3ccbf7db35c7bfa34be38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "MIT" - ], - "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5500,48 +5558,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.022779999999999998 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5562,7 +5619,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } @@ -5624,8 +5681,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -5685,8 +5742,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -5782,8 +5839,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -5843,8 +5900,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -5940,8 +5997,8 @@ { "cve": "CVE-2025-32414", "epss": 0.0004, - "percentile": 0.1197, - "date": "2025-12-15" + "percentile": 0.12083, + "date": "2025-12-21" } ], "cwes": [ @@ -6020,8 +6077,8 @@ { "cve": "CVE-2025-32414", "epss": 0.0004, - "percentile": 0.1197, - "date": "2025-12-15" + "percentile": 0.12083, + "date": "2025-12-21" } ], "cwes": [ @@ -6121,8 +6178,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -6163,6 +6220,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -6194,8 +6253,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -6277,20 +6336,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6298,142 +6360,91 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01955 + "risk": 0.01785 }, - "relatedVulnerabilities": [ + "relatedVulnerabilities": [], + "matchDetails": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.7.2" + } }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", - "type": "rpm", + "id": "81feab72b50320e0", + "name": "fluent-bit", + "version": "25.7.2", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ae5872a20ea86e6a5ad9645ef9a8b10c3a72f912eda3ccbf7db35c7bfa34be38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a10dbebc70bd7f098e375ba140477f1175d2fbeb366497ebe6a35b482a49989b", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.7.2", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-32415", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32415", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6441,206 +6452,271 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-32415", + "epss": 0.00024, + "percentile": 0.05959, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-32415", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-32415", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "0:2.9.13-12.el9_6" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-12.el9_6", + "date": "2025-08-08", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:13428", + "link": "https://access.redhat.com/errata/RHSA-2025:13428" + } + ], + "risk": 0.015000000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-32415", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" + ], + "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-32415", + "epss": 0.00024, + "percentile": 0.05959, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32415", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-32415", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.7.2" - } + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-32415", + "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-12.el9_6" } } ], "artifact": { - "id": "81feab72b50320e0", - "name": "fluent-bit", - "version": "25.7.2", - "type": "binary", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a10dbebc70bd7f098e375ba140477f1175d2fbeb366497ebe6a35b482a49989b", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ae5872a20ea86e6a5ad9645ef9a8b10c3a72f912eda3ccbf7db35c7bfa34be38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.7.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-7425", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7425", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7425", - "epss": 0.00022, - "percentile": 0.04984, - "date": "2025-12-15" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-7425", - "cwe": "CWE-416", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-11.el9_6" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-11.el9_6", - "date": "2025-08-01", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12447", - "link": "https://access.redhat.com/errata/RHSA-2025:12447" - } - ], - "risk": 0.01683 + "advisories": [], + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7425", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:12447", - "https://access.redhat.com/errata/RHSA-2025:12450", - "https://access.redhat.com/errata/RHSA-2025:13267", - "https://access.redhat.com/errata/RHSA-2025:13308", - "https://access.redhat.com/errata/RHSA-2025:13309", - "https://access.redhat.com/errata/RHSA-2025:13310", - "https://access.redhat.com/errata/RHSA-2025:13311", - "https://access.redhat.com/errata/RHSA-2025:13312", - "https://access.redhat.com/errata/RHSA-2025:13313", - "https://access.redhat.com/errata/RHSA-2025:13314", - "https://access.redhat.com/errata/RHSA-2025:13335", - "https://access.redhat.com/errata/RHSA-2025:13464", - "https://access.redhat.com/errata/RHSA-2025:13622", - "https://access.redhat.com/errata/RHSA-2025:14059", - "https://access.redhat.com/errata/RHSA-2025:14396", - "https://access.redhat.com/errata/RHSA-2025:14818", - "https://access.redhat.com/errata/RHSA-2025:14819", - "https://access.redhat.com/errata/RHSA-2025:14853", - "https://access.redhat.com/errata/RHSA-2025:14858", - "https://access.redhat.com/errata/RHSA-2025:15308", - "https://access.redhat.com/errata/RHSA-2025:15672", - "https://access.redhat.com/errata/RHSA-2025:15827", - "https://access.redhat.com/errata/RHSA-2025:15828", - "https://access.redhat.com/errata/RHSA-2025:18219", - "https://access.redhat.com/errata/RHSA-2025:21885", - "https://access.redhat.com/errata/RHSA-2025:21913", - "https://access.redhat.com/security/cve/CVE-2025-7425", - "https://bugzilla.redhat.com/show_bug.cgi?id=2379274", - "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140", - "http://seclists.org/fulldisclosure/2025/Aug/0", - "http://seclists.org/fulldisclosure/2025/Jul/30", - "http://seclists.org/fulldisclosure/2025/Jul/32", - "http://seclists.org/fulldisclosure/2025/Jul/35", - "http://seclists.org/fulldisclosure/2025/Jul/37", - "http://www.openwall.com/lists/oss-security/2025/07/11/2", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7425", - "epss": 0.00022, - "percentile": 0.04984, - "date": "2025-12-15" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-7425", - "cwe": "CWE-416", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6655,24 +6731,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7425", - "versionConstraint": "< 0:2.9.13-11.el9_6 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-11.el9_6" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6686,13 +6759,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6703,115 +6776,120 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.34.1-9.el9_7" + "1:3.5.1-4.el9_7" ], "state": "fixed", "available": [ { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "risk": 0.01672 + "risk": 0.013779999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "High", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -6819,7 +6897,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6827,24 +6905,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-7.el9_3" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "45f6f999e295a17b", - "name": "sqlite-libs", - "version": "3.34.1-7.el9_3", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6858,111 +6936,108 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-7.el9_3?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-7.el9_3.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-7.el9_3" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-32415", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32415", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32415", - "epss": 0.00024, - "percentile": 0.05692, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32415", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-32415", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { "versions": [ - "0:2.9.13-12.el9_6" + "1:3.5.1-4.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-12.el9_6", - "date": "2025-08-08", + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:13428", - "link": "https://access.redhat.com/errata/RHSA-2025:13428" + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "risk": 0.015000000000000001 + "risk": 0.013779999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32415", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6971,47 +7046,35 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32415", - "epss": 0.00024, - "percentile": 0.05692, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32415", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-32415", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7019,24 +7082,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32415", - "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-12.el9_6" + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7050,116 +7113,143 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2025-6965", + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-168.el9_6.23" + "0:3.34.1-9.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01426 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", "type": "Secondary", "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", "metrics": { - "baseScore": 5.9 + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2025-6965", + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ] @@ -7167,7 +7257,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7175,24 +7265,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.20" + "name": "sqlite", + "version": "3.34.1-7.el9_3" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "da5839ff511a0a9f", - "name": "glibc", - "version": "2.34-168.el9_6.20", + "id": "45f6f999e295a17b", + "name": "sqlite-libs", + "version": "3.34.1-7.el9_3", "type": "rpm", "locations": [ { @@ -7206,14 +7296,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-7.el9_3?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-7.el9_3.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-7.el9_3" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7223,99 +7324,112 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-168.el9_6.23" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.01426 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -7323,7 +7437,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7331,24 +7445,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "74f56e50def25fa2", - "name": "glibc-common", - "version": "2.34-168.el9_6.20", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -7362,25 +7476,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.20" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7390,100 +7493,73 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], - "epss": [ - { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "epss": [ { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], - "risk": 0.01426 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -7498,24 +7574,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dd1fd0cf3974da95", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.20", + "id": "6b7ebba723f3d1d6", + "name": "curl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -7529,27 +7602,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "curl", + "version": "7.76.1-31.el9" } ], "metadataType": "RpmMetadata", @@ -7561,100 +7630,73 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" - } - ], - "risk": 0.01426 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -7669,24 +7711,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b930958ae5e6f15d", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.20", + "id": "b20b4850f0fa0e54", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -7700,27 +7739,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "curl", + "version": "7.76.1-31.el9" } ], "metadataType": "RpmMetadata", @@ -7732,45 +7767,45 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" }, { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7778,65 +7813,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.0105 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" }, { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -7851,21 +7874,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -7879,13 +7902,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7896,120 +7919,183 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-29477", + "epss": 0.00019, + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "" }, - "advisories": [ + "advisories": [], + "risk": 0.009975000000000001 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.7.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "81feab72b50320e0", + "name": "fluent-bit", + "version": "25.7.2", + "type": "binary", + "locations": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a10dbebc70bd7f098e375ba140477f1175d2fbeb366497ebe6a35b482a49989b", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } } ], - "risk": 0.013779999999999999 + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.7.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00015, + "percentile": 0.02481, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009525 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-13601", + "epss": 0.00015, + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8025,24 +8111,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -8056,138 +8139,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-10966", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.009265000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -8202,24 +8237,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-10966", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "6b7ebba723f3d1d6", + "name": "curl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -8233,48 +8265,48 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-10966", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8282,99 +8314,59 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.009265000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" - ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8382,24 +8374,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-10966", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "b20b4850f0fa0e54", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -8416,11 +8405,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8430,45 +8430,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "cve": "CVE-2025-5915", + "epss": 0.00026, + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -8476,53 +8470,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "cve": "CVE-2025-5915", + "epss": 0.00026, + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -8543,7 +8545,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } @@ -8576,139 +8578,44 @@ "metadataType": "RpmMetadata", "metadata": { "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.7.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "81feab72b50320e0", - "name": "fluent-bit", - "version": "25.7.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a10dbebc70bd7f098e375ba140477f1175d2fbeb366497ebe6a35b482a49989b", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.7.2", - "upstreams": [] + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -8717,48 +8624,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8774,21 +8684,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8802,48 +8712,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -8851,41 +8769,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -8900,21 +8829,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6b7ebba723f3d1d6", - "name": "curl-minimal", - "version": "7.76.1-31.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8928,59 +8857,67 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8988,41 +8925,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -9037,21 +8986,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b20b4850f0fa0e54", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9065,23 +9014,23 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -9093,101 +9042,111 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -9208,7 +9167,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } @@ -9247,38 +9206,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9287,51 +9246,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9347,21 +9315,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -9375,108 +9343,116 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008235 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.00782 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9484,7 +9460,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9492,21 +9468,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "0:2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "da5839ff511a0a9f", + "name": "glibc", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9520,128 +9499,116 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007935 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.00782 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9649,7 +9616,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9657,21 +9624,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "74f56e50def25fa2", + "name": "glibc-common", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9685,14 +9655,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.20" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9702,87 +9683,100 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007769999999999997 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.00782 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -9797,21 +9791,24 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "dd1fd0cf3974da95", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9825,17 +9822,27 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" } ], "metadataType": "RpmMetadata", @@ -9847,87 +9854,100 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007769999999999997 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.00782 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -9942,21 +9962,24 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b930958ae5e6f15d", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9970,17 +9993,27 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" } ], "metadataType": "RpmMetadata", @@ -10015,8 +10048,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -10063,8 +10096,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -10099,8 +10132,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -10118,10 +10151,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -10160,8 +10193,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -10208,8 +10241,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -10244,8 +10277,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -10260,13 +10293,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -10282,39 +10315,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -10322,53 +10355,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -10383,21 +10410,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -10411,23 +10438,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -10439,20 +10460,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -10460,97 +10481,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10558,21 +10555,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -10589,11 +10586,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10626,8 +10628,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -10687,8 +10689,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -10779,8 +10781,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -10847,8 +10849,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -10956,8 +10958,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -11018,8 +11020,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -11109,9 +11111,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -11133,7 +11135,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -11179,9 +11181,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -11278,8 +11280,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -11340,8 +11342,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -11432,8 +11434,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -11493,8 +11495,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -11560,109 +11562,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-7.el9_3" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "45f6f999e295a17b", - "name": "sqlite-libs", - "version": "3.34.1-7.el9_3", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ae5872a20ea86e6a5ad9645ef9a8b10c3a72f912eda3ccbf7db35c7bfa34be38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-7.el9_3?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-7.el9_3.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-7.el9_3" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -12016,87 +11915,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.7.2.md b/docs/security/agent/grype-25.7.2.md index 1b1b302..1e4c191 100644 --- a/docs/security/agent/grype-25.7.2.md +++ b/docs/security/agent/grype-25.7.2.md @@ -11,44 +11,43 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9 | [CVE-2024-52533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52533) | Medium | | glib2 | 2.68.4-16.el9 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | -| glib2 | 2.68.4-16.el9 | [CVE-2025-4373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4373) | Medium | -| curl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | Medium | -| libpq | 13.20-1.el9_5 | [CVE-2025-4207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4207) | Medium | -| libpq | 13.20-1.el9_5 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | +| glib2 | 2.68.4-16.el9 | [CVE-2025-4373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4373) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-6395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6395) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989) | Medium | +| libpq | 13.20-1.el9_5 | [CVE-2025-4207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4207) | Medium | +| libpq | 13.20-1.el9_5 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | +| glib2 | 2.68.4-16.el9 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-32414](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414) | Medium | | systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| glib2 | 2.68.4-16.el9 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.7.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-32415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415) | Medium | -| glibc | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | -| glibc-common | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | -| glibc-langpack-en | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | -| glibc-minimal-langpack | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-5.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.7.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-5.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| glibc | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | +| glibc-common | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | +| glibc-langpack-en | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | +| glibc-minimal-langpack | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-5.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-7.el9_3 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-10.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-10.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -58,9 +57,9 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-5.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| libxml2 | 2.9.13-10.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | ncurses-base | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | | ncurses-libs | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | -| libxml2 | 2.9.13-10.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | ncurses-base | 6.2-10.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | diff --git a/docs/security/agent/grype-25.7.4.json b/docs/security/agent/grype-25.7.4.json index 67eec9e..b27a46c 100644 --- a/docs/security/agent/grype-25.7.4.json +++ b/docs/security/agent/grype-25.7.4.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "6b7ebba723f3d1d6", - "name": "curl-minimal", - "version": "7.76.1-31.el9", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b20b4850f0fa0e54", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "6b7ebba723f3d1d6", + "name": "curl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "b20b4850f0fa0e54", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1713,76 +1713,93 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-32990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0759 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.089125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-32990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -1790,35 +1807,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1833,21 +1844,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32990", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -1861,13 +1875,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1878,43 +1892,43 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -1924,28 +1938,20 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.0759 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", @@ -1960,36 +1966,36 @@ "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2006,21 +2012,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2034,13 +2040,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2051,37 +2057,37 @@ }, { "vulnerability": { - "id": "CVE-2025-32990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2105,12 +2111,12 @@ "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.06325 + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ @@ -2122,12 +2128,12 @@ "https://access.redhat.com/errata/RHSA-2025:17415", "https://access.redhat.com/errata/RHSA-2025:19088", "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", "http://www.openwall.com/lists/oss-security/2025/07/11/3", "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", @@ -2145,27 +2151,27 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2188,7 +2194,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32990", + "vulnerabilityID": "CVE-2025-32988", "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" }, "fix": { @@ -2230,20 +2236,20 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -2251,27 +2257,21 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" @@ -2282,92 +2282,71 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" @@ -2385,21 +2364,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -2413,13 +2392,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2430,20 +2409,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -2451,10 +2430,30 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2462,48 +2461,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2511,21 +2564,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6b7ebba723f3d1d6", - "name": "curl-minimal", - "version": "7.76.1-31.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -2539,25 +2592,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2567,80 +2609,118 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.048924999999999996 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.048299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-6395", + "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2648,21 +2728,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6395", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "b20b4850f0fa0e54", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2676,25 +2759,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2704,196 +2776,17 @@ }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.047725 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" - ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 8.2, - "exploitabilityScore": 3.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" - } - } - ], - "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7365a3a0db69d7f481720be6d2cc54794d0f7e1c94fbfe59d74c106a561a7537", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, @@ -2906,8 +2799,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -2965,8 +2858,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3057,8 +2950,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3116,8 +3009,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3196,108 +3089,273 @@ }, { "vulnerability": { - "id": "CVE-2025-5914", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", + "id": "CVE-2025-32989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 1.4, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5914", - "epss": 0.00054, - "percentile": 0.17023, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5914", - "cwe": "CWE-415", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.5.3-6.el9_6" + "0:3.8.3-6.el9_6.2" ], "state": "fixed", "available": [ { - "version": "0:3.5.3-6.el9_6", - "date": "2025-08-21", + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:14130", - "link": "https://access.redhat.com/errata/RHSA-2025:14130" + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.03996 + "risk": 0.044289999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5914", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", + "id": "CVE-2025-32989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:14130", - "https://access.redhat.com/errata/RHSA-2025:14135", - "https://access.redhat.com/errata/RHSA-2025:14137", - "https://access.redhat.com/errata/RHSA-2025:14141", - "https://access.redhat.com/errata/RHSA-2025:14142", - "https://access.redhat.com/errata/RHSA-2025:14525", - "https://access.redhat.com/errata/RHSA-2025:14528", - "https://access.redhat.com/errata/RHSA-2025:14594", - "https://access.redhat.com/errata/RHSA-2025:14644", - "https://access.redhat.com/errata/RHSA-2025:14808", - "https://access.redhat.com/errata/RHSA-2025:14810", - "https://access.redhat.com/errata/RHSA-2025:14828", - "https://access.redhat.com/errata/RHSA-2025:15024", - "https://access.redhat.com/errata/RHSA-2025:15397", - "https://access.redhat.com/errata/RHSA-2025:15709", - "https://access.redhat.com/errata/RHSA-2025:15827", - "https://access.redhat.com/errata/RHSA-2025:15828", - "https://access.redhat.com/errata/RHSA-2025:16524", - "https://access.redhat.com/errata/RHSA-2025:18217", - "https://access.redhat.com/errata/RHSA-2025:18218", - "https://access.redhat.com/errata/RHSA-2025:18219", - "https://access.redhat.com/errata/RHSA-2025:19041", - "https://access.redhat.com/errata/RHSA-2025:19046", - "https://access.redhat.com/errata/RHSA-2025:21885", - "https://access.redhat.com/errata/RHSA-2025:21913", - "https://access.redhat.com/security/cve/CVE-2025-5914", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370861", - "https://github.com/libarchive/libarchive/pull/2598", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", + "http://www.openwall.com/lists/oss-security/2025/07/11/3" ], - "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32989", + "cwe": "CWE-295", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-32989", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" + } + } + ], + "artifact": { + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7365a3a0db69d7f481720be6d2cc54794d0f7e1c94fbfe59d74c106a561a7537", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5914", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7.3, + "exploitabilityScore": 1.4, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5914", + "epss": 0.00054, + "percentile": 0.17165, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5914", + "cwe": "CWE-415", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.5.3-6.el9_6" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.5.3-6.el9_6", + "date": "2025-08-21", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:14130", + "link": "https://access.redhat.com/errata/RHSA-2025:14130" + } + ], + "risk": 0.03996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5914", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://access.redhat.com/errata/RHSA-2025:14130", + "https://access.redhat.com/errata/RHSA-2025:14135", + "https://access.redhat.com/errata/RHSA-2025:14137", + "https://access.redhat.com/errata/RHSA-2025:14141", + "https://access.redhat.com/errata/RHSA-2025:14142", + "https://access.redhat.com/errata/RHSA-2025:14525", + "https://access.redhat.com/errata/RHSA-2025:14528", + "https://access.redhat.com/errata/RHSA-2025:14594", + "https://access.redhat.com/errata/RHSA-2025:14644", + "https://access.redhat.com/errata/RHSA-2025:14808", + "https://access.redhat.com/errata/RHSA-2025:14810", + "https://access.redhat.com/errata/RHSA-2025:14828", + "https://access.redhat.com/errata/RHSA-2025:15024", + "https://access.redhat.com/errata/RHSA-2025:15397", + "https://access.redhat.com/errata/RHSA-2025:15709", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:16524", + "https://access.redhat.com/errata/RHSA-2025:18217", + "https://access.redhat.com/errata/RHSA-2025:18218", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:19041", + "https://access.redhat.com/errata/RHSA-2025:19046", + "https://access.redhat.com/errata/RHSA-2025:21885", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/security/cve/CVE-2025-5914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370861", + "https://github.com/libarchive/libarchive/pull/2598", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, @@ -3320,8 +3378,8 @@ { "cve": "CVE-2025-5914", "epss": 0.00054, - "percentile": 0.17023, - "date": "2025-12-15" + "percentile": 0.17165, + "date": "2025-12-21" } ], "cwes": [ @@ -3415,8 +3473,8 @@ { "cve": "CVE-2025-4207", "epss": 0.00067, - "percentile": 0.20798, - "date": "2025-12-15" + "percentile": 0.20933, + "date": "2025-12-21" } ], "cwes": [ @@ -3464,8 +3522,8 @@ { "cve": "CVE-2025-4207", "epss": 0.00067, - "percentile": 0.20798, - "date": "2025-12-15" + "percentile": 0.20933, + "date": "2025-12-21" } ], "cwes": [ @@ -3533,148 +3591,235 @@ }, { "vulnerability": { - "id": "CVE-2022-29458", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", + "id": "CVE-2025-12818", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-12818", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application segmentation fault or crash when using libpq to connect to a PostgreSQL server.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00079, - "percentile": 0.23812, - "date": "2025-12-15" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [ - "0:6.2-10.20210508.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:6.2-10.20210508.el9_6.2", - "date": "2025-08-06", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12876", - "link": "https://access.redhat.com/errata/RHSA-2025:12876" - } - ], - "risk": 0.035945 + "advisories": [], + "risk": 0.035625000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-29458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2022/Oct/28", - "http://seclists.org/fulldisclosure/2022/Oct/41", - "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", - "https://support.apple.com/kb/HT213488" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18068, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libpq", + "version": "0:13.20-1.el9_5" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9e9440b1f6d978f7", + "name": "libpq", + "version": "13.20-1.el9_5", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7365a3a0db69d7f481720be6d2cc54794d0f7e1c94fbfe59d74c106a561a7537", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "PostgreSQL" + ], + "cpes": [ + "cpe:2.3:a:redhat:libpq:13.20-1.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:libpq:libpq:13.20-1.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libpq@13.20-1.el9_5?arch=x86_64&distro=rhel-9.6&upstream=libpq-13.20-1.el9_5.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "metrics": { - "baseScore": 5.8, - "exploitabilityScore": 8.6, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00079, - "percentile": 0.23812, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3682,24 +3827,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-29458", - "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:6.2-10.20210508.el9_6.2" + "vulnerabilityID": "CVE-2023-45322", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f866293dd48b75b0", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -3716,22 +3858,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3763,9 +3894,9 @@ "epss": [ { "cve": "CVE-2022-29458", - "epss": 0.00079, - "percentile": 0.23812, - "date": "2025-12-15" + "epss": 0.00068, + "percentile": 0.21116, + "date": "2025-12-21" } ], "cwes": [ @@ -3801,7 +3932,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:12876" } ], - "risk": 0.035945 + "risk": 0.03094 }, "relatedVulnerabilities": [ { @@ -3859,9 +3990,9 @@ "epss": [ { "cve": "CVE-2022-29458", - "epss": 0.00079, - "percentile": 0.23812, - "date": "2025-12-15" + "epss": 0.00068, + "percentile": 0.21116, + "date": "2025-12-21" } ], "cwes": [ @@ -3905,8 +4036,8 @@ } ], "artifact": { - "id": "f3ef10418ec3cca6", - "name": "ncurses-libs", + "id": "f866293dd48b75b0", + "name": "ncurses-base", "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ @@ -3924,16 +4055,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", "upstreams": [ { "name": "ncurses", @@ -3949,85 +4080,140 @@ }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-12818", + "id": "CVE-2022-29458", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application segmentation fault or crash when using libpq to connect to a PostgreSQL server.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "cve": "CVE-2022-29458", + "epss": 0.00068, + "percentile": 0.21116, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:6.2-10.20210508.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:6.2-10.20210508.el9_6.2", + "date": "2025-08-06", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.035625000000000004 + "advisories": [ + { + "id": "RHSA-2025:12876", + "link": "https://access.redhat.com/errata/RHSA-2025:12876" + } + ], + "risk": 0.03094 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2022-29458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", + "https://support.apple.com/kb/HT213488" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "metrics": { + "baseScore": 5.8, + "exploitabilityScore": 8.6, + "impactScore": 5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "cve": "CVE-2022-29458", + "epss": 0.00068, + "percentile": 0.21116, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4035,7 +4221,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4043,21 +4229,24 @@ "version": "9.6" }, "package": { - "name": "libpq", - "version": "0:13.20-1.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2022-29458", + "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:6.2-10.20210508.el9_6.2" } } ], "artifact": { - "id": "9e9440b1f6d978f7", - "name": "libpq", - "version": "13.20-1.el9_5", + "id": "f3ef10418ec3cca6", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -4071,14 +4260,25 @@ ], "language": "", "licenses": [ - "PostgreSQL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:libpq:13.20-1.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:libpq:libpq:13.20-1.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/libpq@13.20-1.el9_5?arch=x86_64&distro=rhel-9.6&upstream=libpq-13.20-1.el9_5.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4088,111 +4288,87 @@ }, { "vulnerability": { - "id": "CVE-2025-6395", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.033925 + "advisories": [], + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6395", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-6395", - "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4207,24 +4383,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6395", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4238,13 +4411,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4255,37 +4428,37 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -4295,30 +4468,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4326,16 +4497,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -4344,7 +4515,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4352,21 +4523,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4380,14 +4551,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4397,116 +4579,81 @@ }, { "vulnerability": { - "id": "CVE-2025-32989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.028325000000000003 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", - "http://www.openwall.com/lists/oss-security/2025/07/11/3" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4514,24 +4661,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32989", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "f866293dd48b75b0", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -4545,14 +4689,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4562,39 +4717,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -4602,28 +4749,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4631,25 +4781,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4657,21 +4799,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "f3ef10418ec3cca6", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -4685,14 +4827,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4702,94 +4855,142 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-7425", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7425", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "cve": "CVE-2025-7425", + "epss": 0.0003, + "percentile": 0.08143, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7425", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-11.el9_6" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-11.el9_6", + "date": "2025-08-01", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.025315 + "advisories": [ + { + "id": "RHSA-2025:12447", + "link": "https://access.redhat.com/errata/RHSA-2025:12447" + } + ], + "risk": 0.022949999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-7425", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/errata/RHSA-2025:12447", + "https://access.redhat.com/errata/RHSA-2025:12450", + "https://access.redhat.com/errata/RHSA-2025:13267", + "https://access.redhat.com/errata/RHSA-2025:13308", + "https://access.redhat.com/errata/RHSA-2025:13309", + "https://access.redhat.com/errata/RHSA-2025:13310", + "https://access.redhat.com/errata/RHSA-2025:13311", + "https://access.redhat.com/errata/RHSA-2025:13312", + "https://access.redhat.com/errata/RHSA-2025:13313", + "https://access.redhat.com/errata/RHSA-2025:13314", + "https://access.redhat.com/errata/RHSA-2025:13335", + "https://access.redhat.com/errata/RHSA-2025:13464", + "https://access.redhat.com/errata/RHSA-2025:13622", + "https://access.redhat.com/errata/RHSA-2025:14059", + "https://access.redhat.com/errata/RHSA-2025:14396", + "https://access.redhat.com/errata/RHSA-2025:14818", + "https://access.redhat.com/errata/RHSA-2025:14819", + "https://access.redhat.com/errata/RHSA-2025:14853", + "https://access.redhat.com/errata/RHSA-2025:14858", + "https://access.redhat.com/errata/RHSA-2025:15308", + "https://access.redhat.com/errata/RHSA-2025:15672", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:21885", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/security/cve/CVE-2025-7425", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379274", + "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140", + "http://seclists.org/fulldisclosure/2025/Aug/0", + "http://seclists.org/fulldisclosure/2025/Jul/30", + "http://seclists.org/fulldisclosure/2025/Jul/32", + "http://seclists.org/fulldisclosure/2025/Jul/35", + "http://seclists.org/fulldisclosure/2025/Jul/37", + "http://www.openwall.com/lists/oss-security/2025/07/11/2", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "cve": "CVE-2025-7425", + "epss": 0.0003, + "percentile": 0.08143, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7425", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4797,21 +4998,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-7425", + "versionConstraint": "< 0:2.9.13-11.el9_6 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-11.el9_6" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -4825,25 +5029,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4853,31 +5046,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4885,49 +5086,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4935,21 +5142,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f866293dd48b75b0", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4963,25 +5170,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4991,12 +5187,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -5012,156 +5208,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f3ef10418ec3cca6", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7365a3a0db69d7f481720be6d2cc54794d0f7e1c94fbfe59d74c106a561a7537", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "MIT" - ], - "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5169,48 +5227,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.022779999999999998 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5231,7 +5288,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } @@ -5293,8 +5350,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -5354,8 +5411,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -5451,8 +5508,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -5512,8 +5569,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -5609,8 +5666,8 @@ { "cve": "CVE-2025-32414", "epss": 0.0004, - "percentile": 0.1197, - "date": "2025-12-15" + "percentile": 0.12083, + "date": "2025-12-21" } ], "cwes": [ @@ -5689,8 +5746,8 @@ { "cve": "CVE-2025-32414", "epss": 0.0004, - "percentile": 0.1197, - "date": "2025-12-15" + "percentile": 0.12083, + "date": "2025-12-21" } ], "cwes": [ @@ -5790,8 +5847,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -5832,6 +5889,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -5863,8 +5922,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -5946,20 +6005,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5967,153 +6029,10 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.01955 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7365a3a0db69d7f481720be6d2cc54794d0f7e1c94fbfe59d74c106a561a7537", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ @@ -6181,139 +6100,129 @@ }, { "vulnerability": { - "id": "CVE-2025-7425", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7425", + "id": "CVE-2025-32415", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32415", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", + "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7425", - "epss": 0.00022, - "percentile": 0.04984, - "date": "2025-12-15" + "cve": "CVE-2025-32415", + "epss": 0.00024, + "percentile": 0.05959, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-7425", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-32415", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-32415", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.9.13-11.el9_6" + "0:2.9.13-12.el9_6" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-11.el9_6", - "date": "2025-08-01", + "version": "0:2.9.13-12.el9_6", + "date": "2025-08-08", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:12447", - "link": "https://access.redhat.com/errata/RHSA-2025:12447" + "id": "RHSA-2025:13428", + "link": "https://access.redhat.com/errata/RHSA-2025:13428" } ], - "risk": 0.01683 + "risk": 0.015000000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7425", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425", + "id": "CVE-2025-32415", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:12447", - "https://access.redhat.com/errata/RHSA-2025:12450", - "https://access.redhat.com/errata/RHSA-2025:13267", - "https://access.redhat.com/errata/RHSA-2025:13308", - "https://access.redhat.com/errata/RHSA-2025:13309", - "https://access.redhat.com/errata/RHSA-2025:13310", - "https://access.redhat.com/errata/RHSA-2025:13311", - "https://access.redhat.com/errata/RHSA-2025:13312", - "https://access.redhat.com/errata/RHSA-2025:13313", - "https://access.redhat.com/errata/RHSA-2025:13314", - "https://access.redhat.com/errata/RHSA-2025:13335", - "https://access.redhat.com/errata/RHSA-2025:13464", - "https://access.redhat.com/errata/RHSA-2025:13622", - "https://access.redhat.com/errata/RHSA-2025:14059", - "https://access.redhat.com/errata/RHSA-2025:14396", - "https://access.redhat.com/errata/RHSA-2025:14818", - "https://access.redhat.com/errata/RHSA-2025:14819", - "https://access.redhat.com/errata/RHSA-2025:14853", - "https://access.redhat.com/errata/RHSA-2025:14858", - "https://access.redhat.com/errata/RHSA-2025:15308", - "https://access.redhat.com/errata/RHSA-2025:15672", - "https://access.redhat.com/errata/RHSA-2025:15827", - "https://access.redhat.com/errata/RHSA-2025:15828", - "https://access.redhat.com/errata/RHSA-2025:18219", - "https://access.redhat.com/errata/RHSA-2025:21885", - "https://access.redhat.com/errata/RHSA-2025:21913", - "https://access.redhat.com/security/cve/CVE-2025-7425", - "https://bugzilla.redhat.com/show_bug.cgi?id=2379274", - "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140", - "http://seclists.org/fulldisclosure/2025/Aug/0", - "http://seclists.org/fulldisclosure/2025/Jul/30", - "http://seclists.org/fulldisclosure/2025/Jul/32", - "http://seclists.org/fulldisclosure/2025/Jul/35", - "http://seclists.org/fulldisclosure/2025/Jul/37", - "http://www.openwall.com/lists/oss-security/2025/07/11/2", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" ], - "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", + "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.8, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 5.8 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7425", - "epss": 0.00022, - "percentile": 0.04984, - "date": "2025-12-15" + "cve": "CVE-2025-32415", + "epss": 0.00024, + "percentile": 0.05959, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-7425", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-32415", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" - } - ] - } - ], + }, + { + "cve": "CVE-2025-32415", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { "type": "exact-direct-match", @@ -6330,11 +6239,11 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7425", - "versionConstraint": "< 0:2.9.13-11.el9_6 (rpm)" + "vulnerabilityID": "CVE-2025-32415", + "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-11.el9_6" + "suggestedVersion": "0:2.9.13-12.el9_6" } } ], @@ -6372,123 +6281,118 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.01672 + "advisories": [], + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "High", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.2 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6496,24 +6400,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-7.el9_3" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "45f6f999e295a17b", - "name": "sqlite-libs", - "version": "3.34.1-7.el9_3", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6527,25 +6428,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-7.el9_3?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-7.el9_3.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-7.el9_3" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6555,83 +6445,91 @@ }, { "vulnerability": { - "id": "CVE-2025-32415", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32415", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32415", - "epss": 0.00024, - "percentile": 0.05692, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32415", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-32415", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { "versions": [ - "0:2.9.13-12.el9_6" + "1:3.5.1-4.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-12.el9_6", - "date": "2025-08-08", + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:13428", - "link": "https://access.redhat.com/errata/RHSA-2025:13428" + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "risk": 0.015000000000000001 + "risk": 0.013779999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32415", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6640,40 +6538,28 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32415", - "epss": 0.00024, - "percentile": 0.05692, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32415", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-32415", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6688,24 +6574,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32415", - "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-12.el9_6" + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6719,37 +6605,37 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, + "baseScore": 5.6, + "exploitabilityScore": 2.3, "impactScore": 3.4 }, "vendorMetadata": {} @@ -6757,78 +6643,99 @@ ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-168.el9_6.23" + "1:3.5.1-4.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "risk": 0.01426 + "risk": 0.013779999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -6836,7 +6743,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6844,24 +6751,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.20" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "da5839ff511a0a9f", - "name": "glibc", - "version": "2.34-168.el9_6.20", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6875,116 +6782,143 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2025-6965", + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-168.el9_6.23" + "0:3.34.1-9.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01426 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", "type": "Secondary", "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", "metrics": { - "baseScore": 5.9 + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2025-6965", + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ] @@ -7000,24 +6934,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "sqlite", + "version": "3.34.1-7.el9_3" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "74f56e50def25fa2", - "name": "glibc-common", - "version": "2.34-168.el9_6.20", + "id": "45f6f999e295a17b", + "name": "sqlite-libs", + "version": "3.34.1-7.el9_3", "type": "rpm", "locations": [ { @@ -7031,23 +6965,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-7.el9_3?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-7.el9_3.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "sqlite", + "version": "3.34.1-7.el9_3" } ], "metadataType": "RpmMetadata", @@ -7059,99 +6993,112 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-168.el9_6.23" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.01426 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -7159,7 +7106,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7167,24 +7114,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "dd1fd0cf3974da95", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.20", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -7198,29 +7145,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.20" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7230,100 +7162,73 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" - } - ], - "risk": 0.01426 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -7338,24 +7243,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b930958ae5e6f15d", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.20", + "id": "6b7ebba723f3d1d6", + "name": "curl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -7369,27 +7271,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "curl", + "version": "7.76.1-31.el9" } ], "metadataType": "RpmMetadata", @@ -7401,45 +7299,182 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01133 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b20b4850f0fa0e54", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7365a3a0db69d7f481720be6d2cc54794d0f7e1c94fbfe59d74c106a561a7537", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" }, { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7447,65 +7482,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.0105 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" }, { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -7520,21 +7543,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -7548,13 +7571,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7565,120 +7588,183 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-29477", + "epss": 0.00019, + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "" }, - "advisories": [ + "advisories": [], + "risk": 0.009975000000000001 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.7.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.7.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c91b39d7cd814d21", + "name": "fluent-bit", + "version": "25.7.4", + "type": "binary", + "locations": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:317bb571b57a60e4946e579f23cdf19161e0cab00df73a6dd1400db0ae8d09f0", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } } ], - "risk": 0.013779999999999999 + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.7.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.7.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00015, + "percentile": 0.02481, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009525 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-13601", + "epss": 0.00015, + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7694,24 +7780,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -7725,138 +7808,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-10966", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.009265000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -7871,24 +7906,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-10966", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "6b7ebba723f3d1d6", + "name": "curl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -7902,48 +7934,48 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-10966", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7951,99 +7983,59 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.009265000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" - ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-10966", + "epss": 0.00017, + "percentile": 0.03267, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8051,24 +8043,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-10966", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "b20b4850f0fa0e54", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -8085,11 +8074,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8099,45 +8099,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "cve": "CVE-2025-5915", + "epss": 0.00026, + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -8145,53 +8139,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "cve": "CVE-2025-5915", + "epss": 0.00026, + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -8212,7 +8214,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } @@ -8245,139 +8247,44 @@ "metadataType": "RpmMetadata", "metadata": { "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.4:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.7.4" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c91b39d7cd814d21", - "name": "fluent-bit", - "version": "25.7.4", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:317bb571b57a60e4946e579f23cdf19161e0cab00df73a6dd1400db0ae8d09f0", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.4:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.7.4", - "upstreams": [] + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -8386,48 +8293,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8443,21 +8353,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8471,48 +8381,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -8520,41 +8438,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -8569,21 +8498,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6b7ebba723f3d1d6", - "name": "curl-minimal", - "version": "7.76.1-31.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8597,59 +8526,67 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8657,41 +8594,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8706,21 +8655,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b20b4850f0fa0e54", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -8734,23 +8683,23 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -8762,101 +8711,111 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -8877,7 +8836,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } @@ -8916,38 +8875,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8956,51 +8915,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9016,21 +8984,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -9044,108 +9012,116 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008235 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.00782 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9153,7 +9129,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9161,21 +9137,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "0:2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "da5839ff511a0a9f", + "name": "glibc", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9189,128 +9168,116 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007935 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.00782 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9318,7 +9285,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9326,21 +9293,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "74f56e50def25fa2", + "name": "glibc-common", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9354,14 +9324,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.20" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9371,87 +9352,100 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007769999999999997 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.00782 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -9466,21 +9460,24 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "dd1fd0cf3974da95", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9494,17 +9491,27 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" } ], "metadataType": "RpmMetadata", @@ -9516,87 +9523,100 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007769999999999997 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.00782 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -9611,21 +9631,24 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b930958ae5e6f15d", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9639,17 +9662,27 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" } ], "metadataType": "RpmMetadata", @@ -9684,8 +9717,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -9732,8 +9765,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -9768,8 +9801,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -9787,10 +9820,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -9829,8 +9862,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -9877,8 +9910,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -9913,8 +9946,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -9929,13 +9962,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -9951,39 +9984,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -9991,53 +10024,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -10052,21 +10079,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -10080,23 +10107,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -10108,20 +10129,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -10129,97 +10150,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10227,21 +10224,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -10258,11 +10255,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10295,8 +10297,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -10356,8 +10358,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -10448,8 +10450,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -10516,8 +10518,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -10625,8 +10627,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -10687,8 +10689,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -10778,9 +10780,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -10802,7 +10804,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -10848,9 +10850,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -10947,8 +10949,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -11009,8 +11011,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -11101,8 +11103,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -11162,8 +11164,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -11229,109 +11231,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-7.el9_3" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "45f6f999e295a17b", - "name": "sqlite-libs", - "version": "3.34.1-7.el9_3", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7365a3a0db69d7f481720be6d2cc54794d0f7e1c94fbfe59d74c106a561a7537", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-7.el9_3?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-7.el9_3.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-7.el9_3" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11685,87 +11584,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.7.4.md b/docs/security/agent/grype-25.7.4.md index a808e7b..33ea185 100644 --- a/docs/security/agent/grype-25.7.4.md +++ b/docs/security/agent/grype-25.7.4.md @@ -10,43 +10,42 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-7.el9_3 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | -| curl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | Medium | -| libpq | 13.20-1.el9_5 | [CVE-2025-4207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4207) | Medium | -| libpq | 13.20-1.el9_5 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-6395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6395) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989) | Medium | +| libpq | 13.20-1.el9_5 | [CVE-2025-4207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4207) | Medium | +| libpq | 13.20-1.el9_5 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-32414](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414) | Medium | | systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.7.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-32415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415) | Medium | -| glibc | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | -| glibc-common | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | -| glibc-langpack-en | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | -| glibc-minimal-langpack | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-5.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.7.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-5.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| glibc | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | +| glibc-common | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | +| glibc-langpack-en | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | +| glibc-minimal-langpack | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-5.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-7.el9_3 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-10.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-10.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -56,9 +55,9 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-5.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| libxml2 | 2.9.13-10.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | ncurses-base | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | | ncurses-libs | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | -| libxml2 | 2.9.13-10.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | ncurses-base | 6.2-10.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | diff --git a/docs/security/agent/grype-25.8.2.json b/docs/security/agent/grype-25.8.2.json index 9607942..9c11460 100644 --- a/docs/security/agent/grype-25.8.2.json +++ b/docs/security/agent/grype-25.8.2.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1713,76 +1713,93 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-32990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0759 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.089125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-32990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -1790,35 +1807,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1833,21 +1844,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32990", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -1861,13 +1875,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1878,43 +1892,43 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -1924,28 +1938,20 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.0759 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", @@ -1960,36 +1966,36 @@ "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2006,21 +2012,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2034,13 +2040,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2051,37 +2057,37 @@ }, { "vulnerability": { - "id": "CVE-2025-32990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2105,12 +2111,12 @@ "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.06325 + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ @@ -2122,12 +2128,12 @@ "https://access.redhat.com/errata/RHSA-2025:17415", "https://access.redhat.com/errata/RHSA-2025:19088", "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", "http://www.openwall.com/lists/oss-security/2025/07/11/3", "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", @@ -2145,27 +2151,27 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2188,7 +2194,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32990", + "vulnerabilityID": "CVE-2025-32988", "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" }, "fix": { @@ -2230,20 +2236,20 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -2251,27 +2257,21 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" @@ -2282,92 +2282,71 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" @@ -2385,21 +2364,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2413,13 +2392,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2430,20 +2409,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -2451,10 +2430,30 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2462,48 +2461,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2511,21 +2564,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -2539,25 +2592,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2567,80 +2609,118 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.048924999999999996 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.048299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-6395", + "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2648,21 +2728,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6395", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2676,25 +2759,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2704,196 +2776,17 @@ }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.047725 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" - ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 8.2, - "exploitabilityScore": 3.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" - } - } - ], - "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:780001ea1a42e8b21b6f25c2a7ec8f0383247d69089019c716e7a7c0993ba62c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, @@ -2906,8 +2799,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -2965,8 +2858,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3057,8 +2950,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3116,8 +3009,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3196,108 +3089,273 @@ }, { "vulnerability": { - "id": "CVE-2025-5914", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", + "id": "CVE-2025-32989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 1.4, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5914", - "epss": 0.00054, - "percentile": 0.17023, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5914", - "cwe": "CWE-415", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.5.3-6.el9_6" + "0:3.8.3-6.el9_6.2" ], "state": "fixed", "available": [ { - "version": "0:3.5.3-6.el9_6", - "date": "2025-08-21", + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:14130", - "link": "https://access.redhat.com/errata/RHSA-2025:14130" + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.03996 + "risk": 0.044289999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5914", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", + "id": "CVE-2025-32989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:14130", - "https://access.redhat.com/errata/RHSA-2025:14135", - "https://access.redhat.com/errata/RHSA-2025:14137", - "https://access.redhat.com/errata/RHSA-2025:14141", - "https://access.redhat.com/errata/RHSA-2025:14142", - "https://access.redhat.com/errata/RHSA-2025:14525", - "https://access.redhat.com/errata/RHSA-2025:14528", - "https://access.redhat.com/errata/RHSA-2025:14594", - "https://access.redhat.com/errata/RHSA-2025:14644", - "https://access.redhat.com/errata/RHSA-2025:14808", - "https://access.redhat.com/errata/RHSA-2025:14810", - "https://access.redhat.com/errata/RHSA-2025:14828", - "https://access.redhat.com/errata/RHSA-2025:15024", - "https://access.redhat.com/errata/RHSA-2025:15397", - "https://access.redhat.com/errata/RHSA-2025:15709", - "https://access.redhat.com/errata/RHSA-2025:15827", - "https://access.redhat.com/errata/RHSA-2025:15828", - "https://access.redhat.com/errata/RHSA-2025:16524", - "https://access.redhat.com/errata/RHSA-2025:18217", - "https://access.redhat.com/errata/RHSA-2025:18218", - "https://access.redhat.com/errata/RHSA-2025:18219", - "https://access.redhat.com/errata/RHSA-2025:19041", - "https://access.redhat.com/errata/RHSA-2025:19046", - "https://access.redhat.com/errata/RHSA-2025:21885", - "https://access.redhat.com/errata/RHSA-2025:21913", - "https://access.redhat.com/security/cve/CVE-2025-5914", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370861", - "https://github.com/libarchive/libarchive/pull/2598", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", + "http://www.openwall.com/lists/oss-security/2025/07/11/3" ], - "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32989", + "cwe": "CWE-295", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-32989", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" + } + } + ], + "artifact": { + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:780001ea1a42e8b21b6f25c2a7ec8f0383247d69089019c716e7a7c0993ba62c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5914", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7.3, + "exploitabilityScore": 1.4, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5914", + "epss": 0.00054, + "percentile": 0.17165, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5914", + "cwe": "CWE-415", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.5.3-6.el9_6" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.5.3-6.el9_6", + "date": "2025-08-21", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:14130", + "link": "https://access.redhat.com/errata/RHSA-2025:14130" + } + ], + "risk": 0.03996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5914", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://access.redhat.com/errata/RHSA-2025:14130", + "https://access.redhat.com/errata/RHSA-2025:14135", + "https://access.redhat.com/errata/RHSA-2025:14137", + "https://access.redhat.com/errata/RHSA-2025:14141", + "https://access.redhat.com/errata/RHSA-2025:14142", + "https://access.redhat.com/errata/RHSA-2025:14525", + "https://access.redhat.com/errata/RHSA-2025:14528", + "https://access.redhat.com/errata/RHSA-2025:14594", + "https://access.redhat.com/errata/RHSA-2025:14644", + "https://access.redhat.com/errata/RHSA-2025:14808", + "https://access.redhat.com/errata/RHSA-2025:14810", + "https://access.redhat.com/errata/RHSA-2025:14828", + "https://access.redhat.com/errata/RHSA-2025:15024", + "https://access.redhat.com/errata/RHSA-2025:15397", + "https://access.redhat.com/errata/RHSA-2025:15709", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:16524", + "https://access.redhat.com/errata/RHSA-2025:18217", + "https://access.redhat.com/errata/RHSA-2025:18218", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:19041", + "https://access.redhat.com/errata/RHSA-2025:19046", + "https://access.redhat.com/errata/RHSA-2025:21885", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/security/cve/CVE-2025-5914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370861", + "https://github.com/libarchive/libarchive/pull/2598", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, @@ -3320,8 +3378,8 @@ { "cve": "CVE-2025-5914", "epss": 0.00054, - "percentile": 0.17023, - "date": "2025-12-15" + "percentile": 0.17165, + "date": "2025-12-21" } ], "cwes": [ @@ -3415,8 +3473,8 @@ { "cve": "CVE-2025-4207", "epss": 0.00067, - "percentile": 0.20798, - "date": "2025-12-15" + "percentile": 0.20933, + "date": "2025-12-21" } ], "cwes": [ @@ -3464,8 +3522,8 @@ { "cve": "CVE-2025-4207", "epss": 0.00067, - "percentile": 0.20798, - "date": "2025-12-15" + "percentile": 0.20933, + "date": "2025-12-21" } ], "cwes": [ @@ -3556,8 +3614,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -3603,8 +3661,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -3672,234 +3730,67 @@ }, { "vulnerability": { - "id": "CVE-2025-6395", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.033925 + "advisories": [], + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6395", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-6395", - "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6395", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" - } - } - ], - "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:780001ea1a42e8b21b6f25c2a7ec8f0383247d69089019c716e7a7c0993ba62c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.03382000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -3912,8 +3803,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ @@ -3981,17 +3872,17 @@ }, { "vulnerability": { - "id": "CVE-2025-32989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4002,88 +3893,66 @@ ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.028325000000000003 + "advisories": [], + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", - "http://www.openwall.com/lists/oss-security/2025/07/11/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4098,24 +3967,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32989", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4129,13 +3995,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4169,8 +4035,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ @@ -4217,8 +4083,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ @@ -4233,7 +4099,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4242,7 +4108,7 @@ }, "package": { "name": "pcre2", - "version": "0:10.40-6.el9" + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -4253,148 +4119,8 @@ } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:780001ea1a42e8b21b6f25c2a7ec8f0383247d69089019c716e7a7c0993ba62c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.025315 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "pcre2", - "version": "10.40-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", "version": "10.40-6.el9", "type": "rpm", "locations": [ @@ -4460,8 +4186,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -4503,8 +4229,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -4598,8 +4324,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -4641,8 +4367,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -4736,8 +4462,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "percentile": 0.21275, + "date": "2025-12-21" } ], "cwes": [ @@ -4785,8 +4511,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "percentile": 0.21275, + "date": "2025-12-21" } ], "cwes": [ @@ -4854,20 +4580,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4875,17 +4601,17 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -4894,59 +4620,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -4954,7 +4667,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4962,21 +4675,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4990,19 +4703,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5035,8 +4743,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -5096,8 +4804,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -5132,8 +4840,8 @@ } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", + "id": "2766c907d423c9ec", + "name": "libgcc", "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ @@ -5151,10 +4859,10 @@ "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { "name": "gcc", @@ -5170,20 +4878,20 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5191,15 +4899,173 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gcc", + "version": "11.5.0-5.el9_5" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:780001ea1a42e8b21b6f25c2a7ec8f0383247d69089019c716e7a7c0993ba62c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00042, + "percentile": 0.12619, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", "cwe": "CWE-364", "source": "secalert@redhat.com", "type": "Secondary" @@ -5235,6 +5101,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -5266,8 +5134,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -5282,7 +5150,280 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "systemd", + "version": "252-51.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" + } + } + ], + "artifact": { + "id": "a8233bfbac39f928", + "name": "systemd-libs", + "version": "252-51.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:780001ea1a42e8b21b6f25c2a7ec8f0383247d69089019c716e7a7c0993ba62c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT" + ], + "cpes": [ + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00034, + "percentile": 0.09506, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.01785 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.8.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.8.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "e47b701147393a78", + "name": "fluent-bit", + "version": "25.8.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:15db47226cd0cd7c410e95e1b63211810bc6bc8538319245d40e8e494039aefd", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.8.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.8.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5290,24 +5431,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.1" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a8233bfbac39f928", - "name": "systemd-libs", - "version": "252-51.el9_6.1", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -5321,25 +5459,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.1" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5349,68 +5476,96 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01955 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5418,18 +5573,24 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5444,21 +5605,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5472,114 +5636,207 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.8.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.8.2" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "e47b701147393a78", - "name": "fluent-bit", - "version": "25.8.2", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:15db47226cd0cd7c410e95e1b63211810bc6bc8538319245d40e8e494039aefd", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:780001ea1a42e8b21b6f25c2a7ec8f0383247d69089019c716e7a7c0993ba62c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.8.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.8.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -5606,9 +5863,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -5638,7 +5895,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -5683,9 +5940,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -5767,260 +6024,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:780001ea1a42e8b21b6f25c2a7ec8f0383247d69089019c716e7a7c0993ba62c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6028,23 +6119,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -6060,24 +6145,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6091,104 +6176,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6205,24 +6256,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -6237,24 +6274,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6268,122 +6302,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6391,25 +6393,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6417,24 +6411,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6451,11 +6442,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6488,8 +6490,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -6542,8 +6544,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -6643,8 +6645,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -6735,8 +6737,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -6785,8 +6787,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -6877,8 +6879,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -6919,8 +6921,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -7014,8 +7016,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -7056,8 +7058,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -7151,8 +7153,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -7213,8 +7215,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -7304,9 +7306,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -7322,7 +7324,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -7357,9 +7359,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -7449,9 +7451,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -7467,7 +7469,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -7502,9 +7504,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -7583,20 +7585,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -7604,16 +7606,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7623,42 +7625,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -7666,16 +7660,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7684,7 +7678,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7692,21 +7686,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -7720,14 +7714,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7737,20 +7742,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7758,73 +7763,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7832,21 +7861,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -7860,19 +7889,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7882,39 +7906,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7922,54 +7946,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7977,21 +8015,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -8005,19 +8043,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8050,8 +8083,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -8098,8 +8131,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -8134,8 +8167,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8153,10 +8186,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8195,8 +8228,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -8243,8 +8276,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -8279,8 +8312,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8295,13 +8328,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8317,39 +8350,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -8357,53 +8390,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -8418,21 +8445,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8446,23 +8473,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8474,20 +8495,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8495,97 +8516,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8593,21 +8590,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8624,11 +8621,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8661,8 +8663,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -8722,8 +8724,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -8814,8 +8816,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -8882,8 +8884,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -8991,8 +8993,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -9053,8 +9055,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -9144,9 +9146,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -9168,7 +9170,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -9214,9 +9216,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -9313,8 +9315,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -9375,8 +9377,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -9467,8 +9469,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -9528,8 +9530,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -9595,109 +9597,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:780001ea1a42e8b21b6f25c2a7ec8f0383247d69089019c716e7a7c0993ba62c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -10051,87 +9950,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.8.2.md b/docs/security/agent/grype-25.8.2.md index 5675b9d..05a60d8 100644 --- a/docs/security/agent/grype-25.8.2.md +++ b/docs/security/agent/grype-25.8.2.md @@ -9,37 +9,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | Medium | -| libpq | 13.20-1.el9_5 | [CVE-2025-4207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4207) | Medium | -| libpq | 13.20-1.el9_5 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-6395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6395) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989) | Medium | -| systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | +| libpq | 13.20-1.el9_5 | [CVE-2025-4207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4207) | Medium | +| libpq | 13.20-1.el9_5 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.8.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-5.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.8.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-5.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-5.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.8.4.json b/docs/security/agent/grype-25.8.4.json index 0152cb4..6ce4f8e 100644 --- a/docs/security/agent/grype-25.8.4.json +++ b/docs/security/agent/grype-25.8.4.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1713,76 +1713,93 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-32990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0759 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.089125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-32990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -1790,35 +1807,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1833,21 +1844,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32990", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -1861,13 +1875,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1878,43 +1892,43 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -1924,28 +1938,20 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.0759 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", @@ -1960,36 +1966,36 @@ "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2006,21 +2012,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2034,13 +2040,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2051,37 +2057,37 @@ }, { "vulnerability": { - "id": "CVE-2025-32990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2105,12 +2111,12 @@ "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.06325 + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ @@ -2122,12 +2128,12 @@ "https://access.redhat.com/errata/RHSA-2025:17415", "https://access.redhat.com/errata/RHSA-2025:19088", "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", "http://www.openwall.com/lists/oss-security/2025/07/11/3", "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", @@ -2145,27 +2151,27 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2188,7 +2194,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32990", + "vulnerabilityID": "CVE-2025-32988", "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" }, "fix": { @@ -2230,20 +2236,20 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -2251,27 +2257,21 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" @@ -2282,92 +2282,71 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" @@ -2385,21 +2364,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2413,13 +2392,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2430,20 +2409,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -2451,10 +2430,30 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2462,48 +2461,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2511,21 +2564,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2539,25 +2592,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2567,80 +2609,118 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.048924999999999996 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.048299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-6395", + "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2648,21 +2728,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6395", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2676,25 +2759,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2704,196 +2776,17 @@ }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.047725 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" - ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 8.2, - "exploitabilityScore": 3.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" - } - } - ], - "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:0eb5d20b2dd38818489a79d48a0bb6d5c357f22db3ba9ae973ab798676877b5b", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, @@ -2906,8 +2799,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -2965,8 +2858,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3057,8 +2950,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3116,8 +3009,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3196,87 +3089,108 @@ }, { "vulnerability": { - "id": "CVE-2025-4207", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4207", + "id": "CVE-2025-32989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4207", - "epss": 0.00067, - "percentile": 0.20798, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-4207", - "cwe": "CWE-126", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.036515 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.044289999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4207", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4207", + "id": "CVE-2025-32989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-4207/", - "http://www.openwall.com/lists/oss-security/2025/05/09/3", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", + "http://www.openwall.com/lists/oss-security/2025/07/11/3" ], - "description": "Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4207", - "epss": 0.00067, - "percentile": 0.20798, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-4207", - "cwe": "CWE-126", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -3292,21 +3206,24 @@ "version": "9.6" }, "package": { - "name": "libpq", - "version": "0:13.20-1.el9_5" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4207", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32989", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "9e9440b1f6d978f7", - "name": "libpq", - "version": "13.20-1.el9_5", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -3320,13 +3237,13 @@ ], "language": "", "licenses": [ - "PostgreSQL" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:libpq:13.20-1.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:libpq:libpq:13.20-1.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libpq@13.20-1.el9_5?arch=x86_64&distro=rhel-9.6&upstream=libpq-13.20-1.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3337,20 +3254,20 @@ }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-12818", + "id": "CVE-2025-4207", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4207", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application segmentation fault or crash when using libpq to connect to a PostgreSQL server.", + "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3358,16 +3275,16 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "cve": "CVE-2025-4207", + "epss": 0.00067, + "percentile": 0.20933, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", + "cve": "CVE-2025-4207", + "cwe": "CWE-126", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } @@ -3377,18 +3294,20 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.035625000000000004 + "risk": 0.036515 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2025-4207", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4207", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://www.postgresql.org/support/security/CVE-2025-4207/", + "http://www.openwall.com/lists/oss-security/2025/05/09/3", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", @@ -3405,16 +3324,16 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "cve": "CVE-2025-4207", + "epss": 0.00067, + "percentile": 0.20933, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", + "cve": "CVE-2025-4207", + "cwe": "CWE-126", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } @@ -3437,7 +3356,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-12818", + "vulnerabilityID": "CVE-2025-4207", "versionConstraint": "none (unknown)" } } @@ -3476,110 +3395,85 @@ }, { "vulnerability": { - "id": "CVE-2025-6395", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", + "id": "CVE-2025-12818", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-12818", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application segmentation fault or crash when using libpq to connect to a PostgreSQL server.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", - "source": "secalert@redhat.com", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.033925 + "advisories": [], + "risk": 0.035625000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6395", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-6395", - "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", - "source": "secalert@redhat.com", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] @@ -3595,24 +3489,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "libpq", + "version": "0:13.20-1.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6395", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "9e9440b1f6d978f7", + "name": "libpq", + "version": "13.20-1.el9_5", "type": "rpm", "locations": [ { @@ -3626,13 +3517,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "PostgreSQL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:libpq:13.20-1.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:libpq:libpq:13.20-1.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libpq@13.20-1.el9_5?arch=x86_64&distro=rhel-9.6&upstream=libpq-13.20-1.el9_5.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3666,8 +3557,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ @@ -3716,8 +3607,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ @@ -3785,17 +3676,17 @@ }, { "vulnerability": { - "id": "CVE-2025-32989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -3806,88 +3697,66 @@ ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.028325000000000003 + "advisories": [], + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", - "http://www.openwall.com/lists/oss-security/2025/07/11/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3902,151 +3771,8 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-32989", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" - } - } - ], - "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:0eb5d20b2dd38818489a79d48a0bb6d5c357f22db3ba9ae973ab798676877b5b", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.025315 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -4113,8 +3839,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ @@ -4161,8 +3887,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ @@ -4264,8 +3990,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -4307,8 +4033,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -4402,8 +4128,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -4445,8 +4171,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -4540,8 +4266,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "percentile": 0.21275, + "date": "2025-12-21" } ], "cwes": [ @@ -4589,8 +4315,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "percentile": 0.21275, + "date": "2025-12-21" } ], "cwes": [ @@ -4658,20 +4384,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4679,17 +4405,17 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -4698,59 +4424,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -4758,7 +4471,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4766,21 +4479,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4794,19 +4507,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4839,8 +4547,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4900,8 +4608,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4936,8 +4644,8 @@ } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", + "id": "2766c907d423c9ec", + "name": "libgcc", "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ @@ -4955,10 +4663,10 @@ "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { "name": "gcc", @@ -4974,20 +4682,20 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4995,10 +4703,168 @@ ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gcc", + "version": "11.5.0-5.el9_5" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:0eb5d20b2dd38818489a79d48a0bb6d5c357f22db3ba9ae973ab798676877b5b", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -5039,6 +4905,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -5070,8 +4938,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -5086,7 +4954,280 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "systemd", + "version": "252-51.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" + } + } + ], + "artifact": { + "id": "a8233bfbac39f928", + "name": "systemd-libs", + "version": "252-51.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:0eb5d20b2dd38818489a79d48a0bb6d5c357f22db3ba9ae973ab798676877b5b", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT" + ], + "cpes": [ + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00034, + "percentile": 0.09506, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.01785 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.8.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.8.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "f505131b29c82dcb", + "name": "fluent-bit", + "version": "25.8.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c82e562732b6ed001db279733b6a8aa6795dd443a0fa668089326a727f14aba2", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.8.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.8.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5094,24 +5235,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.1" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a8233bfbac39f928", - "name": "systemd-libs", - "version": "252-51.el9_6.1", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -5125,25 +5263,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.1" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5153,68 +5280,96 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01955 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5222,18 +5377,24 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5248,21 +5409,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5276,114 +5440,207 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.8.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.8.3" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "f505131b29c82dcb", - "name": "fluent-bit", - "version": "25.8.3", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c82e562732b6ed001db279733b6a8aa6795dd443a0fa668089326a727f14aba2", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:0eb5d20b2dd38818489a79d48a0bb6d5c357f22db3ba9ae973ab798676877b5b", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.8.3:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.8.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -5410,9 +5667,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -5442,7 +5699,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -5487,9 +5744,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -5571,260 +5828,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:0eb5d20b2dd38818489a79d48a0bb6d5c357f22db3ba9ae973ab798676877b5b", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5832,23 +5923,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -5864,24 +5949,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -5895,104 +5980,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6009,24 +6060,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -6041,24 +6078,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6072,122 +6106,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6195,25 +6197,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6221,24 +6215,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6255,11 +6246,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6292,8 +6294,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -6346,8 +6348,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -6447,8 +6449,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -6539,8 +6541,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -6589,8 +6591,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -6681,8 +6683,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -6723,8 +6725,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -6818,8 +6820,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -6860,8 +6862,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -6955,8 +6957,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -7017,8 +7019,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -7108,9 +7110,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -7126,7 +7128,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -7161,9 +7163,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -7253,9 +7255,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -7271,7 +7273,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -7306,9 +7308,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -7387,20 +7389,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -7408,16 +7410,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7427,42 +7429,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -7470,16 +7464,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7488,7 +7482,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7496,21 +7490,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -7524,14 +7518,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7541,20 +7546,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7562,73 +7567,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7636,21 +7665,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7664,19 +7693,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7686,39 +7710,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7726,54 +7750,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7781,21 +7819,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7809,19 +7847,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7854,8 +7887,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7902,8 +7935,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7938,8 +7971,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7957,10 +7990,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7999,8 +8032,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -8047,8 +8080,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -8083,8 +8116,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8099,13 +8132,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8121,39 +8154,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -8161,53 +8194,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -8222,21 +8249,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8250,23 +8277,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8278,20 +8299,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8299,97 +8320,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8397,21 +8394,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8428,11 +8425,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8465,8 +8467,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -8526,8 +8528,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -8618,8 +8620,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -8686,8 +8688,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -8795,8 +8797,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -8857,8 +8859,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -8948,9 +8950,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8972,7 +8974,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -9018,9 +9020,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -9117,8 +9119,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -9179,8 +9181,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -9271,8 +9273,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -9332,8 +9334,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -9399,109 +9401,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:0eb5d20b2dd38818489a79d48a0bb6d5c357f22db3ba9ae973ab798676877b5b", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -9855,87 +9754,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.8.4.md b/docs/security/agent/grype-25.8.4.md index f85faae..39d025c 100644 --- a/docs/security/agent/grype-25.8.4.md +++ b/docs/security/agent/grype-25.8.4.md @@ -8,37 +8,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | Medium | -| libpq | 13.20-1.el9_5 | [CVE-2025-4207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4207) | Medium | -| libpq | 13.20-1.el9_5 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-6395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6395) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989) | Medium | -| systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | +| libpq | 13.20-1.el9_5 | [CVE-2025-4207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4207) | Medium | +| libpq | 13.20-1.el9_5 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.8.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.8.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.9.1.json b/docs/security/agent/grype-25.9.1.json index 7a18ff5..d22644a 100644 --- a/docs/security/agent/grype-25.9.1.json +++ b/docs/security/agent/grype-25.9.1.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1713,76 +1713,93 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-32990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0759 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.089125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-32990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -1790,35 +1807,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1833,21 +1844,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32990", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -1861,13 +1875,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1878,43 +1892,43 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -1924,28 +1938,20 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.0759 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", @@ -1960,36 +1966,36 @@ "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2006,21 +2012,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2034,13 +2040,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2051,37 +2057,37 @@ }, { "vulnerability": { - "id": "CVE-2025-32990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2105,12 +2111,12 @@ "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.06325 + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ @@ -2122,12 +2128,12 @@ "https://access.redhat.com/errata/RHSA-2025:17415", "https://access.redhat.com/errata/RHSA-2025:19088", "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", "http://www.openwall.com/lists/oss-security/2025/07/11/3", "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", @@ -2145,27 +2151,27 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2188,7 +2194,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32990", + "vulnerabilityID": "CVE-2025-32988", "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" }, "fix": { @@ -2230,20 +2236,20 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -2251,27 +2257,21 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" @@ -2282,92 +2282,71 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" @@ -2385,21 +2364,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2413,13 +2392,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2430,20 +2409,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -2451,10 +2430,30 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2462,48 +2461,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2511,21 +2564,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2539,25 +2592,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2567,80 +2609,118 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.048924999999999996 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.048299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-6395", + "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2648,21 +2728,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6395", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2676,25 +2759,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2704,196 +2776,17 @@ }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.047725 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" - ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 8.2, - "exploitabilityScore": 3.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" - } - } - ], - "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:edd45c7762182a07027035e2eb9b73574f64ed728decb7abff3b667f77c65985", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, @@ -2906,8 +2799,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -2965,8 +2858,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3057,8 +2950,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3116,8 +3009,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3196,37 +3089,37 @@ }, { "vulnerability": { - "id": "CVE-2025-6395", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", + "id": "CVE-2025-32989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } @@ -3250,12 +3143,12 @@ "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.033925 + "risk": 0.044289999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6395", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", + "id": "CVE-2025-32989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ @@ -3264,41 +3157,39 @@ "https://access.redhat.com/errata/RHSA-2025:17181", "https://access.redhat.com/errata/RHSA-2025:17348", "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", "https://access.redhat.com/errata/RHSA-2025:19088", "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-6395", - "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://access.redhat.com/security/cve/CVE-2025-32989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", + "http://www.openwall.com/lists/oss-security/2025/07/11/3" ], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } @@ -3321,7 +3212,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6395", + "vulnerabilityID": "CVE-2025-32989", "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" }, "fix": { @@ -3386,8 +3277,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ @@ -3436,8 +3327,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ @@ -3505,17 +3396,17 @@ }, { "vulnerability": { - "id": "CVE-2025-32989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -3526,188 +3417,23 @@ ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.028325000000000003 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-32989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", - "http://www.openwall.com/lists/oss-security/2025/07/11/3" - ], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-32989", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" - } - } - ], - "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:edd45c7762182a07027035e2eb9b73574f64ed728decb7abff3b667f77c65985", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" + "versions": [], + "state": "not-fixed" }, "advisories": [], "risk": 0.025315 @@ -3741,8 +3467,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ @@ -3833,8 +3559,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ @@ -3881,8 +3607,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ @@ -3984,8 +3710,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -4027,8 +3753,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -4122,8 +3848,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -4165,8 +3891,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -4260,8 +3986,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "percentile": 0.21275, + "date": "2025-12-21" } ], "cwes": [ @@ -4309,8 +4035,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "percentile": 0.21275, + "date": "2025-12-21" } ], "cwes": [ @@ -4378,20 +4104,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4399,17 +4125,17 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -4418,59 +4144,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -4478,7 +4191,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4486,21 +4199,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4514,19 +4227,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4559,8 +4267,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4620,8 +4328,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4656,8 +4364,8 @@ } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", + "id": "2766c907d423c9ec", + "name": "libgcc", "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ @@ -4675,10 +4383,10 @@ "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { "name": "gcc", @@ -4694,10 +4402,168 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gcc", + "version": "11.5.0-5.el9_5" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:edd45c7762182a07027035e2eb9b73574f64ed728decb7abff3b667f77c65985", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", "urls": [], "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ @@ -4717,8 +4583,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4759,6 +4625,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4790,8 +4658,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4806,7 +4674,280 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "systemd", + "version": "252-51.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" + } + } + ], + "artifact": { + "id": "a8233bfbac39f928", + "name": "systemd-libs", + "version": "252-51.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:edd45c7762182a07027035e2eb9b73574f64ed728decb7abff3b667f77c65985", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT" + ], + "cpes": [ + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00034, + "percentile": 0.09506, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.01785 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.9.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "7ec05d44026a65c9", + "name": "fluent-bit", + "version": "25.9.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8442b5a44d28024b94dff946aede2c517c658b384710f936c677e1d4568a8960", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.9.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4814,24 +4955,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.1" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a8233bfbac39f928", - "name": "systemd-libs", - "version": "252-51.el9_6.1", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -4845,25 +4983,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.1" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4873,68 +5000,96 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01955 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4942,18 +5097,24 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4968,21 +5129,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4996,114 +5160,207 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.9.1" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "7ec05d44026a65c9", - "name": "fluent-bit", - "version": "25.9.1", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8442b5a44d28024b94dff946aede2c517c658b384710f936c677e1d4568a8960", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:edd45c7762182a07027035e2eb9b73574f64ed728decb7abff3b667f77c65985", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.9.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -5130,9 +5387,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -5162,7 +5419,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -5207,9 +5464,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -5291,260 +5548,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:edd45c7762182a07027035e2eb9b73574f64ed728decb7abff3b667f77c65985", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5552,23 +5643,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -5584,24 +5669,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -5615,104 +5700,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5729,24 +5780,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -5761,24 +5798,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5792,122 +5826,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5915,25 +5917,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5941,24 +5935,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5975,11 +5966,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6012,8 +6014,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -6066,8 +6068,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -6167,8 +6169,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -6259,8 +6261,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -6309,8 +6311,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -6401,8 +6403,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -6443,8 +6445,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -6538,8 +6540,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -6580,8 +6582,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -6675,8 +6677,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6737,8 +6739,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6828,9 +6830,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6846,7 +6848,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6881,9 +6883,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6973,9 +6975,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6991,7 +6993,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -7026,9 +7028,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -7107,20 +7109,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -7128,16 +7130,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7147,42 +7149,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -7190,16 +7184,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7208,7 +7202,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7216,21 +7210,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -7244,14 +7238,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7261,20 +7266,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7282,73 +7287,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7356,21 +7385,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7384,19 +7413,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7406,39 +7430,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7446,54 +7470,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7501,21 +7539,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7529,19 +7567,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7574,8 +7607,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7622,8 +7655,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7658,8 +7691,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7677,10 +7710,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7719,8 +7752,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7767,8 +7800,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7803,8 +7836,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7819,13 +7852,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7841,39 +7874,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7881,53 +7914,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -7942,21 +7969,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7970,23 +7997,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7998,20 +8019,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8019,97 +8040,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8117,21 +8114,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8148,11 +8145,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8185,8 +8187,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -8246,8 +8248,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -8338,8 +8340,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -8406,8 +8408,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -8515,8 +8517,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -8577,8 +8579,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -8668,9 +8670,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8692,7 +8694,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -8738,9 +8740,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8837,8 +8839,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8899,8 +8901,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8991,8 +8993,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -9052,8 +9054,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -9119,109 +9121,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:edd45c7762182a07027035e2eb9b73574f64ed728decb7abff3b667f77c65985", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -9575,87 +9474,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.9.1.md b/docs/security/agent/grype-25.9.1.md index 469b2f5..a231f1c 100644 --- a/docs/security/agent/grype-25.9.1.md +++ b/docs/security/agent/grype-25.9.1.md @@ -8,35 +8,34 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-6395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6395) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989) | Medium | -| systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.9.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.9.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.9.2.json b/docs/security/agent/grype-25.9.2.json index a6d2b5f..6328185 100644 --- a/docs/security/agent/grype-25.9.2.json +++ b/docs/security/agent/grype-25.9.2.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1713,76 +1713,93 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-32990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0759 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.089125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-32990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -1790,35 +1807,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1833,21 +1844,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32990", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -1861,13 +1875,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1878,43 +1892,43 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -1924,28 +1938,20 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.0759 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", @@ -1960,36 +1966,36 @@ "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2006,21 +2012,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2034,13 +2040,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2051,37 +2057,37 @@ }, { "vulnerability": { - "id": "CVE-2025-32990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2105,12 +2111,12 @@ "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.06325 + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ @@ -2122,12 +2128,12 @@ "https://access.redhat.com/errata/RHSA-2025:17415", "https://access.redhat.com/errata/RHSA-2025:19088", "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", "http://www.openwall.com/lists/oss-security/2025/07/11/3", "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", @@ -2145,27 +2151,27 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2188,7 +2194,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32990", + "vulnerabilityID": "CVE-2025-32988", "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" }, "fix": { @@ -2230,20 +2236,20 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -2251,27 +2257,21 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" @@ -2282,92 +2282,71 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" @@ -2385,21 +2364,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2413,13 +2392,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2430,20 +2409,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -2451,10 +2430,30 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2462,48 +2461,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2511,21 +2564,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2539,25 +2592,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2567,80 +2609,118 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.048924999999999996 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.048299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-6395", + "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2648,21 +2728,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6395", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2676,25 +2759,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2704,196 +2776,17 @@ }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.047725 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" - ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 8.2, - "exploitabilityScore": 3.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" - } - } - ], - "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:31a5b734e9d4104fb0b3d7e1a5c0073993812555c6fb7ab75c73300346a1cc7e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, @@ -2906,8 +2799,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -2965,8 +2858,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3057,8 +2950,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3116,8 +3009,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3196,37 +3089,37 @@ }, { "vulnerability": { - "id": "CVE-2025-6395", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", + "id": "CVE-2025-32989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } @@ -3250,12 +3143,12 @@ "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.033925 + "risk": 0.044289999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6395", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", + "id": "CVE-2025-32989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ @@ -3264,41 +3157,39 @@ "https://access.redhat.com/errata/RHSA-2025:17181", "https://access.redhat.com/errata/RHSA-2025:17348", "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", "https://access.redhat.com/errata/RHSA-2025:19088", "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-6395", - "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://access.redhat.com/security/cve/CVE-2025-32989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", + "http://www.openwall.com/lists/oss-security/2025/07/11/3" ], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } @@ -3321,7 +3212,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6395", + "vulnerabilityID": "CVE-2025-32989", "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" }, "fix": { @@ -3386,8 +3277,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ @@ -3436,8 +3327,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ @@ -3505,17 +3396,17 @@ }, { "vulnerability": { - "id": "CVE-2025-32989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -3526,188 +3417,23 @@ ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.028325000000000003 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-32989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", - "http://www.openwall.com/lists/oss-security/2025/07/11/3" - ], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-32989", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" - } - } - ], - "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:31a5b734e9d4104fb0b3d7e1a5c0073993812555c6fb7ab75c73300346a1cc7e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" + "versions": [], + "state": "not-fixed" }, "advisories": [], "risk": 0.025315 @@ -3741,8 +3467,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ @@ -3833,8 +3559,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ @@ -3881,8 +3607,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ @@ -3984,8 +3710,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -4027,8 +3753,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -4122,8 +3848,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -4165,8 +3891,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -4260,8 +3986,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "percentile": 0.21275, + "date": "2025-12-21" } ], "cwes": [ @@ -4309,8 +4035,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "percentile": 0.21275, + "date": "2025-12-21" } ], "cwes": [ @@ -4378,20 +4104,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4399,17 +4125,17 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -4418,59 +4144,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -4478,7 +4191,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4486,21 +4199,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4514,19 +4227,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4559,8 +4267,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4620,8 +4328,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4656,8 +4364,8 @@ } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", + "id": "2766c907d423c9ec", + "name": "libgcc", "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ @@ -4675,10 +4383,10 @@ "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { "name": "gcc", @@ -4694,10 +4402,168 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gcc", + "version": "11.5.0-5.el9_5" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:31a5b734e9d4104fb0b3d7e1a5c0073993812555c6fb7ab75c73300346a1cc7e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", "urls": [], "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ @@ -4717,8 +4583,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4759,6 +4625,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4790,8 +4658,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4806,7 +4674,280 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "systemd", + "version": "252-51.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" + } + } + ], + "artifact": { + "id": "a8233bfbac39f928", + "name": "systemd-libs", + "version": "252-51.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:31a5b734e9d4104fb0b3d7e1a5c0073993812555c6fb7ab75c73300346a1cc7e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT" + ], + "cpes": [ + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00034, + "percentile": 0.09506, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.01785 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.9.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "58af988a1255396e", + "name": "fluent-bit", + "version": "25.9.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:90bec9ed97aa346515702a2197a2da4cda02cac9278d78746f60f22f58f5da88", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.9.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4814,24 +4955,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.1" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a8233bfbac39f928", - "name": "systemd-libs", - "version": "252-51.el9_6.1", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -4845,25 +4983,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.1" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4873,68 +5000,96 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01955 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4942,18 +5097,24 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4968,21 +5129,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4996,114 +5160,207 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.9.1" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "58af988a1255396e", - "name": "fluent-bit", - "version": "25.9.1", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:90bec9ed97aa346515702a2197a2da4cda02cac9278d78746f60f22f58f5da88", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:31a5b734e9d4104fb0b3d7e1a5c0073993812555c6fb7ab75c73300346a1cc7e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.9.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -5130,9 +5387,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -5162,7 +5419,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -5207,9 +5464,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -5291,260 +5548,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:31a5b734e9d4104fb0b3d7e1a5c0073993812555c6fb7ab75c73300346a1cc7e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5552,23 +5643,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -5584,24 +5669,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -5615,104 +5700,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5729,24 +5780,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -5761,24 +5798,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5792,122 +5826,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5915,25 +5917,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5941,24 +5935,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5975,11 +5966,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6012,8 +6014,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -6066,8 +6068,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -6167,8 +6169,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -6259,8 +6261,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -6309,8 +6311,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -6401,8 +6403,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -6443,8 +6445,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -6538,8 +6540,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -6580,8 +6582,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -6675,8 +6677,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6737,8 +6739,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6828,9 +6830,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6846,7 +6848,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6881,9 +6883,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6973,9 +6975,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6991,7 +6993,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -7026,9 +7028,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -7107,20 +7109,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -7128,16 +7130,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7147,42 +7149,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -7190,16 +7184,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7208,7 +7202,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7216,21 +7210,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -7244,14 +7238,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7261,20 +7266,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7282,73 +7287,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7356,21 +7385,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7384,19 +7413,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7406,39 +7430,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7446,54 +7470,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7501,21 +7539,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7529,19 +7567,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7574,8 +7607,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7622,8 +7655,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7658,8 +7691,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7677,10 +7710,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7719,8 +7752,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7767,8 +7800,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7803,8 +7836,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7819,13 +7852,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7841,39 +7874,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7881,53 +7914,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -7942,21 +7969,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7970,23 +7997,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7998,20 +8019,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8019,97 +8040,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8117,21 +8114,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8148,11 +8145,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8185,8 +8187,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -8246,8 +8248,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -8338,8 +8340,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -8406,8 +8408,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -8515,8 +8517,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -8577,8 +8579,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -8668,9 +8670,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8692,7 +8694,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -8738,9 +8740,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8837,8 +8839,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8899,8 +8901,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8991,8 +8993,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -9052,8 +9054,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -9119,109 +9121,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:31a5b734e9d4104fb0b3d7e1a5c0073993812555c6fb7ab75c73300346a1cc7e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -9575,87 +9474,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.9.2.md b/docs/security/agent/grype-25.9.2.md index bb765d3..df9548c 100644 --- a/docs/security/agent/grype-25.9.2.md +++ b/docs/security/agent/grype-25.9.2.md @@ -8,35 +8,34 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-6395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6395) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989) | Medium | -| systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.9.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.9.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.9.3.json b/docs/security/agent/grype-25.9.3.json index 8b78611..3a0c3b1 100644 --- a/docs/security/agent/grype-25.9.3.json +++ b/docs/security/agent/grype-25.9.3.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1713,76 +1713,93 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-32990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0759 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.089125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-32990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -1790,35 +1807,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "cve": "CVE-2025-32990", + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-32990", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1833,21 +1844,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32990", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -1861,13 +1875,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1878,43 +1892,43 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -1924,28 +1938,20 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.0759 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", @@ -1960,36 +1966,36 @@ "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "cve": "CVE-2023-32636", + "epss": 0.00165, + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2006,21 +2012,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2034,13 +2040,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2051,37 +2057,37 @@ }, { "vulnerability": { - "id": "CVE-2025-32990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2105,12 +2111,12 @@ "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.06325 + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ @@ -2122,12 +2128,12 @@ "https://access.redhat.com/errata/RHSA-2025:17415", "https://access.redhat.com/errata/RHSA-2025:19088", "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359620", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", "http://www.openwall.com/lists/oss-security/2025/07/11/3", "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", @@ -2145,27 +2151,27 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32990", - "cwe": "CWE-122", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2188,7 +2194,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32990", + "vulnerabilityID": "CVE-2025-32988", "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" }, "fix": { @@ -2230,20 +2236,20 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -2251,27 +2257,21 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" @@ -2282,92 +2282,71 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", - "source": "cna@vuldb.com", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-1632", + "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" @@ -2385,21 +2364,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2413,13 +2392,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2430,20 +2409,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -2451,10 +2430,30 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2462,48 +2461,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2511,21 +2564,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2539,25 +2592,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2567,80 +2609,118 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.048924999999999996 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.048299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-6395", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-6395", + "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6395", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2648,21 +2728,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6395", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2676,25 +2759,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2704,196 +2776,17 @@ }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.047725 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" - ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 8.2, - "exploitabilityScore": 3.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" - } - } - ], - "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:de18c09dd5fcfc989af528cd3e121a5e6b07cce0fbd4d56e9fe657c716887cd6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, @@ -2906,8 +2799,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -2965,8 +2858,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3057,8 +2950,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3116,8 +3009,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "percentile": 0.32322, + "date": "2025-12-21" } ], "cwes": [ @@ -3196,37 +3089,37 @@ }, { "vulnerability": { - "id": "CVE-2025-6395", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6395", + "id": "CVE-2025-32989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } @@ -3250,12 +3143,12 @@ "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.033925 + "risk": 0.044289999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6395", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", + "id": "CVE-2025-32989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ @@ -3264,41 +3157,39 @@ "https://access.redhat.com/errata/RHSA-2025:17181", "https://access.redhat.com/errata/RHSA-2025:17348", "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", "https://access.redhat.com/errata/RHSA-2025:19088", "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-6395", - "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://access.redhat.com/security/cve/CVE-2025-32989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", + "http://www.openwall.com/lists/oss-security/2025/07/11/3" ], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } @@ -3321,7 +3212,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6395", + "vulnerabilityID": "CVE-2025-32989", "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" }, "fix": { @@ -3386,8 +3277,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ @@ -3436,8 +3327,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ @@ -3505,17 +3396,17 @@ }, { "vulnerability": { - "id": "CVE-2025-32989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -3526,188 +3417,23 @@ ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.028325000000000003 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-32989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", - "http://www.openwall.com/lists/oss-security/2025/07/11/3" - ], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-32989", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" - } - } - ], - "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:de18c09dd5fcfc989af528cd3e121a5e6b07cce0fbd4d56e9fe657c716887cd6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" + "versions": [], + "state": "not-fixed" }, "advisories": [], "risk": 0.025315 @@ -3741,8 +3467,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ @@ -3833,8 +3559,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ @@ -3881,8 +3607,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ @@ -3984,8 +3710,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -4027,8 +3753,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -4122,8 +3848,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -4165,8 +3891,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -4260,8 +3986,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "percentile": 0.21275, + "date": "2025-12-21" } ], "cwes": [ @@ -4309,8 +4035,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "percentile": 0.21275, + "date": "2025-12-21" } ], "cwes": [ @@ -4378,20 +4104,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4399,17 +4125,17 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -4418,59 +4144,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -4478,7 +4191,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4486,21 +4199,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4514,19 +4227,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4559,8 +4267,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4620,8 +4328,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4656,8 +4364,8 @@ } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", + "id": "2766c907d423c9ec", + "name": "libgcc", "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ @@ -4675,10 +4383,10 @@ "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { "name": "gcc", @@ -4694,10 +4402,168 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gcc", + "version": "11.5.0-5.el9_5" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:de18c09dd5fcfc989af528cd3e121a5e6b07cce0fbd4d56e9fe657c716887cd6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", "urls": [], "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ @@ -4717,8 +4583,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4759,6 +4625,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4790,8 +4658,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4806,7 +4674,280 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "systemd", + "version": "252-51.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" + } + } + ], + "artifact": { + "id": "a8233bfbac39f928", + "name": "systemd-libs", + "version": "252-51.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:de18c09dd5fcfc989af528cd3e121a5e6b07cce0fbd4d56e9fe657c716887cd6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT" + ], + "cpes": [ + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00034, + "percentile": 0.09506, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.01785 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.9.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.9.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "893c087a71570293", + "name": "fluent-bit", + "version": "25.9.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8433e8dc9fa8d345e683f2ad359bc76a41d7c8b7dd728c394c696f765a13dd2e", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.9.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.9.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4814,24 +4955,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.1" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a8233bfbac39f928", - "name": "systemd-libs", - "version": "252-51.el9_6.1", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -4845,25 +4983,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.1" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4873,68 +5000,96 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01955 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4942,18 +5097,24 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4968,21 +5129,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4996,114 +5160,207 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.9.3" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "893c087a71570293", - "name": "fluent-bit", - "version": "25.9.3", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8433e8dc9fa8d345e683f2ad359bc76a41d7c8b7dd728c394c696f765a13dd2e", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:de18c09dd5fcfc989af528cd3e121a5e6b07cce0fbd4d56e9fe657c716887cd6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.3:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.9.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -5130,9 +5387,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -5162,7 +5419,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -5207,9 +5464,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -5291,260 +5548,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:de18c09dd5fcfc989af528cd3e121a5e6b07cce0fbd4d56e9fe657c716887cd6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5552,23 +5643,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -5584,24 +5669,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -5615,104 +5700,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5729,24 +5780,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -5761,24 +5798,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5792,122 +5826,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5915,25 +5917,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5941,24 +5935,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5975,11 +5966,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6012,8 +6014,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -6066,8 +6068,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -6167,8 +6169,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -6259,8 +6261,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -6309,8 +6311,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -6401,8 +6403,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -6443,8 +6445,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -6538,8 +6540,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -6580,8 +6582,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -6675,8 +6677,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6737,8 +6739,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6828,9 +6830,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6846,7 +6848,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6881,9 +6883,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6973,9 +6975,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6991,7 +6993,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -7026,9 +7028,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -7107,20 +7109,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -7128,16 +7130,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7147,42 +7149,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -7190,16 +7184,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7208,7 +7202,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7216,21 +7210,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -7244,14 +7238,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7261,20 +7266,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7282,73 +7287,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7356,21 +7385,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7384,19 +7413,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7406,39 +7430,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7446,54 +7470,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7501,21 +7539,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7529,19 +7567,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7574,8 +7607,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7622,8 +7655,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7658,8 +7691,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7677,10 +7710,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7719,8 +7752,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7767,8 +7800,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7803,8 +7836,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7819,13 +7852,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7841,39 +7874,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7881,53 +7914,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -7942,21 +7969,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7970,23 +7997,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7998,20 +8019,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8019,97 +8040,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8117,21 +8114,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8148,11 +8145,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8185,8 +8187,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -8246,8 +8248,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -8338,8 +8340,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -8406,8 +8408,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -8515,8 +8517,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -8577,8 +8579,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -8668,9 +8670,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8692,7 +8694,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -8738,9 +8740,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8837,8 +8839,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8899,8 +8901,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8991,8 +8993,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -9052,8 +9054,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -9119,109 +9121,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:de18c09dd5fcfc989af528cd3e121a5e6b07cce0fbd4d56e9fe657c716887cd6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -9580,87 +9479,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.9.3.md b/docs/security/agent/grype-25.9.3.md index f61d563..a2e2086 100644 --- a/docs/security/agent/grype-25.9.3.md +++ b/docs/security/agent/grype-25.9.3.md @@ -8,35 +8,34 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-6395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6395) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989) | Medium | -| systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.9.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.9.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.9.4.json b/docs/security/agent/grype-25.9.4.json index 2199b0b..4b46264 100644 --- a/docs/security/agent/grype-25.9.4.json +++ b/docs/security/agent/grype-25.9.4.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1736,8 +1736,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1901,8 +1901,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1976,8 +1976,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -2073,9 +2073,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2103,7 +2103,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2169,9 +2169,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2251,31 +2251,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2283,48 +2291,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2332,21 +2357,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2360,59 +2385,56 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2420,41 +2442,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2469,21 +2508,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2497,48 +2536,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2546,18 +2585,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2565,58 +2604,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2631,21 +2661,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2659,56 +2689,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2716,65 +2746,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2782,21 +2801,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2810,65 +2829,54 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2878,30 +2886,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2909,16 +2915,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2927,7 +2933,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2935,21 +2941,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2963,14 +2969,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2980,39 +2997,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3020,28 +3029,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3049,25 +3061,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3075,21 +3079,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3103,14 +3107,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3120,39 +3135,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3160,28 +3167,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3189,18 +3199,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3215,21 +3217,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3243,23 +3245,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3271,31 +3273,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3303,49 +3313,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3353,21 +3369,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3381,25 +3397,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3409,12 +3414,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3430,10 +3435,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3441,25 +3454,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3473,17 +3483,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3491,21 +3509,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3519,25 +3537,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3547,39 +3554,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3587,159 +3594,18 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.022779999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:31c1d80278b580350ac8dcff6fe6fff4776f3eaaed9a4d70f5626a0a79f96cb2", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ @@ -3772,8 +3638,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3869,8 +3735,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3930,8 +3796,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4027,8 +3893,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4069,6 +3935,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4100,8 +3968,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4183,20 +4051,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4204,115 +4075,231 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01955 + "risk": 0.01785 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.9.4:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.9.4" + } }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "7faadc7dc528bd4d", + "name": "fluent-bit", + "version": "25.9.4", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:31c1d80278b580350ac8dcff6fe6fff4776f3eaaed9a4d70f5626a0a79f96cb2", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:03fc448e5d6d708cd04f10e80a7b55f1d073a9fc4614adffa1802d4f415756eb", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.9.4:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:github/fluent/fluent-bit@25.9.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:31c1d80278b580350ac8dcff6fe6fff4776f3eaaed9a4d70f5626a0a79f96cb2", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4323,97 +4310,367 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:31c1d80278b580350ac8dcff6fe6fff4776f3eaaed9a4d70f5626a0a79f96cb2", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.4:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.9.4" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "7faadc7dc528bd4d", - "name": "fluent-bit", - "version": "25.9.4", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:03fc448e5d6d708cd04f10e80a7b55f1d073a9fc4614adffa1802d4f415756eb", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:31c1d80278b580350ac8dcff6fe6fff4776f3eaaed9a4d70f5626a0a79f96cb2", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.4:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.9.4", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -4440,9 +4697,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4472,7 +4729,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -4517,9 +4774,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4601,260 +4858,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:31c1d80278b580350ac8dcff6fe6fff4776f3eaaed9a4d70f5626a0a79f96cb2", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,23 +4953,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -4894,24 +4979,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4925,104 +5010,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5039,24 +5090,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -5071,24 +5108,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5102,122 +5136,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5225,25 +5227,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5251,24 +5245,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5285,11 +5276,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5322,8 +5324,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5376,8 +5378,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5477,8 +5479,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5569,8 +5571,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5619,8 +5621,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5711,8 +5713,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5753,8 +5755,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5848,8 +5850,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5890,8 +5892,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5985,8 +5987,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6047,8 +6049,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6138,9 +6140,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6156,7 +6158,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6191,9 +6193,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6283,9 +6285,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6301,7 +6303,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6336,9 +6338,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6417,20 +6419,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6438,16 +6440,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6457,42 +6459,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6500,16 +6494,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6518,7 +6512,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6526,21 +6520,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6554,14 +6548,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6571,20 +6576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6592,73 +6597,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6666,21 +6695,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6694,19 +6723,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6716,39 +6740,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6756,54 +6780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6811,21 +6849,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6839,19 +6877,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6884,8 +6917,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6932,8 +6965,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6968,8 +7001,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6987,10 +7020,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7029,8 +7062,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7077,8 +7110,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,8 +7146,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7129,13 +7162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7151,39 +7184,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7191,53 +7224,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -7252,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7280,23 +7307,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7308,20 +7329,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7329,97 +7350,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7427,21 +7424,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7458,11 +7455,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7495,8 +7497,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7556,8 +7558,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7648,8 +7650,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7716,8 +7718,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7825,8 +7827,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7887,8 +7889,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7978,9 +7980,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8002,7 +8004,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -8048,9 +8050,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8147,8 +8149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8209,8 +8211,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8301,8 +8303,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8362,8 +8364,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8429,109 +8431,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:31c1d80278b580350ac8dcff6fe6fff4776f3eaaed9a4d70f5626a0a79f96cb2", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -8890,87 +8789,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.9.4.md b/docs/security/agent/grype-25.9.4.md index 6ce951e..dff2c98 100644 --- a/docs/security/agent/grype-25.9.4.md +++ b/docs/security/agent/grype-25.9.4.md @@ -7,32 +7,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.9.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.9.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-25.9.5.json b/docs/security/agent/grype-25.9.5.json index 270f5c2..2588a32 100644 --- a/docs/security/agent/grype-25.9.5.json +++ b/docs/security/agent/grype-25.9.5.json @@ -2,112 +2,109 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 3.6, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2:4.9-15.el9" + ], + "state": "fixed", + "available": [ + { + "version": "2:4.9-15.el9", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 1.67826 + "advisories": [ + { + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" + } + ], + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89433, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -115,21 +112,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" + }, + "fix": { + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -143,140 +143,118 @@ ], "language": "", "licenses": [ - "MIT" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 1.67826 + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.04044, - "percentile": 0.88119, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -284,21 +262,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -312,129 +290,104 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "2:4.9-15.el9" - ], - "state": "fixed", - "available": [ - { - "version": "2:4.9-15.el9", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" - } - ], - "risk": 1.6744199999999998 + "advisories": [], + "risk": 0.4165200000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89421, - "date": "2025-12-15" + "cve": "CVE-2024-41996", + "epss": 0.00936, + "percentile": 0.75591, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -442,7 +395,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -450,24 +403,21 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" - }, - "fix": { - "suggestedVersion": "2:4.9-15.el9" + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -481,23 +431,28 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": 1, "modularityLabel": "" } } @@ -527,8 +482,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -583,8 +538,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74212, - "date": "2025-12-15" + "percentile": 0.74262, + "date": "2025-12-21" } ], "cwes": [ @@ -652,95 +607,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -748,21 +720,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -776,105 +748,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.30705000000000005 + "risk": 0.33034 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.0069, - "percentile": 0.71123, - "date": "2025-12-15" + "cve": "CVE-2024-7264", + "epss": 0.00796, + "percentile": 0.73414, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -889,21 +889,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -917,28 +917,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -968,8 +968,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1039,8 +1039,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1142,8 +1142,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1213,8 +1213,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68138, - "date": "2025-12-15" + "percentile": 0.6819, + "date": "2025-12-21" } ], "cwes": [ @@ -1316,8 +1316,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1361,8 +1361,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1456,8 +1456,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ], "fix": { @@ -1501,8 +1501,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.55984, - "date": "2025-12-15" + "percentile": 0.5603, + "date": "2025-12-21" } ] } @@ -1595,9 +1595,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1613,7 +1613,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.10441 + "risk": 0.13727 }, "relatedVulnerabilities": [ { @@ -1643,9 +1643,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00197, - "percentile": 0.41841, - "date": "2025-12-15" + "epss": 0.00259, + "percentile": 0.49067, + "date": "2025-12-21" } ], "cwes": [ @@ -1736,8 +1736,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00165, - "percentile": 0.38035, - "date": "2025-12-15" + "percentile": 0.38102, + "date": "2025-12-21" } ], "cwes": [ @@ -1901,8 +1901,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -1976,8 +1976,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44238, - "date": "2025-12-15" + "percentile": 0.44306, + "date": "2025-12-21" } ], "cwes": [ @@ -2073,9 +2073,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2103,7 +2103,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.05921999999999999 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { @@ -2169,9 +2169,9 @@ "epss": [ { "cve": "CVE-2025-1632", - "epss": 0.00188, - "percentile": 0.40856, - "date": "2025-12-15" + "epss": 0.00198, + "percentile": 0.4215, + "date": "2025-12-21" } ], "cwes": [ @@ -2251,31 +2251,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2283,48 +2291,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2332,21 +2357,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2360,59 +2385,56 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2420,41 +2442,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32322, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2469,21 +2508,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2497,48 +2536,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2546,18 +2585,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2565,58 +2604,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23222, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2631,21 +2661,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2659,56 +2689,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2716,65 +2746,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.3226, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2782,21 +2801,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2810,65 +2829,54 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2878,30 +2886,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2909,16 +2915,16 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2314, - "date": "2025-12-15" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.19218, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -2927,7 +2933,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2935,21 +2941,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -2963,14 +2969,25 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2980,39 +2997,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3020,28 +3029,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3049,25 +3061,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3075,21 +3079,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3103,14 +3107,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3120,39 +3135,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ], "fix": { @@ -3160,28 +3167,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3189,18 +3199,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19053, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15984, + "date": "2025-12-21" } ] } @@ -3215,21 +3217,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3243,23 +3245,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3271,31 +3273,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3303,49 +3313,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.022779999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-3360", + "epss": 0.00068, + "percentile": 0.21275, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3353,21 +3369,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3381,25 +3397,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3409,12 +3414,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3430,10 +3435,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3441,25 +3454,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -3473,17 +3483,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15825, - "date": "2025-12-15" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10721, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3491,21 +3509,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3519,25 +3537,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3547,39 +3554,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3587,159 +3594,18 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.022779999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" - ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3360", - "epss": 0.00068, - "percentile": 0.21148, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:fccb81fb540d5b4e467b87b6d604c622913310c0660cbde4906373164f0362a6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ @@ -3772,8 +3638,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3869,8 +3735,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -3930,8 +3796,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -4027,8 +3893,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4069,6 +3935,8 @@ "urls": [ "https://access.redhat.com/errata/RHSA-2025:22660", "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4100,8 +3968,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00042, - "percentile": 0.12486, - "date": "2025-12-15" + "percentile": 0.12619, + "date": "2025-12-21" } ], "cwes": [ @@ -4183,20 +4051,23 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4204,115 +4075,231 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01955 + "risk": 0.01785 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00034, - "percentile": 0.09535, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.1" + } }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "b5475bc3eb40a3d2", + "name": "fluent-bit", + "version": "25.10.1", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:fccb81fb540d5b4e467b87b6d604c622913310c0660cbde4906373164f0362a6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:3553ce02da5ad4f104ed57abc2cb09f0cd23d66a84911b9afaf204f439adfaf8", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:github/fluent/fluent-bit@25.10.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08482, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:fccb81fb540d5b4e467b87b6d604c622913310c0660cbde4906373164f0362a6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4323,97 +4310,367 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:fccb81fb540d5b4e467b87b6d604c622913310c0660cbde4906373164f0362a6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01785 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06593, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.1" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "b5475bc3eb40a3d2", - "name": "fluent-bit", - "version": "25.10.1", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:3553ce02da5ad4f104ed57abc2cb09f0cd23d66a84911b9afaf204f439adfaf8", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:fccb81fb540d5b4e467b87b6d604c622913310c0660cbde4906373164f0362a6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -4440,9 +4697,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4472,7 +4729,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:20936" } ], - "risk": 0.01672 + "risk": 0.013680000000000001 }, "relatedVulnerabilities": [ { @@ -4517,9 +4774,9 @@ "epss": [ { "cve": "CVE-2025-6965", - "epss": 0.00022, - "percentile": 0.05222, - "date": "2025-12-15" + "epss": 0.00018, + "percentile": 0.04006, + "date": "2025-12-21" } ], "cwes": [ @@ -4601,260 +4858,94 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014105 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08405, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:fccb81fb540d5b4e467b87b6d604c622913310c0660cbde4906373164f0362a6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.9.13-14.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" } ], - "risk": 0.013779999999999999 + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,23 +4953,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05778, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -4894,24 +4979,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4925,104 +5010,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5039,24 +5090,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -5071,24 +5108,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5102,122 +5136,90 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.01133 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5225,25 +5227,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05683, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5251,24 +5245,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5285,11 +5276,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5322,8 +5324,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5376,8 +5378,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04656, - "date": "2025-12-15" + "percentile": 0.04762, + "date": "2025-12-21" } ], "cwes": [ @@ -5477,8 +5479,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5569,8 +5571,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5619,8 +5621,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00015, - "percentile": 0.0245, - "date": "2025-12-15" + "percentile": 0.02481, + "date": "2025-12-21" } ], "cwes": [ @@ -5711,8 +5713,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5753,8 +5755,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5848,8 +5850,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -5890,8 +5892,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -5985,8 +5987,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6047,8 +6049,8 @@ { "cve": "CVE-2025-5915", "epss": 0.00026, - "percentile": 0.06425, - "date": "2025-12-15" + "percentile": 0.0657, + "date": "2025-12-21" } ], "cwes": [ @@ -6138,9 +6140,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6156,7 +6158,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6191,9 +6193,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6283,9 +6285,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6301,7 +6303,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008235 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { @@ -6336,9 +6338,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -6417,20 +6419,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6438,16 +6440,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6457,42 +6459,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 4.4, + "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6500,16 +6494,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05349, - "date": "2025-12-15" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03973, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6518,7 +6512,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6526,21 +6520,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6554,14 +6548,25 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6571,20 +6576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6592,73 +6597,97 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02748, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6666,21 +6695,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6694,19 +6723,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6716,39 +6740,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6756,54 +6780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007935 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "cve": "CVE-2025-5916", + "epss": 0.00023, + "percentile": 0.05434, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6811,21 +6849,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6839,19 +6877,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6884,8 +6917,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6932,8 +6965,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -6968,8 +7001,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "09371eedc2b9d95d", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6987,10 +7020,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7029,8 +7062,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7077,8 +7110,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01829, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,8 +7146,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7129,13 +7162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7151,39 +7184,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7191,53 +7224,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0075200000000000015 + "risk": 0.007769999999999997 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00016, - "percentile": 0.02777, - "date": "2025-12-15" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -7252,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7280,23 +7307,17 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7308,20 +7329,20 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7329,97 +7350,73 @@ ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.007209999999999999 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", + "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.02012, - "date": "2025-12-15" + "percentile": 0.01841, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7427,21 +7424,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7458,11 +7455,16 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7495,8 +7497,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7556,8 +7558,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.0597, - "date": "2025-12-15" + "percentile": 0.06084, + "date": "2025-12-21" } ], "cwes": [ @@ -7648,8 +7650,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7716,8 +7718,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03749, - "date": "2025-12-15" + "percentile": 0.03819, + "date": "2025-12-21" } ], "cwes": [ @@ -7825,8 +7827,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7887,8 +7889,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00019, - "percentile": 0.04264, - "date": "2025-12-15" + "percentile": 0.0421, + "date": "2025-12-21" } ], "cwes": [ @@ -7978,9 +7980,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8002,7 +8004,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00552 + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { @@ -8048,9 +8050,9 @@ "epss": [ { "cve": "CVE-2022-3219", - "epss": 0.00012, - "percentile": 0.01394, - "date": "2025-12-15" + "epss": 0.00013, + "percentile": 0.01632, + "date": "2025-12-21" } ], "cwes": [ @@ -8147,8 +8149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8209,8 +8211,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00019, - "percentile": 0.04351, - "date": "2025-12-15" + "percentile": 0.04461, + "date": "2025-12-21" } ], "cwes": [ @@ -8301,8 +8303,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8362,8 +8364,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00017, - "percentile": 0.03368, - "date": "2025-12-15" + "percentile": 0.03434, + "date": "2025-12-21" } ], "cwes": [ @@ -8429,109 +8431,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-52099", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-52099", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "No description is available for this CVE.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-52099", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-52099", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", - "cvss": [] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-52099", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:fccb81fb540d5b4e467b87b6d604c622913310c0660cbde4906373164f0362a6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-62813", @@ -8890,87 +8789,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/agent/grype-25.9.5.md b/docs/security/agent/grype-25.9.5.md index b29e521..9f28952 100644 --- a/docs/security/agent/grype-25.9.5.md +++ b/docs/security/agent/grype-25.9.5.md @@ -7,32 +7,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | -| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-52099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52099) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | diff --git a/docs/security/agent/grype-latest.md b/docs/security/agent/grype-latest.md index c91d9cf..cb02b5a 100644 --- a/docs/security/agent/grype-latest.md +++ b/docs/security/agent/grype-latest.md @@ -1,6 +1,6 @@ ## Known agent vulnerabilities -High and critical vulnerabilities not triaged for the latest version (ghcr.io/fluentdo/agent:25.12.3) of the agent are shown below, as reported by Grype. +High and critical vulnerabilities not triaged for the latest version (ghcr.io/fluentdo/agent:25.10.10) of the agent are shown below, as reported by Grype. | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | diff --git a/docs/security/agent/spdx-25.10.10.spdx.json b/docs/security/agent/spdx-25.10.10.spdx.json new file mode 100644 index 0000000..34c57fb --- /dev/null +++ b/docs/security/agent/spdx-25.10.10.spdx.json @@ -0,0 +1,87185 @@ +{ + "spdxVersion": "SPDX-2.3", + "dataLicense": "CC0-1.0", + "SPDXID": "SPDXRef-DOCUMENT", + "name": "ghcr.io/fluentdo/agent", + "documentNamespace": "https://anchore.com/syft/image/ghcr.io/fluentdo/agent-1c24a3fd-ad0c-448e-a851-a8724136e360", + "creationInfo": { + "licenseListVersion": "3.27", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-1.38.2" + ], + "created": "2025-12-22T10:37:02Z" + }, + "packages": [ + { + "name": "alternatives", + "SPDXID": "SPDXRef-Package-rpm-alternatives-22d0e7bdd9bb8c1a", + "versionInfo": "1.24-2.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "fca66b011482de28f584ba7f38367a0e96557124" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "GPL-2.0-only", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:alternatives:alternatives:1.24-2.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:alternatives:1.24-2.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/alternatives@1.24-2.el9?arch=x86_64&distro=rhel-9.7&upstream=chkconfig-1.24-2.el9.src.rpm" + } + ] + }, + { + "name": "audit-libs", + "SPDXID": "SPDXRef-Package-rpm-audit-libs-394eda196ea9cc18", + "versionInfo": "3.1.5-7.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "8450064717be6cd9c81d117705a3fece55b89b56" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:audit-libs:audit-libs:3.1.5-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:audit-libs:audit_libs:3.1.5-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:audit_libs:audit-libs:3.1.5-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:audit_libs:audit_libs:3.1.5-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:audit-libs:3.1.5-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:audit_libs:3.1.5-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:audit:audit-libs:3.1.5-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:audit:audit_libs:3.1.5-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/audit-libs@3.1.5-7.el9?arch=x86_64&distro=rhel-9.7&upstream=audit-3.1.5-7.el9.src.rpm" + } + ] + }, + { + "name": "basesystem", + "SPDXID": "SPDXRef-Package-rpm-basesystem-2cedbe7bd36d2161", + "versionInfo": "11-13.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:basesystem:basesystem:11-13.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:basesystem:11-13.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/basesystem@11-13.el9?arch=noarch&distro=rhel-9.7&upstream=basesystem-11-13.el9.src.rpm" + } + ] + }, + { + "name": "bash", + "SPDXID": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "versionInfo": "5.1.8-9.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "9295a01e788345a66a371467a1dd0c085d921f52" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:bash:5.1.8-9.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:bash:bash:5.1.8-9.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&upstream=bash-5.1.8-9.el9.src.rpm" + } + ] + }, + { + "name": "bzip2-libs", + "SPDXID": "SPDXRef-Package-rpm-bzip2-libs-17802e5820eaaec1", + "versionInfo": "1.0.8-10.el9_5", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "b9765b736bdb8037f6e1a886992e6de0b56f7966" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:bzip2-libs:bzip2-libs:1.0.8-10.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:bzip2-libs:bzip2_libs:1.0.8-10.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:bzip2_libs:bzip2-libs:1.0.8-10.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:bzip2_libs:bzip2_libs:1.0.8-10.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:bzip2-libs:1.0.8-10.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:bzip2_libs:1.0.8-10.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:bzip2:bzip2-libs:1.0.8-10.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:bzip2:bzip2_libs:1.0.8-10.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/bzip2-libs@1.0.8-10.el9_5?arch=x86_64&distro=rhel-9.7&upstream=bzip2-1.0.8-10.el9_5.src.rpm" + } + ] + }, + { + "name": "ca-certificates", + "SPDXID": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "versionInfo": "2025.2.80_v9.0.305-91.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "49fb6bdad1b36fe355e9942b2431bb390bc8d53e" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "(MIT AND GPL-2.0-or-later)", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ca-certificates:ca-certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ca-certificates:ca_certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ca_certificates:ca-certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ca_certificates:ca_certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:ca-certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:ca_certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ca:ca-certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ca:ca_certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/ca-certificates@2025.2.80_v9.0.305-91.el9?arch=noarch&distro=rhel-9.7&upstream=ca-certificates-2025.2.80_v9.0.305-91.el9.src.rpm" + } + ] + }, + { + "name": "coreutils-single", + "SPDXID": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "versionInfo": "8.32-39.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "ef443b1715d1043e782e8f3d0fe774b721123a9f" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm" + } + ] + }, + { + "name": "crypto-policies", + "SPDXID": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "versionInfo": "20250905-1.git377cc42.el9_7", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "433ebf2b695c24956584babf4a06a3cefe7d6905" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LGPL-2.1-or-later", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:crypto-policies:crypto-policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:crypto-policies:crypto_policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:crypto_policies:crypto-policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:crypto_policies:crypto_policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:crypto:crypto-policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:crypto:crypto_policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:crypto-policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:crypto_policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/crypto-policies@20250905-1.git377cc42.el9_7?arch=noarch&distro=rhel-9.7&upstream=crypto-policies-20250905-1.git377cc42.el9_7.src.rpm" + } + ] + }, + { + "name": "curl-minimal", + "SPDXID": "SPDXRef-Package-rpm-curl-minimal-eb5d2c76ed21fa8e", + "versionInfo": "7.76.1-34.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "834c3f0cbb67c79eda7a4486cafe0a540a112982" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm" + } + ] + }, + { + "name": "cyrus-sasl-lib", + "SPDXID": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "versionInfo": "2.1.27-22.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "ff641c3cd3b2078033bf4ee5cf3ef91b9012e1c2" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD-with-advertising", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:cyrus-sasl-lib:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:cyrus-sasl-lib:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:cyrus_sasl_lib:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:cyrus_sasl_lib:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:cyrus-sasl:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:cyrus-sasl:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:cyrus_sasl:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:cyrus_sasl:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:cyrus:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:cyrus:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/cyrus-sasl-lib@2.1.27-22.el9?arch=x86_64&distro=rhel-9.7&upstream=cyrus-sasl-2.1.27-22.el9.src.rpm" + } + ] + }, + { + "name": "dejavu-sans-fonts", + "SPDXID": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "versionInfo": "2.37-18.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "4d771ce870bb5d51e87e04d93fceab9138d14cbd" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Bitstream-Vera-and-Public-Domain", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dejavu-sans-fonts:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dejavu-sans-fonts:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dejavu_sans_fonts:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dejavu_sans_fonts:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dejavu-sans:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dejavu-sans:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dejavu_sans:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dejavu_sans:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dejavu:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dejavu:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/dejavu-sans-fonts@2.37-18.el9?arch=noarch&distro=rhel-9.7&upstream=dejavu-fonts-2.37-18.el9.src.rpm" + } + ] + }, + { + "name": "dnf-data", + "SPDXID": "SPDXRef-Package-rpm-dnf-data-9fcab3ada3c25f5e", + "versionInfo": "4.14.0-31.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "f8df494440c8cf87062bbfa8ad2fa6cf4c320f30" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dnf-data:dnf-data:4.14.0-31.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dnf-data:dnf_data:4.14.0-31.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dnf_data:dnf-data:4.14.0-31.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dnf_data:dnf_data:4.14.0-31.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:dnf-data:4.14.0-31.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:dnf_data:4.14.0-31.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dnf:dnf-data:4.14.0-31.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:dnf:dnf_data:4.14.0-31.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/dnf-data@4.14.0-31.el9?arch=noarch&distro=rhel-9.7&upstream=dnf-4.14.0-31.el9.src.rpm" + } + ] + }, + { + "name": "file-libs", + "SPDXID": "SPDXRef-Package-rpm-file-libs-2bd21e0156fe2aa0", + "versionInfo": "5.39-16.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "cedc34d1e053a7563f5af900a509c105d57d46cb" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:file-libs:file-libs:5.39-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:file-libs:file_libs:5.39-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:file_libs:file-libs:5.39-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:file_libs:file_libs:5.39-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:file-libs:5.39-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:file_libs:5.39-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:file:file-libs:5.39-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:file:file_libs:5.39-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/file-libs@5.39-16.el9?arch=x86_64&distro=rhel-9.7&upstream=file-5.39-16.el9.src.rpm" + } + ] + }, + { + "name": "filesystem", + "SPDXID": "SPDXRef-Package-rpm-filesystem-35298adfca223979", + "versionInfo": "3.16-5.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:filesystem:filesystem:3.16-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:filesystem:3.16-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/filesystem@3.16-5.el9?arch=x86_64&distro=rhel-9.7&upstream=filesystem-3.16-5.el9.src.rpm" + } + ] + }, + { + "name": "findutils", + "SPDXID": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "versionInfo": "1:4.8.0-7.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "dc2b01a2e50be4c8bc91e8194d7924fc24a84c90" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:findutils:findutils:1\\:4.8.0-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:findutils:1\\:4.8.0-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/findutils@4.8.0-7.el9?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=findutils-4.8.0-7.el9.src.rpm" + } + ] + }, + { + "name": "fluent-bit", + "SPDXID": "SPDXRef-Package-binary-fluent-bit-af1ef2b90efeccfe", + "versionInfo": "25.10.10", + "supplier": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "sourceInfo": "acquired package info from the following paths: /fluent-bit/bin/fluent-bit", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:github/fluent/fluent-bit@25.10.10" + } + ] + }, + { + "name": "fonts-filesystem", + "SPDXID": "SPDXRef-Package-rpm-fonts-filesystem-2635452dfff4321d", + "versionInfo": "1:2.0.5-7.el9.1", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:fonts-filesystem:fonts-filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:fonts-filesystem:fonts_filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:fonts_filesystem:fonts-filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:fonts_filesystem:fonts_filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:fonts-filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:fonts_filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:fonts:fonts-filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:fonts:fonts_filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/fonts-filesystem@2.0.5-7.el9.1?arch=noarch&distro=rhel-9.7&epoch=1&upstream=fonts-rpm-macros-2.0.5-7.el9.1.src.rpm" + } + ] + }, + { + "name": "gawk", + "SPDXID": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "versionInfo": "5.1.0-6.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "bcd95096d07fdd94f81071639972d4f9bcb200f4" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3--and-GPLv2--and-LGPLv2--and-BSD", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm" + } + ] + }, + { + "name": "gdbm-libs", + "SPDXID": "SPDXRef-Package-rpm-gdbm-libs-fcfdc07fd546a72e", + "versionInfo": "1:1.23-1.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "428ea47793c9b7f86101faf732b66fe582f2c511" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gdbm-libs:gdbm-libs:1\\:1.23-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gdbm-libs:gdbm_libs:1\\:1.23-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gdbm_libs:gdbm-libs:1\\:1.23-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gdbm_libs:gdbm_libs:1\\:1.23-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:gdbm-libs:1\\:1.23-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:gdbm_libs:1\\:1.23-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gdbm:gdbm-libs:1\\:1.23-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gdbm:gdbm_libs:1\\:1.23-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/gdbm-libs@1.23-1.el9?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=gdbm-1.23-1.el9.src.rpm" + } + ] + }, + { + "name": "glib2", + "SPDXID": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "versionInfo": "2.68.4-18.el9_7", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "826c545efd1d6b14fbb073326fd8be08ecd3aa0e" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm" + } + ] + }, + { + "name": "glibc", + "SPDXID": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "versionInfo": "2.34-231.el9_7.2", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "b9f4a2de589927bbd23841b0156ce38d6d584d83" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm" + } + ] + }, + { + "name": "glibc-common", + "SPDXID": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "versionInfo": "2.34-231.el9_7.2", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "197401f12271033203c2d362b550182fe2b09f62" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm" + } + ] + }, + { + "name": "glibc-langpack-en", + "SPDXID": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "versionInfo": "2.34-231.el9_7.2", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "76b7f7366701c3922a39bc7a2c5771974725c9e9" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm" + } + ] + }, + { + "name": "glibc-minimal-langpack", + "SPDXID": "SPDXRef-Package-rpm-glibc-minimal-langpack-b75c9ce4cb4a4d36", + "versionInfo": "2.34-231.el9_7.2", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm" + } + ] + }, + { + "name": "gmp", + "SPDXID": "SPDXRef-Package-rpm-gmp-5530ff7e4715e8b5", + "versionInfo": "1:6.2.0-13.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "8a144ab49d3e42942c266f1d6893e415f0bd4d38" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv3--or-GPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:gmp:1\\:6.2.0-13.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gmp:gmp:1\\:6.2.0-13.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/gmp@6.2.0-13.el9?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=gmp-6.2.0-13.el9.src.rpm" + } + ] + }, + { + "name": "gnupg2", + "SPDXID": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "versionInfo": "2.3.3-4.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "2fdc07176225228bc5210bea318fbd21870b86f4" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm" + } + ] + }, + { + "name": "gnutls", + "SPDXID": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "versionInfo": "3.8.3-9.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "1816d52a278ad15ea1d93ff73a7f25a6b6ca2b27" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3--and-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm" + } + ] + }, + { + "name": "gobject-introspection", + "SPDXID": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "versionInfo": "1.68.0-11.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "5aa577c9389816bb5cf90b73dca023d09a0591d0" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2--and-LGPLv2--and-MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gobject-introspection:gobject-introspection:1.68.0-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gobject-introspection:gobject_introspection:1.68.0-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gobject_introspection:gobject-introspection:1.68.0-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gobject_introspection:gobject_introspection:1.68.0-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gobject:gobject-introspection:1.68.0-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gobject:gobject_introspection:1.68.0-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:gobject-introspection:1.68.0-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:gobject_introspection:1.68.0-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/gobject-introspection@1.68.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gobject-introspection-1.68.0-11.el9.src.rpm" + } + ] + }, + { + "name": "gpg-pubkey", + "SPDXID": "SPDXRef-Package-rpm-gpg-pubkey-07413682000f3d88", + "versionInfo": "5a6340b3-6229229e", + "supplier": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-pubkey", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gpg:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gpg:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.7" + } + ] + }, + { + "name": "gpg-pubkey", + "SPDXID": "SPDXRef-Package-rpm-gpg-pubkey-a243d3460507af96", + "versionInfo": "fd431d51-4ae0493b", + "supplier": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-pubkey", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gpg:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gpg:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.7" + } + ] + }, + { + "name": "gpgme", + "SPDXID": "SPDXRef-Package-rpm-gpgme-f1b53ce035ee04b6", + "versionInfo": "1.15.1-6.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "4da78809a5893f6f0b4f30ac7feee05c567ec947" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2--and-GPLv3-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:gpgme:1.15.1-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:gpgme:gpgme:1.15.1-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/gpgme@1.15.1-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gpgme-1.15.1-6.el9.src.rpm" + } + ] + }, + { + "name": "grep", + "SPDXID": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "versionInfo": "3.6-5.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "a5bd462b633b8b8d8e86228aee0ae3085c4d6883" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:grep:3.6-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:grep:grep:3.6-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/grep@3.6-5.el9?arch=x86_64&distro=rhel-9.7&upstream=grep-3.6-5.el9.src.rpm" + } + ] + }, + { + "name": "json-c", + "SPDXID": "SPDXRef-Package-rpm-json-c-e2e600817bb6e830", + "versionInfo": "0.14-11.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "d0b0ba12befc6d0cfed4964403152ffb8dfd6ade" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:json-c:json-c:0.14-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:json-c:json_c:0.14-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:json_c:json-c:0.14-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:json_c:json_c:0.14-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:json-c:0.14-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:json_c:0.14-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:json:json-c:0.14-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:json:json_c:0.14-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64&distro=rhel-9.7&upstream=json-c-0.14-11.el9.src.rpm" + } + ] + }, + { + "name": "json-glib", + "SPDXID": "SPDXRef-Package-rpm-json-glib-32dc8d9385f596a8", + "versionInfo": "1.6.6-1.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "47ecfb94c13ea089bd108cc937284b0408621503" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:json-glib:json-glib:1.6.6-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:json-glib:json_glib:1.6.6-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:json_glib:json-glib:1.6.6-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:json_glib:json_glib:1.6.6-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:json-glib:1.6.6-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:json_glib:1.6.6-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:json:json-glib:1.6.6-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:json:json_glib:1.6.6-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/json-glib@1.6.6-1.el9?arch=x86_64&distro=rhel-9.7&upstream=json-glib-1.6.6-1.el9.src.rpm" + } + ] + }, + { + "name": "keyutils-libs", + "SPDXID": "SPDXRef-Package-rpm-keyutils-libs-4422e914738c17ef", + "versionInfo": "1.6.3-1.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "81244a1cd3eb670d7ee1dba42a0bd170f3b19955" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2--and-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:keyutils-libs:keyutils-libs:1.6.3-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:keyutils-libs:keyutils_libs:1.6.3-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:keyutils_libs:keyutils-libs:1.6.3-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:keyutils_libs:keyutils_libs:1.6.3-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:keyutils:keyutils-libs:1.6.3-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:keyutils:keyutils_libs:1.6.3-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:keyutils-libs:1.6.3-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:keyutils_libs:1.6.3-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/keyutils-libs@1.6.3-1.el9?arch=x86_64&distro=rhel-9.7&upstream=keyutils-1.6.3-1.el9.src.rpm" + } + ] + }, + { + "name": "krb5-libs", + "SPDXID": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "versionInfo": "1.21.1-8.el9_6", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "b20bfd3d00095f3df31131515fee85acfe30f668" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:krb5-libs:krb5-libs:1.21.1-8.el9_6:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:krb5-libs:krb5_libs:1.21.1-8.el9_6:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:krb5_libs:krb5-libs:1.21.1-8.el9_6:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:krb5_libs:krb5_libs:1.21.1-8.el9_6:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:krb5-libs:1.21.1-8.el9_6:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:krb5_libs:1.21.1-8.el9_6:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:krb5:krb5-libs:1.21.1-8.el9_6:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:krb5:krb5_libs:1.21.1-8.el9_6:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=rhel-9.7&upstream=krb5-1.21.1-8.el9_6.src.rpm" + } + ] + }, + { + "name": "langpacks-core-en", + "SPDXID": "SPDXRef-Package-rpm-langpacks-core-en-df5d3ce64e6dc98c", + "versionInfo": "3.0-16.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "57c56868e04cd1f92c0d667284ffe4d097bc7bf7" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks-core-en:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks-core-en:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks_core_en:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks_core_en:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks-core:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks-core:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks_core:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks_core:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/langpacks-core-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&upstream=langpacks-3.0-16.el9.src.rpm" + } + ] + }, + { + "name": "langpacks-core-font-en", + "SPDXID": "SPDXRef-Package-rpm-langpacks-core-font-en-d73e936743b685e7", + "versionInfo": "3.0-16.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "15f0863dfd1982f13542cd29b681c0a5eed01f36" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks-core-font-en:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks-core-font-en:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks_core_font_en:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks_core_font_en:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks-core-font:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks-core-font:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks_core_font:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks_core_font:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks-core:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks-core:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks_core:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks_core:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/langpacks-core-font-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&upstream=langpacks-3.0-16.el9.src.rpm" + } + ] + }, + { + "name": "langpacks-en", + "SPDXID": "SPDXRef-Package-rpm-langpacks-en-27488b456777ffc1", + "versionInfo": "3.0-16.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "88970d96fc927f60fb4316a1ab13bc73dbdde8b7" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks-en:langpacks-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks-en:langpacks_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks_en:langpacks-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks_en:langpacks_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks:langpacks-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:langpacks:langpacks_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:langpacks-en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:langpacks_en:3.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/langpacks-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&upstream=langpacks-3.0-16.el9.src.rpm" + } + ] + }, + { + "name": "libacl", + "SPDXID": "SPDXRef-Package-rpm-libacl-efaae8c603855dcd", + "versionInfo": "2.3.1-4.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "66c8d8a589a6f28bba41148d9ad13341e78a5a9e" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libacl:libacl:2.3.1-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libacl:2.3.1-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libacl@2.3.1-4.el9?arch=x86_64&distro=rhel-9.7&upstream=acl-2.3.1-4.el9.src.rpm" + } + ] + }, + { + "name": "libarchive", + "SPDXID": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "versionInfo": "3.5.3-6.el9_6", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "6459335217390cc94f1f3a9415a8b653a46d2209" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm" + } + ] + }, + { + "name": "libassuan", + "SPDXID": "SPDXRef-Package-rpm-libassuan-a799ab1600e49872", + "versionInfo": "2.5.5-3.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "55dbf47f3cbdddbcc9b486873be902995fc7702c" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2--and-GPLv3-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libassuan:libassuan:2.5.5-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libassuan:2.5.5-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libassuan@2.5.5-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libassuan-2.5.5-3.el9.src.rpm" + } + ] + }, + { + "name": "libattr", + "SPDXID": "SPDXRef-Package-rpm-libattr-304e2047f10e5c4f", + "versionInfo": "2.5.1-3.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "a18d42a0a3759707cfea42ce8caa4761a5b3ad82" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libattr:libattr:2.5.1-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libattr:2.5.1-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libattr@2.5.1-3.el9?arch=x86_64&distro=rhel-9.7&upstream=attr-2.5.1-3.el9.src.rpm" + } + ] + }, + { + "name": "libblkid", + "SPDXID": "SPDXRef-Package-rpm-libblkid-09371eedc2b9d95d", + "versionInfo": "2.37.4-21.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "6d9b48510f8a489610b98cc807a28ef7ae39197d" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm" + } + ] + }, + { + "name": "libcap", + "SPDXID": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "versionInfo": "2.48-10.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "39d1a01e4b0c717c9897dfeb85e6ad941c6e203b" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD-or-GPLv2", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcap:libcap:2.48-10.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libcap:2.48-10.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=rhel-9.7&upstream=libcap-2.48-10.el9.src.rpm" + } + ] + }, + { + "name": "libcap-ng", + "SPDXID": "SPDXRef-Package-rpm-libcap-ng-a3aa75d8273e1cac", + "versionInfo": "0.8.2-7.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "232b815dde6e44c94b535f0f4253162ce90229b9" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcap-ng:libcap-ng:0.8.2-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcap-ng:libcap_ng:0.8.2-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcap_ng:libcap-ng:0.8.2-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcap_ng:libcap_ng:0.8.2-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcap:libcap-ng:0.8.2-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcap:libcap_ng:0.8.2-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libcap-ng:0.8.2-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libcap_ng:0.8.2-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libcap-ng@0.8.2-7.el9?arch=x86_64&distro=rhel-9.7&upstream=libcap-ng-0.8.2-7.el9.src.rpm" + } + ] + }, + { + "name": "libcom_err", + "SPDXID": "SPDXRef-Package-rpm-libcom-err-cf7d0f71948121ea", + "versionInfo": "1.46.5-8.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "d221a57fcfea9c235658b5f8d4ec3aef67ebe0f8" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcom-err:libcom-err:1.46.5-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcom-err:libcom_err:1.46.5-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcom_err:libcom-err:1.46.5-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcom_err:libcom_err:1.46.5-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcom:libcom-err:1.46.5-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcom:libcom_err:1.46.5-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libcom-err:1.46.5-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libcom_err:1.46.5-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libcom_err@1.46.5-8.el9?arch=x86_64&distro=rhel-9.7&upstream=e2fsprogs-1.46.5-8.el9.src.rpm" + } + ] + }, + { + "name": "libcurl-minimal", + "SPDXID": "SPDXRef-Package-rpm-libcurl-minimal-dbb58be7b5652cc7", + "versionInfo": "7.76.1-34.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "11aad134967c98d7fc4e03e133e29da97c347b62" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm" + } + ] + }, + { + "name": "libdnf", + "SPDXID": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "versionInfo": "0.69.0-16.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "9cc72aebef57fc2e00f33b7828f4573dd77b541f" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libdnf:libdnf:0.69.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libdnf:0.69.0-16.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libdnf@0.69.0-16.el9?arch=x86_64&distro=rhel-9.7&upstream=libdnf-0.69.0-16.el9.src.rpm" + } + ] + }, + { + "name": "libevent", + "SPDXID": "SPDXRef-Package-rpm-libevent-0299e311fe243bca", + "versionInfo": "2.1.12-8.el9_4", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "c95aadfc748fdc7ae107d81b1817d7b5b13199a3" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD-and-ISC", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libevent:libevent:2.1.12-8.el9_4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libevent:2.1.12-8.el9_4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libevent@2.1.12-8.el9_4?arch=x86_64&distro=rhel-9.7&upstream=libevent-2.1.12-8.el9_4.src.rpm" + } + ] + }, + { + "name": "libffi", + "SPDXID": "SPDXRef-Package-rpm-libffi-090027c7d7254e53", + "versionInfo": "3.4.2-8.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "b8989337ea708af8fa70adc950f0d7def4fb185b" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libffi:libffi:3.4.2-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libffi:3.4.2-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libffi@3.4.2-8.el9?arch=x86_64&distro=rhel-9.7&upstream=libffi-3.4.2-8.el9.src.rpm" + } + ] + }, + { + "name": "libgcc", + "SPDXID": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "versionInfo": "11.5.0-11.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "0a9a7d8db214fd4f2cd5c8ff4554bce455d12fb6" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm" + } + ] + }, + { + "name": "libgcrypt", + "SPDXID": "SPDXRef-Package-rpm-libgcrypt-bdcb3bee3b1ed812", + "versionInfo": "1.10.0-11.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "2c79cdb3caa56a31d3d554f5555cb5cca3496d29" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libgcrypt:libgcrypt:1.10.0-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libgcrypt:1.10.0-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=libgcrypt-1.10.0-11.el9.src.rpm" + } + ] + }, + { + "name": "libgpg-error", + "SPDXID": "SPDXRef-Package-rpm-libgpg-error-102fca6f01ef28cf", + "versionInfo": "1.42-5.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "a286392a6f36f05382ca23817b1016a43ca748c7" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libgpg-error:libgpg-error:1.42-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libgpg-error:libgpg_error:1.42-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libgpg_error:libgpg-error:1.42-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libgpg_error:libgpg_error:1.42-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libgpg:libgpg-error:1.42-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libgpg:libgpg_error:1.42-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libgpg-error:1.42-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libgpg_error:1.42-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libgpg-error@1.42-5.el9?arch=x86_64&distro=rhel-9.7&upstream=libgpg-error-1.42-5.el9.src.rpm" + } + ] + }, + { + "name": "libidn2", + "SPDXID": "SPDXRef-Package-rpm-libidn2-6a3c1818891dac67", + "versionInfo": "2.3.0-7.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "ca5d7674d06ccc9b07f57cf895b58597862d7fcb" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef--GPLv2--or-LGPLv3---and-GPLv3-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libidn2:libidn2:2.3.0-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libidn2:2.3.0-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libidn2@2.3.0-7.el9?arch=x86_64&distro=rhel-9.7&upstream=libidn2-2.3.0-7.el9.src.rpm" + } + ] + }, + { + "name": "libksba", + "SPDXID": "SPDXRef-Package-rpm-libksba-b0dd457df676ceac", + "versionInfo": "1.5.1-7.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "74701e139ee6f1e7bba0241705becd531c39b92a" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef--LGPLv3--or-GPLv2---and-GPLv3-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libksba:libksba:1.5.1-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libksba:1.5.1-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libksba@1.5.1-7.el9?arch=x86_64&distro=rhel-9.7&upstream=libksba-1.5.1-7.el9.src.rpm" + } + ] + }, + { + "name": "libmodulemd", + "SPDXID": "SPDXRef-Package-rpm-libmodulemd-b47dd00953817b05", + "versionInfo": "2.13.0-2.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "cfc23ca95e553c4a6415a537036e05d7673119cf" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libmodulemd:libmodulemd:2.13.0-2.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libmodulemd:2.13.0-2.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libmodulemd@2.13.0-2.el9?arch=x86_64&distro=rhel-9.7&upstream=libmodulemd-2.13.0-2.el9.src.rpm" + } + ] + }, + { + "name": "libmount", + "SPDXID": "SPDXRef-Package-rpm-libmount-403e3b854fc89f1e", + "versionInfo": "2.37.4-21.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "a2d2d6766963b65f7a26e30d74aa9b6a0f45df85" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm" + } + ] + }, + { + "name": "libnghttp2", + "SPDXID": "SPDXRef-Package-rpm-libnghttp2-8f40faa2a3bf3018", + "versionInfo": "1.43.0-6.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "70d73ee6649681537925cb57155c949963bddd7c" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libnghttp2:libnghttp2:1.43.0-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libnghttp2:1.43.0-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=nghttp2-1.43.0-6.el9.src.rpm" + } + ] + }, + { + "name": "libpeas", + "SPDXID": "SPDXRef-Package-rpm-libpeas-bd201f1503e17989", + "versionInfo": "1.30.0-4.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "80f1b07dd64c130ddfd41f66c28bf4e41bec7313" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libpeas:libpeas:1.30.0-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libpeas:1.30.0-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libpeas@1.30.0-4.el9?arch=x86_64&distro=rhel-9.7&upstream=libpeas-1.30.0-4.el9.src.rpm" + } + ] + }, + { + "name": "librepo", + "SPDXID": "SPDXRef-Package-rpm-librepo-32c854c70c4b9bc6", + "versionInfo": "1.14.5-3.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "b9c51f261522fb473a80f50e7f00ae63e6babef1" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:librepo:librepo:1.14.5-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:librepo:1.14.5-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/librepo@1.14.5-3.el9?arch=x86_64&distro=rhel-9.7&upstream=librepo-1.14.5-3.el9.src.rpm" + } + ] + }, + { + "name": "libreport-filesystem", + "SPDXID": "SPDXRef-Package-rpm-libreport-filesystem-53232b1db4311718", + "versionInfo": "2.15.2-6.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libreport-filesystem:libreport-filesystem:2.15.2-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libreport-filesystem:libreport_filesystem:2.15.2-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libreport_filesystem:libreport-filesystem:2.15.2-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libreport_filesystem:libreport_filesystem:2.15.2-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libreport:libreport-filesystem:2.15.2-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libreport:libreport_filesystem:2.15.2-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libreport-filesystem:2.15.2-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libreport_filesystem:2.15.2-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libreport-filesystem@2.15.2-6.el9?arch=noarch&distro=rhel-9.7&upstream=libreport-2.15.2-6.el9.src.rpm" + } + ] + }, + { + "name": "librhsm", + "SPDXID": "SPDXRef-Package-rpm-librhsm-3bba3fa15b959901", + "versionInfo": "0.0.3-9.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "37f5af5f8d0ff58991a5cc8455e6cf1d0b422283" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:librhsm:librhsm:0.0.3-9.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:librhsm:0.0.3-9.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/librhsm@0.0.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=librhsm-0.0.3-9.el9.src.rpm" + } + ] + }, + { + "name": "libselinux", + "SPDXID": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "versionInfo": "3.6-3.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "5db7ce010d4bce25de15f6f3a44fe9ecfccc1fda" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libselinux:libselinux:3.6-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libselinux:3.6-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libselinux-3.6-3.el9.src.rpm" + } + ] + }, + { + "name": "libsemanage", + "SPDXID": "SPDXRef-Package-rpm-libsemanage-1d43a3fb8f185afb", + "versionInfo": "3.6-5.el9_6", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "cd79451fd258656b37fbbad794e42f071e185b52" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libsemanage:libsemanage:3.6-5.el9_6:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libsemanage:3.6-5.el9_6:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libsemanage@3.6-5.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libsemanage-3.6-5.el9_6.src.rpm" + } + ] + }, + { + "name": "libsepol", + "SPDXID": "SPDXRef-Package-rpm-libsepol-cecb06c03b371de6", + "versionInfo": "3.6-3.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "6149c74225244a8c14af4ef31bc64097d6696718" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libsepol:libsepol:3.6-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libsepol:3.6-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libsepol@3.6-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libsepol-3.6-3.el9.src.rpm" + } + ] + }, + { + "name": "libsigsegv", + "SPDXID": "SPDXRef-Package-rpm-libsigsegv-2baa82c983b30582", + "versionInfo": "2.13-4.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "7b09d4168a3cb93e19f2ba52824e226b6b6ccbed" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libsigsegv:libsigsegv:2.13-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libsigsegv:2.13-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libsigsegv@2.13-4.el9?arch=x86_64&distro=rhel-9.7&upstream=libsigsegv-2.13-4.el9.src.rpm" + } + ] + }, + { + "name": "libsmartcols", + "SPDXID": "SPDXRef-Package-rpm-libsmartcols-7069d90382d7c593", + "versionInfo": "2.37.4-21.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "47382738c0fe9c16daac767d48d7f76683b9d096" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm" + } + ] + }, + { + "name": "libsolv", + "SPDXID": "SPDXRef-Package-rpm-libsolv-79ba35edcc44da5f", + "versionInfo": "0.7.24-3.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "a3a71266a0cba163bf00d41ac2ee775f311e01a2" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libsolv:libsolv:0.7.24-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libsolv:0.7.24-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libsolv@0.7.24-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libsolv-0.7.24-3.el9.src.rpm" + } + ] + }, + { + "name": "libstdc++", + "SPDXID": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "versionInfo": "11.5.0-11.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "e2b458b976e1c08b365090849dd32e3b36978d00" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm" + } + ] + }, + { + "name": "libtasn1", + "SPDXID": "SPDXRef-Package-rpm-libtasn1-4fbfd80d85bb460e", + "versionInfo": "4.16.0-9.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "a8a9c35d5311a41f8a1dd9285c72615e1e3f8120" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3--and-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm" + } + ] + }, + { + "name": "libtool-ltdl", + "SPDXID": "SPDXRef-Package-rpm-libtool-ltdl-923f2a036f9ecf65", + "versionInfo": "2.4.6-46.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "864b6aaece7a2131e59533e0a8264e3273ca6ad3" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libtool-ltdl:libtool-ltdl:2.4.6-46.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libtool-ltdl:libtool_ltdl:2.4.6-46.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libtool_ltdl:libtool-ltdl:2.4.6-46.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libtool_ltdl:libtool_ltdl:2.4.6-46.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libtool:libtool-ltdl:2.4.6-46.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libtool:libtool_ltdl:2.4.6-46.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libtool-ltdl:2.4.6-46.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libtool_ltdl:2.4.6-46.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libtool-ltdl@2.4.6-46.el9?arch=x86_64&distro=rhel-9.7&upstream=libtool-2.4.6-46.el9.src.rpm" + } + ] + }, + { + "name": "libunistring", + "SPDXID": "SPDXRef-Package-rpm-libunistring-e1c9803b20913af1", + "versionInfo": "0.9.10-15.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "28650764a1a1ee6cd0c1c09211cef88b63f26f9f" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2--or-LGPLv3-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libunistring:libunistring:0.9.10-15.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libunistring:0.9.10-15.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libunistring@0.9.10-15.el9?arch=x86_64&distro=rhel-9.7&upstream=libunistring-0.9.10-15.el9.src.rpm" + } + ] + }, + { + "name": "libusbx", + "SPDXID": "SPDXRef-Package-rpm-libusbx-2f1e24780cfea663", + "versionInfo": "1.0.26-1.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "db01cef17b61b18a5814ea8fe729442ea6a0b56b" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libusbx:libusbx:1.0.26-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libusbx:1.0.26-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libusbx@1.0.26-1.el9?arch=x86_64&distro=rhel-9.7&upstream=libusbx-1.0.26-1.el9.src.rpm" + } + ] + }, + { + "name": "libuuid", + "SPDXID": "SPDXRef-Package-rpm-libuuid-07c41562e2bee55f", + "versionInfo": "2.37.4-21.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "c5a6e9d1302c8a5e9a941e9bbfb0311033627006" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm" + } + ] + }, + { + "name": "libverto", + "SPDXID": "SPDXRef-Package-rpm-libverto-ec9dd0ac24b8d8c2", + "versionInfo": "0.3.2-3.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "4450306146d05d27e93136c6c401d99c19ea4730" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libverto:libverto:0.3.2-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libverto:0.3.2-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libverto@0.3.2-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libverto-0.3.2-3.el9.src.rpm" + } + ] + }, + { + "name": "libxcrypt", + "SPDXID": "SPDXRef-Package-rpm-libxcrypt-726407ce9205c669", + "versionInfo": "4.4.18-3.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "bc5503d3f876ff5ab092277434ea4e7c7cf546a0" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2--and-BSD-and-Public-Domain", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libxcrypt:libxcrypt:4.4.18-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libxcrypt:4.4.18-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libxcrypt@4.4.18-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libxcrypt-4.4.18-3.el9.src.rpm" + } + ] + }, + { + "name": "libxml2", + "SPDXID": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "versionInfo": "2.9.13-14.el9_7", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "99d41b580bb661aa119d2b94580770d3de31ed80" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm" + } + ] + }, + { + "name": "libyaml", + "SPDXID": "SPDXRef-Package-rpm-libyaml-a495c2a7de1ac993", + "versionInfo": "0.2.5-7.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "f966ee6af2e6173f4a4a3cdc0f623757043f2980" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libyaml:libyaml:0.2.5-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libyaml:0.2.5-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libyaml@0.2.5-7.el9?arch=x86_64&distro=rhel-9.7&upstream=libyaml-0.2.5-7.el9.src.rpm" + } + ] + }, + { + "name": "libzstd", + "SPDXID": "SPDXRef-Package-rpm-libzstd-88eb82cde1f0760c", + "versionInfo": "1.5.5-1.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "2666ae274ace4befed23a8ff289e5fb916f125e5" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD-and-GPLv2", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:libzstd:libzstd:1.5.5-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:libzstd:1.5.5-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/libzstd@1.5.5-1.el9?arch=x86_64&distro=rhel-9.7&upstream=zstd-1.5.5-1.el9.src.rpm" + } + ] + }, + { + "name": "lua-libs", + "SPDXID": "SPDXRef-Package-rpm-lua-libs-b9930935983f5330", + "versionInfo": "5.4.4-4.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "099a72a6b364e18da2c99986c2d5263bb95c7152" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:lua-libs:lua-libs:5.4.4-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:lua-libs:lua_libs:5.4.4-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:lua_libs:lua-libs:5.4.4-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:lua_libs:lua_libs:5.4.4-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:lua-libs:5.4.4-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:lua_libs:5.4.4-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:lua:lua-libs:5.4.4-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:lua:lua_libs:5.4.4-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/lua-libs@5.4.4-4.el9?arch=x86_64&distro=rhel-9.7&upstream=lua-5.4.4-4.el9.src.rpm" + } + ] + }, + { + "name": "lz4-libs", + "SPDXID": "SPDXRef-Package-rpm-lz4-libs-0fc14552c6652ab5", + "versionInfo": "1.9.3-5.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "c539a4ab67e11a55f40e7ca8a6b0a4db09c3453e" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2--and-BSD", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:lz4-libs:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:lz4-libs:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:lz4_libs:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:lz4_libs:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:lz4:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:lz4:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/lz4-libs@1.9.3-5.el9?arch=x86_64&distro=rhel-9.7&upstream=lz4-1.9.3-5.el9.src.rpm" + } + ] + }, + { + "name": "microdnf", + "SPDXID": "SPDXRef-Package-rpm-microdnf-9564ca1ffe7fce37", + "versionInfo": "3.9.1-3.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "afd81ab552c2cb1758e97c1f782336f0b573e34d" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:microdnf:microdnf:3.9.1-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:microdnf:3.9.1-3.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/microdnf@3.9.1-3.el9?arch=x86_64&distro=rhel-9.7&upstream=microdnf-3.9.1-3.el9.src.rpm" + } + ] + }, + { + "name": "mpfr", + "SPDXID": "SPDXRef-Package-rpm-mpfr-9606bf2c1d407bed", + "versionInfo": "4.1.0-7.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "ee740b714529237bc7ce7f23cb77a46979730aaa" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv3-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:mpfr:4.1.0-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:mpfr:mpfr:4.1.0-7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/mpfr@4.1.0-7.el9?arch=x86_64&distro=rhel-9.7&upstream=mpfr-4.1.0-7.el9.src.rpm" + } + ] + }, + { + "name": "ncurses-base", + "SPDXID": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "versionInfo": "6.2-12.20210508.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "242864b5f40566f9482d68bb95e4a07dc7652a00" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm" + } + ] + }, + { + "name": "ncurses-libs", + "SPDXID": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "versionInfo": "6.2-12.20210508.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "ea37721cb3c1ede4d06e36ffc757da13ef77a839" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm" + } + ] + }, + { + "name": "nettle", + "SPDXID": "SPDXRef-Package-rpm-nettle-d95be7a40dea16b9", + "versionInfo": "3.10.1-1.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "55bf03f68f8fcc04417916b39f1854f1e787438b" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv3--or-GPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:nettle:nettle:3.10.1-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:nettle:3.10.1-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/nettle@3.10.1-1.el9?arch=x86_64&distro=rhel-9.7&upstream=nettle-3.10.1-1.el9.src.rpm" + } + ] + }, + { + "name": "npth", + "SPDXID": "SPDXRef-Package-rpm-npth-e8d4429184219587", + "versionInfo": "1.6-8.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "f30cc59a83a212ebac7de104d4203c07ca9cc365" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:npth:1.6-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:npth:npth:1.6-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/npth@1.6-8.el9?arch=x86_64&distro=rhel-9.7&upstream=npth-1.6-8.el9.src.rpm" + } + ] + }, + { + "name": "openldap", + "SPDXID": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "versionInfo": "2.6.8-4.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "d757deda0a15d47e382ca7ce873dc62233fb9223" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "OLDAP-2.8", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm" + } + ] + }, + { + "name": "openssl", + "SPDXID": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "versionInfo": "1:3.5.1-4.el9_7", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "6cd95cfbbcd4095e3407b30f6cc54d68a7b8d024" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "Apache-2.0", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm" + } + ] + }, + { + "name": "openssl-fips-provider", + "SPDXID": "SPDXRef-Package-rpm-openssl-fips-provider-3f743355082e9e4b", + "versionInfo": "3.0.7-8.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "ad1db366a99c4c1627f9ec814fd69f6aadfd87bc" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-ASL-2.0", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm" + } + ] + }, + { + "name": "openssl-fips-provider-so", + "SPDXID": "SPDXRef-Package-rpm-openssl-fips-provider-so-039e508ce9d5da38", + "versionInfo": "3.0.7-8.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "88a1b969ddf7986d4bd468a6f3c6fa0593311825" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-ASL-2.0", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm" + } + ] + }, + { + "name": "openssl-libs", + "SPDXID": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "versionInfo": "1:3.5.1-4.el9_7", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "95cfef643a2f455b5fb3d50cbd227122d9aba42d" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "Apache-2.0", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm" + } + ] + }, + { + "name": "p11-kit", + "SPDXID": "SPDXRef-Package-rpm-p11-kit-39edf0f240a77402", + "versionInfo": "0.25.3-3.el9_5", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "bdb37cd0a8e6887ad1ab92c0a5d9643e585e9559" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "BSD-3-Clause", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11-kit:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11-kit:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11_kit:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11_kit:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&upstream=p11-kit-0.25.3-3.el9_5.src.rpm" + } + ] + }, + { + "name": "p11-kit-trust", + "SPDXID": "SPDXRef-Package-rpm-p11-kit-trust-546bedf3e2fa6b85", + "versionInfo": "0.25.3-3.el9_5", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "6f1a2bfc8886e6810d8d233d96bd8f5dabd64eca" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "BSD-3-Clause", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11-kit-trust:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11-kit-trust:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11_kit_trust:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11_kit_trust:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11-kit:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11-kit:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11_kit:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11_kit:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:p11:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&upstream=p11-kit-0.25.3-3.el9_5.src.rpm" + } + ] + }, + { + "name": "pcre", + "SPDXID": "SPDXRef-Package-rpm-pcre-eed46dd832bd62c9", + "versionInfo": "8.44-4.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "3dad63a6e063ea4bdbc8917e138d0e1228725990" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:pcre:8.44-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:pcre:pcre:8.44-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/pcre@8.44-4.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre-8.44-4.el9.src.rpm" + } + ] + }, + { + "name": "pcre2", + "SPDXID": "SPDXRef-Package-rpm-pcre2-d52857c4436af57f", + "versionInfo": "10.40-6.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "c74f502aab3063ee72922a7735edbd2f32c92080" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm" + } + ] + }, + { + "name": "pcre2-syntax", + "SPDXID": "SPDXRef-Package-rpm-pcre2-syntax-79b3a388130aa9b9", + "versionInfo": "10.40-6.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "24e5a6c8ae65ef32012444c539eb087f1b59a11a" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm" + } + ] + }, + { + "name": "popt", + "SPDXID": "SPDXRef-Package-rpm-popt-81dc18ef79d2b2cb", + "versionInfo": "1.18-8.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "69493ea2e0ef5e6c8e9fbe52a7362d6c3bd5e1e9" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:popt:1.18-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:popt:popt:1.18-8.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/popt@1.18-8.el9?arch=x86_64&distro=rhel-9.7&upstream=popt-1.18-8.el9.src.rpm" + } + ] + }, + { + "name": "readline", + "SPDXID": "SPDXRef-Package-rpm-readline-86bb1c48d046cf90", + "versionInfo": "8.1-4.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "d2fec0a776e53c20384dc1e144c13f2bf8c4680e" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:readline:readline:8.1-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:readline:8.1-4.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/readline@8.1-4.el9?arch=x86_64&distro=rhel-9.7&upstream=readline-8.1-4.el9.src.rpm" + } + ] + }, + { + "name": "redhat-release", + "SPDXID": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "versionInfo": "9.7-0.7.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "33e24e50aff2cd20a2175820926f086330864e81" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat-release:redhat-release:9.7-0.7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat-release:redhat_release:9.7-0.7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat_release:redhat-release:9.7-0.7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat_release:redhat_release:9.7-0.7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:redhat-release:9.7-0.7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:redhat_release:9.7-0.7.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/redhat-release@9.7-0.7.el9?arch=x86_64&distro=rhel-9.7&upstream=redhat-release-9.7-0.7.el9.src.rpm" + } + ] + }, + { + "name": "rootfiles", + "SPDXID": "SPDXRef-Package-rpm-rootfiles-f180d99433c6c3a0", + "versionInfo": "8.1-35.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "3e3b79a4c1112a97187c08a1bd46ea416701e11e" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:rootfiles:rootfiles:8.1-35.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:rootfiles:8.1-35.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/rootfiles@8.1-35.el9?arch=noarch&distro=rhel-9.7&upstream=rootfiles-8.1-35.el9.src.rpm" + } + ] + }, + { + "name": "rpm", + "SPDXID": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "versionInfo": "4.16.1.3-39.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "23f94a84981fdebd65dc01fcf1625fbd2003a081" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:rpm:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:rpm:rpm:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/rpm@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&upstream=rpm-4.16.1.3-39.el9.src.rpm" + } + ] + }, + { + "name": "rpm-libs", + "SPDXID": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "versionInfo": "4.16.1.3-39.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "76010fde24bde6194d07ed2bcf076f3f6ee331c2" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv2--and-LGPLv2--with-exceptions", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:rpm-libs:rpm-libs:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:rpm-libs:rpm_libs:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:rpm_libs:rpm-libs:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:rpm_libs:rpm_libs:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:rpm-libs:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:rpm_libs:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:rpm:rpm-libs:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:rpm:rpm_libs:4.16.1.3-39.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/rpm-libs@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&upstream=rpm-4.16.1.3-39.el9.src.rpm" + } + ] + }, + { + "name": "sed", + "SPDXID": "SPDXRef-Package-rpm-sed-e21cb9e7dda039e1", + "versionInfo": "4.8-9.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "8e36b5b8686e231612363058a94c3115f3b0930c" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-GPLv3-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:sed:4.8-9.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:sed:sed:4.8-9.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/sed@4.8-9.el9?arch=x86_64&distro=rhel-9.7&upstream=sed-4.8-9.el9.src.rpm" + } + ] + }, + { + "name": "setup", + "SPDXID": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "versionInfo": "2.13.7-10.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "ad5abc106efcefd0e7c63f17d95194811d9ab6b2" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:setup:2.13.7-10.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:setup:setup:2.13.7-10.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/setup@2.13.7-10.el9?arch=noarch&distro=rhel-9.7&upstream=setup-2.13.7-10.el9.src.rpm" + } + ] + }, + { + "name": "shadow-utils", + "SPDXID": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "versionInfo": "2:4.9-15.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "1f8d97b03a77e0a56bcc4b846aecb795c04945e2" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-BSD-and-GPLv2-", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-15.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-15.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-15.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-15.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-15.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-15.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-15.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-15.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/shadow-utils@4.9-15.el9?arch=x86_64&distro=rhel-9.7&epoch=2&upstream=shadow-utils-4.9-15.el9.src.rpm" + } + ] + }, + { + "name": "sqlite-libs", + "SPDXID": "SPDXRef-Package-rpm-sqlite-libs-87ad778255840d3f", + "versionInfo": "3.34.1-9.el9_7", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "09e4b3d00cd9e64b21add812846b6cd7ce51f130" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm" + } + ] + }, + { + "name": "systemd-libs", + "SPDXID": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "versionInfo": "252-55.el9_7.7", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "f468de395c7cd607c92ab9c5cb1f21fa124b85da" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-LGPLv2--and-MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm" + } + ] + }, + { + "name": "tzdata", + "SPDXID": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "versionInfo": "2025c-1.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "8c5d53ba322148368b1391012fc6a4e39f7eb2bb" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:tzdata:2025c-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:tzdata:tzdata:2025c-1.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/tzdata@2025c-1.el9?arch=noarch&distro=rhel-9.7&upstream=tzdata-2025c-1.el9.src.rpm" + } + ] + }, + { + "name": "xz-libs", + "SPDXID": "SPDXRef-Package-rpm-xz-libs-f3e667a0375f3959", + "versionInfo": "5.2.5-8.el9_0", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "26a050dea67e5e8fd6c40d400a3c0c3132855f0b" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-Public-Domain", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:xz-libs:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:xz-libs:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:xz_libs:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:xz_libs:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:xz:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:xz:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.7&upstream=xz-5.2.5-8.el9_0.src.rpm" + } + ] + }, + { + "name": "zlib", + "SPDXID": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "versionInfo": "1.2.11-40.el9", + "supplier": "Organization: Red Hat, Inc.", + "originator": "Organization: Red Hat, Inc.", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": true, + "packageVerificationCode": { + "packageVerificationCodeValue": "289263adabab82f02dd7c0853b4956fdedbd2451" + }, + "sourceInfo": "acquired package info from RPM DB: /var/lib/rpm/rpmdb.sqlite", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "LicenseRef-zlib-and-Boost", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm" + } + ] + }, + { + "name": "ghcr.io/fluentdo/agent", + "SPDXID": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "versionInfo": "25.10.10", + "supplier": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/ghcr.io%2Ffluentdo%2Fagent@sha256%3A2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16?arch=amd64&tag=25.10.10" + } + ], + "primaryPackagePurpose": "CONTAINER" + } + ], + "files": [ + { + "fileName": "etc/GREP_COLORS", + "SPDXID": "SPDXRef-File-etc-GREP-COLORS-e427d65853822d0a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3e31ab9b1a70f6dbf441b2cb6fe9b6f6f8497c07" + }, + { + "algorithm": "SHA256", + "checksumValue": "e94e50735e137e769b40e230f019d5be755571129e0f7669c4570bb45c5c162e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/aliases", + "SPDXID": "SPDXRef-File-etc-aliases-2ccdba2d440270fd", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "41b96f30cc6b111373281bb4a549d252acff8d61" + }, + { + "algorithm": "SHA256", + "checksumValue": "a4c569569f893bc22fbe696c459f8fba0fe4565022637300b705b54a95c47bce" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/bashrc", + "SPDXID": "SPDXRef-File-etc-bashrc-4214e7ba484a297f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7743c11f20d32680eab82e12b8042792c263dd67" + }, + { + "algorithm": "SHA256", + "checksumValue": "bb091ed0ed1cbf1cd40cd3da60a4a994e2246c551ab086e96f43fefca197f75e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/crypto-policies/config", + "SPDXID": "SPDXRef-File-etc-crypto-policies-config-c84674aa2b18f5e3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3e0085ee611a9cf4ff7133da0360718b436baaeb" + }, + { + "algorithm": "SHA256", + "checksumValue": "ecae097fb02a733ac98c03d7527fd923d5c9607c6a02feb5f0d388375f3e70dc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/crypto-policies/state/current", + "SPDXID": "SPDXRef-File-etc-crypto-policies-state-current-dcff234cc54fd81f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3e0085ee611a9cf4ff7133da0360718b436baaeb" + }, + { + "algorithm": "SHA256", + "checksumValue": "ecae097fb02a733ac98c03d7527fd923d5c9607c6a02feb5f0d388375f3e70dc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/csh.cshrc", + "SPDXID": "SPDXRef-File-etc-csh.cshrc-e97d4e379ab1245e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8107c5537407a77fe092c0431351c59a9f5b1a1f" + }, + { + "algorithm": "SHA256", + "checksumValue": "441b02ec287f3bd2b94e2df4462e29f1f2f49d5fa41b8cce9dddd7865775868d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/csh.login", + "SPDXID": "SPDXRef-File-etc-csh.login-6a0e82cf1b36536f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5d131e943a6965da06cd60b4dce9a4fcbd77b371" + }, + { + "algorithm": "SHA256", + "checksumValue": "c9ea846975d2c90ac93c86ff6b04566f2b1d15c705ab62ec467c194b8a242f0e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/default/useradd", + "SPDXID": "SPDXRef-File-etc-default-useradd-3bc0077c49d2950e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6f1f531b22afb49512a303bfb127274372543352" + }, + { + "algorithm": "SHA256", + "checksumValue": "b121fd1b90c1a2fb6081a137dd7b441c7e7fec61bc17ca60db401a952d7b8825" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/dnf/dnf.conf", + "SPDXID": "SPDXRef-File-etc-dnf-dnf.conf-e715eea96e3656d1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "aeefb5d8201390aee81435c2a048dca74c462bcb" + }, + { + "algorithm": "SHA256", + "checksumValue": "1557f960a39d444375a3a28994eb082fdab2887a16da2b677ba181658f2512b7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/dnf/protected.d/dnf.conf", + "SPDXID": "SPDXRef-File-etc-dnf-protected.d-dnf.conf-df0de9d0d9d031e1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "44802b4599dd6b62d00636f397c973d81ae1942a" + }, + { + "algorithm": "SHA256", + "checksumValue": "b6f0d7b9f4d69e86833ec77802d3af8e5ecc5b9820e1fe0d774b7922e1da57fe" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/dnf/protected.d/redhat-release.conf", + "SPDXID": "SPDXRef-File-...dnf-protected.d-redhat-release.conf-3aa1742f2e3585c3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "058cfa312d9fd6a38756cea360ad03dbd6f2fcdd" + }, + { + "algorithm": "SHA256", + "checksumValue": "942298c770f9afd8303dffda64d89fb57c8d06e8a37fcc285951682afc5a88b7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/dnf/protected.d/setup.conf", + "SPDXID": "SPDXRef-File-etc-dnf-protected.d-setup.conf-baeeddada1c5c95f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "da041fe15ae9d8b17172d1a52a6621b25436d1f8" + }, + { + "algorithm": "SHA256", + "checksumValue": "9752eb62a6845a78a9e2eaeb4a6eb2d93a1b654ee8665f71d516cfaca3e7cf57" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/environment", + "SPDXID": "SPDXRef-File-etc-environment-93adb1065f80dba5", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/ethertypes", + "SPDXID": "SPDXRef-File-etc-ethertypes-3fdd477d017dfa61", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "07eb268f4ccd95249f0e5b62e73c546d2d213cba" + }, + { + "algorithm": "SHA256", + "checksumValue": "ed38f9d644befc87eb41a8649c310073240d9a8cd75b2f9c115b5d9d7e5d033c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/exports", + "SPDXID": "SPDXRef-File-etc-exports-bd8b17f97c934a0e", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/filesystems", + "SPDXID": "SPDXRef-File-etc-filesystems-fce3874eeffc9682", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f27be95d40c6cdd69350ca46e1d5a186d7212b9b" + }, + { + "algorithm": "SHA256", + "checksumValue": "ba1ed4fe76cd63c37dbd44a040921db7810c4b63f46ee6635779627a4a36a196" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/group", + "SPDXID": "SPDXRef-File-etc-group-17f0452d88c35045", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d43893aba8e1f7ac50d31350f0c6749c1d74f34d" + }, + { + "algorithm": "SHA256", + "checksumValue": "cd480d020fa833ee740993a401310b59092e696c462d7b5a386996a5af403f5e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:63c0de0eafb982af6b23145c1fadacccc45db5ddba5c9c570c9ecd891f744168" + }, + { + "fileName": "etc/gshadow", + "SPDXID": "SPDXRef-File-etc-gshadow-0d2d3ea44fec0394", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fb399da662da4f767b177d7101dc37f7ee7abccb" + }, + { + "algorithm": "SHA256", + "checksumValue": "57b2c179c1d1a435610d1ea0bfb5bed7eb6d6ced6c0e2f17bfe6362356be1706" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:63c0de0eafb982af6b23145c1fadacccc45db5ddba5c9c570c9ecd891f744168" + }, + { + "fileName": "etc/host.conf", + "SPDXID": "SPDXRef-File-etc-host.conf-771749e6b4b96062", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b10cafadc043aec4056a948914f011bc39d2ec13" + }, + { + "algorithm": "SHA256", + "checksumValue": "380f5fe21d755923b44203b58ca3c8b9681c485d152bd5d7e3914f67d821d32a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/hosts", + "SPDXID": "SPDXRef-File-etc-hosts-22e48b3787fe754f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7335999eb54c15c67566186bdfc46f64e0d5a1aa" + }, + { + "algorithm": "SHA256", + "checksumValue": "498f494232085ec83303a2bc6f04bea840c2b210fbbeda31a46a6e5674d4fc0e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/inputrc", + "SPDXID": "SPDXRef-File-etc-inputrc-59b11299ce6d190a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9482ed88a6779f0c14eb00e2e667960664dfcb98" + }, + { + "algorithm": "SHA256", + "checksumValue": "e016c93c4ded93c7e08e92957345746618c5893eae0c8528b0392a6e0d6e447a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/issue", + "SPDXID": "SPDXRef-File-etc-issue-e797ce9f0d1cdb1c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5c76e3b565c91e21bee303f15c728c71e6b39540" + }, + { + "algorithm": "SHA256", + "checksumValue": "188029a4a5fc320b6157195899bf6d424610d385949a857a811d992602fa48c9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/issue.net", + "SPDXID": "SPDXRef-File-etc-issue.net-402ed8348f10e3ff", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "95fee903a60d67d0bc0f1c11b909ec0527c2b39d" + }, + { + "algorithm": "SHA256", + "checksumValue": "17657f4ee63966a9c7687e97028b9ca514f6e9bcbefec4b7f4e81ac861eb3483" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/krb5.conf", + "SPDXID": "SPDXRef-File-etc-krb5.conf-485cebdb5c8d2a32", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1e0f9955d21eebb477f02328e9789d5ab53d643e" + }, + { + "algorithm": "SHA256", + "checksumValue": "87fa5619a6494774d5ea569df972a95691974cfed439f1e0f0e8dcb54cac5cb4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/ld.so.cache", + "SPDXID": "SPDXRef-File-etc-ld.so.cache-76f1c9985254e2be", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "36b8c3b64d37014908e77572188954aa3cb20f14" + }, + { + "algorithm": "SHA256", + "checksumValue": "c81f81c0014895d5f3d4c6a18352d7cec8d84c7545d02e03ca9f978848bb00ee" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:9bc7c492562f465ba19a77b35e5f630d7559005d0753b2d888b175a07126b785" + }, + { + "fileName": "etc/ld.so.conf", + "SPDXID": "SPDXRef-File-etc-ld.so.conf-32ec75dedc8ed09d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "52ab6b95985c3fb925765d081bc9b36a048ec825" + }, + { + "algorithm": "SHA256", + "checksumValue": "239c865e4c0746a01f82b03d38d620853bab2a2ba8e81d6f5606c503e0ea379f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/libaudit.conf", + "SPDXID": "SPDXRef-File-etc-libaudit.conf-ce2591a5f235263b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f86b14eb6371b0d99b968dabc1b853b99530cb8a" + }, + { + "algorithm": "SHA256", + "checksumValue": "d48318c90620fde96cb6a8e6eb1eb64663b21200f9d1d053f9e3b4fce24a2543" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/libreport/events.d/collect_dnf.conf", + "SPDXID": "SPDXRef-File-...libreport-events.d-collect-dnf.conf-69a1f8b190180ac2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d19eba9f751edaf8120bb8b9b722cea99fb4f60f" + }, + { + "algorithm": "SHA256", + "checksumValue": "cc0feca59af66ea18656fc5774b78f586b97864965cf1add75b3f9944678e999" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/login.defs", + "SPDXID": "SPDXRef-File-etc-login.defs-4bbbca48a63a9a75", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2daf6aa2130e0d1585d2f4336a65275adf67d9c3" + }, + { + "algorithm": "SHA256", + "checksumValue": "b8caab091c2b4a4b8194a438ff5df718d3c469362ac92a1901dc308eeac5a91e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/logrotate.d/dnf", + "SPDXID": "SPDXRef-File-etc-logrotate.d-dnf-8c585fd49a1add6b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2b0735c29b53a2561a3f5047bdf4c3a619d3f31e" + }, + { + "algorithm": "SHA256", + "checksumValue": "6d02a56605a12e2dd3e05da2ab86ef77d013af53c31f2b8cf5c7c69288ee3387" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/motd", + "SPDXID": "SPDXRef-File-etc-motd-ce2b6455c3786791", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/networks", + "SPDXID": "SPDXRef-File-etc-networks-778fd3cc081fcb4b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5c3cb9c5e7b7f4a6a1929c35727da7651e6c5bf4" + }, + { + "algorithm": "SHA256", + "checksumValue": "ae89ab2e35076a070ae7cf5b0edf600c3ea6999e15db9b543ef35dfc76d37cb1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/nsswitch.conf", + "SPDXID": "SPDXRef-File-etc-nsswitch.conf-dcb109d4616daae5", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4854b8c739119e4997f9f002b88dbb8985135821" + }, + { + "algorithm": "SHA256", + "checksumValue": "c1cc473688f64942669ee7eb72b262103db75498d9236356bdf25289828f5b46" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/openldap/ldap.conf", + "SPDXID": "SPDXRef-File-etc-openldap-ldap.conf-bf8b332a7275c03b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "767578de65b6f21acb7d5299881e9e00b6cad314" + }, + { + "algorithm": "SHA256", + "checksumValue": "3bea281bbd267ed31c02249d9ce4c7659d764c6c36b0f0c81a39e4c810236eb2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/passwd", + "SPDXID": "SPDXRef-File-etc-passwd-645eceef84258f08", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bf7007eebcb9840ffbed9e1cb7bc6807fcb367c4" + }, + { + "algorithm": "SHA256", + "checksumValue": "1dec20adb7cfa5c2800dab6921bd133f7959b9ad359530f9b38291c6a2dee424" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:63c0de0eafb982af6b23145c1fadacccc45db5ddba5c9c570c9ecd891f744168" + }, + { + "fileName": "etc/pki/ca-trust/README", + "SPDXID": "SPDXRef-File-etc-pki-ca-trust-README-cc1dd49bb25490aa", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4c0ea7b4623886d2246b9b113fafd1670ba42cb1" + }, + { + "algorithm": "SHA256", + "checksumValue": "6c7b9287c41c171c64b358fc7331b8a9ae969fc2d00d997d88bcbf4da0de598a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/ca-legacy.conf", + "SPDXID": "SPDXRef-File-etc-pki-ca-trust-ca-legacy.conf-59abd7dfd624e787", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b28450f457cc833ecf7af7dbe4d6c1feb0ec4208" + }, + { + "algorithm": "SHA256", + "checksumValue": "400b96da374503fa6b6350a867347082d0c90e05ba4d02cc6b51b11229199c4d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/README", + "SPDXID": "SPDXRef-File-etc-pki-ca-trust-extracted-README-91b647bbbba6deb5", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3c68219ad0bbe17c9773c5701ab34ad4d08a01a6" + }, + { + "algorithm": "SHA256", + "checksumValue": "146ff96c60a8ee32bbcf2da59d624d6ecfbab7ef7442529d46d8d63064d8ca58" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/edk2/README", + "SPDXID": "SPDXRef-File-etc-pki-ca-trust-extracted-edk2-README-9fa29831a822e32d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "751dd2582a3cc4bbb46f9ea1145bd8e3f59c6e6f" + }, + { + "algorithm": "SHA256", + "checksumValue": "757c28eddb0634b74e6482d16324193be27eee41864c1f96c447020dae14b44f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/edk2/cacerts.bin", + "SPDXID": "SPDXRef-File-...ca-trust-extracted-edk2-cacerts.bin-0015d10e62088f4c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "932b7df8a8175341fdceda0ad888ce8cbf3ed356" + }, + { + "algorithm": "SHA256", + "checksumValue": "10d123f5c252a9b611aeda90281aca0dcf1b6c63698e6a5ae7080fe36ff83801" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/java/README", + "SPDXID": "SPDXRef-File-etc-pki-ca-trust-extracted-java-README-0b4db8d1d6ef42ec", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6f501ecef2660fe2ad027b83a8165fbfce71ea27" + }, + { + "algorithm": "SHA256", + "checksumValue": "7bb8781320fb3ff84e76c7e7e4a9c3813879c4f1943710a3b0140b31efacfd32" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/java/cacerts", + "SPDXID": "SPDXRef-File-...pki-ca-trust-extracted-java-cacerts-32c35a9235c07703", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "12e619fb3488b917f364d5baed4ce3df0b481dcc" + }, + { + "algorithm": "SHA256", + "checksumValue": "ac3d53042f3cb667a779807a09226c3be396ceeb9d11943ade3208d5a6058b07" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/openssl/README", + "SPDXID": "SPDXRef-File-...pki-ca-trust-extracted-openssl-README-c75545382b15487f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1b007d0cde2d4791df3363c6fa6a22f0263031a4" + }, + { + "algorithm": "SHA256", + "checksumValue": "6c812d1ec8ce5bde2216cc42be33021d6345fbea05c14f50c52191a38c175ea9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt", + "SPDXID": "SPDXRef-File-...extracted-openssl-ca-bundle.trust.crt-1927e8c59b24fe60", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "55e15e632fb262a4a6d9850a764aceaabc47ab9c" + }, + { + "algorithm": "SHA256", + "checksumValue": "5a8e566a20336ec17ea7c0d71b8749f03b29f9ddf77ff733dfaf6782c28c56e6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/README", + "SPDXID": "SPDXRef-File-etc-pki-ca-trust-extracted-pem-README-7d7490fa611754ad", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2e9c850350cb6adc069c023f9a619d08377bdcbd" + }, + { + "algorithm": "SHA256", + "checksumValue": "27362e773c8b6bb065a455a66badb05e2652720bab8ade9ab91f0404cf827dab" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/ACCVRAIZ1.pem", + "SPDXID": "SPDXRef-File-...pem-directory-hash-ACCVRAIZ1.pem-e89e0020249dd0a9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "620fa298774c61bc147e4766753252267a4d9c9d" + }, + { + "algorithm": "SHA256", + "checksumValue": "04846f73d9d0421c60076fd02bad7f0a81a3f11a028d653b0de53290e41dcead" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/AC_RAIZ_FNMT-RCM.pem", + "SPDXID": "SPDXRef-File-...directory-hash-AC-RAIZ-FNMT-RCM.pem-ae69d9be7bd46a62", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ceb43c8ebea65e461729f071ad2f4ef62a831ba1" + }, + { + "algorithm": "SHA256", + "checksumValue": "aa18ea4c9a8441a461bb436a1c90beb994ac841980b8fd62c72de9a62ddf8ae3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem", + "SPDXID": "SPDXRef-File-...AC-RAIZ-FNMT-RCM-SERVIDORES-SEGUROS.pem-a1ad3775f61392a3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f6fa356c7ad3ab1ddee68e9d4a43d76aebed253" + }, + { + "algorithm": "SHA256", + "checksumValue": "8e3f237813d3f3e2f5767bc2a694a7557f84bb79fd60ef1adc25afd0c1fc5ef6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/ANF_Secure_Server_Root_CA.pem", + "SPDXID": "SPDXRef-File-...ANF-Secure-Server-Root-CA.pem-d361bb2407bda534", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "86c697b354c67874c5fffdadca5d70896d23730c" + }, + { + "algorithm": "SHA256", + "checksumValue": "efb2df6e0075fa74e448077e402d171851b2ffe4668a614adc00dcbc75633afd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Actalis_Authentication_Root_CA.pem", + "SPDXID": "SPDXRef-File-...Actalis-Authentication-Root-CA.pem-0582c63d360ee85d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "511ca95607022a99ed8e68bd63f136c4854cefcb" + }, + { + "algorithm": "SHA256", + "checksumValue": "c6d25347727f267774611677588d76f8a54a6e14d3e99dd69ef2c20612ed87c5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Commercial.pem", + "SPDXID": "SPDXRef-File-...AffirmTrust-Commercial.pem-8ec53f46a05edb5f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "31629611efda355cdc62783bd61e91aa0ba20aa6" + }, + { + "algorithm": "SHA256", + "checksumValue": "7108110fdaf19e3e5a7ed8fa38557248e79fe78bb2e9eefe7a0bb801cbfd2db7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Networking.pem", + "SPDXID": "SPDXRef-File-...AffirmTrust-Networking.pem-182fdfb202e298d5", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "87a9857563967d59ccbe51e4a8fc2ba2fda1e919" + }, + { + "algorithm": "SHA256", + "checksumValue": "b68109f50ba0abed3b938afebd2ab42a2f5089062c59e9fc74425e2742d894bc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Premium.pem", + "SPDXID": "SPDXRef-File-...directory-hash-AffirmTrust-Premium.pem-71894ac0e3522f7c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2a47bba1a7198f3b61b179239dadc8b6d9555887" + }, + { + "algorithm": "SHA256", + "checksumValue": "94c88202bf2c13c68b90d124f93f62374f36776b0bfbc110c6d06f829290b580" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Premium_ECC.pem", + "SPDXID": "SPDXRef-File-...AffirmTrust-Premium-ECC.pem-744baa7aa5e8d192", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4078832c8e87e1552a61d2f27e38917f143c8919" + }, + { + "algorithm": "SHA256", + "checksumValue": "42f0e946149ae0e0c6a1fb0e33150ce863479b2ef7b3c700161102ad1dcb34c1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_1.pem", + "SPDXID": "SPDXRef-File-...directory-hash-Amazon-Root-CA-1.pem-09545d087772de76", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f0d2d251ef5ee84b8e05d8012056a1495fcf34b3" + }, + { + "algorithm": "SHA256", + "checksumValue": "2c43952ee9e000ff2acc4e2ed0897c0a72ad5fa72c3d934e81741cbd54f05bd1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_2.pem", + "SPDXID": "SPDXRef-File-...directory-hash-Amazon-Root-CA-2.pem-b94eaca0dedd811c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "323b7b4a10c0d8da198a3e8c059c9bec24f4932d" + }, + { + "algorithm": "SHA256", + "checksumValue": "a3a7fe25439d9a9b50f60af43684444d798a4c869305bf615881e5c84a44c1a2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_3.pem", + "SPDXID": "SPDXRef-File-...directory-hash-Amazon-Root-CA-3.pem-62810776df7db742", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2e7153a81fb98a0fbb508b3b93829e4e9eda5d23" + }, + { + "algorithm": "SHA256", + "checksumValue": "3eb7c3258f4af9222033dc1bb3dd2c7cfa0982b98e39fb8e9dc095cfeb38126c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_4.pem", + "SPDXID": "SPDXRef-File-...directory-hash-Amazon-Root-CA-4.pem-aa7d9b28187b65d2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d9ac8e9773360d16d95225747626873e81aa9fd6" + }, + { + "algorithm": "SHA256", + "checksumValue": "b0b7961120481e33670315b2f843e643c42f693c7a1010eb9555e06ddc730214" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Atos_TrustedRoot_2011.pem", + "SPDXID": "SPDXRef-File-...Atos-TrustedRoot-2011.pem-561baef31372130f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3e7bf149a7cd32271ef18328a22c766bdb192c76" + }, + { + "algorithm": "SHA256", + "checksumValue": "79e9f88ab505186e36f440c88bc37e103e1a9369a0ebe382c4a04bd70b91c027" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem", + "SPDXID": "SPDXRef-File-...Atos-TrustedRoot-Root-CA-ECC-TLS-2021.pem-78447ed4edd2842a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "21d7491620f569f125ea6750fbc51e0d68865eaf" + }, + { + "algorithm": "SHA256", + "checksumValue": "970d70366b2f8c29ac71c8f71689ddd8fd321208a5ededbb2d784af33799a0f6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem", + "SPDXID": "SPDXRef-File-...Atos-TrustedRoot-Root-CA-RSA-TLS-2021.pem-50a066f8ec10e833", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8943e4a8481b0339e69f0e7cd54c324eb3cbb03f" + }, + { + "algorithm": "SHA256", + "checksumValue": "980dc408dd2def2d7930bec10c48e256d115f636c403b631ffb93558dacf5571" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem", + "SPDXID": "SPDXRef-File-...Autoridad-de-Certificacion-Firmaprofesional-CIF-A62634068.pem-14f7f0a29e08b2ce", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d0cd024f9827c0b9834235e9517e932ce76009a0" + }, + { + "algorithm": "SHA256", + "checksumValue": "a618213c5dd7cbb59b3154de7241d7255333a0619cf434329becae876ce6e331" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/BJCA_Global_Root_CA1.pem", + "SPDXID": "SPDXRef-File-...BJCA-Global-Root-CA1.pem-d158af0f907a075a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "22841f1345277d606ed6dd3c42565e0ca907cc76" + }, + { + "algorithm": "SHA256", + "checksumValue": "08e1a8115accf7ce400a3f98fc31dbab522a3ed3644ca48389b4899e2d794f1a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/BJCA_Global_Root_CA2.pem", + "SPDXID": "SPDXRef-File-...BJCA-Global-Root-CA2.pem-cb569fa58f58ac94", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ba8137e853314ecd084532bfa3e5d63c79a3ec29" + }, + { + "algorithm": "SHA256", + "checksumValue": "6c58125f88a4ff83d40e6b58c5532ea905be4daf1ec7da7f4542af3d34855340" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Buypass_Class_2_Root_CA.pem", + "SPDXID": "SPDXRef-File-...Buypass-Class-2-Root-CA.pem-d49d21277e12004a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a3e41e74e9a4137036525f0c2fd6d8edfdc7c39" + }, + { + "algorithm": "SHA256", + "checksumValue": "9c2a7510e01aec2c9b8cc2c9d03b16576858a93863a6d0a31a2ac05f47f5dbe1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Buypass_Class_3_Root_CA.pem", + "SPDXID": "SPDXRef-File-...Buypass-Class-3-Root-CA.pem-85bd2ba5b1ebf7e9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5b889430b7dd1517c94f87b77175c5af957b15a4" + }, + { + "algorithm": "SHA256", + "checksumValue": "8db5b7c8f058c56a8d033c2443d34fdfd3656150eaa73fe63c65161e7063ce99" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/CA_Disig_Root_R2.pem", + "SPDXID": "SPDXRef-File-...directory-hash-CA-Disig-Root-R2.pem-e7307252140f3444", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "71a23868abee32d53d2573dc73b82e0b77d76fb8" + }, + { + "algorithm": "SHA256", + "checksumValue": "8adefca890c92e6d0877fdcba07655296852217da657026aea69ee547642528c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/CFCA_EV_ROOT.pem", + "SPDXID": "SPDXRef-File-...pem-directory-hash-CFCA-EV-ROOT.pem-73f4503d64a66d9a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "96828202bc5c8db6f4f56b4d81a2553c108ce23a" + }, + { + "algorithm": "SHA256", + "checksumValue": "94e4ab21333740d7ed0f2b5007744e5cf6792c0ddf4c6bdfb3ce8333010e7306" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/COMODO_Certification_Authority.pem", + "SPDXID": "SPDXRef-File-...COMODO-Certification-Authority.pem-940ffac4f8480d15", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b4b9dc9cf470c66b1e9e53c3029a07a941898185" + }, + { + "algorithm": "SHA256", + "checksumValue": "e273097c7c57cb7cbb908057991ae1774d4e1e8c6a062fb6be9e6645b32fb431" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/COMODO_ECC_Certification_Authority.pem", + "SPDXID": "SPDXRef-File-...COMODO-ECC-Certification-Authority.pem-d65a8a096859eeaa", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e99968bdee964aeabd2f025ccabe1d1085b2f88c" + }, + { + "algorithm": "SHA256", + "checksumValue": "d69f7b57250536f57ffba92cffe82a8bbcb16e03a9a2607ec967f362ce83f9ce" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/COMODO_RSA_Certification_Authority.pem", + "SPDXID": "SPDXRef-File-...COMODO-RSA-Certification-Authority.pem-68df5c1193377790", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f406946f4a9b379d4af9847451ca01dc40cfb968" + }, + { + "algorithm": "SHA256", + "checksumValue": "24b0d4292dacb02efc38542838e378bc35f040dcd21bebfddbc82dc7feb2876d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Certainly_Root_E1.pem", + "SPDXID": "SPDXRef-File-...directory-hash-Certainly-Root-E1.pem-23b3a0ffd6f381af", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bcbe678ccaafd4dafae76ff27858163acdad7d0a" + }, + { + "algorithm": "SHA256", + "checksumValue": "1b28a5568648fef0d3faeb916cb7bdb054724cb3b5a00c6bfd3d8a2fba7a8bba" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Certainly_Root_R1.pem", + "SPDXID": "SPDXRef-File-...directory-hash-Certainly-Root-R1.pem-2af87fae7d870d72", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f2a61f2c7fcc32cf79611fdc2e1a1a774922dfc7" + }, + { + "algorithm": "SHA256", + "checksumValue": "0c78902126532fde9eed4b2d8b6a2c9bbaa8b3abc59f233c45c6cb5514a9f808" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Certigna.pem", + "SPDXID": "SPDXRef-File-...pem-directory-hash-Certigna.pem-ee1f4013048d2e22", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fe5df407c4cba70f49928410bf55df03d1e2732f" + }, + { + "algorithm": "SHA256", + "checksumValue": "d1e1969cdbc656bb4c568116fe2d9b4f8b02b170dc20193b86a26c046f4b35a7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Certigna_Root_CA.pem", + "SPDXID": "SPDXRef-File-...directory-hash-Certigna-Root-CA.pem-b0bfd10354716753", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "55d0638baee7a6144b8e3c028c24ee1127202c3c" + }, + { + "algorithm": "SHA256", + "checksumValue": "fe3b44c18182e167121a2c645cecc4817441d469dc00633e60fe8476f9e1ad96" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Certum_EC-384_CA.pem", + "SPDXID": "SPDXRef-File-...directory-hash-Certum-EC-384-CA.pem-656c280d47bd952e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "22dbd35fe494149e558aa745ec3114396ce7788a" + }, + { + "algorithm": "SHA256", + "checksumValue": "c4a426fe57a7e4e6966e2103f2941eb7263e7c35727dd0f412bd593467304999" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Certum_Trusted_Network_CA.pem", + "SPDXID": "SPDXRef-File-...Certum-Trusted-Network-CA.pem-a4045bf2b74d58b0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "76c3afd5eaf8d5cbf250f08b923fbf9085c6793e" + }, + { + "algorithm": "SHA256", + "checksumValue": "43f1bade6454349c258017cc99113f8b6a5712e3807e82ad9371348d52d60190" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Certum_Trusted_Network_CA_2.pem", + "SPDXID": "SPDXRef-File-...Certum-Trusted-Network-CA-2.pem-6eb5b07c16b5c623", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "164db231827f86d73012dc6680fb6be777f205ac" + }, + { + "algorithm": "SHA256", + "checksumValue": "9dd4cbb6d2c29cbb3ca98da02c042a690c0ef4c0521d98aae37e0a704c4bf210" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Certum_Trusted_Root_CA.pem", + "SPDXID": "SPDXRef-File-...Certum-Trusted-Root-CA.pem-1a3ccf2e951b28df", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "224c9274d5af21d3cee7eb1b143d471be19e1b4d" + }, + { + "algorithm": "SHA256", + "checksumValue": "e6c62d3f63ba03f4dac458b7dac6c09eb4d71cc3c6621769c3883ed51677c01c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_ECC_Root-01.pem", + "SPDXID": "SPDXRef-File-...CommScope-Public-Trust-ECC-Root-01.pem-b03b81b90f9917f2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "37575d65f82284bd61f2bfce0820c8c3a7da69a3" + }, + { + "algorithm": "SHA256", + "checksumValue": "a5e66a87e60e17b9aac2d825c9b898ce4bb635dd6e8a137c0dd2ca761b6165ce" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_ECC_Root-02.pem", + "SPDXID": "SPDXRef-File-...CommScope-Public-Trust-ECC-Root-02.pem-2394e5f517192d0e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bbdb4d47a7949fa7542f754f329b7602064fff8c" + }, + { + "algorithm": "SHA256", + "checksumValue": "80eda3bc1316bbb2c18df887c7a30a40ace97146471337e06bfdd46337a688c3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_RSA_Root-01.pem", + "SPDXID": "SPDXRef-File-...CommScope-Public-Trust-RSA-Root-01.pem-27274b78fdb5b66a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e6d40ed9e062ff5e9fc2c14c5a5dff81fea212f3" + }, + { + "algorithm": "SHA256", + "checksumValue": "ee459c64139faa1fb8d90a9195022aaca51808c62bb374afa2a26b50875346b1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_RSA_Root-02.pem", + "SPDXID": "SPDXRef-File-...CommScope-Public-Trust-RSA-Root-02.pem-9d9e9158a6244e83", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "749aa8aa41aa221ac66106efb8d60e0705945fb1" + }, + { + "algorithm": "SHA256", + "checksumValue": "fed2654034ede8dc7677c5e06d4b583bcb0ae352f03cd16111d34c854bbffbbc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_BR_Root_CA_1_2020.pem", + "SPDXID": "SPDXRef-File-...D-TRUST-BR-Root-CA-1-2020.pem-7bc3fbae8531dfa6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "90be8e8f64cca12962624e98b8d9174373ee0e89" + }, + { + "algorithm": "SHA256", + "checksumValue": "ae927c01e73470cfc89943b5cd8f26e481d55c833517c1017f3fef404a38a317" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_BR_Root_CA_2_2023.pem", + "SPDXID": "SPDXRef-File-...D-TRUST-BR-Root-CA-2-2023.pem-671ef7876e00725f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0071016c046d1407424d80aa71c640a0e3d3db17" + }, + { + "algorithm": "SHA256", + "checksumValue": "2754e50d3377d6613e95df6d7a40150bb3a1fa1ae35382af96c7be58cdcbeb14" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_EV_Root_CA_1_2020.pem", + "SPDXID": "SPDXRef-File-...D-TRUST-EV-Root-CA-1-2020.pem-d968bac0a3f46c58", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9751a120d60bb07072c400729f0245903faab22b" + }, + { + "algorithm": "SHA256", + "checksumValue": "0b83e3ece7c33128cc31ac97595ce1bdb524db3f924623093b64e6a96ffb4b9b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_EV_Root_CA_2_2023.pem", + "SPDXID": "SPDXRef-File-...D-TRUST-EV-Root-CA-2-2023.pem-b14405cc33922027", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "59f7fa35fd3098f51913b9213729a30e92964735" + }, + { + "algorithm": "SHA256", + "checksumValue": "268e32f39fb4f9316d0680fde4eb479bbe8c4093193551c4b388f703ada60eca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_Root_Class_3_CA_2_2009.pem", + "SPDXID": "SPDXRef-File-...D-TRUST-Root-Class-3-CA-2-2009.pem-37231c1c1b691ada", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0955eda0b9f35d8915cfc5decba0fdeffa307a15" + }, + { + "algorithm": "SHA256", + "checksumValue": "a00b8aa918457f5e7e58457b5e2f80d640fa77cc290572aaab1ae7b4734a9528" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_Root_Class_3_CA_2_EV_2009.pem", + "SPDXID": "SPDXRef-File-...D-TRUST-Root-Class-3-CA-2-EV-2009.pem-1e18b66e6564af0a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9b3af04c571ba2783543c5ab5193aa279398fa76" + }, + { + "algorithm": "SHA256", + "checksumValue": "f81ceeaf6341513ef391ab3ea3302e8b2fb2c1527752797bba9b20ca22048b3c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Assured_ID_Root_CA.pem", + "SPDXID": "SPDXRef-File-...DigiCert-Assured-ID-Root-CA.pem-1f640a80eae5d75b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d636a2396e29b4e91e00106a183938a6d746f716" + }, + { + "algorithm": "SHA256", + "checksumValue": "b52fae9cd8dcf49285f0337cd815deca13fedd31f653bf07f61579451517e18c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Assured_ID_Root_G2.pem", + "SPDXID": "SPDXRef-File-...DigiCert-Assured-ID-Root-G2.pem-f53cc7a5ec5dce3e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9662d04625b183655fdb0304f644865a28a2af7c" + }, + { + "algorithm": "SHA256", + "checksumValue": "660b5aa96668c5162f4af6b0a01241d8527aef8fa8a5307a7033b83c3de4a72d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Assured_ID_Root_G3.pem", + "SPDXID": "SPDXRef-File-...DigiCert-Assured-ID-Root-G3.pem-f54bda09b2c311df", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "07683ac24e071f61794b8ef1d77fa9096b8d6a90" + }, + { + "algorithm": "SHA256", + "checksumValue": "c4fa4cc30be6aee0a4c0dff81f28768eedd83e8d4934a42f82179cbfa61f13ad" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Global_Root_CA.pem", + "SPDXID": "SPDXRef-File-...DigiCert-Global-Root-CA.pem-91233860774a931b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4418290c0af661843b28c70f4eb728f4cc462960" + }, + { + "algorithm": "SHA256", + "checksumValue": "39fdcf28aeffe08d03251fccaf645e3c5de19fa4ebbafc89b4ede2a422148bab" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Global_Root_G2.pem", + "SPDXID": "SPDXRef-File-...DigiCert-Global-Root-G2.pem-81c2c135a68d29f4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bcd60f07008eed3bd1d16a974fff0b93ce68110b" + }, + { + "algorithm": "SHA256", + "checksumValue": "5d550643b6400d4341550a9b14aedd0b4fac33ae5deb7d8247b6b4f799c13306" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Global_Root_G3.pem", + "SPDXID": "SPDXRef-File-...DigiCert-Global-Root-G3.pem-c6f78a73469f9f35", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ee09b75a1fb80f76354f45dace36fa5174d96bb0" + }, + { + "algorithm": "SHA256", + "checksumValue": "1914cd2d4cde263315f9e32c7683fc0e1b921919ad12b256d49bf782011c03cc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_High_Assurance_EV_Root_CA.pem", + "SPDXID": "SPDXRef-File-...DigiCert-High-Assurance-EV-Root-CA.pem-8e9fafe6e242e811", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ff242a82d695ca1e476ec5a465cb44f0747edb58" + }, + { + "algorithm": "SHA256", + "checksumValue": "d98f681c3a7dce812b90bf7c68046827f3bf5607357f1e4918c5dc813b359bf1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_TLS_ECC_P384_Root_G5.pem", + "SPDXID": "SPDXRef-File-...DigiCert-TLS-ECC-P384-Root-G5.pem-530a86f1b4192055", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "02326c81a98c8914ec59c4be2817b6f2177e8033" + }, + { + "algorithm": "SHA256", + "checksumValue": "05161ad2ac04a0df956ef803e127aa877cc5131e0a727ed8e5de43f02e8868c4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_TLS_RSA4096_Root_G5.pem", + "SPDXID": "SPDXRef-File-...DigiCert-TLS-RSA4096-Root-G5.pem-5ae379d9c156a3ef", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b6c7cf76bffe105afc7255951b70fa1b140c452e" + }, + { + "algorithm": "SHA256", + "checksumValue": "fe64d4b3ae749db5ec57b04ed9203c748fff446f57b9665fad988435d89c9e43" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Trusted_Root_G4.pem", + "SPDXID": "SPDXRef-File-...DigiCert-Trusted-Root-G4.pem-bdc8668c4b51e731", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e18e58c72171c631853f21ddeeef0f3eddff113c" + }, + { + "algorithm": "SHA256", + "checksumValue": "ce7d6b44f5d510391be98c8d76b18709400a30cd87659bfebe1c6f97ff5181ee" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Entrust_Root_Certification_Authority.pem", + "SPDXID": "SPDXRef-File-...Entrust-Root-Certification-Authority.pem-4075c56de1d4abc7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "84c2702946b6895ac09e25fc4eccd685129a2e27" + }, + { + "algorithm": "SHA256", + "checksumValue": "745bd29be45667514b4000e9cdb70cdecad0f02c78232ed722f64f7f80436e35" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Entrust_Root_Certification_Authority_-_EC1.pem", + "SPDXID": "SPDXRef-File-...Entrust-Root-Certification-Authority---EC1.pem-413fb225936be2cf", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bec0efa7b5d94664b6427d0bdc22e77ae6ed1d6b" + }, + { + "algorithm": "SHA256", + "checksumValue": "a0d7e56b32b767e076bd7d05ce1779dbe3656d0a02a9abe711fc79640b9f7fbe" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Entrust_Root_Certification_Authority_-_G2.pem", + "SPDXID": "SPDXRef-File-...Entrust-Root-Certification-Authority---G2.pem-e633bee8f313f043", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6030dacb6bb4c3acd58b528313a6b417cddbcdb8" + }, + { + "algorithm": "SHA256", + "checksumValue": "646db48fa7794bcab4581f264ff3fad4cff7bbd24f5e8bb170d4f602b6caf828" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/FIRMAPROFESIONAL_CA_ROOT-A_WEB.pem", + "SPDXID": "SPDXRef-File-...FIRMAPROFESIONAL-CA-ROOT-A-WEB.pem-a6a99cfab1fecb9b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e5f6f17a920cdad0d8c904f0705f94e58964e7e6" + }, + { + "algorithm": "SHA256", + "checksumValue": "9f9228cfb1ba0c6c9cd1c7b35437272b5fad8259e5205e6af57ab50edeb22e2d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/GDCA_TrustAUTH_R5_ROOT.pem", + "SPDXID": "SPDXRef-File-...GDCA-TrustAUTH-R5-ROOT.pem-d4c5db59ee201691", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "276ef0193f9ff2a5ee437acaa4069c8d4c41851e" + }, + { + "algorithm": "SHA256", + "checksumValue": "b0bf3a444f89d8be7db120bfecaa2f94d9e49ede21f680d674c1e8d839d8a9a2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/GLOBALTRUST_2020.pem", + "SPDXID": "SPDXRef-File-...directory-hash-GLOBALTRUST-2020.pem-6d32fab6df045544", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4996eba7b2b212547bffe74e8cf38cb9e03411b6" + }, + { + "algorithm": "SHA256", + "checksumValue": "b3bcd05e1b177130f6888fcc1cff4e01cff44ef8e6b0d035f04ad6a71dd0879c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R1.pem", + "SPDXID": "SPDXRef-File-...pem-directory-hash-GTS-Root-R1.pem-0f1557987e632aa7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5aab042e2987dbf2849f05194800ee162c6a5fd7" + }, + { + "algorithm": "SHA256", + "checksumValue": "4195ea007a7ef8d3e2d338e8d9ff0083198e36bfa025442ddf41bb5213904fc2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R2.pem", + "SPDXID": "SPDXRef-File-...pem-directory-hash-GTS-Root-R2.pem-b83f8e631682a492", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "299af0bfcb2f6fde42b5cb1eaf9d6c07a44e9b14" + }, + { + "algorithm": "SHA256", + "checksumValue": "1a49076630e489e4b1056804fb6c768397a9de52b236609aaf6ec5b94ce508ec" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R3.pem", + "SPDXID": "SPDXRef-File-...pem-directory-hash-GTS-Root-R3.pem-3de4fa7dcd29bf21", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "953c8337aa79ca983beabb59e85a75a7f35f310e" + }, + { + "algorithm": "SHA256", + "checksumValue": "39238e09bb7d30e39fbf87746ceac206f7ec206cff3d73c743e3f818ca2ec54f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R4.pem", + "SPDXID": "SPDXRef-File-...pem-directory-hash-GTS-Root-R4.pem-a7d187c4307ab11e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "54b519a7faeeae1f2d777d3fa2ce998d6a31d9ac" + }, + { + "algorithm": "SHA256", + "checksumValue": "7e8b80d078d3dd77d3ed2108dd2b33412c12d7d72cb0965741c70708691776a2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_ECC_Root_CA_-_R4.pem", + "SPDXID": "SPDXRef-File-...GlobalSign-ECC-Root-CA---R4.pem-79585666e0964d2e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d62a5e3304792e3f8c9f9bd5eaa74cf3a4b37961" + }, + { + "algorithm": "SHA256", + "checksumValue": "d1b69887f73444c0fc0a6f22a2fe961c2423275f9c38ba7d50da2a4ba75394f1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_ECC_Root_CA_-_R5.pem", + "SPDXID": "SPDXRef-File-...GlobalSign-ECC-Root-CA---R5.pem-d9444c634712dee5", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b5303a6a94db2ee51ce9b07ce05700a6839c4d0c" + }, + { + "algorithm": "SHA256", + "checksumValue": "80eeafa5039f282345129a81ace7e1c1e1d4fd826f1eb3391a4ea56f38a6e3d8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_CA_-_R3.pem", + "SPDXID": "SPDXRef-File-...GlobalSign-Root-CA---R3.pem-9bf39454af476ddf", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1b094f057de5fa44d7958268d93ed5f4d6c5dbdc" + }, + { + "algorithm": "SHA256", + "checksumValue": "6bdc59f897631af7811e3201cbc58e5999de2600ae8667454a34514eecfd8381" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_CA_-_R6.pem", + "SPDXID": "SPDXRef-File-...GlobalSign-Root-CA---R6.pem-0ac3ffc119e413fa", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a5f84689d3eeeb0c0cf67dd0bcfa7e873b3553b3" + }, + { + "algorithm": "SHA256", + "checksumValue": "5ff8425be71c1805446bf10601ce3cb9619889866766fc9285583ca5a4a7de94" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_E46.pem", + "SPDXID": "SPDXRef-File-...directory-hash-GlobalSign-Root-E46.pem-62bdfcdf58cd874c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "00097313addec897465681955d57c936f62fc8c3" + }, + { + "algorithm": "SHA256", + "checksumValue": "5bd16128d0934629c2e1713140a6f97c9828dbb5429ab5797b2573efc71de1a1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_R46.pem", + "SPDXID": "SPDXRef-File-...directory-hash-GlobalSign-Root-R46.pem-2c52da743358feab", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d72a96202dd7467dcffc0a7772ca7c4a8c4c1cbc" + }, + { + "algorithm": "SHA256", + "checksumValue": "dcc1a6246e13880ca5b73ef547e082dd0401e4d8837b6d211be82f7be791ac65" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Go_Daddy_Root_Certificate_Authority_-_G2.pem", + "SPDXID": "SPDXRef-File-...Go-Daddy-Root-Certificate-Authority---G2.pem-3952cf141f7a7988", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "760fbb36cfb55a67c71cac3dcf0d368ea9f98ee7" + }, + { + "algorithm": "SHA256", + "checksumValue": "500329abac100a953a7396b54b36be57d333022f17401bc948248ea179cf1784" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/HARICA_TLS_ECC_Root_CA_2021.pem", + "SPDXID": "SPDXRef-File-...HARICA-TLS-ECC-Root-CA-2021.pem-7b1cb270c9065cd2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7e50045e60b63c8690a29d8f434f9a740f926120" + }, + { + "algorithm": "SHA256", + "checksumValue": "c6dc63e98b3a5e6a595c7d583a9c47c5efb6d316957466fd16c785b423eacf37" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/HARICA_TLS_RSA_Root_CA_2021.pem", + "SPDXID": "SPDXRef-File-...HARICA-TLS-RSA-Root-CA-2021.pem-591a41db9b79af5d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a551003c7ed1fee9ad3015fbaa3139a856d28174" + }, + { + "algorithm": "SHA256", + "checksumValue": "05e0ebf9643197ccf8036cdd86a2ee14292c2a077dbe06435ed30369b8762564" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem", + "SPDXID": "SPDXRef-File-...Hellenic-Academic-and-Research-Institutions-ECC-RootCA-2015.pem-a1ff587af407dfb7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fc2c55eb2428f256ff55b96c2123a828e98f1a66" + }, + { + "algorithm": "SHA256", + "checksumValue": "1cdd90d42b48cced8f5ecbff087c49da56b224f0272e4b5074e63b82fff5fb16" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem", + "SPDXID": "SPDXRef-File-...Hellenic-Academic-and-Research-Institutions-RootCA-2015.pem-13f76655123400bf", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "22d9fe83302ff06ae25e6efb8cc1fa21dfaf0e72" + }, + { + "algorithm": "SHA256", + "checksumValue": "677160e6297b48b87ede98ab7b4f2be55894491776f6191937ea397d01a6fb4b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/HiPKI_Root_CA_-_G1.pem", + "SPDXID": "SPDXRef-File-...directory-hash-HiPKI-Root-CA---G1.pem-48be61ae1c21cf77", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f9c9b3d9baa557bf26ce840730a726c74aa721f9" + }, + { + "algorithm": "SHA256", + "checksumValue": "c3f06f635f1939ebeb125e5c1f030e329b63dd808d3ce803b1b1794bc78b253a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Hongkong_Post_Root_CA_3.pem", + "SPDXID": "SPDXRef-File-...Hongkong-Post-Root-CA-3.pem-efa0302dda182d8b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d5c78ce39f6d7ca7b589017ebb57a6da21fa8fca" + }, + { + "algorithm": "SHA256", + "checksumValue": "1fd9801787f30a4ab835b1462afc3f71473a5eacc74c0a22ed392bc3da9362f3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/ISRG_Root_X1.pem", + "SPDXID": "SPDXRef-File-...pem-directory-hash-ISRG-Root-X1.pem-4ae49a9e734148b6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4de9627fe9ace4acce27eaa1a0837cd3db55704b" + }, + { + "algorithm": "SHA256", + "checksumValue": "22b557a27055b33606b6559f37703928d3e4ad79f110b407d04986e1843543d1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/ISRG_Root_X2.pem", + "SPDXID": "SPDXRef-File-...pem-directory-hash-ISRG-Root-X2.pem-079c21d9907f9cfd", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bd49d42c1fbb733120cd260418ac892a6954d54c" + }, + { + "algorithm": "SHA256", + "checksumValue": "a13d881e11fe6df181b53841f9fa738a2d7ca9ae7be3d53c866f722b4242b013" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/IdenTrust_Commercial_Root_CA_1.pem", + "SPDXID": "SPDXRef-File-...IdenTrust-Commercial-Root-CA-1.pem-6dfd0beaa799ad0e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4fa701bf556b8d2fb78fa8f47643a212523f1a77" + }, + { + "algorithm": "SHA256", + "checksumValue": "1d03b965511ce50d0a0bae1b549ed7048c783cfcba9aa40ea11d355b1889657c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/IdenTrust_Public_Sector_Root_CA_1.pem", + "SPDXID": "SPDXRef-File-...IdenTrust-Public-Sector-Root-CA-1.pem-07a27c099fae9123", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b613bb3a6dcc2ee7ac62d0951e0ea9bcbd48ff8c" + }, + { + "algorithm": "SHA256", + "checksumValue": "9b4282f5a402e19016c4874a52df3367eabccf05be851ad03039f777a602d30a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Izenpe.com.pem", + "SPDXID": "SPDXRef-File-...pem-directory-hash-Izenpe.com.pem-193a2581250f135d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "19e6885c728173659551480ce51ddd2680c6805b" + }, + { + "algorithm": "SHA256", + "checksumValue": "1d37341b099afc610bf4feb387096577a0dc61bb8fd09444f1a199a1b1b117e3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Microsec_e-Szigno_Root_CA_2009.pem", + "SPDXID": "SPDXRef-File-...Microsec-e-Szigno-Root-CA-2009.pem-16cb119ab1193d7c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d8616f439458366e6a5a94d2c72713c0c8ffcd3b" + }, + { + "algorithm": "SHA256", + "checksumValue": "4f670affee7b14140a6d20937db6e991102d5f8bac1d2562ebf20a1afda94d73" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Microsoft_ECC_Root_Certificate_Authority_2017.pem", + "SPDXID": "SPDXRef-File-...Microsoft-ECC-Root-Certificate-Authority-2017.pem-2f1754af535cdc5d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "69d23ec7c71994b1b2ccbad0fda4c17db22541d2" + }, + { + "algorithm": "SHA256", + "checksumValue": "b4ee8ed700b7abe4836d119c8113bc8b717f4f1568abd7edd81f2526c5836983" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Microsoft_RSA_Root_Certificate_Authority_2017.pem", + "SPDXID": "SPDXRef-File-...Microsoft-RSA-Root-Certificate-Authority-2017.pem-353e4439f2dd7f41", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f644c114129ef405b4b513787f189e78f398f0e9" + }, + { + "algorithm": "SHA256", + "checksumValue": "626d330f6a8944fa4245f02f9795668e25a40b29b4cc5206bee73337b7dcd4d5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/NAVER_Global_Root_Certification_Authority.pem", + "SPDXID": "SPDXRef-File-...NAVER-Global-Root-Certification-Authority.pem-dc13bf6b2a6e2b69", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3319083d34cb6e52c0df4d4cdbebfb065c6b8b4f" + }, + { + "algorithm": "SHA256", + "checksumValue": "9848c94859f83e48defe0b25a0f4347480b56ea2bb3336fe6d4dcf00d0d6031d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem", + "SPDXID": "SPDXRef-File-...NetLock-Arany--Class-Gold--F--tan--s--tv--ny.pem-39143e0586bda8fb", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3c1c0175e7f82dfa6aa6f6cc32aaed15ac50f42d" + }, + { + "algorithm": "SHA256", + "checksumValue": "40f60f2e2f83fb6c63ddefeba7939a7852b2d468183ea939cc4dcac8fe4cc87d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/OISTE_WISeKey_Global_Root_GB_CA.pem", + "SPDXID": "SPDXRef-File-...OISTE-WISeKey-Global-Root-GB-CA.pem-227a51e35002cabe", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fce2c0dc059c1ad3ac93d416b6baaebb5e97b75f" + }, + { + "algorithm": "SHA256", + "checksumValue": "2dc52d373089ff5173ac392a464746dd066aaa3b7d1b3494a473c96686666fce" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/OISTE_WISeKey_Global_Root_GC_CA.pem", + "SPDXID": "SPDXRef-File-...OISTE-WISeKey-Global-Root-GC-CA.pem-4970fec0edea6086", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b3dcfd843dff566af4ef0a483e6579ffb512cc37" + }, + { + "algorithm": "SHA256", + "checksumValue": "17b98c4d832e8349ecb55f1f90e41dfc7bcd9410d1e925ccd06612cd3b9b9a54" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_1_G3.pem", + "SPDXID": "SPDXRef-File-...QuoVadis-Root-CA-1-G3.pem-c954bd9a6a034eae", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "77445cf9c00088588d0e7c3306625389c30ff4be" + }, + { + "algorithm": "SHA256", + "checksumValue": "4db45324410a01a7023b038e5da7d7274d3cfd392565c351cf3d297fd7664c73" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_2.pem", + "SPDXID": "SPDXRef-File-...directory-hash-QuoVadis-Root-CA-2.pem-677e7b3acd57270a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1c8d7a40a564fb59ea180802042d8b82a8aeda38" + }, + { + "algorithm": "SHA256", + "checksumValue": "8c4220477ed85355fa380466aa8f559106d8a39fc90d3e0c121749e19444064f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_2_G3.pem", + "SPDXID": "SPDXRef-File-...QuoVadis-Root-CA-2-G3.pem-ee0231f8dab414d5", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5f3fde19cf8ffc60385575b98975644b7b7ff031" + }, + { + "algorithm": "SHA256", + "checksumValue": "825c67f5583131425c4e33275cc8e5c9dfd02cd190c6d71e1d335621e82965a8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_3.pem", + "SPDXID": "SPDXRef-File-...directory-hash-QuoVadis-Root-CA-3.pem-17b9d60e0e1b35df", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c85dd47ad4764e2aaf33e28b676fb5038c0568a8" + }, + { + "algorithm": "SHA256", + "checksumValue": "a2ae0b4ec9d2a4c4e150756a3defabd15bcaa75ee2b599e722b27c6a2998d00b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_3_G3.pem", + "SPDXID": "SPDXRef-File-...QuoVadis-Root-CA-3-G3.pem-47f5221ea947fdb1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7c769d9fdb4df4d743ac9db8fd263763e1e9e49e" + }, + { + "algorithm": "SHA256", + "checksumValue": "198cfe560c191a800cbe923ceca0a4e4f3d5a0d7ff9316b47998765fdc0897be" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_EV_Root_Certification_Authority_ECC.pem", + "SPDXID": "SPDXRef-File-...SSL.com-EV-Root-Certification-Authority-ECC.pem-ce2bebc2a583aca5", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c3d015aa3924c34077dbe7f578d6ce389b919d71" + }, + { + "algorithm": "SHA256", + "checksumValue": "662d60a283f416d888ff18831009e2cba95c61377f648beeed91a3dea12ac286" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_EV_Root_Certification_Authority_RSA_R2.pem", + "SPDXID": "SPDXRef-File-...SSL.com-EV-Root-Certification-Authority-RSA-R2.pem-1e55eed924243527", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2c4144422efd3d778cf5f3c280724e612ed89b29" + }, + { + "algorithm": "SHA256", + "checksumValue": "a0681f1a11d5c02760bcb68b61b0d332f6c197e239c4b30dc47f91a79a73282b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_Root_Certification_Authority_ECC.pem", + "SPDXID": "SPDXRef-File-...SSL.com-Root-Certification-Authority-ECC.pem-30ef2bfd0f1a0e58", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d0f278d2129baf0d1be707831136f5ce16dec98e" + }, + { + "algorithm": "SHA256", + "checksumValue": "b68d02ce35bd02123cf5fcd329bdd33640214715dae0442a97782a4471e9b292" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_Root_Certification_Authority_RSA.pem", + "SPDXID": "SPDXRef-File-...SSL.com-Root-Certification-Authority-RSA.pem-98bc80b97ed6f71e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7bff96214a4f9251fe6af524ce5e9b2a4216144e" + }, + { + "algorithm": "SHA256", + "checksumValue": "2e368debd3626ea9c5d94c582d80050a530b505aa77ba231eb13e4d208c36d67" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_TLS_ECC_Root_CA_2022.pem", + "SPDXID": "SPDXRef-File-...SSL.com-TLS-ECC-Root-CA-2022.pem-5d8a2d8699ed9ee4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6c37f0f346f759c198895674e9ffc53193e2423d" + }, + { + "algorithm": "SHA256", + "checksumValue": "cf03adad817ae999648c5182ac996fc0682aeda4329c783756aa1c5c3d92eff9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_TLS_RSA_Root_CA_2022.pem", + "SPDXID": "SPDXRef-File-...SSL.com-TLS-RSA-Root-CA-2022.pem-a56ebf7e9a40fb59", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "82fb99b1b29e3e21da6a144496831bf9ed5b250f" + }, + { + "algorithm": "SHA256", + "checksumValue": "e1c93696d4de9125e49f6a12b97a1cbcf8ce7331bc8268f1fe7b6ab447cc14cf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/SZAFIR_ROOT_CA2.pem", + "SPDXID": "SPDXRef-File-...pem-directory-hash-SZAFIR-ROOT-CA2.pem-c7ae26ddbcb34411", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "03d3c9a01229ecce2908287bc53f5f8b2cfa36e2" + }, + { + "algorithm": "SHA256", + "checksumValue": "cbe8a1eec737c93d1c1cc54e31421f81bf358aa43fbc1ac763d80ce61a17fce0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Sectigo_Public_Server_Authentication_Root_E46.pem", + "SPDXID": "SPDXRef-File-...Sectigo-Public-Server-Authentication-Root-E46.pem-c2d37f13fff878bb", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "323c21e30628ec823ce32209214a1526cce65e22" + }, + { + "algorithm": "SHA256", + "checksumValue": "808130157f570b7640069852c88e256738007811a64c3aa9a4c31038347dc19c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Sectigo_Public_Server_Authentication_Root_R46.pem", + "SPDXID": "SPDXRef-File-...Sectigo-Public-Server-Authentication-Root-R46.pem-1d227a39ec963bc2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fb39baf23f5d3ab1f981ec407992211a3d2518ba" + }, + { + "algorithm": "SHA256", + "checksumValue": "7eaaf8c5047d5dbb4f3d7f173318ee936b09da4f0ceb5f3beb45c277480836eb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/SecureSign_Root_CA12.pem", + "SPDXID": "SPDXRef-File-...SecureSign-Root-CA12.pem-dc3665da59955d9a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "72f425a92ba7123ac007c3fc631b63e12bb745c4" + }, + { + "algorithm": "SHA256", + "checksumValue": "74e98caeaa30bc2828e7610aef3fbbe845a715367011598b4bec5fa65d9af0db" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/SecureSign_Root_CA14.pem", + "SPDXID": "SPDXRef-File-...SecureSign-Root-CA14.pem-a3595503d07fec00", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "63c5444db460856bd137353481114907fd2853b7" + }, + { + "algorithm": "SHA256", + "checksumValue": "1ad476fd9bf167e89bf98f13e9aec59a03443cf6e3d6645b1210fb1e7c702f88" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/SecureSign_Root_CA15.pem", + "SPDXID": "SPDXRef-File-...SecureSign-Root-CA15.pem-642256529f0ff6ab", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ff5f5d95c4a822783ba1041e2f90c2c24d534fae" + }, + { + "algorithm": "SHA256", + "checksumValue": "6198c864eaffa477ee9cf9aa10b534f022230e3129f99168962dc06358b4c9af" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/SecureTrust_CA.pem", + "SPDXID": "SPDXRef-File-...pem-directory-hash-SecureTrust-CA.pem-edfdbd6d1f4c0ab6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "627699850d19c89f6e0cb7494d77cb0c6c2b81ce" + }, + { + "algorithm": "SHA256", + "checksumValue": "a3e70af2c4b48562b61fe858d9d30f073f2cf2136f2af01ab5a966673e70af4b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Secure_Global_CA.pem", + "SPDXID": "SPDXRef-File-...directory-hash-Secure-Global-CA.pem-45839436149b96de", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "86aed091506a5bd64805bd433054905c39a42c10" + }, + { + "algorithm": "SHA256", + "checksumValue": "7ee52fb3a5afacd55a7a2e00f057f7f64776ea0d536036f54c57694961e25179" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Security_Communication_ECC_RootCA1.pem", + "SPDXID": "SPDXRef-File-...Security-Communication-ECC-RootCA1.pem-bd5228ada8121d91", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "375dabb1d954f8e0411289425ddf969da3bd6a7b" + }, + { + "algorithm": "SHA256", + "checksumValue": "ef94d474067b306c482dfd066130f04855f50faecd461cee2964ce6c7260000e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Security_Communication_RootCA2.pem", + "SPDXID": "SPDXRef-File-...Security-Communication-RootCA2.pem-17d06a4ad7f9687a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "68510d0792e95592dcfe3ead230a58096cf4df7e" + }, + { + "algorithm": "SHA256", + "checksumValue": "39ad3110b8f84821ca22cfbd995914f2149521d27ce576e743de6a00dc39d9db" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Starfield_Root_Certificate_Authority_-_G2.pem", + "SPDXID": "SPDXRef-File-...Starfield-Root-Certificate-Authority---G2.pem-0ba8180fa6f35a3e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6594be3a70dfaa9cbb9b486dbc6e0271647fb61a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ca3760ba63bf0a2c5dd0dc7fe897838cc58f12a386b4ee53d2065229848e96a3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Starfield_Services_Root_Certificate_Authority_-_G2.pem", + "SPDXID": "SPDXRef-File-...Starfield-Services-Root-Certificate-Authority---G2.pem-f64ff4bd865c88b8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "29091b76a08e520486579e758ac6c4a09ea0fe0e" + }, + { + "algorithm": "SHA256", + "checksumValue": "870f56d009d8aeb95b716b0e7b0020225d542c4b283b9ed896edf97428d6712e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/SwissSign_Gold_CA_-_G2.pem", + "SPDXID": "SPDXRef-File-...SwissSign-Gold-CA---G2.pem-e413eb82e4aedb71", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5bb45a16db10a4908960e5127689313fff442208" + }, + { + "algorithm": "SHA256", + "checksumValue": "0ebb1a5d93b86ad9dcbd294413f272817fe3bb8ba46f4ec8192b3b805f2fa8ae" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/SwissSign_RSA_TLS_Root_CA_2022_-_1.pem", + "SPDXID": "SPDXRef-File-...SwissSign-RSA-TLS-Root-CA-2022---1.pem-e4e29ef2803ed609", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ab11381efea715809db63b99349e38e036a027c0" + }, + { + "algorithm": "SHA256", + "checksumValue": "d7a20d19e788235a092dcbd33831c59280ea01a9a7a7f663a8c41bf753df2c71" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/T-TeleSec_GlobalRoot_Class_2.pem", + "SPDXID": "SPDXRef-File-...T-TeleSec-GlobalRoot-Class-2.pem-fa50ef55337074f9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7f1b1e428ac6d2cce6ea3ee106cddd6d5686eeee" + }, + { + "algorithm": "SHA256", + "checksumValue": "b30989fd9e45c74bf417df74d1da639d1f04d4fd0900be813a2d6a031a56c845" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/T-TeleSec_GlobalRoot_Class_3.pem", + "SPDXID": "SPDXRef-File-...T-TeleSec-GlobalRoot-Class-3.pem-70d5705ef7765b89", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2a83caf5351d413d44bff9b7ea3e06cf6240eee4" + }, + { + "algorithm": "SHA256", + "checksumValue": "1cb130a113f4e8502517a679808a98bf076d59bdb223bfc61cd224b8e1abda49" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem", + "SPDXID": "SPDXRef-File-...TUBITAK-Kamu-SM-SSL-Kok-Sertifikasi---Surum-1.pem-49990674bf8a8995", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "205ecf6e40d8f9dc700b932ce6a3a26836994652" + }, + { + "algorithm": "SHA256", + "checksumValue": "c6904218e180fbfb0ed91d81e892c2dd983c4a3404617cb36aeb3a434c3b9df0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/TWCA_CYBER_Root_CA.pem", + "SPDXID": "SPDXRef-File-...directory-hash-TWCA-CYBER-Root-CA.pem-d72a35ab6edac53b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e6b4f879a7ed34e42b54d759a12fc9ba067fc9f6" + }, + { + "algorithm": "SHA256", + "checksumValue": "68a5f526d2e08c363444536b22a8d4ebfff72d7810ba26dc47711bb6cbc39d50" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/TWCA_Global_Root_CA.pem", + "SPDXID": "SPDXRef-File-...directory-hash-TWCA-Global-Root-CA.pem-f534115f859e6e48", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "387f72838755cd50ba19d2fb29c1f03803776ed8" + }, + { + "algorithm": "SHA256", + "checksumValue": "5dadc31b57074a3168d1df23bb8b6b920acae1d426bf2288fc2de53cdd571089" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/TWCA_Root_Certification_Authority.pem", + "SPDXID": "SPDXRef-File-...TWCA-Root-Certification-Authority.pem-7753c8e8ea6b2b66", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "60c33e855789106bf75a3c97696fdd2d58890467" + }, + { + "algorithm": "SHA256", + "checksumValue": "b69a59344e58615a691fa9567d55ad6337f09b57647a389242cbf43716575559" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Telekom_Security_TLS_ECC_Root_2020.pem", + "SPDXID": "SPDXRef-File-...Telekom-Security-TLS-ECC-Root-2020.pem-2cd277574bf2ef9e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "621ba40b628552f82543e4af88de8c084e0fd860" + }, + { + "algorithm": "SHA256", + "checksumValue": "a5ea4e7d6673e4d8cebbcbee010cce2f97b720ed2691abb35a119227c5dc0135" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Telekom_Security_TLS_RSA_Root_2023.pem", + "SPDXID": "SPDXRef-File-...Telekom-Security-TLS-RSA-Root-2023.pem-c89156f9c954187b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7aef4f441e0bcb1c26731cebff6d3717b83577e8" + }, + { + "algorithm": "SHA256", + "checksumValue": "899d7d6cc867b2bdf51250f88c9ab9e1e96aac5d59b51c93b3b0c69e96792b7c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/TeliaSonera_Root_CA_v1.pem", + "SPDXID": "SPDXRef-File-...TeliaSonera-Root-CA-v1.pem-6a975a110e918ef8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a2219a7fd0a77be7422a02049b8d27805c0250ba" + }, + { + "algorithm": "SHA256", + "checksumValue": "303c346ece82ca4f6713ac176164285d0469f326b6f12a787e11f5d702529277" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Telia_Root_CA_v2.pem", + "SPDXID": "SPDXRef-File-...directory-hash-Telia-Root-CA-v2.pem-81eb54b3f8a738b9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "049de12dad62e4a31318fe6b024a88b645830daa" + }, + { + "algorithm": "SHA256", + "checksumValue": "bf3bd189c3dd33bc81635d60284461f0d937c2c1d51cc4d7851c13466419fcb0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_Global_Root_CA_G3.pem", + "SPDXID": "SPDXRef-File-...TrustAsia-Global-Root-CA-G3.pem-16f766edb35bbce4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "629795d39048cd6b1935e43ef4f116e38914dad8" + }, + { + "algorithm": "SHA256", + "checksumValue": "d729fda98d8a3bf0d657b93fe0f70e22437359ef0de4ac5b4abcf3ef3667613a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_Global_Root_CA_G4.pem", + "SPDXID": "SPDXRef-File-...TrustAsia-Global-Root-CA-G4.pem-afc79d5859e4f1d4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "50260e64112522593a87b32ec81c2a850b915878" + }, + { + "algorithm": "SHA256", + "checksumValue": "fc9662ebcadeb2c0a804bdb6503d0c23976c638cf73ff95ffafd33ead680e73d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_TLS_ECC_Root_CA.pem", + "SPDXID": "SPDXRef-File-...TrustAsia-TLS-ECC-Root-CA.pem-cbca403cefeaf0aa", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b7f6405d86b918a47392233b4050bad2a57cf9d3" + }, + { + "algorithm": "SHA256", + "checksumValue": "4e68d469799a26c10aea3f2ff350af434033d4a2914ba6aaccc27a34fe24005e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_TLS_RSA_Root_CA.pem", + "SPDXID": "SPDXRef-File-...TrustAsia-TLS-RSA-Root-CA.pem-bdced0d08b9f3b29", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "49d03150fceed000d89a6af305412d999e7b25ec" + }, + { + "algorithm": "SHA256", + "checksumValue": "76ae2d0df1228b565cf3533a7c22d59fc3683f240ce7192201072260fc6f0e27" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Trustwave_Global_Certification_Authority.pem", + "SPDXID": "SPDXRef-File-...Trustwave-Global-Certification-Authority.pem-ab7f88149ec866dc", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8747f89bcc06ba119cac723e990ffdb2ead7a6ac" + }, + { + "algorithm": "SHA256", + "checksumValue": "0c7ffc481084cad9ccd3402eba9401b0f5abea0917d985e9ce401c8efbad4b04" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Trustwave_Global_ECC_P256_Certification_Authority.pem", + "SPDXID": "SPDXRef-File-...Trustwave-Global-ECC-P256-Certification-Authority.pem-65cf00dde68b5145", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a2ac2145ffcc590d436350abc22ea825f15e3b9f" + }, + { + "algorithm": "SHA256", + "checksumValue": "f08c4d2b700f7cd5da4dc1b60f4c57090fdc692cde8a7221f35b70abb4cec363" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/Trustwave_Global_ECC_P384_Certification_Authority.pem", + "SPDXID": "SPDXRef-File-...Trustwave-Global-ECC-P384-Certification-Authority.pem-a8c2e1a2264357bd", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "364fbd20e4805c74239f70e46e8f4a3ecde50386" + }, + { + "algorithm": "SHA256", + "checksumValue": "a83c5b6097b03509711c9cd8de59def7ecf99ed72b4076dc33f5b2e35545b3b3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/TunTrust_Root_CA.pem", + "SPDXID": "SPDXRef-File-...directory-hash-TunTrust-Root-CA.pem-89aa76251ced5286", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9f7b67a59f43b598f0cfcb0cbf495358b8485b28" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a852f7182753cb0193299c6cb2b4a106b1c38a789217b5eb380d736c5cc0081" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/UCA_Extended_Validation_Root.pem", + "SPDXID": "SPDXRef-File-...UCA-Extended-Validation-Root.pem-ebbd0474709b5396", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "736c6d8fa36e3487b463b5c148dd6a0a8b39a99c" + }, + { + "algorithm": "SHA256", + "checksumValue": "eaa3be600a842e5b603316ed14e9ae11a43003f68a8317f0f2c01a516da4e586" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/UCA_Global_G2_Root.pem", + "SPDXID": "SPDXRef-File-...directory-hash-UCA-Global-G2-Root.pem-74985de09ec98764", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "140c027384371f293098c5c93c9388d9fde22595" + }, + { + "algorithm": "SHA256", + "checksumValue": "de2e7b1bc7a2aed4e5866d3655d1041206c27caf376ee81bfc4012e8225e0e7c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/USERTrust_ECC_Certification_Authority.pem", + "SPDXID": "SPDXRef-File-...USERTrust-ECC-Certification-Authority.pem-a814f6702809f1e3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d9ce0ff56c71bb4091388ea38e01d97565a7557f" + }, + { + "algorithm": "SHA256", + "checksumValue": "08fb40ba4144166f6ae80c7ab60be23e97e5083836d45fa85a33a5d0bfec10f8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/USERTrust_RSA_Certification_Authority.pem", + "SPDXID": "SPDXRef-File-...USERTrust-RSA-Certification-Authority.pem-ea3e1340c08ef25b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2f2380685be0ea8c1be1e1a8496ff9f220c4f61c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a3dbcb92ab1c6277647fe2ab8536b5c982abbfdb1f1df5728e01b906aba953a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/certSIGN_ROOT_CA.pem", + "SPDXID": "SPDXRef-File-...directory-hash-certSIGN-ROOT-CA.pem-cf78c0304a8231d0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "37268bb31073e1fb5d7e3221c203d27033886e72" + }, + { + "algorithm": "SHA256", + "checksumValue": "cf339eae15268aff66148f3bcdf112a7700eafded3edcb3f86c60133b10e03f8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/certSIGN_Root_CA_G2.pem", + "SPDXID": "SPDXRef-File-...directory-hash-certSIGN-Root-CA-G2.pem-51636301020480a2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2ef9f1bb072e0524043c63a27e6ff39da6a6bd32" + }, + { + "algorithm": "SHA256", + "checksumValue": "80eee369aa5b29931209226fcb4b014ba31daa7f630d44a196817c1bb6b334f1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/e-Szigno_Root_CA_2017.pem", + "SPDXID": "SPDXRef-File-...e-Szigno-Root-CA-2017.pem-fe69c5fb98d90ec5", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0eec6464c1065a3b1e5866580e2fdcd47494c870" + }, + { + "algorithm": "SHA256", + "checksumValue": "8c1306d5c64b43ce6c189b8450f27160aaff3f504211ca6819af6035ae1a7d73" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/ePKI_Root_Certification_Authority.pem", + "SPDXID": "SPDXRef-File-...ePKI-Root-Certification-Authority.pem-150c1fcead3a7969", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ba48acec12fa6a0e8a29ad8801825c6d0a2b85e9" + }, + { + "algorithm": "SHA256", + "checksumValue": "d22b235421616835f68d15801d82b44e7c463433f8bbdcc92f9c023fafcb2bf2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/emSign_ECC_Root_CA_-_C3.pem", + "SPDXID": "SPDXRef-File-...emSign-ECC-Root-CA---C3.pem-3e0c91ae1e25cc84", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cd8b037030f190cb1312b8747f3cd1841586abb2" + }, + { + "algorithm": "SHA256", + "checksumValue": "b1d0ac5a261e857409cc921acb515796538b48847722f0a00ddccbf60bccec81" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/emSign_ECC_Root_CA_-_G3.pem", + "SPDXID": "SPDXRef-File-...emSign-ECC-Root-CA---G3.pem-4a0e3fa71c05dd54", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3f5b8aa141a7ca8dae71d86b7074790717ffbe76" + }, + { + "algorithm": "SHA256", + "checksumValue": "36e68e205b53c67c7a013894e0d5c8583063468118d1ce78ecbc2200d1dd185c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/emSign_Root_CA_-_C1.pem", + "SPDXID": "SPDXRef-File-...directory-hash-emSign-Root-CA---C1.pem-f0e1ebbf7474881e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "99b8162c32f3ecf05806112baa77ab7230e998d5" + }, + { + "algorithm": "SHA256", + "checksumValue": "fb98230f8746d60429c20f8ce04254384337b479a77698939f7041d0c0eb4289" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/emSign_Root_CA_-_G1.pem", + "SPDXID": "SPDXRef-File-...directory-hash-emSign-Root-CA---G1.pem-d6f8ea519d12a481", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6f86ddb585d2f516b028fa21958f09abe463b8cc" + }, + { + "algorithm": "SHA256", + "checksumValue": "8d390d4c54f6a4a040b04413f1f002192027c66a2a835741f78a152074584a27" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/vTrus_ECC_Root_CA.pem", + "SPDXID": "SPDXRef-File-...directory-hash-vTrus-ECC-Root-CA.pem-1fe092df0653a342", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "05320440f6f2b0315ac23191bc6f7ef427e2f673" + }, + { + "algorithm": "SHA256", + "checksumValue": "2ce349e2da9df497cc62aca37b009a2c3261ccdbe06a4c4a063f8105da40eb5d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/directory-hash/vTrus_Root_CA.pem", + "SPDXID": "SPDXRef-File-...pem-directory-hash-vTrus-Root-CA.pem-3cbd859f9017a22b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c9204a1166c493bf25596573a2206d808c5b154f" + }, + { + "algorithm": "SHA256", + "checksumValue": "8cc726cf62c554561e89e1237495bea3026b1709ba7153fed3401fcd489b5aaf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem", + "SPDXID": "SPDXRef-File-...extracted-pem-email-ca-bundle.pem-decd17b619f52264", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5911289576a01c2d470059d497fada90f8a04487" + }, + { + "algorithm": "SHA256", + "checksumValue": "2f2d6a53cb9542ceeccf82a2ffa7d53c24043b75b43f1623ff1266806583d1ca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem", + "SPDXID": "SPDXRef-File-...extracted-pem-objsign-ca-bundle.pem-b9b3c747a4031e46", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3517fefcd7d440000f627d78a35356c3922bd404" + }, + { + "algorithm": "SHA256", + "checksumValue": "4d96c990d2089ccdf288c5c1fd759a58216d7257d43b929e82bbd32126307357" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", + "SPDXID": "SPDXRef-File-...extracted-pem-tls-ca-bundle.pem-a9b76305742edafb", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f447b81237b8976f13fc8ab4e3c9c8f8a937c502" + }, + { + "algorithm": "SHA256", + "checksumValue": "00411c197b16f659945fba3c2f970a26030f56eef5d445c913cb59a089c813b9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/ca-trust/source/README", + "SPDXID": "SPDXRef-File-etc-pki-ca-trust-source-README-bdf32f5d5416ab16", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1b475ca8d961e4afc37af6483ff75322cdf28692" + }, + { + "algorithm": "SHA256", + "checksumValue": "86184318d451bec55d70c84e618cbfe10c8adb7dc893964ce4aaecff99d83433" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/product-default/479.pem", + "SPDXID": "SPDXRef-File-etc-pki-product-default-479.pem-2460ffdfcb2fe6c9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "560764b8b286afc7ad61727e30af467dc536fb06" + }, + { + "algorithm": "SHA256", + "checksumValue": "fa4cf63de35ddc6f097442d33226c5ae7ca2c90496af26d9db3d84133a7f855c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/rpm-gpg/ISV-Container-signing-key", + "SPDXID": "SPDXRef-File-...pki-rpm-gpg-ISV-Container-signing-key-cc275f3ce8421483", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "03c3761c23c90492c6cfc9d707440bf7241f374a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ce344c927483de60ed60bf4956aaee0dfa7e9433e0f43c58ce64378d761bf724" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/rpm-gpg/RPM-GPG-KEY-PQC-redhat-release", + "SPDXID": "SPDXRef-File-...rpm-gpg-RPM-GPG-KEY-PQC-redhat-release-02b145a905282982", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4034db2f50bc28c3cca21cb8af1c04b25ea2ba5f" + }, + { + "algorithm": "SHA256", + "checksumValue": "c876fba00febd04b3cef2a1815031775dcad550e5a8276b4d8474aa0b67239ba" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "SPDXID": "SPDXRef-File-...pki-rpm-gpg-RPM-GPG-KEY-redhat-beta-1bdf5fe48c4bd4d0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a72daf8585b41529269cdffcca3a0b3d4e2f21cd" + }, + { + "algorithm": "SHA256", + "checksumValue": "3f8644b35db4197e7689d0a034bdef2039d92e330e6b22217abfa6b86a1fc0fa" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "SPDXID": "SPDXRef-File-...pki-rpm-gpg-RPM-GPG-KEY-redhat-release-a6efd6855e2f7c11", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9333c0a06770787f21a1fe9f7c17484cfbd3a818" + }, + { + "algorithm": "SHA256", + "checksumValue": "0db3dc1b6228f29d60f37c5ad91d9f4cd3547895e8ebedb242469b1c0a0cdf08" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/swid/CA/redhat.com/redhatcodesignca.cert", + "SPDXID": "SPDXRef-File-...CA-redhat.com-redhatcodesignca.cert-ba08977cca6b4d95", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d0748b117f3a53df2e67c8fa9586d7c67133a2be" + }, + { + "algorithm": "SHA256", + "checksumValue": "b0cf509b823e9b89c43bc373229f87d3cfee4264c35c6ac82b58e5251c3e8c39" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/pki/tls/ct_log_list.cnf", + "SPDXID": "SPDXRef-File-etc-pki-tls-ct-log-list.cnf-21294e0d0b121cda", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a2587c4e97408b64274e5e052b74e3754892c13a" + }, + { + "algorithm": "SHA256", + "checksumValue": "f1c1803d13d1d0b755b13b23c28bd4e20e07baf9f2b744c9337ba5866aa0ec3b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/pki/tls/openssl.cnf", + "SPDXID": "SPDXRef-File-etc-pki-tls-openssl.cnf-a07cb8e47e12414f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b58b0cc147105bc23e24ed71b1cd9ebc21f51616" + }, + { + "algorithm": "SHA256", + "checksumValue": "34108f65c3c759083f6b2d8ff8c509e3504aa78e5180b197827d90827ddc663f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/printcap", + "SPDXID": "SPDXRef-File-etc-printcap-de86f0e21726089b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "72ebd61cd29193f572f2f0f4aa8a5a121ae10dd4" + }, + { + "algorithm": "SHA256", + "checksumValue": "f809352567a37d932b014311cf626774b97b63ec06d4f7bdd8a9cfcc34c691d9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/profile", + "SPDXID": "SPDXRef-File-etc-profile-09d562b678f1e99d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d862efffc6a2f64d3a065606fe23508e711e5adc" + }, + { + "algorithm": "SHA256", + "checksumValue": "304bbca429881a74f3e8f8b1c003b29020c635b83661492accd576c99baf9f30" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/profile.d/colorgrep.csh", + "SPDXID": "SPDXRef-File-etc-profile.d-colorgrep.csh-ba105d23baa6b7a7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6da63d9debe9ce564bac9e533288cc14f1d74d04" + }, + { + "algorithm": "SHA256", + "checksumValue": "74d270fe4476fdcba60df7d00c808e11681ac918f335c951cba4f118532a4b8c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/profile.d/colorgrep.sh", + "SPDXID": "SPDXRef-File-etc-profile.d-colorgrep.sh-43e6c2af7d668269", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1e39e9c628803da5b6f5a5d9e77fbe3cfefc996a" + }, + { + "algorithm": "SHA256", + "checksumValue": "89008d115c5bbd783b985d8cab18e935978c83e362043ffc981063ffed74e1c7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/profile.d/csh.local", + "SPDXID": "SPDXRef-File-etc-profile.d-csh.local-309e9a859538dede", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "13f50b8589668cb1e668ece7d5907fc3a3b88901" + }, + { + "algorithm": "SHA256", + "checksumValue": "07a2a80f1386c89941b3da4cda68790afe19f7425a14e01acdc2fbddb73b5508" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/profile.d/gawk.csh", + "SPDXID": "SPDXRef-File-etc-profile.d-gawk.csh-75de514af4a6a058", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8885907baec3899ef96764a08bbe053455224b76" + }, + { + "algorithm": "SHA256", + "checksumValue": "9ba2af9853121df6dd5edff9254a2946e39eab8dc6513348fea28f739ee96648" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/profile.d/gawk.sh", + "SPDXID": "SPDXRef-File-etc-profile.d-gawk.sh-c7221a3ee9652521", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e69dfc5c1b719471f65c11b88325b80ae7e373e7" + }, + { + "algorithm": "SHA256", + "checksumValue": "70621a3b586d3d523b020e76977633b444a70013ba50e1ea901a3a07a676f15f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/profile.d/lang.csh", + "SPDXID": "SPDXRef-File-etc-profile.d-lang.csh-8749be7a28c9df79", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1acf946eb09ca7854cc0c2389b284a061a4fb0fc" + }, + { + "algorithm": "SHA256", + "checksumValue": "5486ae2358f54ba086017a5a7d89fc71855e4071c06fe1866a278838b465b161" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/profile.d/lang.sh", + "SPDXID": "SPDXRef-File-etc-profile.d-lang.sh-ecd59c27c4d0b4cf", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cda23d45cf45e4fdc5f907e460e35b502b9a4285" + }, + { + "algorithm": "SHA256", + "checksumValue": "58bf8b07428754b273560c5ea4040c672440b2bb04709842cf94163e15dc144f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/profile.d/sh.local", + "SPDXID": "SPDXRef-File-etc-profile.d-sh.local-f729120a91b21aad", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4008fb3787fe37f16b9530eccfdaa4563c93b920" + }, + { + "algorithm": "SHA256", + "checksumValue": "3c5de252d65ae8c40e54c21be09dc574ca3641d036d7b44174939a7e64863920" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/protocols", + "SPDXID": "SPDXRef-File-etc-protocols-8f747ea6b704da50", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f72135c1eae65b2eff3217cb656ec1101ddb892e" + }, + { + "algorithm": "SHA256", + "checksumValue": "d0e614d3ac7c6d9f6fe7b6c8ac678f26cca185de66f5dd34b56e634b2398a8cd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/redhat-release", + "SPDXID": "SPDXRef-File-etc-redhat-release-17eac59ecc5bec3f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "10c591ed64070058c93b341b45fc722bbe0cc984" + }, + { + "algorithm": "SHA256", + "checksumValue": "7305823adb43789c44b57edeaf463a39acbdd12646d60140f2b251c28f2a966c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/rpc", + "SPDXID": "SPDXRef-File-etc-rpc-eb199925a99265ef", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8c68c8283757db3e910865b245077387f9166a08" + }, + { + "algorithm": "SHA256", + "checksumValue": "3b24a975dcde688434258566813a83ce256a4c73efd7a8a9c3998327b0b4de68" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/selinux/semanage.conf", + "SPDXID": "SPDXRef-File-etc-selinux-semanage.conf-23ff64af82c9eae7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "818de80347135853e805039d17b17f8a8641add6" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ba0df9a109dd136f1e8827343806ced9a0652c670c2572b4dd8642c67c27734" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/services", + "SPDXID": "SPDXRef-File-etc-services-06f9f967b38cdb1b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2c36cb01508c1050c2f0e82a25e1dff777d58a25" + }, + { + "algorithm": "SHA256", + "checksumValue": "ac7ed9a0608f2ee925d17dfa8154102f56d863e0ab53f39053ff27120ce571ce" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/shadow", + "SPDXID": "SPDXRef-File-etc-shadow-14b36bc2e9d50e6f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "095e6a4cc33051a79e9d1c6442ae92d4ea72c488" + }, + { + "algorithm": "SHA256", + "checksumValue": "aae87b88360de60fd8f5a49b2313bf3fc24458e4fa861b822c2f427b44c1fed7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:63c0de0eafb982af6b23145c1fadacccc45db5ddba5c9c570c9ecd891f744168" + }, + { + "fileName": "etc/shells", + "SPDXID": "SPDXRef-File-etc-shells-4af50e7c341ae36f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "23c79830c4c6cdaf90348347e9c982c28708b315" + }, + { + "algorithm": "SHA256", + "checksumValue": "4ec4e8c524a4f10ca5898ccfaa6d29e7e08aff3a681f6bafbb62e7bec91aa154" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/skel/.bash_logout", + "SPDXID": "SPDXRef-File-etc-skel-.bash-logout-b3f4e891b12a90bd", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "66296908ae73bd0b72b71fb15b413e9c7b81c69d" + }, + { + "algorithm": "SHA256", + "checksumValue": "2584c4ba8b0d2a52d94023f420b7e356a1b1a3f2291ad5eba06683d58c48570d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/skel/.bash_profile", + "SPDXID": "SPDXRef-File-etc-skel-.bash-profile-e7e93dc9a8cd8988", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3dd5fa8ddb34c23b4c2bac9754004e2a3aa01605" + }, + { + "algorithm": "SHA256", + "checksumValue": "28bc81aadfd6e6639675760dc11dddd4ed1fcbd08f423224a93c09802552b87e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/skel/.bashrc", + "SPDXID": "SPDXRef-File-etc-skel-.bashrc-8b56bfbdb189c2e3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "80081f668a345bec7a41424edd6c60e82315ee6d" + }, + { + "algorithm": "SHA256", + "checksumValue": "b152cd21940a5775052414906ab7473a62b69da2300bbf541ce8e10f00c487d5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "etc/subgid", + "SPDXID": "SPDXRef-File-etc-subgid-4765190f6febf036", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7ca1e92216dc341b70ef97d68a951c8e93db2a7e" + }, + { + "algorithm": "SHA256", + "checksumValue": "f079cf47cb24bbdf98490c506bac4718f374566f28abd90f85bb07bab919d8bc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:63c0de0eafb982af6b23145c1fadacccc45db5ddba5c9c570c9ecd891f744168" + }, + { + "fileName": "etc/subuid", + "SPDXID": "SPDXRef-File-etc-subuid-45437c0792f4c201", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7ca1e92216dc341b70ef97d68a951c8e93db2a7e" + }, + { + "algorithm": "SHA256", + "checksumValue": "f079cf47cb24bbdf98490c506bac4718f374566f28abd90f85bb07bab919d8bc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:63c0de0eafb982af6b23145c1fadacccc45db5ddba5c9c570c9ecd891f744168" + }, + { + "fileName": "etc/system-release-cpe", + "SPDXID": "SPDXRef-File-etc-system-release-cpe-62536104a97be853", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8a5a439873e6ead211cbdd78589eaafa1d4260e3" + }, + { + "algorithm": "SHA256", + "checksumValue": "ab138ea78c1167ddf9cd17736d43f89283e66c20ed4ff63183bfd2989bc7259a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "etc/xattr.conf", + "SPDXID": "SPDXRef-File-etc-xattr.conf-43fea2a5407cf6a0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cf60c512782375f738c3b989b24a72729693fcf2" + }, + { + "algorithm": "SHA256", + "checksumValue": "b159c32d33b2ef8a2edac38d0a1bb1254376ee9fef939af190e0535f1f4d06a0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "fluent-bit/bin/fluent-bit", + "SPDXID": "SPDXRef-File-fluent-bit-bin-fluent-bit-886a39eba3384970", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5efb3de1ded928596bca4048f3472b768bb3feba" + }, + { + "algorithm": "SHA256", + "checksumValue": "891223001e144cac4c62809b340aaab6bd50ff4fc8ab3c32253732a8e6277b1b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764" + }, + { + "fileName": "root/.bash_logout", + "SPDXID": "SPDXRef-File-root-.bash-logout-7cb64c7e18cde43e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "66296908ae73bd0b72b71fb15b413e9c7b81c69d" + }, + { + "algorithm": "SHA256", + "checksumValue": "2584c4ba8b0d2a52d94023f420b7e356a1b1a3f2291ad5eba06683d58c48570d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "root/.bash_profile", + "SPDXID": "SPDXRef-File-root-.bash-profile-f2709836d058e8a6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3dd5fa8ddb34c23b4c2bac9754004e2a3aa01605" + }, + { + "algorithm": "SHA256", + "checksumValue": "28bc81aadfd6e6639675760dc11dddd4ed1fcbd08f423224a93c09802552b87e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "root/.bashrc", + "SPDXID": "SPDXRef-File-root-.bashrc-f406f3d9e22dd9bc", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "11ca3585a568f82dad333b5ac15937c738d4e864" + }, + { + "algorithm": "SHA256", + "checksumValue": "7e5d5df65ced1e47aee7b016d405ace4298fd9134d6caef45e1c835078c79aec" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "root/.cshrc", + "SPDXID": "SPDXRef-File-root-.cshrc-e190ef15bc4d4bad", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ea145e5186958c0c70514ab1eab4ce9cc9f71073" + }, + { + "algorithm": "SHA256", + "checksumValue": "4e9418cde048f912e4aadb76ba55045b5d9af0e0565f7091bfc752154451eca9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "root/.tcshrc", + "SPDXID": "SPDXRef-File-root-.tcshrc-396b6bea574d6036", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2c691d1108be15163e3211776730031b40641d96" + }, + { + "algorithm": "SHA256", + "checksumValue": "1bb91935e2cee1d5d2ab7e8d92125acbfac12d9bf3f1c7922aa4ce77ae7ea131" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "run/motd", + "SPDXID": "SPDXRef-File-run-motd-7957bae02b1bafd1", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/[", + "SPDXID": "SPDXRef-File-usr-bin---0f394e0e6d66cadc", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9fdbd59f16ee61048ffd33b74dbecbe2fcecd4b8" + }, + { + "algorithm": "SHA256", + "checksumValue": "afd97bbd643bfe1473794af167cd5c6f44fe449681033e3584b40b836f624b4b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/alias", + "SPDXID": "SPDXRef-File-usr-bin-alias-b0144fc5fac67179", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "289a406fd8600b2d75723e3757e88166ca880ca0" + }, + { + "algorithm": "SHA256", + "checksumValue": "c277897660adddce26a75871188bdae7ffa73f571a6fb779090a4c92df33988d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/arch", + "SPDXID": "SPDXRef-File-usr-bin-arch-c15a9f36bca77f3f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8f9ffc9622acba141d93e11c0073ce5be588966f" + }, + { + "algorithm": "SHA256", + "checksumValue": "209bae4071910ef54b4a3bd302059bf7e00870d8bacffcd7c5489425f37ed16f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/b2sum", + "SPDXID": "SPDXRef-File-usr-bin-b2sum-c5e667d66df5bd48", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "575e3e627b7a9b8b421c41f8fd02cb2503345b3a" + }, + { + "algorithm": "SHA256", + "checksumValue": "9116333c88eee22e55e30db1ad088483f52a3024b624356416873bc14fad9359" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/base32", + "SPDXID": "SPDXRef-File-usr-bin-base32-3a804ac96191b8e8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7a044297eb52cd4ed2b571bb07c6492b9fbbbc7a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ff10172686b6db691ae57530dff6cd14b980cbba7ed81a8dcf81bd42dd7bb23b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/base64", + "SPDXID": "SPDXRef-File-usr-bin-base64-fcb63864518bbdb3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "085d34b2ef36dca0183f79506543f5b905edf6c8" + }, + { + "algorithm": "SHA256", + "checksumValue": "fed1b291454a61812e605fd06b04f915ef7e5436cfc1ee17f96523f56c2fbebf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/basename", + "SPDXID": "SPDXRef-File-usr-bin-basename-08d5dce244fc18f7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "af27f068e0edd9bacddc2f0c0bea723169c28272" + }, + { + "algorithm": "SHA256", + "checksumValue": "9a1e6804fef8ca36d39b008210b187dc4a82c456919574e61e17ab40c033589c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/basenc", + "SPDXID": "SPDXRef-File-usr-bin-basenc-9f1055e6d4762493", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "116a0e1d7760f311c3476e9a1f579a60fd25c4b4" + }, + { + "algorithm": "SHA256", + "checksumValue": "cd8a131e0af4133b97da4adcca84ae61cc24c898d8d0e2b6aabac6d2d7a34094" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/bash", + "SPDXID": "SPDXRef-File-usr-bin-bash-457e99e6356b07d9", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "53d87a944dddbb3d8cbd26ff61e4753bdd989469" + }, + { + "algorithm": "SHA256", + "checksumValue": "97995faa249e5706dd0b0373c9da547709bf7349755d5fc8e52f97a4bd04feaf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/bashbug-64", + "SPDXID": "SPDXRef-File-usr-bin-bashbug-64-b6cdb94774d588e9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "246466f1716587250062fc2b3bd8d67a2f8c4600" + }, + { + "algorithm": "SHA256", + "checksumValue": "5588678b4cf9d513e85c908fad23ed079135656be7b79559570b23f4c3433022" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/bg", + "SPDXID": "SPDXRef-File-usr-bin-bg-dcd596fa9d66ed3f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6acece014fee3a6a99a7c8127876e3ed5675aede" + }, + { + "algorithm": "SHA256", + "checksumValue": "5a864f2047a83aa767ac1a3fca577e5f3a8eb4d129b4b1974fb2009960a9a0be" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/ca-legacy", + "SPDXID": "SPDXRef-File-usr-bin-ca-legacy-ef27b9cf22a1df17", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9a11df6846fd8f2c8a0c3eb7fc1eeae076b88903" + }, + { + "algorithm": "SHA256", + "checksumValue": "48f9c9bd7473d45f2f2e30d5c723cf58d7175be9e3f19573a67049cbac35330a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/cat", + "SPDXID": "SPDXRef-File-usr-bin-cat-668fe15830d11a98", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1ff499e53c0920255403ee2ef06afa0873013e40" + }, + { + "algorithm": "SHA256", + "checksumValue": "c6138c9502337f42763d627e4b665dd4fd66f26a987891d0a7e8313783f689ad" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/catchsegv", + "SPDXID": "SPDXRef-File-usr-bin-catchsegv-7ac217344c32a4d0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "532b497ffd1c7d46417c1bee8fec87e0e5168a97" + }, + { + "algorithm": "SHA256", + "checksumValue": "6968647a65cbe670136c5657540debd96b257b168c2688dd8d34669b31e02111" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/cd", + "SPDXID": "SPDXRef-File-usr-bin-cd-8721732baf3d2db8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "00c2f95c966b664793bb6b27b56b81a2fdd0a58d" + }, + { + "algorithm": "SHA256", + "checksumValue": "3f794988bc9b6e734d06c6507b4335054d01760a741b60104a49543cf7a964ed" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/chage", + "SPDXID": "SPDXRef-File-usr-bin-chage-ccd7ed3375247fe5", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e8451b96bcf1302cbe7d03896cd13239a205c3b0" + }, + { + "algorithm": "SHA256", + "checksumValue": "326a4bba3ca2a8525c683bee311803427177b8e375b50ae4000c653114d6a119" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/chcon", + "SPDXID": "SPDXRef-File-usr-bin-chcon-a58763c7570727c9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d16aa25fe4ed9eea2748e986aff5bfdad423838a" + }, + { + "algorithm": "SHA256", + "checksumValue": "c191edddab15fd046170527d27f5f2a864684e118020ae3cab9a8c4ce7e6cc8f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/chgrp", + "SPDXID": "SPDXRef-File-usr-bin-chgrp-dd8cd37050122d84", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1402a8f010532c6f0bd76d0a91c908979fdf8bb7" + }, + { + "algorithm": "SHA256", + "checksumValue": "e1d37a0d06d1d5db7180b10eb367365214de3c458a356efa32960312dabf9bde" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/chmod", + "SPDXID": "SPDXRef-File-usr-bin-chmod-88a6c97c9d25b4c6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2dcb6e1e404323760e13dc1e5b805421878fc585" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ee704ee6e399f29d23b37223b4c80a1a5a39fd0752c6d913d9bcb176b4bb930" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/chown", + "SPDXID": "SPDXRef-File-usr-bin-chown-0c56734d7fa5e5cc", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "29dcc6262461574c88126133c57f4f5318eb8420" + }, + { + "algorithm": "SHA256", + "checksumValue": "497a658c90080afd7bba33da8297fdb1be37cf36a3465a344164a8cb14390b53" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/cksum", + "SPDXID": "SPDXRef-File-usr-bin-cksum-6f704900967b5d77", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8299d2a22b65a2ed645906053bcd57a46c0f3cbd" + }, + { + "algorithm": "SHA256", + "checksumValue": "09eada4c0374c3c565ebe1f8965bce9943eb7c2790ef031d7b638b3f191b5592" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/comm", + "SPDXID": "SPDXRef-File-usr-bin-comm-ab85920cb956969e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "02bcebd4816b8bf09099e6e86044c3b7b105d531" + }, + { + "algorithm": "SHA256", + "checksumValue": "7449de734af6ab89331fc34dabfd40d10fa799369a52fd9df7c3829ded1d0261" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/command", + "SPDXID": "SPDXRef-File-usr-bin-command-d567ea1a1bff3f0b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "47e25f606eaf2eccca20ccb92aaf0ad751d6e49e" + }, + { + "algorithm": "SHA256", + "checksumValue": "aafc06c6657ccf32c0af350777aa38537ff90685345dc19078afaa26bbe4412a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/coreutils", + "SPDXID": "SPDXRef-File-usr-bin-coreutils-754a39ec4d130e17", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "59dc61c3cc1fa2966a0517c382d70a8e173a6395" + }, + { + "algorithm": "SHA256", + "checksumValue": "61bca8e2323b76b8f423568f4631d265a26a88cb309c31ffbb066b925a52ccc2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/cp", + "SPDXID": "SPDXRef-File-usr-bin-cp-18d4b98cd33be63a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a50e277b33a29f26b5b825ce041ac8e48df2280c" + }, + { + "algorithm": "SHA256", + "checksumValue": "79c39d67b7969b943045e80485f9dc3202a11ddfc5c9f7fdb4287216d0255a90" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/csplit", + "SPDXID": "SPDXRef-File-usr-bin-csplit-9e37c41b16242727", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1e8b4a2d9443a650ebf84e483c92a30d14b06036" + }, + { + "algorithm": "SHA256", + "checksumValue": "406a678a5b17869b4d148ad1924dd9ff3f2496e6f8b1dde6572edb355ded6316" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/curl", + "SPDXID": "SPDXRef-File-usr-bin-curl-f8133b91a4a284c4", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7c864a33ce4ab0cee5741dec892fc24678e7638a" + }, + { + "algorithm": "SHA256", + "checksumValue": "1f3e81d92f297b50d421749fa71c004569064ac27ecfcd1445137f4c41652878" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/cut", + "SPDXID": "SPDXRef-File-usr-bin-cut-ff21bbd88cf7b191", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5f7c6de6de871fc09ae32642219cb90ddea137e6" + }, + { + "algorithm": "SHA256", + "checksumValue": "7448d9549e82dc4aa8917fc2bc2c49ad3f99e85e0c4f9a0957926a1f33c60421" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/cyrusbdb2current", + "SPDXID": "SPDXRef-File-usr-bin-cyrusbdb2current-ac8c81ddb4590392", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dbb5b22a8077d59ec7a6cba77116206844c526ad" + }, + { + "algorithm": "SHA256", + "checksumValue": "1fbdbf8d6354ee8477b04f1d5f7b13af20c704c55e55b59d88ee3e3cfbc02c90" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/date", + "SPDXID": "SPDXRef-File-usr-bin-date-6818434c95393f5e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "89a318bcea62a81b9328c0fa46d05dcb7e20c566" + }, + { + "algorithm": "SHA256", + "checksumValue": "71fb38657d2a08ad7fa8a7d6d44b54b4a63b2b0ca654e7865c0993443fe36608" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/dd", + "SPDXID": "SPDXRef-File-usr-bin-dd-e9bd0e2c33303c2f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "672fcb22508cfc162a7682100480856ada9263d7" + }, + { + "algorithm": "SHA256", + "checksumValue": "afc84e0b7f78721d72cc70e5207c0a948889401b1ae985f88fe5557010898d16" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/df", + "SPDXID": "SPDXRef-File-usr-bin-df-744b5a4693813695", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0f09ab63fa4ba2d4c24f32dd99e6d173e25d6625" + }, + { + "algorithm": "SHA256", + "checksumValue": "7140d87bcfc96e33d0e40e746734dfa02fb2973428059a83f267f490acf2924c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/dir", + "SPDXID": "SPDXRef-File-usr-bin-dir-056f2a85423da82f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ee83b454e9faf9324e59bc11bd72d8ff79b8fb33" + }, + { + "algorithm": "SHA256", + "checksumValue": "9dfc129738cbf6c04a0a6bce388f6cabe0212abfb4f7011997477d657c552b2f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/dircolors", + "SPDXID": "SPDXRef-File-usr-bin-dircolors-3808baf814d3a75c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "527fc023104da8e34cb2b883a48fb4d9a0563f10" + }, + { + "algorithm": "SHA256", + "checksumValue": "db0b3071d1896d4cb925e2539b959071d3dd028501e989ae051a7cc2923a131d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/dirmngr", + "SPDXID": "SPDXRef-File-usr-bin-dirmngr-5f553a8203875941", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7e919ec37b01d322ca530e0f86e3943c3ef09ccc" + }, + { + "algorithm": "SHA256", + "checksumValue": "bba4fd4ea202c0d57474a0703900134b1e442971c7b81a2119c1a48bbd64c750" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/dirmngr-client", + "SPDXID": "SPDXRef-File-usr-bin-dirmngr-client-42ff3dedd2729016", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9787998a6afc8b8b932874bc731c4f0739c06605" + }, + { + "algorithm": "SHA256", + "checksumValue": "da3ec27493d1d28cc1e1d3916a209754005b0e882873ae14a8d3aad115b98e20" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/dirname", + "SPDXID": "SPDXRef-File-usr-bin-dirname-d3dfe363c4518619", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dc3de909d1832ff6748cb739026407460280ca22" + }, + { + "algorithm": "SHA256", + "checksumValue": "79eb20166b1c6e3c720bbd9d1b7093dba753747f4a9c86c20efd24cfa1b7cd02" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/du", + "SPDXID": "SPDXRef-File-usr-bin-du-0d4ca6c562d852f9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "89891569832c12c079cdf123b5ab43ecafb72e28" + }, + { + "algorithm": "SHA256", + "checksumValue": "4f987dcb68ff9790a7da315f18dba495258e0689c9c145cba4ae33bbf1153ef1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/echo", + "SPDXID": "SPDXRef-File-usr-bin-echo-bea301c1054368b7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0f7c8d46f52cf0f9319631541c308471113cf022" + }, + { + "algorithm": "SHA256", + "checksumValue": "5e2e65807f2d7416260cc04c62a37b6aa14c3336632709406a6eb5e20a25676e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/egrep", + "SPDXID": "SPDXRef-File-usr-bin-egrep-6c51703fecd14955", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8b6fb94569c007bf7a2bfb8d3a69dcdf0e28f4b4" + }, + { + "algorithm": "SHA256", + "checksumValue": "50496c34633635bf3fe9c108ae26c26f8871ffc35f741b9e1426897a1e65f263" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/env", + "SPDXID": "SPDXRef-File-usr-bin-env-544b26d2152532b2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b84d0d2d85f4a9d818c4f9e8f61af524d7994601" + }, + { + "algorithm": "SHA256", + "checksumValue": "3164957405d820d74c59ce94cbe8e20eafa4d25366f53e4de9e3f4a149a9576c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/expand", + "SPDXID": "SPDXRef-File-usr-bin-expand-fe9db330a6ced29d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7c94424e1096ee9016cbf4ccf67affa7f001ddf2" + }, + { + "algorithm": "SHA256", + "checksumValue": "b2f2c111df45d87cb069e96a9152847d31a40d2357e770d4c943d04afe6e1acd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/expr", + "SPDXID": "SPDXRef-File-usr-bin-expr-461b28a03c440a0d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ef6ef0b52f22bfce633811b04704bb0dc2ea60cb" + }, + { + "algorithm": "SHA256", + "checksumValue": "27afd110fdd08ce37ae374cdb19348dc82db58b2a299d601b1a202e524ffad7c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/factor", + "SPDXID": "SPDXRef-File-usr-bin-factor-8174a59113d54fa2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "521757b7c3e1d1196a16227c8ae85150f94fe043" + }, + { + "algorithm": "SHA256", + "checksumValue": "ee9ee5a137e0591cd9cb7c833ea6d132715452b6e8ec15a521d5656825600a51" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/false", + "SPDXID": "SPDXRef-File-usr-bin-false-dfad1fe2d91edeb0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6a29a4f85de079ff81b73fb9662e691dbd36c313" + }, + { + "algorithm": "SHA256", + "checksumValue": "deeb84f2992538f7fadfc6946e4e34ce8b491c5d15aac723f2545fc53423609e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/fc", + "SPDXID": "SPDXRef-File-usr-bin-fc-cf2b5514af5f4b1c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c4a74b311a6ea7e521c1abf779399fc8b3ac2270" + }, + { + "algorithm": "SHA256", + "checksumValue": "86495d1781eeec50764ce4e629f316087c2b53054b999308f40580633601b270" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/fg", + "SPDXID": "SPDXRef-File-usr-bin-fg-4eb740e67d5a13d9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8edc00bfce83f8c865185c188a0643eeeefb8559" + }, + { + "algorithm": "SHA256", + "checksumValue": "0af28b724b8b1850fa6b4f232cf51229b2efed0333ebfb51d940798e28e0d625" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/fgrep", + "SPDXID": "SPDXRef-File-usr-bin-fgrep-9e6bcbbaf4a27702", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "81d09de7d53ee725afdb9bcae8a9a61915e12a22" + }, + { + "algorithm": "SHA256", + "checksumValue": "a35795589500118708cb879c5678c1daa0dc3c636c7dbad172a6a5918ae91c5b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/find", + "SPDXID": "SPDXRef-File-usr-bin-find-f60c8826d1355380", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "287c69debabeca01b282eac451ea0935562fe352" + }, + { + "algorithm": "SHA256", + "checksumValue": "a12f7a245a3366f9a79e6780a71c769716452dbedf6d0b1d5d854743ff3eb902" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/fmt", + "SPDXID": "SPDXRef-File-usr-bin-fmt-3e0a0208162355ef", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1dfbeba5c1b0e1c8ad8f0ec9b9d744320998baa9" + }, + { + "algorithm": "SHA256", + "checksumValue": "64eb499e5fcea80a3132b009285321317b2660173d3052ca3dc9c3871f07e0e8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/fold", + "SPDXID": "SPDXRef-File-usr-bin-fold-ceacea456c269068", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9599458a301ca99670389aa530baaf134a8a7814" + }, + { + "algorithm": "SHA256", + "checksumValue": "1af788b3e940772d2d061a2868af5e034faf977d2d7158cbefa3e56a05304049" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/g13", + "SPDXID": "SPDXRef-File-usr-bin-g13-e30dfe11fd680ba9", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a1859526c18480bbdc14dcdfb4edae02064daefb" + }, + { + "algorithm": "SHA256", + "checksumValue": "7e3482ba95fcd94bc0392c732fc5ef8afc0f67d493d006cc318aede7680ec4e2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/gapplication", + "SPDXID": "SPDXRef-File-usr-bin-gapplication-06db0aac5cdcba72", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ecc9fd34b7770f2d80c2abeff6f72d932a4860f0" + }, + { + "algorithm": "SHA256", + "checksumValue": "97f5cf2aebfcb29af00de68077e098b06957a1730154eeab0298a76ad73ffda0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/gawk", + "SPDXID": "SPDXRef-File-usr-bin-gawk-06978697a3279859", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01959f306d180b3a6d35ec523c6f0a1a9b4c9334" + }, + { + "algorithm": "SHA256", + "checksumValue": "b374177d6c91dad7eafe4d89ecfc414aa8e2bafb06b1f94d6f6d1d41dfad10ff" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/gdbus", + "SPDXID": "SPDXRef-File-usr-bin-gdbus-8b573813f1675648", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3e897b7af3ebc2b7a7a6ff1f996cdcf7420e3ecf" + }, + { + "algorithm": "SHA256", + "checksumValue": "6340348726aba9d85dfdc91574d48d94a21f810803f5bc72a33db106edf22c1c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/gencat", + "SPDXID": "SPDXRef-File-usr-bin-gencat-fc282208ed48aa6f", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "de3b0472194bc82921baba526d5c182d5002d8be" + }, + { + "algorithm": "SHA256", + "checksumValue": "2d4fd18b1b005445e1b63f5bf3ddef52a4cdc7eec37dc01090d6de08e9df8cd0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/getconf", + "SPDXID": "SPDXRef-File-usr-bin-getconf-64fe31773eb4999e", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "81140d839d18f2761b00df07b72c3fef8a43c11a" + }, + { + "algorithm": "SHA256", + "checksumValue": "f01154b2747461aa3011213d2a2d018d04bf4241ebc0649822a28b9d863eb370" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/getent", + "SPDXID": "SPDXRef-File-usr-bin-getent-402379cda2734cb1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6031c6974cd56cbb19dd3a8cc33ae95793b021a0" + }, + { + "algorithm": "SHA256", + "checksumValue": "3e8afb78f9ec759e5a62dd385aa092844fbbc5f1d01e9c56484bbde799a099b0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/getopts", + "SPDXID": "SPDXRef-File-usr-bin-getopts-8b20c49352d19b94", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "25e71412ce313beaeed25e28ea82dca878eddfc8" + }, + { + "algorithm": "SHA256", + "checksumValue": "7f1a970be00f749e2c9a820592e8109ddb7efc76cd8f8f47b748a16feab8cabb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/gio", + "SPDXID": "SPDXRef-File-usr-bin-gio-11302a785a1ce540", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "03f0ec9c91e77256b87f4aaa30e5c72d2bc035e8" + }, + { + "algorithm": "SHA256", + "checksumValue": "1504f592d1a21398522ab3eacafc8fae1726985a54543a725d531368c1f8bd52" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/gio-querymodules-64", + "SPDXID": "SPDXRef-File-usr-bin-gio-querymodules-64-f7346e98a83a716a", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9a4464b948f9f53efab98861f5f7578db32ba0a0" + }, + { + "algorithm": "SHA256", + "checksumValue": "968a25d1c83d5e2d6d975689858d586be554e70263952199bd9d3286be7d9c50" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/glib-compile-schemas", + "SPDXID": "SPDXRef-File-usr-bin-glib-compile-schemas-d6f141d5e13b0ae0", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "82ef59c46063d516b9f061077c95ac946b0e11e4" + }, + { + "algorithm": "SHA256", + "checksumValue": "1807e7b02c847294dd8536791843a6a1d8997dac3b741329258431b037f1c736" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/gpasswd", + "SPDXID": "SPDXRef-File-usr-bin-gpasswd-ec72e729f0fd3a67", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "70ac5047bb92a3a300ebe9e13c24d3a137e509a7" + }, + { + "algorithm": "SHA256", + "checksumValue": "1b9c0ff43bcc29c7a7d1a59c12c4373b52d80f82a4f2438a4a24f746ff9ae0b0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/gpg", + "SPDXID": "SPDXRef-File-usr-bin-gpg-ea18bc9bca18857f", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f7278aa72c89349d5b91dd566f2cae8a2b29ed19" + }, + { + "algorithm": "SHA256", + "checksumValue": "88c20ca1458b62385cf987b91cf4f0354a31c2eac7bc1da48321255520406652" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/gpg-agent", + "SPDXID": "SPDXRef-File-usr-bin-gpg-agent-f678176067e0b9ee", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "248f3e2a12c9d99f247f42132a694563d75d7f78" + }, + { + "algorithm": "SHA256", + "checksumValue": "db012878c08be000f0406b1a83debcf65ae313580d399b61f10ce74792e529c1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/gpg-card", + "SPDXID": "SPDXRef-File-usr-bin-gpg-card-7ae425cfbef4d3db", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "72df5c93591e340d17adcf91f8802cf6179710ae" + }, + { + "algorithm": "SHA256", + "checksumValue": "103b35b82e7fc9a6924d621cf1695a709fcbff1430b7e708b1c76dd3c0d37298" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/gpg-connect-agent", + "SPDXID": "SPDXRef-File-usr-bin-gpg-connect-agent-6b17a25ebe568098", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9d686ed777e5a1742263776247f439e6ec166a9f" + }, + { + "algorithm": "SHA256", + "checksumValue": "e049b637aa178619761bddfb52f8f531f097e6d70f4cf53312c897f98bd07cc0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/gpg-error", + "SPDXID": "SPDXRef-File-usr-bin-gpg-error-506b975f1b474e9c", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e695c139ca1e552d5d50289ace4c3ab966316634" + }, + { + "algorithm": "SHA256", + "checksumValue": "5804e22c791634c44d17cb8cd342e7951bed5397eeb809f7f15b2674830529c4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/gpg-wks-client", + "SPDXID": "SPDXRef-File-usr-bin-gpg-wks-client-3803513ccea114ad", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f352442ba2b781949cdc9d6e0549d7fe40518538" + }, + { + "algorithm": "SHA256", + "checksumValue": "1ebcab7126f7329fe2af9c331766d95d4d66bf633032024e3b2e00392b5fb5f2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/gpg-wks-server", + "SPDXID": "SPDXRef-File-usr-bin-gpg-wks-server-600d18be0a1f4796", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3faaa8ce65fc3d04b68600de14d8c8341836e40b" + }, + { + "algorithm": "SHA256", + "checksumValue": "04460084c5f70a7cf12cd1205c7055816193f9c1567353371dde856bc7d2bf3c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/gpgconf", + "SPDXID": "SPDXRef-File-usr-bin-gpgconf-48073038849245c3", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b11a25aeb96759201ac6be29ea48de7d91d6e1ee" + }, + { + "algorithm": "SHA256", + "checksumValue": "112a23ac806fedacd6084f3ba54eba0f1f79412844e3de265400cee64b987348" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/gpgme-json", + "SPDXID": "SPDXRef-File-usr-bin-gpgme-json-e68c533bd3284ce0", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1cdfaef616e271850763e5291b8f6f85444aa156" + }, + { + "algorithm": "SHA256", + "checksumValue": "70b4e73c0e5da91aa071f364f45893229ae1153d3a25ed01720843d941388063" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/gpgparsemail", + "SPDXID": "SPDXRef-File-usr-bin-gpgparsemail-e5adbfb76fdfb396", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8184387dfbf4798e9e4389c220a50c4218e55c16" + }, + { + "algorithm": "SHA256", + "checksumValue": "9f040dc684184a0eec5ea42930f7795589bca34f8dc5f7def3248174412a6051" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/gpgsplit", + "SPDXID": "SPDXRef-File-usr-bin-gpgsplit-8b767435cc79702c", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4d8ce8db146ee1887ec6adb79a059e89c0ff39ba" + }, + { + "algorithm": "SHA256", + "checksumValue": "82bed8e53bf3a8b52611e9361a3585609a39fbafd90a7a0c28dbc1c1429fe553" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/gpgtar", + "SPDXID": "SPDXRef-File-usr-bin-gpgtar-b5acc177f3d31ff8", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "36f3a80c0313d4784b75fba9b901f0254def3a19" + }, + { + "algorithm": "SHA256", + "checksumValue": "7df3103946b96d3888fc36ffd874ff00c6effebfb5361867809b0e59f4181c36" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/gpgv", + "SPDXID": "SPDXRef-File-usr-bin-gpgv-d48dfdfee64bde22", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c528684214a72707d1374d95e919e8fb0fe2d7b9" + }, + { + "algorithm": "SHA256", + "checksumValue": "3a4a2b6c85d77f396f6ff7bdbcb4be58c3c81ecd26fc2f3e43ecb01b1a4ba4d5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/grep", + "SPDXID": "SPDXRef-File-usr-bin-grep-0bceaf8088a9ad73", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7a0ccd7dd389bfc3dd6a50f375767177520034b1" + }, + { + "algorithm": "SHA256", + "checksumValue": "b9ae1630da770fa343c346c97f081ba6a4350f569f27205dc37a8953715564fb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/groups", + "SPDXID": "SPDXRef-File-usr-bin-groups-9d343b0c0a3dc26b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d687c82683c0a3df72e335fd33938476a6abb3c5" + }, + { + "algorithm": "SHA256", + "checksumValue": "80c0a1f602b5a30973ef4aff1549ab8f0c57415f1a1269c60fd463e51bc599f5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/gsettings", + "SPDXID": "SPDXRef-File-usr-bin-gsettings-9a640bfc7a35e27b", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a8394a4daa8d8e540dd3d78bbeba25829e59e931" + }, + { + "algorithm": "SHA256", + "checksumValue": "c1fb6c8163c88547292c2ab8713903ff491531350d2c08763033c01d6b18318f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/hash", + "SPDXID": "SPDXRef-File-usr-bin-hash-544a5e04e861b70c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "72baf7f3448f4cdccad27005032868973a557d29" + }, + { + "algorithm": "SHA256", + "checksumValue": "a5c3efd29eb134da49b68b78155c0338ab614eec99094bd07cdda7e99e53ddca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/head", + "SPDXID": "SPDXRef-File-usr-bin-head-6a36f3048b5f9e23", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b91a8a58197c97c537e2c6de70888b7ef72279c5" + }, + { + "algorithm": "SHA256", + "checksumValue": "d9265e0e806df2362b9e6b476b8b16cef39979c6e1ec9f51aae90f202b94a6d4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/hostid", + "SPDXID": "SPDXRef-File-usr-bin-hostid-b9ef157d7a552dc5", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5e0ed73ba60f5bd2f9ade65c6ac229a5da8c0e06" + }, + { + "algorithm": "SHA256", + "checksumValue": "a755dbdf0e3c215642c5dad5c02c6b69f1c533fc253aa5206e634cae9a601fff" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/iconv", + "SPDXID": "SPDXRef-File-usr-bin-iconv-75601b8758c5c606", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9d6b7c9d2b6bbd00fa4d7e9ea514ee4976207447" + }, + { + "algorithm": "SHA256", + "checksumValue": "9df92fd65adc5a01b5c74c505b6e8bdae87a32df88745f6259941933f773ba29" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/id", + "SPDXID": "SPDXRef-File-usr-bin-id-33fcc6393c0ff3b9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f9612c5a18e927cd54d137e938233210f0e7b6f9" + }, + { + "algorithm": "SHA256", + "checksumValue": "44cd8c4e4d7c0abda1cf8f4d3cb8c3eaa3a099e3583226a71b7b2717862293d3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/install", + "SPDXID": "SPDXRef-File-usr-bin-install-8da665206da2605c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b3d17f305f320fefe148784928cb2d37c0314ae2" + }, + { + "algorithm": "SHA256", + "checksumValue": "a1e9d54276f52269bf3f3c4787159a8582d093acb918026a389bb03ae886424b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/jobs", + "SPDXID": "SPDXRef-File-usr-bin-jobs-c2099ec9fb017164", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ed10dcf4f9065c771147428a413ddaf035d220d4" + }, + { + "algorithm": "SHA256", + "checksumValue": "1e4046021f3ae7abb820a995c8572cda3f3b4a4d14cb50e3bcb0f50f391a5bd2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/join", + "SPDXID": "SPDXRef-File-usr-bin-join-1d7f2b7ddde30ecf", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b410ff0dde7f8d3c9b8a0c73d0171f9fb43ae8aa" + }, + { + "algorithm": "SHA256", + "checksumValue": "9b4380b504cfba01d655f9102279abc3fa6105a4e107aa409912de8407ce7514" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/lastlog", + "SPDXID": "SPDXRef-File-usr-bin-lastlog-d4005ba7fec7534c", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "eed1c2a36e967a81f4ab333e62c46bd9d49ce073" + }, + { + "algorithm": "SHA256", + "checksumValue": "203580c2537f42b4efd7d1067b1d9d678d5ee3353b5a139bcf7214eaa1f87f40" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/ldd", + "SPDXID": "SPDXRef-File-usr-bin-ldd-ab68aceb1603e266", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "45557090d4ddf6fe984027a45c6fbc193d21a649" + }, + { + "algorithm": "SHA256", + "checksumValue": "2e332feed7fe0d65afca81d83d07f997917c07d5c1f1fd5564e98330e78aa0b5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/link", + "SPDXID": "SPDXRef-File-usr-bin-link-2c9b2ae407d86fc3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0e33c18f86779f212affcefe9135769856c836ec" + }, + { + "algorithm": "SHA256", + "checksumValue": "821714203f91ff6532c52ae3f871e0130435b6ba1f1f08d2d1f7bbc6693c0caf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/ln", + "SPDXID": "SPDXRef-File-usr-bin-ln-7997369f78b8711f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f14c273cb9fc438b0917982131cf345049e3965" + }, + { + "algorithm": "SHA256", + "checksumValue": "085d5f728f31abf16f2e2b6f848b10e987c2ddcf160cb9a8f12378de2b6c6657" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/locale", + "SPDXID": "SPDXRef-File-usr-bin-locale-9c64a140bb800cff", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4c77ddfab62739bbe158470438b00ea1224ca4c1" + }, + { + "algorithm": "SHA256", + "checksumValue": "826d99ca59ea56a0df2a4415176ce2554c6a53ea199700314ddaf1f5b2fe4cfd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/localedef", + "SPDXID": "SPDXRef-File-usr-bin-localedef-fb7925b2ec23b7e9", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fd2ab90872a1d1ac9b528655aa84764ecf8e1c24" + }, + { + "algorithm": "SHA256", + "checksumValue": "6ce825bf92f8a07b4921430a093cd0410a7ded09004c81a10866ec2bf9b764a5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/logname", + "SPDXID": "SPDXRef-File-usr-bin-logname-c08b9f0c72a8631c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ad619b65f76115eaa2fbae63f2be1f6f8d44ae05" + }, + { + "algorithm": "SHA256", + "checksumValue": "55fbba98b8cf7ccc3d0920e6630b525360603b1db4c72c955e6d3a09f8602b68" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/ls", + "SPDXID": "SPDXRef-File-usr-bin-ls-6028286556616715", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "27e9d6b6d89b0769569189f37f15b6389071d09c" + }, + { + "algorithm": "SHA256", + "checksumValue": "309b3c9a3246361ec0338641aed3c14e7f91e23e7cf10de000c75135ba99fddd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/make-dummy-cert", + "SPDXID": "SPDXRef-File-usr-bin-make-dummy-cert-8ee41d4c6e9953ef", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "47a0a71176443e0fddbc421f957c15fc18f900db" + }, + { + "algorithm": "SHA256", + "checksumValue": "cfd4277160871e6446e2b6d61f2f66d76ee5598584d2323376fbed1f57a00127" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/md5sum", + "SPDXID": "SPDXRef-File-usr-bin-md5sum-df0d483d6d8698cc", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "59f153e6b32f1ec4d67cfb47bd3cde9c94edf86a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ec74d410b372b48ef2b522cb903d48184f299c9290e5fa430fda73009e1ba468" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/microdnf", + "SPDXID": "SPDXRef-File-usr-bin-microdnf-047e6b67f6510fd7", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9c612e21a0453ab31f81f6feaaeb8d6ba3a52267" + }, + { + "algorithm": "SHA256", + "checksumValue": "725a49a7f9f827c96e9166259cbfb217fdc02a0e842707a7f8e42e764b1b82df" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/mkdir", + "SPDXID": "SPDXRef-File-usr-bin-mkdir-e3c4434cb39b0d8d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2f38e605397a87ba40254f1e643fd42aa484cabc" + }, + { + "algorithm": "SHA256", + "checksumValue": "3d79925b34d75033957c123dcdb7d9d74bbdf2135ae401aeecd1c7fdbec0541b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/mkfifo", + "SPDXID": "SPDXRef-File-usr-bin-mkfifo-88f4bc5e0bfe84ef", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "32970bbb076f05e95d6d841a1659c621ccc84bcb" + }, + { + "algorithm": "SHA256", + "checksumValue": "3abebd9dd438dfffcd6f958488172a3b403dfa0eac1ac0e1b8c26e94b61472c4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/mknod", + "SPDXID": "SPDXRef-File-usr-bin-mknod-a8f59c988de64619", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a2838bb5f1c76580efd23567ea42b7eaabd3afcc" + }, + { + "algorithm": "SHA256", + "checksumValue": "e0aea7b102cdd165cf69e86c9b72bf9f1610f063a41379ff98e6abd7767a0f0c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/mktemp", + "SPDXID": "SPDXRef-File-usr-bin-mktemp-f922a4af4b958b54", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "96190da1106c4247f1b8e043862d44e0d254e90b" + }, + { + "algorithm": "SHA256", + "checksumValue": "79dab18e96e909ca19e901731bd14bbd182327ed34050ad15d3c22186c112601" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/modulemd-validator", + "SPDXID": "SPDXRef-File-usr-bin-modulemd-validator-026e9bfa4e973170", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "33c2811ff007a946d429e90e83235e5860fa1fb6" + }, + { + "algorithm": "SHA256", + "checksumValue": "b9f45047a342934d5aee3d2d068d5c158328200069855057af25f5e582c57e2e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/mv", + "SPDXID": "SPDXRef-File-usr-bin-mv-b315a3fe6e89f6af", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0e78f29dce6a6f93c05910f19530574452f774d7" + }, + { + "algorithm": "SHA256", + "checksumValue": "6ee04af6a9560da8304d298561d76ecc42ce167cd37496cbbee5f7975b2b6c83" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/newgidmap", + "SPDXID": "SPDXRef-File-usr-bin-newgidmap-cee3d27dbb7a4d8c", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "03e027b2a3afe4ed1e54cea5f8b4f12b6d3add5d" + }, + { + "algorithm": "SHA256", + "checksumValue": "960116f9e9adc30ffbad051a78119196b3567d477680db5143c91467c410d465" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/newgrp", + "SPDXID": "SPDXRef-File-usr-bin-newgrp-931f29023ddf6706", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0859805debe1d7dcb99599aad45ba40545cfb4f3" + }, + { + "algorithm": "SHA256", + "checksumValue": "b1c7720e7c518bea3aa6a171846e8a089446e5e386e377bbfc162bcfd3d2ba49" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/newuidmap", + "SPDXID": "SPDXRef-File-usr-bin-newuidmap-2c3538d1f4b313d8", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5c9a308d5e04374e9f98000b62b5825db2e0d482" + }, + { + "algorithm": "SHA256", + "checksumValue": "d796755c9b01ee87a2a0cbe88e6d4f145b1d1afbba42172bb6ed05e52c836b15" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/nice", + "SPDXID": "SPDXRef-File-usr-bin-nice-d467c883214fdfaf", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f2dcd17b39ad2ffa17e0e92ee766266f55abf9f" + }, + { + "algorithm": "SHA256", + "checksumValue": "05dd64c5d88a6308828a66bdf10fe43a1d762bdf9867eddd1613ed95abcd9eb8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/nl", + "SPDXID": "SPDXRef-File-usr-bin-nl-8ca713d9ce28c6c8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e4eaac987f6b05b44e3bf898f549135dddef0aa0" + }, + { + "algorithm": "SHA256", + "checksumValue": "9cebdddb5c913efd5a2e2056790c58a4b1f0ea753ab776209f620c8aefaa88d4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/nohup", + "SPDXID": "SPDXRef-File-usr-bin-nohup-88c5c7b7b7f31d92", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a9e175d7640c094ac4992dccc3c60707b31b5d1" + }, + { + "algorithm": "SHA256", + "checksumValue": "1d120028b00ffd10dc5d2bdb8725cccd994206809a17897b7dfa7d9852b4a109" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/nproc", + "SPDXID": "SPDXRef-File-usr-bin-nproc-941b8b9c01250526", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9de95968bee11e95d7431aaf61c83ba2a4468e75" + }, + { + "algorithm": "SHA256", + "checksumValue": "802d57a2bb4a148ce86b5987d42de833613df533033939621c98af7c83ed10a9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/numfmt", + "SPDXID": "SPDXRef-File-usr-bin-numfmt-b9c731f240f51940", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "466de75850dd7c132427b2d022d06cdd095df214" + }, + { + "algorithm": "SHA256", + "checksumValue": "a2d0a24b66f7e706d20cdbf400f0fb170c9737de1f33707639ac83b0c6eb1fe7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/od", + "SPDXID": "SPDXRef-File-usr-bin-od-7728a96ffaeb0a44", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5fc21e046850c4dea847d10cf48de31df3e8a996" + }, + { + "algorithm": "SHA256", + "checksumValue": "28cee197c00cc74e4020bc2c63ef4a47269bfc42a0514e8ac39b93d1c9fb5c79" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/openssl", + "SPDXID": "SPDXRef-File-usr-bin-openssl-bd9492321caa4c92", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "802b32ff8791cd5276b9537fe68463de0c0690c1" + }, + { + "algorithm": "SHA256", + "checksumValue": "567921353e959d24997de445494075b780c7faacc1583c18a23f85d09c88bdc7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/p11-kit", + "SPDXID": "SPDXRef-File-usr-bin-p11-kit-4c0fede68f0598f1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c8001800fef6c4e3f15f559d3418352ae2683f34" + }, + { + "algorithm": "SHA256", + "checksumValue": "d543651b76dc84c8179e1de487101a4906be24767cfcb8136835fafbd7b79a8a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/paste", + "SPDXID": "SPDXRef-File-usr-bin-paste-d9e693836ef87035", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6d14aa0f379322bc2099e2572dd5e69d74f3c9a9" + }, + { + "algorithm": "SHA256", + "checksumValue": "8bc3ecc3066cf717ff77c775897786c7ffbc96d8b4e7bf74ac0d1b1429840cbb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/pathchk", + "SPDXID": "SPDXRef-File-usr-bin-pathchk-bc17b45a7346d4d6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4a12dc81e91b470ee653874d8a16cbf0b77a847e" + }, + { + "algorithm": "SHA256", + "checksumValue": "c75cdb9159c70035a4fb0c266c75b7046a5e0c65770f1abd3955169ee84495cc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/pinky", + "SPDXID": "SPDXRef-File-usr-bin-pinky-8e68499e4c58f652", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9d5fbfd3630dab9361c7ba1360d0f57685c5cf21" + }, + { + "algorithm": "SHA256", + "checksumValue": "99376200da341d1d415806ebe99b80bdab70f8e9fecc9faf16b97dd9a0038062" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/pldd", + "SPDXID": "SPDXRef-File-usr-bin-pldd-c71625ca0ae03d90", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0047c37c4b686a8d73eb8c806f0c10a8ecbf8a09" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ce9b7397fb7661f8fbc87dfc2d12b4d44555425d20f6771e90880283084d4cc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/pr", + "SPDXID": "SPDXRef-File-usr-bin-pr-25c8cb45e6ef8bc8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f81df2310ad8fa8a25291552d2223c7caa1b38f" + }, + { + "algorithm": "SHA256", + "checksumValue": "a01cee18df2195a84845ab441c0860ccd2e60fe8420165a46450c4215759c2a4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/printenv", + "SPDXID": "SPDXRef-File-usr-bin-printenv-71b77256524029a4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e34f63c0fd760b82fdc2fb423a0ac9d86326ca74" + }, + { + "algorithm": "SHA256", + "checksumValue": "d28a352be84024a34f072b7c6a26b94aa87a2e76b90f437107d9b7eeebd0053c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/printf", + "SPDXID": "SPDXRef-File-usr-bin-printf-078a87259774791f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "72fe02a8bc6fb958c4181f15fbd7d821fb9d69ab" + }, + { + "algorithm": "SHA256", + "checksumValue": "129f7bcc2ae4d017b79e41c979ebfa18fc9052d4186538c25d736bfd2e397280" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/ptx", + "SPDXID": "SPDXRef-File-usr-bin-ptx-dea9371d2e47745d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cbad420a1f8db2821352f3a1b23cc9076fe064db" + }, + { + "algorithm": "SHA256", + "checksumValue": "4d3ecca846d94b352b5ba97887e413980af43df47f393f860ed07ed3af0ef681" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/pwd", + "SPDXID": "SPDXRef-File-usr-bin-pwd-4356d92199f25d2e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "48594a8abb7f13c85be045d8659a64a6fabad41e" + }, + { + "algorithm": "SHA256", + "checksumValue": "efabc0b34ff064d6a99456f5f74490573f8b9db6d1bf9450ad2e0aae0402b89c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/read", + "SPDXID": "SPDXRef-File-usr-bin-read-00b2dfb2762e3451", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bf8e3fc1852d2925f2cba52fb1be0c94a8e76ac5" + }, + { + "algorithm": "SHA256", + "checksumValue": "f0f717be7c907acc0c1c4b489d619663076e5f08ed56257d647d192d492a147b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/readlink", + "SPDXID": "SPDXRef-File-usr-bin-readlink-265ca13d36eb9a9f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "720b77521af81b3ec5738f6983fe5df2bd6e9358" + }, + { + "algorithm": "SHA256", + "checksumValue": "b84234996da12c81e5762285b91ae7681342e012612df920b94ae0bd1557884f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/realpath", + "SPDXID": "SPDXRef-File-usr-bin-realpath-1f88fb5719c35c4f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4fbfcc77e12dcebef21b16a83af48201abb92c7e" + }, + { + "algorithm": "SHA256", + "checksumValue": "504d523de86fa1463b8d96abf3cdd7ec8e85571593bc95650130c83ee8ff20cf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/renew-dummy-cert", + "SPDXID": "SPDXRef-File-usr-bin-renew-dummy-cert-80a60d7b813a682b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b7184bf7749e8cd85cb6c69d7ea08a47036a7e77" + }, + { + "algorithm": "SHA256", + "checksumValue": "628d284ecb0d1abc737d58e771d1f7cab172c31df228699305eac299517fb5be" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/rm", + "SPDXID": "SPDXRef-File-usr-bin-rm-b8f0751fbb447dc8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "903a4aa5e26a0e53254b945e6ed66d1d6f6d11bb" + }, + { + "algorithm": "SHA256", + "checksumValue": "c909af3f4c8ae30d059b96a9cf7b097db39159d161622b95190d60d25a5db776" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/rmdir", + "SPDXID": "SPDXRef-File-usr-bin-rmdir-ead172520b1e7e9b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7b6258ad372f3433582b24e8ea4d0bb5576aa3a0" + }, + { + "algorithm": "SHA256", + "checksumValue": "6e999e3d0c2ccfeb001f513f6a6f51c5121327894ea279e2682b4b8272c4bca8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/rpm", + "SPDXID": "SPDXRef-File-usr-bin-rpm-f8dfa8c598243359", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f8f3bc53a77750ef8092992f855def815b966a5a" + }, + { + "algorithm": "SHA256", + "checksumValue": "4a07f33c47a60ec3c1ceaea8b3d8455f2ff24931f9910aa7c524c2b87749d407" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/rpm2archive", + "SPDXID": "SPDXRef-File-usr-bin-rpm2archive-c0694eb564b439d2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5f830416a71f253f8992389550b1b21bdd0b03a0" + }, + { + "algorithm": "SHA256", + "checksumValue": "5657992744d9b4c57748a77f2fea99c773186d74debb393127567923cfdaeeca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/rpm2cpio", + "SPDXID": "SPDXRef-File-usr-bin-rpm2cpio-28a09a6d00e432e5", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "524d1e35b17f25ce71d42d995c07bae662606560" + }, + { + "algorithm": "SHA256", + "checksumValue": "2611d94df5ed29e72bd8f51feeaa527cfd2b04f07ed96adf1c11c75f5c86bbe4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/rpmdb", + "SPDXID": "SPDXRef-File-usr-bin-rpmdb-ca069608975818cd", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6bee17ff4f853b65e85ac6e0a1f7a5d1954eb071" + }, + { + "algorithm": "SHA256", + "checksumValue": "e024162a018ebbec2d2e6aed8a70e6b939135332016ffd29884091e0dce76213" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/rpmkeys", + "SPDXID": "SPDXRef-File-usr-bin-rpmkeys-5060c67d3dd6ce6e", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5abcd6b01d7c0d18ce43176efcea9fe0a57e2650" + }, + { + "algorithm": "SHA256", + "checksumValue": "4cc743d879ac8fa5d9c4e13a43eb24ab130516e776c52ab669a426692f867820" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/runcon", + "SPDXID": "SPDXRef-File-usr-bin-runcon-cb618c4b8c037138", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f0b74a6c7103b76887fd753be504ae3a16e2b9b5" + }, + { + "algorithm": "SHA256", + "checksumValue": "7ee2793317816a3898f317c53f3ae9324f9e245e52e9df7014553daeaf99b9f8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/sed", + "SPDXID": "SPDXRef-File-usr-bin-sed-7522e277c19c73d2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "83637685db51755643a782f122bfb7a8a4f52b87" + }, + { + "algorithm": "SHA256", + "checksumValue": "094185ede26906ce24155af7d04ed766bb854e4061a52cd8a063e23e98cfaa76" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/seq", + "SPDXID": "SPDXRef-File-usr-bin-seq-5c1ca5b1d84a25fe", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3ac2fb84bf15e169527d7bdf55ad8b5e228af851" + }, + { + "algorithm": "SHA256", + "checksumValue": "bb11a10b8a0f5c8e974b844f2fb6c94f81d50ed2508f4583235d4cbe8bc0fbc6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/sha1sum", + "SPDXID": "SPDXRef-File-usr-bin-sha1sum-06db0d5547f53281", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bc8e4e25974ed24d035a193b9d73bfee54958003" + }, + { + "algorithm": "SHA256", + "checksumValue": "c5e5033951d2d051b6a8412aab455294f2ec529aec279e2bc1600d21dd242a7d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/sha224sum", + "SPDXID": "SPDXRef-File-usr-bin-sha224sum-bc40c98387d40c0b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7310a416702b8dc0c2af27d0750aa4916d1bd335" + }, + { + "algorithm": "SHA256", + "checksumValue": "7737b55fb338ea353ae400752f720edbcf38ef09b84ef9be9985195853a62d0d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/sha256sum", + "SPDXID": "SPDXRef-File-usr-bin-sha256sum-82c2f6b68752383b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f207dbd127187de6590a9b245b25982fcf241ccc" + }, + { + "algorithm": "SHA256", + "checksumValue": "377e96d9304a3e91119a58155becca958b4dc286c203ea2917ebeadba183db1c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/sha384sum", + "SPDXID": "SPDXRef-File-usr-bin-sha384sum-2f7824beeae17415", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f93e81d3e93639913be9d934040e76471a2aca07" + }, + { + "algorithm": "SHA256", + "checksumValue": "94e88e0dcf5ee93b44fed867bf4e42e737dfac9ca957247489264bbf1b2f6ec7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/sha512sum", + "SPDXID": "SPDXRef-File-usr-bin-sha512sum-2e22b86fe576d2fc", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1ed28781164c4b0598f64edd9c9b68b8accff86b" + }, + { + "algorithm": "SHA256", + "checksumValue": "23809accfe32a32da5b0fdb65f6d638f96f3c48be4fa59c41a04067677daec6e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/shred", + "SPDXID": "SPDXRef-File-usr-bin-shred-78c64b29850751ed", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1b6acb6267be464343dfde0809bc5ac5685484d1" + }, + { + "algorithm": "SHA256", + "checksumValue": "b06cd470398f9e5505b962475935ce2922ad8b8f24d469e55ca398c6a4c840fe" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/shuf", + "SPDXID": "SPDXRef-File-usr-bin-shuf-6551339451ed4e59", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bb2127fd4acf163e24acae97369b20591a0ade64" + }, + { + "algorithm": "SHA256", + "checksumValue": "76918b2e6df2cd31f4e6812766b003fb4a037507d12e089e4a513f8f13c312e1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/sleep", + "SPDXID": "SPDXRef-File-usr-bin-sleep-9020f49b86409025", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a7d45326d7045b85cfe5eed8b7e5f6c3dd44078d" + }, + { + "algorithm": "SHA256", + "checksumValue": "96f0366d3535f1556981c0ccc68c160328eb6f2757971e15642d585b2cd1f344" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/sort", + "SPDXID": "SPDXRef-File-usr-bin-sort-73eba117e1b20f85", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cc55a192535438eecadeff31fc3a73f8a4050061" + }, + { + "algorithm": "SHA256", + "checksumValue": "7db440f4b4270d53050569407160d7f7c23fd7832394ce9bfbbc0b1d6e7e7dac" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/sotruss", + "SPDXID": "SPDXRef-File-usr-bin-sotruss-da6893d8b64d3642", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bb4d462d733966a97a40eabeb9094d98b68b0e69" + }, + { + "algorithm": "SHA256", + "checksumValue": "a01e33a22e131e727a069bfe82faeda8f58fede0dd4966f88300fe9ec1fa8496" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/split", + "SPDXID": "SPDXRef-File-usr-bin-split-8e0bbaa4e4ba02c6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "996fd666370fba16add476d7d329273a3adbb2d9" + }, + { + "algorithm": "SHA256", + "checksumValue": "9b963841b57f729c71909fe9d4c5f1644aea4260b736b37050b35f18ab82b4ab" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/sprof", + "SPDXID": "SPDXRef-File-usr-bin-sprof-01e3295cf525038a", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "293c4ddaba343a81373e3edfd0733b770994dbda" + }, + { + "algorithm": "SHA256", + "checksumValue": "97f497f325859d13de6c5d1f1e0489ef6ea892e299da344d1fa7f01286dfd39b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/stat", + "SPDXID": "SPDXRef-File-usr-bin-stat-aa95fe9a066fd0be", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9f69f0ff28c5130a1f6456a67c0fc313250c074d" + }, + { + "algorithm": "SHA256", + "checksumValue": "9f6ffbf89d8463633790130b1d79999e1f5ef72fa63ac128eefc19101116b4d3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/stdbuf", + "SPDXID": "SPDXRef-File-usr-bin-stdbuf-f411654f922fadee", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9b3c7d4a67bbd37a222afa34fe7aa5cf5c23e92f" + }, + { + "algorithm": "SHA256", + "checksumValue": "64ca8854673bbe7597c0be2ebc1ea1248e16a022e07216fe5ff2af5af1408cd7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/stty", + "SPDXID": "SPDXRef-File-usr-bin-stty-9e82d0c55444d9af", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9307c56df9cb966f76a634c0746d42d5f8ce2ebe" + }, + { + "algorithm": "SHA256", + "checksumValue": "347183bf373a494eb701af0b8f2c2c7d296a6ac1a90fad3cfe4745d236bd0dc9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/sum", + "SPDXID": "SPDXRef-File-usr-bin-sum-9fd078013bce73a3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9bdfc613fdc7339e6ea8e9810331beda4d794977" + }, + { + "algorithm": "SHA256", + "checksumValue": "4f443e4c6d5063c4affc2b9d12852eab4c4eb675e323603441b0cc96fb9c2389" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/sync", + "SPDXID": "SPDXRef-File-usr-bin-sync-27557935309fffaf", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6ba9e0a1e2eed62ac07cb1a96debd492597c648b" + }, + { + "algorithm": "SHA256", + "checksumValue": "5f3ecf316cc8d0461cdc69e55f97c575a2c37f250e77461ac6241d049d65b177" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/tac", + "SPDXID": "SPDXRef-File-usr-bin-tac-045839e332bd074b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "989e56cc65e99a8f17cd6c8c864301dce35682e8" + }, + { + "algorithm": "SHA256", + "checksumValue": "054324a3bf86ff8d7de940b38abfea90434de3f7e6dbfb68c28fef13ab194a4b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/tail", + "SPDXID": "SPDXRef-File-usr-bin-tail-2957aae07091a3ba", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7268458ab70a426daf11cdaabe465db2f35d3eef" + }, + { + "algorithm": "SHA256", + "checksumValue": "c84b690e840c9297566787aa939370f9b2e181e01c91b727e77ae07865f06c1a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/tee", + "SPDXID": "SPDXRef-File-usr-bin-tee-1636a85d52c489d5", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0da9a1b60462925e9afc05f3176c0a273623380f" + }, + { + "algorithm": "SHA256", + "checksumValue": "97a3eca66552d324751b1e8e5af6ca4295328b98fa57bc43f1f81cc0a53e197e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/test", + "SPDXID": "SPDXRef-File-usr-bin-test-40060b01d4e80f69", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "be4c44bcf58a961241b8bed1dc43d5439b104e2d" + }, + { + "algorithm": "SHA256", + "checksumValue": "12f025e9fc03f2dde8653295c2c685c1a010120b768a5becc53f61a652469005" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/timeout", + "SPDXID": "SPDXRef-File-usr-bin-timeout-1be594e56e910cf5", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "935c4f99d23fb446cae51887710191f291b21619" + }, + { + "algorithm": "SHA256", + "checksumValue": "a58c5c3de98fedf0d7199e4e51e6d241169678259b99c21c75e5bbc17b885662" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/touch", + "SPDXID": "SPDXRef-File-usr-bin-touch-7be78d5770955fa8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5cfa434bfcb822d6b1251c802ba40f787c6f76da" + }, + { + "algorithm": "SHA256", + "checksumValue": "cc4165b10af3012c31ff266d74ec268c5f0ebf0521faf2596141d1b33b9c1309" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/tr", + "SPDXID": "SPDXRef-File-usr-bin-tr-26fb773c19e548c0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d0d23cc713deb1776203813369bdfb2e33873bbd" + }, + { + "algorithm": "SHA256", + "checksumValue": "e3bb9a0ff998a6452a2652ad9fe93913ed17426812718c0618b769c0a45859be" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/true", + "SPDXID": "SPDXRef-File-usr-bin-true-10e9321605ed3b26", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c1722a4b217bfb26dc2196fbc12c772744d3f486" + }, + { + "algorithm": "SHA256", + "checksumValue": "c73afb60197c9c64805d2b4ab95efdee8646f8248ff800de2575a11eed8f9f08" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/truncate", + "SPDXID": "SPDXRef-File-usr-bin-truncate-25202def2b28cd94", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "75e44a6f34c669cc3dc19093cd26ec9994d46f94" + }, + { + "algorithm": "SHA256", + "checksumValue": "e58155261499fd6ba41e6f6cf6b696529f929b2ea82d710b8d0467e28f9eb6b8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/trust", + "SPDXID": "SPDXRef-File-usr-bin-trust-b8e48c126ab0bfb8", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "73218ce5ea376d2ebc2019b093f36c94bb32eed6" + }, + { + "algorithm": "SHA256", + "checksumValue": "577085f236a406b2115922ac26e739fc88189affee2d255681b34b64684807a8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/tsort", + "SPDXID": "SPDXRef-File-usr-bin-tsort-06cf40470ae4ac57", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6a9933ff7c80153280caf8be59ab896a8cbe957f" + }, + { + "algorithm": "SHA256", + "checksumValue": "f93ec3a790a5f9283da66b22aa307a9289ba40a6a9f413c74dbb18d243c71da2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/tty", + "SPDXID": "SPDXRef-File-usr-bin-tty-a7684040d49bc8e4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ee1e0cedda425d84a7bf9819fc6fa3f1e7334059" + }, + { + "algorithm": "SHA256", + "checksumValue": "47fb87400000912b988e1a8708d99287751c976b942ffb5dacc21316d07fd6d0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/type", + "SPDXID": "SPDXRef-File-usr-bin-type-c2b780c83765c415", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "339eedcc50d7b24c3c15e056ca79a2a6394f0811" + }, + { + "algorithm": "SHA256", + "checksumValue": "36d5d35fee92010a0869fa9229d201b54f795217557105409e381f471a8038cd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/tzselect", + "SPDXID": "SPDXRef-File-usr-bin-tzselect-b436ec625d3e4637", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bc409f72d805f31ce7b181e73ffa505ec6cd78f2" + }, + { + "algorithm": "SHA256", + "checksumValue": "895808da0dad628436ef6de05465978b7929fe017d186d7d626c2074e5c345b9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/ulimit", + "SPDXID": "SPDXRef-File-usr-bin-ulimit-399960ec84398034", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "09651176811817d03591ae8c4258d04a01562e67" + }, + { + "algorithm": "SHA256", + "checksumValue": "d66bfb63a8afcea2c6d17561f27f8d3ddb49062f221c9b18d64e7c846c34ff94" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/umask", + "SPDXID": "SPDXRef-File-usr-bin-umask-c8e5318148bed297", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4e230e28dcb60d5587a12f9e7ad9920846cfb113" + }, + { + "algorithm": "SHA256", + "checksumValue": "975d986bf2124069a5781239ba169c894f3c0c152e3262cbddd64fff74e88171" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/unalias", + "SPDXID": "SPDXRef-File-usr-bin-unalias-911641d65b7558d3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f4a3cff8af1e0bdee91fe52da50c184e4c4db4c4" + }, + { + "algorithm": "SHA256", + "checksumValue": "9631a027d22e68cb01c9753dc6cd44b9b210007cb0c1162cab12a715a2bcef60" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/uname", + "SPDXID": "SPDXRef-File-usr-bin-uname-a19b4b04eca0119a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "67099ab009d2df7d42908c0f5b5688ed8af384a5" + }, + { + "algorithm": "SHA256", + "checksumValue": "050964cc46affadcf00d817106c47a6bde087fc483fa0643e168a816b76de608" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/unexpand", + "SPDXID": "SPDXRef-File-usr-bin-unexpand-071dc954e7781a30", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0aadcf2c42c2d9e737adcf5a3cedd84d81d0c9ab" + }, + { + "algorithm": "SHA256", + "checksumValue": "9dd5e2f796993334c5d66b9d2258c48d447fcdc2762a6aa0987590f5384552cb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/uniq", + "SPDXID": "SPDXRef-File-usr-bin-uniq-492ba4e8343fe476", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1597d09bb83163173a908ef4f7184537cb9d09aa" + }, + { + "algorithm": "SHA256", + "checksumValue": "2e91d5ac599019cb960094ed9a9b9973d7c1980b209dcba3de2f1549e85a0cd2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/unlink", + "SPDXID": "SPDXRef-File-usr-bin-unlink-9558b322aefc819c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3f7e0a28583528e29da3ad65b9f5da7f7e913bd0" + }, + { + "algorithm": "SHA256", + "checksumValue": "d9a4afe24003912290d8a8fed7781afeeee64bb88a53cfd5b2f820ab6df355c2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/update-ca-trust", + "SPDXID": "SPDXRef-File-usr-bin-update-ca-trust-5ee359e70fde1643", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0e1e5bf388ae30d164c54f402522af2025e2312c" + }, + { + "algorithm": "SHA256", + "checksumValue": "4c5515dcbdcdde3140164b1ec731873cd98c8b346359ef4b033cfbf9f82bb6bc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/users", + "SPDXID": "SPDXRef-File-usr-bin-users-18bdae839efdebc0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "effbe20ec87e9e7676eaff14227b4ef2ef27d938" + }, + { + "algorithm": "SHA256", + "checksumValue": "d8f7ba3fd846a96259a17e8785a172d653fdfb03c1507f95aeeb8d5461407b5c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/vdir", + "SPDXID": "SPDXRef-File-usr-bin-vdir-9f99ca58212d2c01", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b92e6ce604508591ce94d0e78057b7373d5c7f16" + }, + { + "algorithm": "SHA256", + "checksumValue": "fff208202d47a5ff1daec8820f11555149ec8d9d9b39235e14555c3a14bd8572" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/wait", + "SPDXID": "SPDXRef-File-usr-bin-wait-293eafcf9526eaf2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5626cfe4711da11e9b207d8c920364138af94d3d" + }, + { + "algorithm": "SHA256", + "checksumValue": "238e0bce60ea5baff73d00fe4bb580335c5fb2c50fc3d9527f80fa57f5648550" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/watchgnupg", + "SPDXID": "SPDXRef-File-usr-bin-watchgnupg-5db6da7845914c87", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "92c2b0ab2051c9c1055ea87014cb9325197d88fe" + }, + { + "algorithm": "SHA256", + "checksumValue": "d8594b5e2e73de2573e250e395cf5eb30de8c6b852fc6b8cb2cb30a47d202596" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/bin/wc", + "SPDXID": "SPDXRef-File-usr-bin-wc-f99398e3fee4fde9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5a675dff97cb212b7152fc080f8cb378ac3c98a9" + }, + { + "algorithm": "SHA256", + "checksumValue": "709f6b9228d11ea5bf6298c953c98a3d11ec89a50916646494661aca8c32a775" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/who", + "SPDXID": "SPDXRef-File-usr-bin-who-aca89e9d60961302", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "11316248c3582e03e77e2fa2d20a44a0f889838c" + }, + { + "algorithm": "SHA256", + "checksumValue": "5f2f1a73f39388b45a8ee56e44abe0a084d6849ba4c432130f9ef04bc6a58e4e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/whoami", + "SPDXID": "SPDXRef-File-usr-bin-whoami-0165175e69387e89", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "36eb9262edf87f57d85e9b1dd1ee3ff2870451ea" + }, + { + "algorithm": "SHA256", + "checksumValue": "112e9bdfc8975c4413bb940c0ab36034902d0037b2b25d24f2d1b4f93a32bd6a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/xargs", + "SPDXID": "SPDXRef-File-usr-bin-xargs-cb344590729d5a35", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b34b1cc2048d25c50ad2b6fdd154cec24822cb8e" + }, + { + "algorithm": "SHA256", + "checksumValue": "e2c3ecbf697414f8d7ac9e61c296d9c817e2f8fd0eb1ba0eeef7d5e804f8aa6c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/xmlcatalog", + "SPDXID": "SPDXRef-File-usr-bin-xmlcatalog-dda0ae07e7341f9a", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c04310900e7a5b96c158ed8d4f5605dcecc8961c" + }, + { + "algorithm": "SHA256", + "checksumValue": "59edd482ec6b1015f014afb2dfbfbffe906ca8e3b6b3968f3276794b6d0af500" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/xmllint", + "SPDXID": "SPDXRef-File-usr-bin-xmllint-5673356a70c66fd3", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ad42762fa4a83508fba33e369b6d13eacb23e739" + }, + { + "algorithm": "SHA256", + "checksumValue": "d81629a128f77765908733a1a0eda0cf97353cd81e19a3269c4e56ce16c23b55" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/yes", + "SPDXID": "SPDXRef-File-usr-bin-yes-52eab4688d6b3751", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0525fa3a805dcd1bf37ded7fc36ef84f80521847" + }, + { + "algorithm": "SHA256", + "checksumValue": "614d5aab2a46b047fb5160018dd4f1c7655f792a467dcb8abea75cbec5579b08" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/bin/zdump", + "SPDXID": "SPDXRef-File-usr-bin-zdump-a9dcf0efdca030d9", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f017d1f00be7397fcf8e0da72e57f54b2385dcc" + }, + { + "algorithm": "SHA256", + "checksumValue": "5743f6d41afed780f5d47b1211fdf7bba618cf6f9af8698ba8393dd6758e04df" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/C.utf8/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-ADDRESS-3a77f0eb2f121f92", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "12d0e0600557e0dcb3c64e56894b81230e2eaa72" + }, + { + "algorithm": "SHA256", + "checksumValue": "26e2800affab801cb36d4ff9625a95c3abceeda2b6553a7aecd0cfcf34c98099" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/C.utf8/LC_COLLATE", + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-COLLATE-5a3f08ff2ba7eb83", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f245e3207984879d0b736c9aa42f4268e27221b9" + }, + { + "algorithm": "SHA256", + "checksumValue": "47a5f5359a8f324abc39d69a7f6241a2ac0e2fbbeae5b9c3a756e682b75d087b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/C.utf8/LC_CTYPE", + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-CTYPE-74a5b79731824b85", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2ef33b106c27612ac5a4864f3ba35db0c9a1d130" + }, + { + "algorithm": "SHA256", + "checksumValue": "2cb901c95a9fa81466d7878f81aa8eb52620df6f4420a0e219943ee6491c9334" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/C.utf8/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...lib-locale-C.utf8-LC-IDENTIFICATION-923c136f4c5de86a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1eeec3b2cb259530d76ef717e24af0fd34d94624" + }, + { + "algorithm": "SHA256", + "checksumValue": "38a1d8e5271c86f48910d9c684f64271955335736e71cec35eeac942f90eb091" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/C.utf8/LC_MEASUREMENT", + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-MEASUREMENT-cbd26163fa70927c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a7d0d264f9ded94057020e807bfaa13a7573821" + }, + { + "algorithm": "SHA256", + "checksumValue": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "SPDXID": "SPDXRef-File-...C.utf8-LC-MESSAGES-SYS-LC-MESSAGES-6492c40f18325b8f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "574d7e92bedf1373ec9506859b0d55ee7babbf20" + }, + { + "algorithm": "SHA256", + "checksumValue": "f9ad02f1d8eba721d4cbd50c365b5c681c39aec008f90bfc2be2dc80bfbaddcb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/C.utf8/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-MONETARY-cc81a1d8e7798571", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "110ed47e32d65c61ab8240202faa2114d025a009" + }, + { + "algorithm": "SHA256", + "checksumValue": "bfd9e9975443b834582493fe9a8d7aefcd989376789c17470a1e548aee76fd55" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/C.utf8/LC_NAME", + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-NAME-44461ef359eebd22", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b5d16f1042c3c1c4bef85766aa2c20c1b0d8cff6" + }, + { + "algorithm": "SHA256", + "checksumValue": "14507aad9f806112e464b9ca94c93b2e4d759ddc612b5f87922d7cac7170697d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/C.utf8/LC_NUMERIC", + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-NUMERIC-ab10c6584b53de9d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1bd2f3db04022b8cfe5cd7a7f90176f191e19425" + }, + { + "algorithm": "SHA256", + "checksumValue": "f5976e6b3e6b24dfe03caad6a5b98d894d8110d8bd15507e690fd60fd3e04ab2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/C.utf8/LC_PAPER", + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-PAPER-24b7a789ea1de86d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "567aaf639393135b76e22e72aaee1df95764e990" + }, + { + "algorithm": "SHA256", + "checksumValue": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/C.utf8/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-TELEPHONE-c0765b8dd9f14fd4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3316c99e183186c5cad97a71674ef7431c3da845" + }, + { + "algorithm": "SHA256", + "checksumValue": "f4caf0d12844219b65ba42edc7ec2f5ac1b2fc36a3c88c28887457275daca1ee" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/C.utf8/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-C.utf8-LC-TIME-bc498e83cc41964a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e619a4db877e0b54fa14b8a3992da2b561b3239b" + }, + { + "algorithm": "SHA256", + "checksumValue": "0910b595d1d5d4e52cc0f415bbb1ff07c015d6860d34aae02505dd9973a63154" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AG/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AG-LC-ADDRESS-5736fecaa205a84a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "de46924fd6db68ab627292c487de86cabb72dbd6" + }, + { + "algorithm": "SHA256", + "checksumValue": "5978e9281ccc79389007f970fc8ab5d2aea6d44520d177c4771762ca3bb4dd19" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AG/LC_COLLATE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AG-LC-COLLATE-b7fdb8e1cc4478ff", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "62729daa665129c7cf74f746439d696d5bc0b41b" + }, + { + "algorithm": "SHA256", + "checksumValue": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AG/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AG-LC-IDENTIFICATION-6250bcdea8ac266f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "efef7d7bdd2b96aa090c7a82d72f4da30535f3c1" + }, + { + "algorithm": "SHA256", + "checksumValue": "5c2126bf3dc5336ef02b099601ebb73f376a02028f704f545fedcfe06b3f03ad" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AG/LC_MEASUREMENT", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AG-LC-MEASUREMENT-76c4882206ff7296", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a7d0d264f9ded94057020e807bfaa13a7573821" + }, + { + "algorithm": "SHA256", + "checksumValue": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AG/LC_MESSAGES/SYS_LC_MESSAGES", + "SPDXID": "SPDXRef-File-...en-AG-LC-MESSAGES-SYS-LC-MESSAGES-d567e3219baf5464", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7597a7a6f7e3c6ce06533debe24130833112ac3a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AG/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AG-LC-MONETARY-4aa127ec7276729a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "eeb2e5ec25ea11368f1947ba883a9f21a842bf29" + }, + { + "algorithm": "SHA256", + "checksumValue": "459e7bdad4cb9088a80be523db455df3ceb6de9996adb2143e10f9f924771b40" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AG/LC_NAME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AG-LC-NAME-c0f9fe8472cd70dd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a1a2eabc4a2a2da47d7a90d36b4d0826aac03c73" + }, + { + "algorithm": "SHA256", + "checksumValue": "2d776e660519a0af4e766d36c0698101f73e1aed52c30b14588205ee5d76adf1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AG/LC_NUMERIC", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AG-LC-NUMERIC-6da63bba4b634c31", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b97e5b9eaf9f831350ab5e5c8c9dbffb43703ffb" + }, + { + "algorithm": "SHA256", + "checksumValue": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AG/LC_PAPER", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AG-LC-PAPER-0dc3369aa146566b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "567aaf639393135b76e22e72aaee1df95764e990" + }, + { + "algorithm": "SHA256", + "checksumValue": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AG/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AG-LC-TELEPHONE-8f4f44e4835c3a73", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1dfde2e71e968eb0595bdb978b362520186096d1" + }, + { + "algorithm": "SHA256", + "checksumValue": "116b926988a5c927fdf45e4f447714e7f1c4c590ed01a38f420c72e44ae44646" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AG/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AG-LC-TIME-c2f201c1032e0240", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4366a7c64516bc16f14abbad607de613cad3124e" + }, + { + "algorithm": "SHA256", + "checksumValue": "fc81b0ea5617a8015c1803e5ad4482b7775fa384e39056a193fd8af4fc587009" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU.utf8/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU.utf8-LC-ADDRESS-d3b5eec6478e6b93", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b56c621f00f1ef2426b5ea8338b3052094692e94" + }, + { + "algorithm": "SHA256", + "checksumValue": "516d74b4d116466da833bfa0b69772028d1d025b34b44c1fda5461de3449c95e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU.utf8/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...locale-en-AU.utf8-LC-IDENTIFICATION-bfea4ce3ba74bdeb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fbe5bad893f69db5d06319d9da9eb3afacda87fe" + }, + { + "algorithm": "SHA256", + "checksumValue": "5334b303404cb4d6d372c4f2330e258f1b811135179d87f92e14bc88cbea9719" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU.utf8/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU.utf8-LC-MONETARY-974130794f3b583f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f3c9533b5d436a28d5be2e9a32eaee90f28a4a78" + }, + { + "algorithm": "SHA256", + "checksumValue": "6e3ae2ce05e3ca1f190b189850b5b13f1e6654e969d847aeb5cf56cd810de14c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU.utf8/LC_NAME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU.utf8-LC-NAME-680d915f9f7beadd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cdd7dd12c655114a21aaf32f6d44c5ad8d36cc69" + }, + { + "algorithm": "SHA256", + "checksumValue": "710d69ab9ac421f7da9a54bcc5a6cca6ce07f1a3a52840a2fd86879d9417a961" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU.utf8/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU.utf8-LC-TELEPHONE-1f464d6eeb356353", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4b74b54bbbb664dbbf3b9b7f7dbeca35b31a4109" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc0473765b4eaea165a30bc7503edf05bf8a05216f883b4038bdb8ed2d69c98d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU.utf8/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU.utf8-LC-TIME-5eb6f052fdcfeb64", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d748a532533418f2be13f9459be0ed2dcf143161" + }, + { + "algorithm": "SHA256", + "checksumValue": "51d1e09aa1fdda7f181ed2a5a336b000333dde888f80bb1bb40c216c36bb9cc8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU-LC-ADDRESS-4579654fe5e2062d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8d1d8bb28afef3ed8996eeea2ec513d784d9bde6" + }, + { + "algorithm": "SHA256", + "checksumValue": "ad7c9c1a9dbde81c1d117f245303c42e11758ec204657765728fc77b75ee4e31" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU/LC_COLLATE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU-LC-COLLATE-e30f4ca4aab12940", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3aa7a0c0ebac6fbf2bb1245c7e672dbab536f285" + }, + { + "algorithm": "SHA256", + "checksumValue": "c2228135bc5d8d23e511af634953113a89e4d50cbd0d8375a60b3da879f457ba" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU/LC_CTYPE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU-LC-CTYPE-f3334cd6d5a4e692", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "629597526f45e697043011633831202f37e1c577" + }, + { + "algorithm": "SHA256", + "checksumValue": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU-LC-IDENTIFICATION-622ce1883f901aaa", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7f8f9559e4fdc215c115095dd805628cd017763f" + }, + { + "algorithm": "SHA256", + "checksumValue": "5988c4157eb89d3ebb4263815443bb541f25f75897b8f7a52b65b17ef925f14a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU/LC_MEASUREMENT", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU-LC-MEASUREMENT-3f4b0a2e212ca8f0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c47199c7301f82ae3137ba58f8583b5ab9c73387" + }, + { + "algorithm": "SHA256", + "checksumValue": "e471915853f417071f841415994bc4a0befb771b3ab2ca07e705b9c9d7aa9569" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU/LC_MESSAGES/SYS_LC_MESSAGES", + "SPDXID": "SPDXRef-File-...en-AU-LC-MESSAGES-SYS-LC-MESSAGES-782ac26529b02d79", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b2a0ca9b75cdf8b58da75521b70dd002fa3c6d10" + }, + { + "algorithm": "SHA256", + "checksumValue": "092c1b236815302e33b5dafaa68163b77cc7f5fc13618724ef2bf3b99dbb11c0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU-LC-MONETARY-c1e5d83ac54e0817", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "db16eda02a89798822d19cb1adbbd94adc3d829d" + }, + { + "algorithm": "SHA256", + "checksumValue": "af66cf344e56185a2a01ab9c6a5c704cc7c09ddaf71ca2fb59a5eb3570247f13" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU/LC_NAME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU-LC-NAME-4cc2957527bb1e76", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "269ac7bd9612418f348d662029e2363f7c2c8d59" + }, + { + "algorithm": "SHA256", + "checksumValue": "4f76a728f941c8c60545a5a351b84e0e8d5fc2cfd2d58b57ef7df68bf9ff0b2c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU/LC_NUMERIC", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU-LC-NUMERIC-9782bb361b4231ac", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "34948c970ba6163c41da1dd9b56f94236727e4c1" + }, + { + "algorithm": "SHA256", + "checksumValue": "82c765bea6a0c5f953d22b2241ec3bf5b2b5f8566d64301314fc1eb8777ff2c2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU/LC_PAPER", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU-LC-PAPER-02257acfd818616a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "92eea24d1994d4060f246974a71136540580bfc0" + }, + { + "algorithm": "SHA256", + "checksumValue": "7a0be06f05dea974a4ad8b2b2d4a7fa2703bc25e45198fdda5b8f4507c5b881b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU-LC-TELEPHONE-dccacb9cf76e809c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fed428006cb0265bfc42947f3c90c6c7846d296d" + }, + { + "algorithm": "SHA256", + "checksumValue": "dd878a170db9b554d67b558d603d9b1d8ee9ec1769acd723267b2c65af6b97f1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_AU/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-AU-LC-TIME-3fa74a4ea1c7fe73", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d5c66104a714e363214af6bbc12fa29154a901a5" + }, + { + "algorithm": "SHA256", + "checksumValue": "bf82d3292127f262668eaef86f1cd112889c11218778e6b61449aa740f888e73" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_BW.utf8/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-BW.utf8-LC-ADDRESS-4165522a6a93fb52", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "268f16d8d7f5e2770b29fad4ff3dcc990ebb7895" + }, + { + "algorithm": "SHA256", + "checksumValue": "64324d4177a468f0ae88a84791c150c1df229162e029f582e90665c3e48b6e99" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_BW.utf8/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...locale-en-BW.utf8-LC-IDENTIFICATION-385eb7ca2b5df1db", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dc49c5b921ad9e122724a2ab3badc50cc2dd798c" + }, + { + "algorithm": "SHA256", + "checksumValue": "6e32bd5c935dc5428e51e4662e79d60f2a2bc8e0629e890ff8428deb9a06661f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_BW.utf8/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-BW.utf8-LC-MONETARY-68c2a41d3a42213a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9c7adfef227563f9d8133a214334c635efea217b" + }, + { + "algorithm": "SHA256", + "checksumValue": "d4b9df2ec1f6da0a70a0ebe19bfd87b6889e4b7f236c47ff4fe1ec5cebd078fd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_BW.utf8/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-BW.utf8-LC-TELEPHONE-ef62cd45a6099251", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c4b38499c76fe9081cd7f61b234c1a8317e3ef2a" + }, + { + "algorithm": "SHA256", + "checksumValue": "b84e8cfa9c5d06d2e577630db71bc359313bfffb07220b5572f4da7a979d12c7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_BW.utf8/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-BW.utf8-LC-TIME-bfaf25a4fb40dc8f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16299b0f6bc007e5f463114d927011189c2060f4" + }, + { + "algorithm": "SHA256", + "checksumValue": "cb557c98fea141e7ae22af68357d162d6f103823dbdc5cbf0a2c8ab16dcf9cd8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_BW/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-BW-LC-ADDRESS-d530bfc779b8307b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "778cc8c620174fbb7f5ea272ed98d19b37dda1ae" + }, + { + "algorithm": "SHA256", + "checksumValue": "b5ce1187470139c1a321b087b50248f6ed4a29e15f2bef2ea6afd02c3696e66d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_BW/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-BW-LC-IDENTIFICATION-d6bbe8bd06422fa4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e462a6d44591faca274b30b5c8f7456c8fc91522" + }, + { + "algorithm": "SHA256", + "checksumValue": "25b6bce71e4fe49c8fff65074006ccc6bb07eba77f618149558f35ed3294b8c0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_BW/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-BW-LC-MONETARY-6dcc0570c216e03b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c2105ba573af6374bada1b62d7cbaec9b29f5f8e" + }, + { + "algorithm": "SHA256", + "checksumValue": "6d7d95c6fc1dbf725a5ad7202f0225d8c1a0872fa2a9d71e0e390fabef66a80d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_BW/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-BW-LC-TELEPHONE-46a2402991369690", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ed6a216f03a47495db1a06a3c989aa9710610ea2" + }, + { + "algorithm": "SHA256", + "checksumValue": "1511760e00244ac5bee008dc6013b344c01047702ea6612e023163bb2331800e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_BW/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-BW-LC-TIME-6504c999649c2c74", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e45c6ce5b1e68bf9aa18baf27a57197a19af7f05" + }, + { + "algorithm": "SHA256", + "checksumValue": "25b3eac7018ba833f187bc03601ede03feb3d58edb992b5742105534055d0df7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_CA.utf8/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-CA.utf8-LC-ADDRESS-1e13f4e55de245d4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8f44a0ba84a4ddd00ea9185fd6c198633a220286" + }, + { + "algorithm": "SHA256", + "checksumValue": "9beb276898ada74bfdb3e58010ad50d848dab826831ffde8172987b15da7609f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_CA.utf8/LC_COLLATE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-CA.utf8-LC-COLLATE-9c6cdd46d7063a23", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5026ef0ad708abeb0ed50485ff0ad324503b0397" + }, + { + "algorithm": "SHA256", + "checksumValue": "df5373daa0bc801de7dac8b3bac56bf41f7c33a8103115604bbd4a6d5759988a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_CA.utf8/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...locale-en-CA.utf8-LC-IDENTIFICATION-8591b67cf420ee02", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fa278e204b99c96682cd538ba2f1ca00363eeee2" + }, + { + "algorithm": "SHA256", + "checksumValue": "a0f759b1e390a27af7043b36afdee6ab1a5e0fe3edb0522b95d027c323559a9f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_CA.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "SPDXID": "SPDXRef-File-...en-CA.utf8-LC-MESSAGES-SYS-LC-MESSAGES-88501f138668e3e3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4df66b7aee63c0a6aeaf74153723425afb46eb6a" + }, + { + "algorithm": "SHA256", + "checksumValue": "278a4c06b0844aec3784d927e60a27fc477a8f1259e5d4ecfaddff635b9f13f1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_CA.utf8/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-CA.utf8-LC-MONETARY-0534dc3d0fb74b3b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3cd11f954628b5c7881aab191cae64625628afb3" + }, + { + "algorithm": "SHA256", + "checksumValue": "113ab7fce8ea21d471f6f99dbff4b194f106b065d16a8d28cc244ab3dcc29298" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_CA.utf8/LC_PAPER", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-CA.utf8-LC-PAPER-bae8bf6c7a730366", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ff8c7709fb6223661b805361b36d4419cdf46b5c" + }, + { + "algorithm": "SHA256", + "checksumValue": "b4b7da39151376fdb0e8f7c35d0dc2335d2f1149fdb23882143ac1604c3f8a43" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_CA.utf8/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-CA.utf8-LC-TIME-fd5ce8b428ca3c7e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cf5c9cb31270a2a8e8bc66f24aa4aeae3f2ad8c1" + }, + { + "algorithm": "SHA256", + "checksumValue": "d7452927e255ed08d63ce210fffcff32bae9df2efa0d8400751b9466bd768711" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_CA/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-CA-LC-ADDRESS-4e0b9ca36bc71db2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3274c941bfd98e0615875ffcd7bba084f87748ee" + }, + { + "algorithm": "SHA256", + "checksumValue": "fecd709136dd8aa0b0922433f514200bde9bb639af593f8a368fa32221118bd7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_CA/LC_COLLATE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-CA-LC-COLLATE-e68b7ef714eb5304", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "77e5a0cce995729dae3a3da3deae99345bc06fd9" + }, + { + "algorithm": "SHA256", + "checksumValue": "86ce39ae32705e44d59e0f08ad3eca7e988303700ac14dca60588ea6c395fe00" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_CA/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-CA-LC-IDENTIFICATION-5e906942ffbc22ef", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8fcaf4cf52ae26b0715c53a2bed332b9dea1524e" + }, + { + "algorithm": "SHA256", + "checksumValue": "4c9872dc999eb8518f51b21464ad5f880c0551d99315595bbe5e924f42cdb9ef" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_CA/LC_MESSAGES/SYS_LC_MESSAGES", + "SPDXID": "SPDXRef-File-...en-CA-LC-MESSAGES-SYS-LC-MESSAGES-11ad1e501ff5a517", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cea2e8987f2b04dc22cb3fabe3a38b1c687429e0" + }, + { + "algorithm": "SHA256", + "checksumValue": "d5d24009a728487d62b12d1db7da6851f1d44dfebd102d038ebdfcf047c2a525" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_CA/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-CA-LC-MONETARY-c86ca3a145e632c3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a450ef07053f369bb82a9ebda0bfa1eb593bf90d" + }, + { + "algorithm": "SHA256", + "checksumValue": "a957adbbd6baf3d5a9c9a49df0d7afd2a63552a335a5b80b0e37950cb4b8010e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_CA/LC_PAPER", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-CA-LC-PAPER-50fae05699f85bc0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a523a0d5fc351a68d989832d4725a3c53aad1eef" + }, + { + "algorithm": "SHA256", + "checksumValue": "9178bbf7f3d7895e793966adce6029bb27624950e84c3de39a8fe249a7edc57c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_CA/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-CA-LC-TELEPHONE-3b774200efaaa5a3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e3984fef1a0da61f561afaf0eef4991a9c592bf2" + }, + { + "algorithm": "SHA256", + "checksumValue": "a52a419ef416e12318ffd938dc5abd44787b7fe7a3cc914dd5862f17fe63dbe2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_CA/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-CA-LC-TIME-0d602d287c631d2a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1b318133f81289bbced5d0626e184bc521a585d1" + }, + { + "algorithm": "SHA256", + "checksumValue": "ae8d5b2abf057f12a8c71a610743521e3c3df976d397eda967853a140254d9ef" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_DK.utf8/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-DK.utf8-LC-ADDRESS-47048e5e680f4587", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e88b2309b15df8a0e8d8030a12407ec16946d5e8" + }, + { + "algorithm": "SHA256", + "checksumValue": "8797ca35c1a1b0a8830b137326a07bfa876b6ebc04fd4f41dea9345366be0eae" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_DK.utf8/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...locale-en-DK.utf8-LC-IDENTIFICATION-19819003d8ead48e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3824525c0836311f485a3c7cf9691ca51099dd21" + }, + { + "algorithm": "SHA256", + "checksumValue": "cf27d8073b982c657c1a4935355e5f3b7ceb11d1f4aa75dba946cbe1fc69cca9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_DK.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "SPDXID": "SPDXRef-File-...en-DK.utf8-LC-MESSAGES-SYS-LC-MESSAGES-5767a909fb45a626", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d4e64af0f7e9907788f8500b9c7c439b9d8ba1fe" + }, + { + "algorithm": "SHA256", + "checksumValue": "449dd6201f0ceba37162899a31cf7e940fbc6b3cb4e55727df73731214da411b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_DK.utf8/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-DK.utf8-LC-MONETARY-16a3dbb47e4b6133", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7d30c7879543240454948d23b9bdb2b3f2e40021" + }, + { + "algorithm": "SHA256", + "checksumValue": "2869f9f858a6dea39b6760fdd37b83f35a44bd7c3bf549be66b85c9f5b84aca1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_DK.utf8/LC_NUMERIC", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-DK.utf8-LC-NUMERIC-69116ebb76b98b3e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "155febbaf8a258400c858e027761db0161a77f28" + }, + { + "algorithm": "SHA256", + "checksumValue": "e74bd3fa29aab46175b94c0729a46cefe6568d61e41d03ac62485a88c5bf904e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_DK.utf8/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-DK.utf8-LC-TELEPHONE-f6c24750a9f85cd6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "62727b2f59b5ee0f8139a4db26601654ead0116c" + }, + { + "algorithm": "SHA256", + "checksumValue": "1b322d54185175a6f99c0f200e75f45748a5dc24e81cf9deceeb3b4b08125df9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_DK.utf8/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-DK.utf8-LC-TIME-648b8f4491ceb0cf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b12bca67a7418a9c0751ba50551ab4d65ff49975" + }, + { + "algorithm": "SHA256", + "checksumValue": "77650f06b37ea464e1521af5d88e085fabd266d1fa6dbe61c6395422ee8e9f00" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_DK/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-DK-LC-ADDRESS-763253821f540b9a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "26a51733f5bd5f3bc2a3ae2bd5936e0314ac546d" + }, + { + "algorithm": "SHA256", + "checksumValue": "c49028ffbcfe8a613e1c3106eda1a5b3e04bcd3df29777f38f4a654c84831b11" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_DK/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-DK-LC-IDENTIFICATION-d4ba241ccd0a78e0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "43ca7d532ef9da811f2ed309f6d907b7b8dc9296" + }, + { + "algorithm": "SHA256", + "checksumValue": "bbfde7324ac2582b5158a8fac1b1743a4e2d061cea38aacd11e8303b07843c1e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_DK/LC_MESSAGES/SYS_LC_MESSAGES", + "SPDXID": "SPDXRef-File-...en-DK-LC-MESSAGES-SYS-LC-MESSAGES-43377cb0de103532", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "20ba0e19b6d7f02ba81ce94c9956d60ad0b07e3a" + }, + { + "algorithm": "SHA256", + "checksumValue": "c8041aabc69941a829c4d685307dfadaf2b75229dfaaf9cd14dc45c4a6b06781" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_DK/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-DK-LC-MONETARY-f18f06f51704cd09", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5492c6c8f3b805ba3350c01fc98d964827e5e3e3" + }, + { + "algorithm": "SHA256", + "checksumValue": "8e95a180d06b5bd2bba38b325ed25248d34e33b7105469df33f9f2cf97be70f7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_DK/LC_NUMERIC", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-DK-LC-NUMERIC-1564dba6a452deef", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "53edecfe47d3868b14eedd4c88afcb25414869ab" + }, + { + "algorithm": "SHA256", + "checksumValue": "39785e9425c73fd1a0b47d9d4610f9c9f8b692a9d02caf7994ddad249bf53f98" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_DK/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-DK-LC-TELEPHONE-9a4111aa70462d0a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b76a686c848e05d06b7b443aedfa9072c253571d" + }, + { + "algorithm": "SHA256", + "checksumValue": "2cb7fcb60f7531b60b34084774a136579f72b70e9fa4f6de01bac9808b4b3fed" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_DK/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-DK-LC-TIME-5dc58b5b9c05615e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "35af5ef8f67cb333257156feda0962c1c14ee194" + }, + { + "algorithm": "SHA256", + "checksumValue": "74aa1c90a38fed0476594f2013385a79dd53e02b157db3384d324cb0dc2ed49b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.iso885915/LC_ADDRESS", + "SPDXID": "SPDXRef-File-...lib-locale-en-GB.iso885915-LC-ADDRESS-e26d1e58e38fc335", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5de8962a7b6475f531f69fce76c598ab8992b100" + }, + { + "algorithm": "SHA256", + "checksumValue": "4f94a6e36ab13c81ebcc9e7a5d7f6a7ea171d5107990df0af1cb76475704f0fc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.iso885915/LC_COLLATE", + "SPDXID": "SPDXRef-File-...lib-locale-en-GB.iso885915-LC-COLLATE-d81fac72cfcec764", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6fad093c0839f20c7594060506ab33894a72aa70" + }, + { + "algorithm": "SHA256", + "checksumValue": "0fdeeec6c7d3489ec0693a457d3fbd8e01af07cb5ad6cfdc159777e291298c97" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.iso885915/LC_CTYPE", + "SPDXID": "SPDXRef-File-...lib-locale-en-GB.iso885915-LC-CTYPE-a17169af35cc9326", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5c0f45be1a8f4a4418105e71739c4dab7e854610" + }, + { + "algorithm": "SHA256", + "checksumValue": "b1ebddb48ccb5dca8a73bb3f3bb731de3ce8b0ba3e3c347c67ab8c251d834d3f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.iso885915/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...en-GB.iso885915-LC-IDENTIFICATION-0be7d3b586c46105", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ee34e8cc8d8f60cc489ecee1f5cb95ada479c09a" + }, + { + "algorithm": "SHA256", + "checksumValue": "512a4fe4f25b06b8f3ec49f398c9ee9ac0213a95e547398d1afd028dd53999b1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.iso885915/LC_MEASUREMENT", + "SPDXID": "SPDXRef-File-...locale-en-GB.iso885915-LC-MEASUREMENT-d12bc318303a114d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2f801db13adfd7061ad9ccc2ed6208d4e854b7f0" + }, + { + "algorithm": "SHA256", + "checksumValue": "a1a6dad67e57c0d5614d6b645dcb8edb4a8afed90012486420810087b6a4bde7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.iso885915/LC_MESSAGES/SYS_LC_MESSAGES", + "SPDXID": "SPDXRef-File-...LC-MESSAGES-SYS-LC-MESSAGES-95dc35df297b0e5a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4bc55f4f1952b0298e0d80572d3fa72a863c463b" + }, + { + "algorithm": "SHA256", + "checksumValue": "d7c9ce656ce7e1007a62b9922885d2b14588754249d01a2c492bd82e4a122ec0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.iso885915/LC_MONETARY", + "SPDXID": "SPDXRef-File-...lib-locale-en-GB.iso885915-LC-MONETARY-ac0f215e0c0a19f5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "71f29d62764a90169c15b92e00efb6789a2f74f0" + }, + { + "algorithm": "SHA256", + "checksumValue": "95e6e76420dfadb08ef4ab7e4f0cb799a32012d2716fffe150661cce3a37ad7c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.iso885915/LC_NAME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-GB.iso885915-LC-NAME-6b33d60371bcefe8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "85d10e19fc2bd184d33501e092c5773068c881e4" + }, + { + "algorithm": "SHA256", + "checksumValue": "ff2e587e65da8c310a5c5185daa5dc054a8e1cbea759f33641d04684411643fb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.iso885915/LC_NUMERIC", + "SPDXID": "SPDXRef-File-...lib-locale-en-GB.iso885915-LC-NUMERIC-6f957c50a76c70a2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "48422415ca5c01a425c3277eadf5c7670f6c3425" + }, + { + "algorithm": "SHA256", + "checksumValue": "cf7d9da93c5845e8a870aee4fe9729bc250b129f7a43d248412c33ca722137f5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.iso885915/LC_PAPER", + "SPDXID": "SPDXRef-File-...lib-locale-en-GB.iso885915-LC-PAPER-bfda0b536a3e99ef", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0548b89d28a2ae258c0decb57b03685577fc76e0" + }, + { + "algorithm": "SHA256", + "checksumValue": "ca81b12c9d87f73225573bd671577d39e5f21a2b8a487774f01e6e8b04e32290" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.iso885915/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-...locale-en-GB.iso885915-LC-TELEPHONE-131228cffbc275be", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a82b184606fbae45f5023834c47cbfe5f9f173c7" + }, + { + "algorithm": "SHA256", + "checksumValue": "873bc0fed6082d2b8ddd1788cb60d768e8ceabb906c9e2c79c91cbfa97b8ee40" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.iso885915/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-GB.iso885915-LC-TIME-5256e0f5d831158a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "78896e7febca21b2737300eec0cadee8e4c2326b" + }, + { + "algorithm": "SHA256", + "checksumValue": "dfbca84cfa9f63e766ec0b9cc0b77cfe29b023e07394b9bfd9015a171d8050a5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.utf8/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-GB.utf8-LC-ADDRESS-b311c3d3b34dcedf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fa7a5b80b2d442e9c5bc8e3504ebd56e7bd1a3a4" + }, + { + "algorithm": "SHA256", + "checksumValue": "2e79e6fa009a80c248f350fdc58299e2f3b849253fbe934905f24e257bb02c60" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.utf8/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...locale-en-GB.utf8-LC-IDENTIFICATION-3c3157b9737f6049", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a6b33426e90246729a695afa8ddf500a8e7897f4" + }, + { + "algorithm": "SHA256", + "checksumValue": "51a3b8400e0cc2ff5443f7d77d95c56f9ea47e027f0f85ec7fa5d02058aeac99" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.utf8/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-GB.utf8-LC-MONETARY-7e55c4da2785d9b9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0af6de9b5a9511797f6d36d0b1afa9fc24fd8e87" + }, + { + "algorithm": "SHA256", + "checksumValue": "f2e9ad7ed04a6eb972c30acb5433f4b530464a8882f57cb9d3391d34633c31a2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.utf8/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-GB.utf8-LC-TELEPHONE-38223e6d17b74cc4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f203008edebd8ac0994206bef79fd9537bef104a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ddb8c313bd9008bceb65ca9142715400e5d6ad11bdd5079044e21a88996a31b9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB.utf8/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-GB.utf8-LC-TIME-7a8af1ed46dd9f8c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "82cc9ff693e207ca17c80c9b40de3dc8f0346565" + }, + { + "algorithm": "SHA256", + "checksumValue": "24545b905165763a1f998fdd5d945dae7bf3364cf9d2dfd4281e34695d2d40ac" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-GB-LC-ADDRESS-9cb0c3f864e39d7d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1ef488daf4dbbcac459031c632fa9b9680537801" + }, + { + "algorithm": "SHA256", + "checksumValue": "291964c94077552e0b6d15ae3e5c152244c76734e88b5ac10066eae889c81d07" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-GB-LC-IDENTIFICATION-803e68723aa983bc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fce5d65397ba6cfa93be90bf1f7e30a8f614234c" + }, + { + "algorithm": "SHA256", + "checksumValue": "20c9f7e0af4824b9e1acc2a929df97e995a799afde8496b90e2f7712e618cd7d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-GB-LC-MONETARY-087a30a47e7d2808", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "26cd120d6eed5b8ef33beb6d49b015e879de53e4" + }, + { + "algorithm": "SHA256", + "checksumValue": "40aed2f7b350ba3a4310a1717205280143ebdc72ef379734924b2973acb8c5ba" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB/LC_NAME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-GB-LC-NAME-660be2e6c4fdd627", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4425cad4353b6304714640f75521b93da1174fdd" + }, + { + "algorithm": "SHA256", + "checksumValue": "389ae37e836db8f0dfc79b1f2b8d232c335b39118c831b48c6bb4abf87accb61" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-GB-LC-TELEPHONE-6789fad1f0696709", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "259176b5f2d85b96c15cbdd1b2f042158c43cdf1" + }, + { + "algorithm": "SHA256", + "checksumValue": "45e005598e46ee7b1cd54cfd31a21c60d17f31a5667d581e4cd17e4c506f2d14" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_GB/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-GB-LC-TIME-687713fa2fab73f4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b58d767fe0d77adb7dba55fd0dfd317408ed4768" + }, + { + "algorithm": "SHA256", + "checksumValue": "0cb878b7be7f6a99b63cf3100b41879da70f8937daf961f459e42f6e6261fbfb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_HK.utf8/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-HK.utf8-LC-ADDRESS-a2ba436862b4c3c9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "502bf78d07fd1432a50e02a6fe7ef1df60e226e8" + }, + { + "algorithm": "SHA256", + "checksumValue": "f2dc97f9b335d44f0e42781b321385a4a71ec2d12bb950ee9bcf72775149cfad" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_HK.utf8/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...locale-en-HK.utf8-LC-IDENTIFICATION-a41b1715d686046c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cf65263906b35d585f248c239947dc0a0cd6c025" + }, + { + "algorithm": "SHA256", + "checksumValue": "6594c23c2de52aa17628a61b95b4c041ae7a482bf354da59281d13e2a6ccc6cd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_HK.utf8/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-HK.utf8-LC-MONETARY-3cd8731281643bb5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7e55d38b395c7279d1c166325dfe177066111ff2" + }, + { + "algorithm": "SHA256", + "checksumValue": "f4a5bb46bd61b69dab850b550f5700e35c2755ffcd667cb74549ccf854987ad5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_HK.utf8/LC_NAME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-HK.utf8-LC-NAME-9c721d319e583619", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "df37f9af70c2248ebc34c50862f4d121b3994793" + }, + { + "algorithm": "SHA256", + "checksumValue": "f3823b4d715e6b888119094a185041e3f8b4165b50408984d104618dc7afeed4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_HK.utf8/LC_NUMERIC", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-HK.utf8-LC-NUMERIC-f079b2527f88b717", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "06336090b14f253421dbcdc0f98677a4f0ab3b64" + }, + { + "algorithm": "SHA256", + "checksumValue": "5172617c05a37b20bf980ca047b35da4ccc281be9672df40b267dbc0a7d69c09" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_HK.utf8/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-HK.utf8-LC-TELEPHONE-087d554a60a9e9a2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e3fd3d7b81e0ca0e4288f101b9adda70f9af47f0" + }, + { + "algorithm": "SHA256", + "checksumValue": "6e3c2f01f599ca8f1077f500f68da6acf19737b1c58c2480ce27f7ce2e999f2a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_HK.utf8/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-HK.utf8-LC-TIME-bef7f4538e099681", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1744aae507bfc1be4ddcd2cfeefadd26d3374e51" + }, + { + "algorithm": "SHA256", + "checksumValue": "cebd2385796377658b8160e4c4cb8ba525d2bc3d968e4daae20ce6cab1afe2c5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_HK/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-HK-LC-ADDRESS-9147bdfb83baaa78", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dc5b628a89cc0fe37023187e3dd9a523ef4c0c83" + }, + { + "algorithm": "SHA256", + "checksumValue": "85ef03913f22c15ca19e194ebc4a0e36fe2321bb37895d4f09db97b17b79a362" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_HK/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-HK-LC-IDENTIFICATION-f1903afcd8474e29", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f798b118e2baad52662e835bdf6a0f89fdf83f95" + }, + { + "algorithm": "SHA256", + "checksumValue": "69fdb3b1eb3184fc07fe585ebcba517c0f8899dc1734ad8c0afcb87a04157019" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_HK/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-HK-LC-MONETARY-d6412a0d6661438e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "242c5bf42b63d141155b58026a9ebb15b766869e" + }, + { + "algorithm": "SHA256", + "checksumValue": "c0137e48e5022922ade0bf1685183f5dbf5d05cd77beb0f0318cd193527648b5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_HK/LC_NAME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-HK-LC-NAME-4fad18e9f1f34949", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b65824e63132af3fc6d4b3014bee425658621844" + }, + { + "algorithm": "SHA256", + "checksumValue": "4fdb2bdbbdae73c1a31fe08f7e1bd008754a35bb3fd399c6cb1df3d9bbb32aa4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_HK/LC_NUMERIC", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-HK-LC-NUMERIC-6e606d6a2b91f0ad", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7f4049717dc8dc2e4feeef5bc58d73bca969001e" + }, + { + "algorithm": "SHA256", + "checksumValue": "0f5496ab7b0a7d93b66d802ab6410c4ab07efa8e85b71692bb40207cb8a9397f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_HK/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-HK-LC-TELEPHONE-016345ea3b4fbc1e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "41da8977300a68f794b6e42ff15865af106c73fe" + }, + { + "algorithm": "SHA256", + "checksumValue": "677e406878326f8bb70332f80aac524139ecf0eaea0fa47d4a608994b5ee75d8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_HK/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-HK-LC-TIME-c831e9a251cf8488", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d63c8bd64f338fb7b52cb8a441f6aa394ae1fd35" + }, + { + "algorithm": "SHA256", + "checksumValue": "60d3ed792af65235e691f97a936ecf68d784e5d6b40cde41eea03da7000907e1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE.utf8/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IE.utf8-LC-ADDRESS-8b33184254ae6925", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "641e8b0d8c5858a4548c6b75637dabf768ec3349" + }, + { + "algorithm": "SHA256", + "checksumValue": "afba6685620272060f18ab4ff8391994dad024229f09c84aa94f66dbfec6d5bf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE.utf8/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...locale-en-IE.utf8-LC-IDENTIFICATION-8f90cf55604a5833", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "852b49ff29f11512a583448c8a6b9b683b5000ee" + }, + { + "algorithm": "SHA256", + "checksumValue": "3982aa6febb1137e50ea814298e9a5cee5bb8a17bab574be346d2b92f1f13cd0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE.utf8/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IE.utf8-LC-MONETARY-e4e3ef91e2d6537d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "938938dcc2733f1ed94a9cfbb8fffcb81ba643e3" + }, + { + "algorithm": "SHA256", + "checksumValue": "a9d8a91b113acd62cb95ff336285f3ef21bc1e95375f4e5de4dab8adab8b1bcc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE.utf8/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IE.utf8-LC-TELEPHONE-9427f51900d8d63a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7ff2a971f2707a50982b6eb377492e8b8f03dcdd" + }, + { + "algorithm": "SHA256", + "checksumValue": "5fa846f4a692d9c1ed30ba5b53f419c4967f1925178aa102da09ce75780a18ca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE.utf8/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IE.utf8-LC-TIME-6e41a6411c90aee3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "61768444ab0c3e40fb53fb34352ee94d707efa7d" + }, + { + "algorithm": "SHA256", + "checksumValue": "b50dd0a6bc80f6bc7718b06c9119c1ed0cef013002f606709acc2596a27cf1d5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IE-LC-ADDRESS-a657e0e2c72e745a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ef41e320c6ccf69e8d731876a96db0495a52b439" + }, + { + "algorithm": "SHA256", + "checksumValue": "9578d6f0fc0768b3e09e8118bb369342e3d4b7fa95f05ea226847658c0dead3b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IE-LC-IDENTIFICATION-3481bc602338f6bc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9d42f14af0d0e9bf04b44ac0f27b5fb2fc0ad30f" + }, + { + "algorithm": "SHA256", + "checksumValue": "d8ebe38e45b6d6a5335dc80b1ed15b9b0672fd41d846c49ac506c07622e02ae0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IE-LC-MONETARY-3a971696e0257f4b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6144944af118c9c1e075f2642bdd54c27daae8dc" + }, + { + "algorithm": "SHA256", + "checksumValue": "3b551ba69af8f09b18d96849d5d4668573352e05d65c2c4e051cab43a8e7a0bb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IE-LC-TELEPHONE-e2e8cbd2f42860b0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ef140786dcb9ac4d17b4b4129a4a270db2a99d1d" + }, + { + "algorithm": "SHA256", + "checksumValue": "601efdc587d6d29de3dc6dc23d308a7bb764b4e0f817276a7d055c37c09600f9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IE-LC-TIME-e73c68dea9ebd6c3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e95b2becb45755494f229af65d822772d55324ac" + }, + { + "algorithm": "SHA256", + "checksumValue": "314cd9b6f0ac4fabb741538d4f23c827e340e3fa313e3d3f5073a0ca6a9a2f9a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE@euro/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IE-euro-LC-ADDRESS-7c2897b0b8b017d7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "768887a04882cb7c13f211e933439c1af0d1d6ae" + }, + { + "algorithm": "SHA256", + "checksumValue": "7de0f6f4a639779bb70c9371568323f73144150f648940efa4b7c4be4db16d91" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE@euro/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...locale-en-IE-euro-LC-IDENTIFICATION-40007b730202332e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dd03d1906789b53fd8517dbd1aa43ee45c449210" + }, + { + "algorithm": "SHA256", + "checksumValue": "51ea5c74ca943af16be679948957027318f0685c4c81bddb47e29ee9032bf9f3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE@euro/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IE-euro-LC-MONETARY-07257989d347eea8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6e6160c9d7b488a9e8f485dd1da7ba4fdf48e892" + }, + { + "algorithm": "SHA256", + "checksumValue": "35a500937035ecfb3117443209a29e6045956d45af1ce8fcdcd4b64d609c049f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE@euro/LC_NAME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IE-euro-LC-NAME-0bedf070662f6eed", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1a206ece817e239da208279277b4405a6a9f32dc" + }, + { + "algorithm": "SHA256", + "checksumValue": "a2877b465ad99b3e67c675eb6e73491eec3f1e7c362cf6b6773bd0f312f0c2f5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE@euro/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IE-euro-LC-TELEPHONE-809dd48a69e97c62", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "88aadb63af2ca75b60aff42ee397fc2d010c27d2" + }, + { + "algorithm": "SHA256", + "checksumValue": "5d95eb5f24c57d2344a46edd509a15b382dd03edc457d299ab89c2b8ef526489" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IE@euro/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IE-euro-LC-TIME-14542e0fa508d94c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5e309931ceccdfa54f1e9144790ff423975f00b4" + }, + { + "algorithm": "SHA256", + "checksumValue": "15dd19e0d67c1e8f3906cdcc944c268cc3c3ceb0f558c08f1fe03c2cddeee748" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IL/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IL-LC-ADDRESS-53a775065e12e26e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "899a2d0bc4396bbcdbfc749b14b0e07c39d36bfc" + }, + { + "algorithm": "SHA256", + "checksumValue": "b2b6d1ce3e3bdf8fc22261ac3cb2c7c0a072c4916327e4a2063fad386b5da8a7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IL/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IL-LC-IDENTIFICATION-69516bff7e8fe0b1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5686cde189d555c18e466b629c7435e6c465c2e3" + }, + { + "algorithm": "SHA256", + "checksumValue": "858942221aaa1a1f9c9d6672a02cda2067c4e6fbc68dcd6a7627457429d9f77e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IL/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IL-LC-MONETARY-f470afd6fecb1c57", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "96d093d880bda6f54243fdd825cca308f1b63f68" + }, + { + "algorithm": "SHA256", + "checksumValue": "58c940021b43f466bd9c693dc7057fb9cf42942062c7139650cbb89ad2e4f336" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IL/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IL-LC-TELEPHONE-ea26208b08f108be", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "beafc690b5d62fc9dee1d241a844d3337818e610" + }, + { + "algorithm": "SHA256", + "checksumValue": "e2f5faf52d54076c1e6266ef4c23665704c85258839818e37ee37a9f37c6edfd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IL/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IL-LC-TIME-72f8044f4347f883", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f610c879d12456c392a9afc915a1c38e04217957" + }, + { + "algorithm": "SHA256", + "checksumValue": "c0122e62acccf2f67ed1eff86b306f59497c099564822023955864f5eb2150e2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IN/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IN-LC-ADDRESS-0c56452f190f5e2a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f5b54be19ecd6c4ca59dca8fddd8810a96dc54bc" + }, + { + "algorithm": "SHA256", + "checksumValue": "b1657d241862c96091ccf9f6664d235b8bfdc12e3fbe2d1fb8017db2841bcf2b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IN/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IN-LC-IDENTIFICATION-96936d9ae77b6b26", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "48ab68fb30beefee31842bb25673373c61409c24" + }, + { + "algorithm": "SHA256", + "checksumValue": "35dbeb9a2bd857f95fba54fb322e6e0a5fa5c7a93e206132bf9960088b399ab3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IN/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IN-LC-MONETARY-8946a994e6c14dd9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bd0f0702484cd46a6789fba18ec668706bbcc4ca" + }, + { + "algorithm": "SHA256", + "checksumValue": "61a320a6571b954eaa6f39ef9c6f06f19b4121ea638c850f002a9af8a58039f6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IN/LC_NUMERIC", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IN-LC-NUMERIC-6f7db9001d123721", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "41223ecc14927d649a4f16ac2c10d7baadfb7671" + }, + { + "algorithm": "SHA256", + "checksumValue": "28696c445198df18662f64fe5300a1b762077efda709fbd85c4d006dbb89cdff" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IN/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IN-LC-TELEPHONE-6fa5d65ad06c31be", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2541d0f24fa8558f8fe0cb63dcb6e3e8b373f44b" + }, + { + "algorithm": "SHA256", + "checksumValue": "580b6e7771ceea7eb460ef02ab74fe0c9af2506f8e12a9fba38424550db10131" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_IN/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-IN-LC-TIME-e55a1736aab009ee", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "58218f8516c1d5c78a643b7461d8ef66c127bbaa" + }, + { + "algorithm": "SHA256", + "checksumValue": "c9c45b2923c4e065f3c2836a5eb7ca9d5ae55fddf5799004553a8fe30574a3be" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_NG/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-NG-LC-ADDRESS-d5da6b7330821348", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2e2635a2e20ff4245deb8eab5dce3d3bc03232b2" + }, + { + "algorithm": "SHA256", + "checksumValue": "317371a6d0e5bec610496599512b78fb29665dbe112e4490000b0e19128a6d46" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_NG/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-NG-LC-IDENTIFICATION-0ed734304b626d51", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2517f824c3ab8f3c4020bfbe2bf2e2c494defefe" + }, + { + "algorithm": "SHA256", + "checksumValue": "2f8297c7958830546d126a6f4d25b08e510f7fcea9e02ab7411fe8d966b41dc3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_NG/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-NG-LC-MONETARY-affc307a88d5ffb0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e1dbecc58a788a172a7cb1064fe2885be0e2e51f" + }, + { + "algorithm": "SHA256", + "checksumValue": "77389baab2204640b3710c73692750a699358516bd656938f4c200192e44ce0b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_NG/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-NG-LC-TELEPHONE-6dd9f48f9cc7324a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "95176449d300eea19ac43e683939970c034eb81d" + }, + { + "algorithm": "SHA256", + "checksumValue": "db478f53f42c264b025f04250d885f182f1f70fdbba458bfc000e3d484528e80" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_NG/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-NG-LC-TIME-974cb428e9efd99c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "768002e0be470dc45f443e12c53f7ef6e542960c" + }, + { + "algorithm": "SHA256", + "checksumValue": "f83e0b2ad02560b99ed3c5ce7cf5cef41f9d23e6a510eee373d8aefada460023" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_NZ.utf8/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-NZ.utf8-LC-ADDRESS-c99cb163821c1258", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "da6d8a720df1b2c640ce53a9611d97558ee979fe" + }, + { + "algorithm": "SHA256", + "checksumValue": "67c85262cd9a21211fc91f17da55362c9574e770dbcda7e12636d16687b10767" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_NZ.utf8/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...locale-en-NZ.utf8-LC-IDENTIFICATION-4030524a87104fd1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e2ab0101909999fd98ecfeb549351080dab71bae" + }, + { + "algorithm": "SHA256", + "checksumValue": "573081226607e7e0971c76649d1768c00fa99604311449bd32faaecae6012e28" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_NZ.utf8/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-NZ.utf8-LC-MONETARY-26db2509eb130a1d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cfd8a4ac0c2f9e5e36a4a918a3c3bf77f7a6b9a6" + }, + { + "algorithm": "SHA256", + "checksumValue": "7a3fb3e7a7c07f722382ed26cbd37ac489328897ef9aaa742f0b455628414a7c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_NZ.utf8/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-NZ.utf8-LC-TELEPHONE-07ef2d1b3dfe929b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "532d561ecba3e63517d24c328fa73be6cb1da11b" + }, + { + "algorithm": "SHA256", + "checksumValue": "b5055638d155060f11adcfd6bc4fdb7ccd07bb0772c6f65c497c859584a31ac0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_NZ/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-NZ-LC-ADDRESS-84346be3b5ef9b58", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "669a04045dcb42fa86c3d24afd6059082d26a2be" + }, + { + "algorithm": "SHA256", + "checksumValue": "3cc04632ab4258ad1386a6bc792dfb3a45740df630e83b3982e23769851e96a0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_NZ/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-NZ-LC-IDENTIFICATION-b6a8d8476886d50c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9028fece74a4ba2bb56c9dd0c0c8710dc18729a9" + }, + { + "algorithm": "SHA256", + "checksumValue": "7abbec363cf20a90b7c25b812660dee897fc6e0c69a5aca7449b6ec48ab1409b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_NZ/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-NZ-LC-MONETARY-41102a2b1e61867a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b6fbe02b5a6befc9a2041ce03e90784929dbf6df" + }, + { + "algorithm": "SHA256", + "checksumValue": "d047a750661932b9ed03ce9ccff640aff34b5ac69e31e6f2200cd782810d2c68" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_NZ/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-NZ-LC-TELEPHONE-6d52427e28cb797b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8cec44f9de86384cf89a239f956e04c9d4af956d" + }, + { + "algorithm": "SHA256", + "checksumValue": "034ff6820110188b7ee334d4e38f9eeb321f795ee2294a6256616777ee3a5db0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_PH.utf8/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-PH.utf8-LC-ADDRESS-0894711dce7ba59b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8d07338dd493cdb6be1f48202889250f925559d2" + }, + { + "algorithm": "SHA256", + "checksumValue": "d162b7314d73090a42ed3e3e40c890a9c29179a2c78b5eede6ff88ebd82415fb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_PH.utf8/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...locale-en-PH.utf8-LC-IDENTIFICATION-768f1f699be33ce4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7bf0b5b977ce3cb80b8eb2a152757e9d6eb49402" + }, + { + "algorithm": "SHA256", + "checksumValue": "cf13bfc57a37a421c4832454cfdbe7911e02d46d416560a3a853e14e2a19e8dd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_PH.utf8/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-PH.utf8-LC-MONETARY-a9e5728cddaab742", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c23299ce575cca205a54f7261457b4f173e2088a" + }, + { + "algorithm": "SHA256", + "checksumValue": "c1fbe0c7987b4023d4222ba46059f01892bd36bef404ba7fd36174f046e8e3b9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_PH.utf8/LC_NAME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-PH.utf8-LC-NAME-8a27c11a8a706d8a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c31f00e1aa4d6ce08083b6a85a0cedbbf36afa94" + }, + { + "algorithm": "SHA256", + "checksumValue": "60e56627dc90cc2e87f82a471c516a6f8775064b0c67fce22ab4586fc7caf2d7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_PH.utf8/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-PH.utf8-LC-TELEPHONE-1716f766099ad74e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1068ca207ae6107e679e2085fdc8c6b74c28706f" + }, + { + "algorithm": "SHA256", + "checksumValue": "2f2ca9411835619abacd5a3a4698e1de399dc36bebb6f28b1681b70b2528477c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_PH.utf8/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-PH.utf8-LC-TIME-5cc21ea06b49b59b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6f5072f319b1d977f89ffc04a3c467d4526e40c7" + }, + { + "algorithm": "SHA256", + "checksumValue": "98aceae2484f58615f564e8a3d326ae0c6104bc9327a577b3e74725537de0b18" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_PH/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-PH-LC-ADDRESS-70681bb5f4f5447d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2ea05675357354dcb8a74ebfbed25e637bdc9c15" + }, + { + "algorithm": "SHA256", + "checksumValue": "af435ccccee9f23a895dcb40577d667c1f5d1b4d81d9811379837ed8bf471352" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_PH/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-PH-LC-IDENTIFICATION-75f6b1f3c8801c49", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f04f22dd35e2101c59966cce59521dc6b0897e48" + }, + { + "algorithm": "SHA256", + "checksumValue": "b224f33330d0fd89f42b5ba4723f88e943d21c6bc5cc2471f8accc433f3dc160" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_PH/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-PH-LC-MONETARY-0a30e333053051f6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5da00194702068bbb6073a767798a974ac4cf80c" + }, + { + "algorithm": "SHA256", + "checksumValue": "2458bae97e741ecdd15a9b075ef039fed6e2a1b701de434b7a002534d572eefe" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_PH/LC_NAME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-PH-LC-NAME-881f30e3fe440357", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6b7d97faab66f7544cffecbc9b9d95a482ef0570" + }, + { + "algorithm": "SHA256", + "checksumValue": "4dd542ea728b2f2f95cb0b6cdc53ede87b3fec7cbf79425e1f9a62d90fd2d948" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_PH/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-PH-LC-TELEPHONE-e02fb9f51f91e081", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9ba61dd290a554c96a1e96f1e7d78d918c780cc3" + }, + { + "algorithm": "SHA256", + "checksumValue": "01b590c55ec707b5a67641e73bde823094387ce59139541f6a714216744c152c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_PH/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-PH-LC-TIME-f0545fa0cad8c392", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c9489350afec9558e13793b988c35a2df3bf20d7" + }, + { + "algorithm": "SHA256", + "checksumValue": "68c8c2a4797f69746163ba5b79f8b102370baf3dc397db7a2eddac8499daf67b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_SC.utf8/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-SC.utf8-LC-ADDRESS-a4934c5939380028", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ca8339cd4ca6ccdc9ea3d5dcc0abef7f87c62861" + }, + { + "algorithm": "SHA256", + "checksumValue": "e9f4cade75a1468cac72ccc9209941841a20683e6479d21894121bb11ac5ea1f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_SC.utf8/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...locale-en-SC.utf8-LC-IDENTIFICATION-1e4c3c1d973b97f9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3dae6fe68dba535d0e6ab64087df3a98efa4f849" + }, + { + "algorithm": "SHA256", + "checksumValue": "85cc42ca23ece68cfc5978e9c484f6e5be1d00f5c5a0397fb054ee703edde586" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_SC.utf8/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-SC.utf8-LC-MONETARY-2c8f934a6186475f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7f113b92741088f2f4465a051ec0ca6469d74055" + }, + { + "algorithm": "SHA256", + "checksumValue": "6cce27edfd96ee366dfcdf5985ba52073c1e81a0641cc606f3b2ceb0f853da91" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_SC.utf8/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-SC.utf8-LC-TELEPHONE-63ebf25a5df506e5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "605218cf2cd2ead116f4349a64acddb4ed1998e1" + }, + { + "algorithm": "SHA256", + "checksumValue": "3977c5cd62d44d646332bfeeea42245b9ee1deb46b89e32eb88a7d603fc23b43" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_SG.utf8/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-SG.utf8-LC-ADDRESS-2cb886fdfb3311d8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c3c093590f458b7fb1232d4ec7ef678832ad9ed3" + }, + { + "algorithm": "SHA256", + "checksumValue": "82ace6e4940d0a3724c810cf34f5361407cdd22fa937be8ca04188cb26891ac9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_SG.utf8/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...locale-en-SG.utf8-LC-IDENTIFICATION-a737b8e0cb054ea5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6ca6144e2bc75b0b88a381c9ee81c439e86d7809" + }, + { + "algorithm": "SHA256", + "checksumValue": "601e65c2d5013b728988746377f64ebf7e07b5966aa07d7ce201e0e6abf8f216" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_SG.utf8/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-SG.utf8-LC-MONETARY-f75c76c71ceede8c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c13060cd8b6b201109d8c84a92db19520887c1eb" + }, + { + "algorithm": "SHA256", + "checksumValue": "9bf4afcd8241e6e3c30b8f9718e3689bda5dcf6f36da9aa72fcf9fa59e05ad4b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_SG.utf8/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-SG.utf8-LC-TELEPHONE-83a4c7883cb4c2ba", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "20398845be8cf207d82d58e7b3912d38b22ba15a" + }, + { + "algorithm": "SHA256", + "checksumValue": "d288d087c09405e74f85c7542d093280a92ea18a344642d4f77263582dbc9d22" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_SG.utf8/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-SG.utf8-LC-TIME-e1a4cdd347d804d0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d9b144633fc7bfc74c57844ba207dc1b80282e26" + }, + { + "algorithm": "SHA256", + "checksumValue": "93a053ac74b7776995f1981a4f89cc4d3d0e8ae1bc367f24c05d39b5d6789a2f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_SG/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-SG-LC-ADDRESS-72f7d7071b21f622", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "758f93afea7eed3530a6297bb3c61a55a3bc19d8" + }, + { + "algorithm": "SHA256", + "checksumValue": "433c5f2842f19de24597d213b1181e2374315c6688230c05e6855533e0001f48" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_SG/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-SG-LC-IDENTIFICATION-07d997f9a0fe5fe4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "007dfe76377ad8889d099453b09863ca3e3e74c5" + }, + { + "algorithm": "SHA256", + "checksumValue": "adfb5f03ef5d127016ecf68a72276c68eca381b5ddd992019bb4dcfe9ccf464b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_SG/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-SG-LC-MONETARY-45bb161855a3bc8a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d1ecb076e581b5c1be3bb6c48aeaadebe7a3dd8a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ff584067bab43f7a84b44cc7f0d1761c65ba09dbfa97ae6c6e4a9700950a541a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_SG/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-SG-LC-TELEPHONE-b08038c6338b8aaf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0efb012eb81eb5740301bd54f2574cfe5a2b1598" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a232d9599e3c135da14f785a3a76150e1a9f1aea40a3eac8c6b64de6567a8ca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_SG/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-SG-LC-TIME-6528a473bcf2bdad", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9e87da5f0ccef25fa38ca4f6617c2e4a6c08d86e" + }, + { + "algorithm": "SHA256", + "checksumValue": "fb76a7e7bca9ddac0c62808564b07a507a80f3aacf7e14a499abd6ea07c586bb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US.iso885915/LC_ADDRESS", + "SPDXID": "SPDXRef-File-...lib-locale-en-US.iso885915-LC-ADDRESS-da911527e3f13369", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3a9ca04a52327bba3adeebba30d0f85b00c89eba" + }, + { + "algorithm": "SHA256", + "checksumValue": "fed2012e2dee8bfebe132e5f28c6f511a7305756fa9f92eb43431efeea3267aa" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US.iso885915/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...en-US.iso885915-LC-IDENTIFICATION-c1473b99cc79f35d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "94bdbf3cac4bf04222916f52a724c26c9023693b" + }, + { + "algorithm": "SHA256", + "checksumValue": "5e0c0e0d2d8666722d03d46c7b8f6d2d746e610f5eb26331d74f646a7f9fc268" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US.iso885915/LC_MEASUREMENT", + "SPDXID": "SPDXRef-File-...locale-en-US.iso885915-LC-MEASUREMENT-8a8b42f36b9b8207", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4d76ed8b0e77bce585ea89a683cd299127764b8f" + }, + { + "algorithm": "SHA256", + "checksumValue": "e1b8ef3d3829b1d9b5d38d6fc04d247884b297cf6e574c69c6dbdf9d84bdf5a3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US.iso885915/LC_MONETARY", + "SPDXID": "SPDXRef-File-...lib-locale-en-US.iso885915-LC-MONETARY-94a7ade69d58bff6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e6614b9dccc3bedae6e79787cdd4e1dbedfc44aa" + }, + { + "algorithm": "SHA256", + "checksumValue": "df89655e9ce3ee1151d4efd47108ed8d084c45cd185d979e900ed4da9ddcbd6f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US.iso885915/LC_PAPER", + "SPDXID": "SPDXRef-File-...lib-locale-en-US.iso885915-LC-PAPER-0ed8db47d526c931", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "25103e6c2b8db16c6968807fade1718fb2a85584" + }, + { + "algorithm": "SHA256", + "checksumValue": "dddd62f89df122c966c002d59401fb8eeae27940d4e7d39d7d095b0de8661954" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US.iso885915/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-...locale-en-US.iso885915-LC-TELEPHONE-443e0595cd752ddb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "141ff599b16c96ac520736f0e628f7ff48626170" + }, + { + "algorithm": "SHA256", + "checksumValue": "0ea01b1a39c5f0b2581572108880f3669484acdac303d63265a1a54c8584ec52" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US.iso885915/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-US.iso885915-LC-TIME-8b4ee97f654cfb3c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0d4c633c947180eee655861008a87f625519174d" + }, + { + "algorithm": "SHA256", + "checksumValue": "9e1c499a2ad90f84709c23ba502d342332c4236a1f4187ce89475bd61e3fabd5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US.utf8/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-US.utf8-LC-ADDRESS-f261aef256ecbb61", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "aa5248b0ac085665477b2feb1266205b3bed557d" + }, + { + "algorithm": "SHA256", + "checksumValue": "c39329bc8f9fd0a7bd7faa9256cf3b8e39ec91ff989662066f243466269cc164" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US.utf8/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...locale-en-US.utf8-LC-IDENTIFICATION-f0ae05c7c5252d2e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fc6c342729603b4463663c48f3c2491ab6199405" + }, + { + "algorithm": "SHA256", + "checksumValue": "2dfac9ea94abf72ba888bcbe5ba582a99fbca1b7c6a2598e80b1028d12a71ecf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US.utf8/LC_MEASUREMENT", + "SPDXID": "SPDXRef-File-...lib-locale-en-US.utf8-LC-MEASUREMENT-bc8f80fad7ae69a1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "86db16a6c73e1eb6f5fe9113d933e2cb093471ec" + }, + { + "algorithm": "SHA256", + "checksumValue": "c2200fc75f8f268d9e8d71072064f64d94497e5abd58abd5ab1506c3a40dbd1a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US.utf8/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-US.utf8-LC-MONETARY-4501793c1c85d97e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "987e15618ea98718060788944871a3d9c2fa0a41" + }, + { + "algorithm": "SHA256", + "checksumValue": "31d62ce6350e6ead9fd019cb4d0083364a2c587d2f1f7ed5f7e213e7d73fb1ec" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US.utf8/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-US.utf8-LC-TELEPHONE-1dd0186f52f33e01", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ce7bb5df7eec8dc0dc51d64b0ce336a074ccceb3" + }, + { + "algorithm": "SHA256", + "checksumValue": "30b9a5f08480a634e2f016e1e2af957ae34e7bc849600376b8ac6ce2c9d536a6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US.utf8/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-US.utf8-LC-TIME-f3bec4ff8fe53568", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d23b845672503ae7a96bb5c286285a5756eb43de" + }, + { + "algorithm": "SHA256", + "checksumValue": "9bcdb29af2d6244ad5bffc068fe5bec91bb2daf8a7bdebb1faf95b906c665f0c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-US-LC-ADDRESS-3efb6f9baf7aa9bc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "24ba64726344ead8a316f1e45b188c41467dfe1b" + }, + { + "algorithm": "SHA256", + "checksumValue": "41d9917d2ae05249d16711596736e9b1d45453f5020876b4444f61772da266a8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-US-LC-IDENTIFICATION-5e00798fd370e07c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8c47010f5c7042acd399040da15f324259b16f6b" + }, + { + "algorithm": "SHA256", + "checksumValue": "59751eac8c60078e5d919ccc3deef9aaa8d207b496023513352671e3ed334cb1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US/LC_MEASUREMENT", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-US-LC-MEASUREMENT-84ef38a699af04be", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0f84f6dddc28ac2a28687c9eb79cc064f7053fab" + }, + { + "algorithm": "SHA256", + "checksumValue": "2aae1e834b1ba9795f38125f84c06211a201832dfcd1814e5c5c1716d945deb5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-US-LC-MONETARY-a13db4d8922902a7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f0dad6d35af71b2b3d48632942310c018fe74a3c" + }, + { + "algorithm": "SHA256", + "checksumValue": "f487ae1faffded41234af617460737e21fd2f96d59d41b3d49e2e6bdc49b60ae" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-US-LC-TELEPHONE-5cbf057679313401", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2af8e0c178e01ecf720e055bddb29f3b300e46d5" + }, + { + "algorithm": "SHA256", + "checksumValue": "44b30e113bee1acd4f02c811422cb2d9c873c51f85f52087d4d62c532c41025a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_US/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-US-LC-TIME-ce57b3ad6cf33a38", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "97f4e303bba85e8039e6de87522b499e1a12c4f5" + }, + { + "algorithm": "SHA256", + "checksumValue": "2fbeb060d70ddcf233e263c7810e143d719cd7e431f0e991166378d6bd16dc68" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZA.utf8/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZA.utf8-LC-ADDRESS-dc3dd19625a60d97", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "632773926d3031be1dd07900f0cec179c0c783cb" + }, + { + "algorithm": "SHA256", + "checksumValue": "94745c5cd36512e659920b041128048e7fb609a0eb42bf1321b3551b2372150f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZA.utf8/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...locale-en-ZA.utf8-LC-IDENTIFICATION-676a0168a2d88433", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fc889b2bb99d4d5c8adcfbd9714b2710b2850fba" + }, + { + "algorithm": "SHA256", + "checksumValue": "932aa6107031d823fda0ffd7d5954fee7f007cbb9f6f512b911080a72b8ea17e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZA.utf8/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZA.utf8-LC-MONETARY-84e242430eb68221", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bd3e6df90ac53ff7cdaca2d57a27a8e9d66c74e8" + }, + { + "algorithm": "SHA256", + "checksumValue": "d7630e3914cbaadde18d3bf26d806490377ca761ba595d711f6c2ed148df6636" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZA.utf8/LC_NAME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZA.utf8-LC-NAME-4b970ae23ba68900", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f0dd8a9ca415381f3d0108bf702c5653c8c4da16" + }, + { + "algorithm": "SHA256", + "checksumValue": "58672646ba335323eaf0c16503b1efccbabcf382f768d53fa8cad2292098bc64" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZA.utf8/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZA.utf8-LC-TELEPHONE-89ef152397566e74", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2a0aa872bb8e58408bfc7d3e5da7bbfd4a88ad6f" + }, + { + "algorithm": "SHA256", + "checksumValue": "f338558b3eecbed3ad24bb3dc1244f33b164fe9709b2bddc13f988ea8906b1bd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZA/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZA-LC-ADDRESS-259d2fc8e938cfdc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c0f63c82109c9d7604ef70bea60c4a5ef43b8eb6" + }, + { + "algorithm": "SHA256", + "checksumValue": "7352417bf06b6d7e5073e96fe48ae89cebb3a2dd8dc964a51a20c4e8c0549585" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZA/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZA-LC-IDENTIFICATION-5f6ea0b28b89f843", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5ab527753f08946e6d0bfa5d26eb741d0a8b3400" + }, + { + "algorithm": "SHA256", + "checksumValue": "f81b56ee7b02f06d292d0d964ddc2c0aab6b92a56b4794e9b80e272a8eb9d05e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZA/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZA-LC-MONETARY-18560ae915b36da4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0acaafe1896ee0c6a95e0d7d7b318f6abc87875c" + }, + { + "algorithm": "SHA256", + "checksumValue": "7a89a374454abd4b900e1343c46113055873e3522392f7512a896400faa7e2c6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZA/LC_NAME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZA-LC-NAME-a876f6dda47cbcc0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4fa85ea402137c045cab228fe37ffec498d49dd3" + }, + { + "algorithm": "SHA256", + "checksumValue": "414aae01ed42d09178b5d6e582d661724d31af59acaac55f49fbed6bacce3f7b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZA/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZA-LC-TELEPHONE-485db2c8d2fb8138", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "454940dd28eb4fd1b6d2dea93d18c025455b9d66" + }, + { + "algorithm": "SHA256", + "checksumValue": "2eb3d873983762dba78b9d65f27bbd54a1393c22cf0277b3c39a003a00102e69" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZM/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZM-LC-ADDRESS-9981640786333366", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8f513067e4c43025457831cf6999031a5f677b90" + }, + { + "algorithm": "SHA256", + "checksumValue": "7963b9acf9e63e3abb868b73b5712ddacb2071b4332e37043c8e029bd9ae2a97" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZM/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZM-LC-IDENTIFICATION-14bc4f957f460b86", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6b57cfe554b7156876b8838f42812c94f523281e" + }, + { + "algorithm": "SHA256", + "checksumValue": "a7c4495021cb046b41cd5de0bfbecb1fc3ce4282881062bff818e95d847dbd1a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZM/LC_MESSAGES/SYS_LC_MESSAGES", + "SPDXID": "SPDXRef-File-...en-ZM-LC-MESSAGES-SYS-LC-MESSAGES-b707b4d2a6ef1129", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5384d8bd4a303fd02f3aafc153cb871dd024e251" + }, + { + "algorithm": "SHA256", + "checksumValue": "99c935198ae0b0574dd7dbecdd770c2d8967561b16f61666a667e53d4fef6750" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZM/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZM-LC-MONETARY-a2a19081abee02b8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6a924879306098a0264f2ebeb2a06131f2396a91" + }, + { + "algorithm": "SHA256", + "checksumValue": "ed93db66eb27d8afef413d439947cb9203e4732b284832da510b6d73238afc46" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZM/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZM-LC-TELEPHONE-ae9324f13db8978d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "08210adec31b2c9e78bfc59985aa8fa92506d797" + }, + { + "algorithm": "SHA256", + "checksumValue": "973b17e6ad3dc2abf01b4f7cbe69a842fbf3d01927ae74158bacd5dbdff7efb7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZM/LC_TIME", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZM-LC-TIME-a96471caf25b4001", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "427249016393b1ce079ab7dde0a726324def57ae" + }, + { + "algorithm": "SHA256", + "checksumValue": "0db65fb9d674d9a37b244487c1a06cb9fa0276cf8a1f8b6043abc8d29c4a5832" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZW.utf8/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZW.utf8-LC-ADDRESS-884bc5fb76a01df8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "59cd5517905f5b07d10043078341585c2dcb0882" + }, + { + "algorithm": "SHA256", + "checksumValue": "ad4766639d0a699edee8d19763aae77e0ce14ebb9e86cd7aad4a5f3020d05f9b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZW.utf8/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-...locale-en-ZW.utf8-LC-IDENTIFICATION-736190675d602bfa", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "df7eacca7916ebfa30e45e51192295fe622509bb" + }, + { + "algorithm": "SHA256", + "checksumValue": "038801f691090ea183d1e6b4fda673f54a152037123cf286d410ace422498322" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZW.utf8/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZW.utf8-LC-MONETARY-926d6657b61c9339", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4a85135caa4a05493d450c98abea0dcf8fe2d67b" + }, + { + "algorithm": "SHA256", + "checksumValue": "47584a5d4e331a361e0c346fadaae9a24a311f421e69e31611ad40677b857f77" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZW.utf8/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZW.utf8-LC-TELEPHONE-bde3bec97649a8ef", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c30e817a21686c7f02de9f1b48429f2fdb815c25" + }, + { + "algorithm": "SHA256", + "checksumValue": "62309ee7f6cfb6baec604a05333156829a85e559fc4a2d58d54604e4db968de1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZW/LC_ADDRESS", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZW-LC-ADDRESS-20b5a44a773db525", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "81850d47e29a7b920bd3d4309faddb1b28b0ae47" + }, + { + "algorithm": "SHA256", + "checksumValue": "df62393f2154a95f9c91847df0e922ffb433d4d8287ee72de1b256b7d602fd1b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZW/LC_IDENTIFICATION", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZW-LC-IDENTIFICATION-72605f986b13ca3d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8534290e6cabdf6e3fd427e05ef15a977053f48a" + }, + { + "algorithm": "SHA256", + "checksumValue": "efc083175f7acb4e1121f07b78868cd7f66044b343aae14010a505f99bbc2268" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZW/LC_MONETARY", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZW-LC-MONETARY-399b97a713de04e5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7d194b99affa4ce95623571a5b4373c60afe24c7" + }, + { + "algorithm": "SHA256", + "checksumValue": "6cc16424351d357ca59e0677c64715d7d782577f13cc2db4592a19b9d39cc70f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/locale/en_ZW/LC_TELEPHONE", + "SPDXID": "SPDXRef-File-usr-lib-locale-en-ZW-LC-TELEPHONE-547f2986d3ed7982", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "49a816503d51bc684020aba202b883dc43997149" + }, + { + "algorithm": "SHA256", + "checksumValue": "d2f9b2cf1cc9de0b17de99db6cb2ffaa4eb1d19423645805e603e63b0ea808ca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/motd", + "SPDXID": "SPDXRef-File-usr-lib-motd-c84b226abccf7d4b", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib/os-release", + "SPDXID": "SPDXRef-File-usr-lib-os-release-39590e9e4490af42", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8fc333eb5654f80b26adef8d5e73fd04ca48b354" + }, + { + "algorithm": "SHA256", + "checksumValue": "a4f4ab7d5b06a1a2bfafea65c7e27b45e9d79c54756d297856f6d380d3934442" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/macros", + "SPDXID": "SPDXRef-File-usr-lib-rpm-macros-58a9573d6a5680b7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e2f5721f1c8999fe310b008ce59005de812228c9" + }, + { + "algorithm": "SHA256", + "checksumValue": "84f8073df8232bdda2963c03d69ec1f9148d309bda00d9758f9c6009890132f0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/macros.d/macros.dist", + "SPDXID": "SPDXRef-File-usr-lib-rpm-macros.d-macros.dist-99c1b98e096be416", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1d668745eebeec90036ed155e3ec36991ee9c35b" + }, + { + "algorithm": "SHA256", + "checksumValue": "5aeba8391625e61164053c0b44aa9e13f636987fe1962fecce23c8fc49fbc763" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/aarch64-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-aarch64-linux-macros-01af87c9c3234fd9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a3b9109a29d6ca5c3b51e9813e4c163ee61babc1" + }, + { + "algorithm": "SHA256", + "checksumValue": "e9979f1f0d907ebe964a265951636df49fd37a0b76c04af7e7f75123af12284a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/alpha-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-alpha-linux-macros-f4d41badd69d9d18", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "633825933453acce49de7b319a0608d89a10d1df" + }, + { + "algorithm": "SHA256", + "checksumValue": "fcb9be52ae9e388a39b0710ef536709a3328ed2ad44eea2e9cd6a94c856ab545" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/alphaev5-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-alphaev5-linux-macros-7a845028b5bae0d1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fc48b6273806371c2508d3355d8b125285c2401e" + }, + { + "algorithm": "SHA256", + "checksumValue": "2e7480507b2fcd088552c2f56c3329923ebe288454f208df803996d51715558e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/alphaev56-linux/macros", + "SPDXID": "SPDXRef-File-...rpm-platform-alphaev56-linux-macros-4ce658f7dd104e72", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e024d2fc363220d42f3d1ff495bf49b2c0fb3196" + }, + { + "algorithm": "SHA256", + "checksumValue": "344a1274a6a0445aed33fb710249aa640300546f07495cc043c9c5d1a0c80552" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/alphaev6-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-alphaev6-linux-macros-3e134d92deb588cf", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4aa63bcbb3059a183ac25c35735c58b05776dadc" + }, + { + "algorithm": "SHA256", + "checksumValue": "be6c8cb0b6e43d1dfb197d3a525fd975bdd82cd51498a5a43dbe8c8c0ac553a2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/alphaev67-linux/macros", + "SPDXID": "SPDXRef-File-...rpm-platform-alphaev67-linux-macros-22f163cb88120aae", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ad28e95c6d280207d2418924839be802ab8b1db1" + }, + { + "algorithm": "SHA256", + "checksumValue": "c5ecf912a5b732420be13c0f7cb6b0ad7dfb3ac4942d67b1cd63f1f68b6ec180" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/alphapca56-linux/macros", + "SPDXID": "SPDXRef-File-...rpm-platform-alphapca56-linux-macros-04748987cd664b77", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0b1d394c10d22e2ff1384e9acb7e76ffaeae048b" + }, + { + "algorithm": "SHA256", + "checksumValue": "27650482eb4bb98ff95b3126bd6f4c656ba070ae00bc0a44ecd69b3a73505109" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/amd64-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-amd64-linux-macros-e53bc700ab48c604", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "561006caa231531660ea8eb37cf1757417b500e1" + }, + { + "algorithm": "SHA256", + "checksumValue": "92db1b683d4178016d645ee5a912e572ddaa62d281caec616677c75da1d115e7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/armv3l-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-armv3l-linux-macros-c5b4b4c9ca497091", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b87dd114797fa4d304be76ec8dd8274dc84b83f3" + }, + { + "algorithm": "SHA256", + "checksumValue": "cfa832717aa4a424f70afd5cc1ec5fd00362a252f8c868fc6cd923047bc9e333" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/armv4b-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-armv4b-linux-macros-835a22ca7f6e2af6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bda9f34db246aac4cc3902bc80664617d6cc3afe" + }, + { + "algorithm": "SHA256", + "checksumValue": "e4b4302c5e3675ccc30bc4f472e689829ea9690f609de124852767ce16808ee2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/armv4l-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-armv4l-linux-macros-f93d74998c6599d7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ffba8ef482c6fa101ac484ea36fc3f14ad2ef492" + }, + { + "algorithm": "SHA256", + "checksumValue": "cdd7b657577a08213e6a043d6cef2d2f843d3d1d57f65dcec2a5464f11bc21cb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/armv5tejl-linux/macros", + "SPDXID": "SPDXRef-File-...rpm-platform-armv5tejl-linux-macros-9a358b3dc9139fab", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d8d174612cf077fd73c23edd0f58f02013406e62" + }, + { + "algorithm": "SHA256", + "checksumValue": "eac04b909005f33327381ddda9fd8b35818edc2111a7c04946fe64183f37daff" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/armv5tel-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-armv5tel-linux-macros-7b0dc52e202d93a3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "92943031a645715e1614eef5e7778fd109995842" + }, + { + "algorithm": "SHA256", + "checksumValue": "bbe8af9dc2d3fc81ba53ff0a0efea4741d26746c9ef85ee6511e2b15546dc6cf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/armv5tl-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-armv5tl-linux-macros-e6b76fb248e9f89d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "94bbc58f5cba91a348bd5ff2f60ae8c5937af7f7" + }, + { + "algorithm": "SHA256", + "checksumValue": "e85a4f638200896b97eaecf0b89f4bcf5ed38a570d26553e98f25f200912afde" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/armv6hl-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-armv6hl-linux-macros-48ede018fe652204", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "65e0ed9b373329a3b243607fc9a0c8040c1b3bfd" + }, + { + "algorithm": "SHA256", + "checksumValue": "c595b2cfc088d9808bb9e447d555b8f85aff9adf170a1d1b1a64ca60d61cb7e8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/armv6l-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-armv6l-linux-macros-6eb3a51250acad08", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6890c8695a378b97d4af18bc0a0db9fd639a803c" + }, + { + "algorithm": "SHA256", + "checksumValue": "3c38ebe1a1d94d2963c4b1001e41bf717c5ba9ccae65bb2f8aa745862515e4ae" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/armv7hl-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-armv7hl-linux-macros-8668e791af9c87d4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "56b90f7c2ae1e0caca4443014c3fc97885796c94" + }, + { + "algorithm": "SHA256", + "checksumValue": "1a1c0b1b020cb3d8931f83727485371b317cc91ca13e3d5b38d675516b9bb109" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/armv7hnl-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-armv7hnl-linux-macros-0948aa0248ac39c0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a73322b59957c4d986820f62b7f92a432146a0f3" + }, + { + "algorithm": "SHA256", + "checksumValue": "5a7f304fcf688f776d7e5348a12b156f0a8604b72b27fe0a55c4f0e9f9a2b385" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/armv7l-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-armv7l-linux-macros-c6ff9f920ab2b11a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1af6a5bb0b635fc0e073199b8ffab17dcc217964" + }, + { + "algorithm": "SHA256", + "checksumValue": "0a9e22bb32d414a09fc5405cc36825bb3079e46e1e9eb96254d7c2646e9f7bcc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/armv8hl-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-armv8hl-linux-macros-b3e0fcdc8aede938", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ba87659afcc7ae7d9c1cf86a1a7a17955f2e5959" + }, + { + "algorithm": "SHA256", + "checksumValue": "60109d6da0ca8240fff89d78aa6062eade7f24fbaa1ce79f8737817606883653" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/armv8l-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-armv8l-linux-macros-a191e74827a4d174", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "538ab7144255deba9a3735da3b1a82f6d18f7ccc" + }, + { + "algorithm": "SHA256", + "checksumValue": "3a78b8f99c930d30a77330f508aa7788d1dd2de38e42691355699a15a0fcc469" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/athlon-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-athlon-linux-macros-777fc75ff71407e0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a02dc69c8e8c7539c0b692d8d69e1df21c1668df" + }, + { + "algorithm": "SHA256", + "checksumValue": "b56fb31a5b4abd30095b763125d65080b8da884dd345c1a99364abd83ab639a9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/geode-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-geode-linux-macros-19f0134bc73caf69", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9cdc3db4e02a41c3518f2a102283b954659ad1cb" + }, + { + "algorithm": "SHA256", + "checksumValue": "7385479124a71b3a6b8513903ccf551e59938bf223b3804a7e9dfaef482d0773" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/i386-linux/macros", + "SPDXID": "SPDXRef-File-usr-lib-rpm-platform-i386-linux-macros-1c6f39b2f2e1a424", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "36f138443b4d60263409a8427a38a4d5352d32be" + }, + { + "algorithm": "SHA256", + "checksumValue": "96b3be805f7dfa90c0f423e51775a1e3084cefb7d725376722481e48d618387c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/i486-linux/macros", + "SPDXID": "SPDXRef-File-usr-lib-rpm-platform-i486-linux-macros-b26a6304c1ef0500", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "96230ac3f97a372d28463427de4e4e1df0c536ea" + }, + { + "algorithm": "SHA256", + "checksumValue": "47523d6c86ccf10cb22ab2a07f165509c78d41b9e0fec95948e5175304ae414c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/i586-linux/macros", + "SPDXID": "SPDXRef-File-usr-lib-rpm-platform-i586-linux-macros-d56bf495cf13bf7f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cc8f65372f1e3159edd28f45838e7fc201e9d7f5" + }, + { + "algorithm": "SHA256", + "checksumValue": "d527a1a88ec214db33a457c1ea639cb06983972632b5b93ac6ec3bbf992e11eb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/i686-linux/macros", + "SPDXID": "SPDXRef-File-usr-lib-rpm-platform-i686-linux-macros-0cdf4ec6c911c167", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "50776a8351c82449eb1ca7f49689c255a7a7ba47" + }, + { + "algorithm": "SHA256", + "checksumValue": "527d29d008bdf883e5b2393ff56bad61a5df3c174b38c7e9c48f6155789adcb7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/ia32e-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-ia32e-linux-macros-c8721f07ccd27587", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "561006caa231531660ea8eb37cf1757417b500e1" + }, + { + "algorithm": "SHA256", + "checksumValue": "92db1b683d4178016d645ee5a912e572ddaa62d281caec616677c75da1d115e7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/ia64-linux/macros", + "SPDXID": "SPDXRef-File-usr-lib-rpm-platform-ia64-linux-macros-b2d20e1e334c8352", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5bddd2af72b9bf9eea0cc1c7890d8996b6998050" + }, + { + "algorithm": "SHA256", + "checksumValue": "7e0e58ad423cab85dc8069017dc23f52d3c228451276044b93e3344e74656e13" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/m68k-linux/macros", + "SPDXID": "SPDXRef-File-usr-lib-rpm-platform-m68k-linux-macros-f0b4bee997df3a24", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cbc023b51d19d0ae9c78e2231c9115952c76f0e2" + }, + { + "algorithm": "SHA256", + "checksumValue": "1860ff9d0b8aef32aff71a21fec705494bed6604bdf4f17a1fe25e83988b2059" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/mips-linux/macros", + "SPDXID": "SPDXRef-File-usr-lib-rpm-platform-mips-linux-macros-24395998c3835017", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0279f6d2989adc31e214e84aa76ac25e6ca9977d" + }, + { + "algorithm": "SHA256", + "checksumValue": "0d2d6747650470793bc16576fcef2e6374f10e25434e26b9c521fb53bdc14dd0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/mips64-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-mips64-linux-macros-8b391ec87ce7b62d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cf179b04c606125c336edbc1018011d41690346b" + }, + { + "algorithm": "SHA256", + "checksumValue": "e9880366106224efe768d2f78ccfb7edce79537b1e66e95f3a29490e11591e35" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/mips64el-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-mips64el-linux-macros-7867fc44f8e31937", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7fe31c1382286844425cf7b7761d74191fe2cb72" + }, + { + "algorithm": "SHA256", + "checksumValue": "5185dd10bf849735cbe826eff2c21f647c146b1920763e94f4fa0be1c4cace33" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/mips64r6-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-mips64r6-linux-macros-9bac7949c43d359d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "23650ae11068d662dbf9e12d8303ceda54d203d4" + }, + { + "algorithm": "SHA256", + "checksumValue": "6498ce5ad885ac61b7a50adfb9475110bf4eec8bf4e89c921d66f2937620bbca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/mips64r6el-linux/macros", + "SPDXID": "SPDXRef-File-...rpm-platform-mips64r6el-linux-macros-a7befdb346e36827", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bb40fff63fbb2cc6c3565a0abef97485456441d3" + }, + { + "algorithm": "SHA256", + "checksumValue": "c9a1015920f5777ece70cbdf73aee3efe2ac46a1b52fb0bc58141948a2889827" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/mipsel-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-mipsel-linux-macros-b76704d083cdc036", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9241a8eb3bfa1d036bb3dd58c73b79ab547a427c" + }, + { + "algorithm": "SHA256", + "checksumValue": "bb286398caf5a1ccc57432d5ead5ffe3bd893f309225379f80fbe7e4b5cbe647" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/mipsr6-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-mipsr6-linux-macros-cc0097a1fbc291ca", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8cf2fe2338ce9db34913915cf85f099bb37bb417" + }, + { + "algorithm": "SHA256", + "checksumValue": "d7fb42f30e4bfbedcb3eb7969eb37d773e2911368a68f6570336cd8f0e7c9ad9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/mipsr6el-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-mipsr6el-linux-macros-72c27738e94dc409", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "376c30be30b54f17ef72de54088cd3ac7541f14f" + }, + { + "algorithm": "SHA256", + "checksumValue": "201ed9ce13d524ce184761201e0c64aa1611d360ef17e299c2324818cd14ee31" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/noarch-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-noarch-linux-macros-8a7fa34a163d0e10", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4ad0b3c0cca2cc9131abf885077b3ae21639c79f" + }, + { + "algorithm": "SHA256", + "checksumValue": "d353f17840c886992e03bd579bc27ccec781b1d640c74ffff2523936b0f8184d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/pentium3-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-pentium3-linux-macros-619f55068291b7e3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16dea024f48188f4aa01ad612e594cff6b473d43" + }, + { + "algorithm": "SHA256", + "checksumValue": "c0732b433a4d16783498d5fa7c3217d341ed73247182b87b76e76117c9493559" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/pentium4-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-pentium4-linux-macros-bed470dfb0bbe7a6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "073e2c458840c5ddf4876e1dc0361cc0088ad284" + }, + { + "algorithm": "SHA256", + "checksumValue": "4344a74a9046dc612088e8d168d97d9e43d12a023e78a40f158f3f58e8130947" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/ppc-linux/macros", + "SPDXID": "SPDXRef-File-usr-lib-rpm-platform-ppc-linux-macros-07c5e413293f46fb", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "algorithm": "SHA256", + "checksumValue": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/ppc32dy4-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-ppc32dy4-linux-macros-42c3a29c5226055c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "algorithm": "SHA256", + "checksumValue": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/ppc64-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-ppc64-linux-macros-bd62974511ef530e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1449cf65dfb629ada5ba97de6e499ff07e009a87" + }, + { + "algorithm": "SHA256", + "checksumValue": "c101aa4377bec072c2f4165356c65190e341ffae135a05554f7f168dba151530" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/ppc64iseries-linux/macros", + "SPDXID": "SPDXRef-File-...rpm-platform-ppc64iseries-linux-macros-00af1ed07291d251", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "90e08d29fbebbb52451c59d76702972b8723ddc9" + }, + { + "algorithm": "SHA256", + "checksumValue": "cdea48e7cf9f9427a9b9b1b8ddf604f6443864222a8abc8acbbe8ebea020f9b5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/ppc64le-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-ppc64le-linux-macros-bcd59c395dbe89c5", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "65b79e4caa0faabbee2448bfd88d5e776d5d526c" + }, + { + "algorithm": "SHA256", + "checksumValue": "cd127be1c73cf78b66619cb6bc91c153ee77b1c37efe950250766f0b25ef1dbd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/ppc64p7-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-ppc64p7-linux-macros-f003e31ecf7ad578", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "39de17d201e0eac7961414db5dc994b0e96865a1" + }, + { + "algorithm": "SHA256", + "checksumValue": "0e6a26819f8ba99a8af658a1dd28e418f48a261363c2e7e0a3b1b6dcca08ca63" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/ppc64pseries-linux/macros", + "SPDXID": "SPDXRef-File-...rpm-platform-ppc64pseries-linux-macros-11b67fdacd5bd84b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "90e08d29fbebbb52451c59d76702972b8723ddc9" + }, + { + "algorithm": "SHA256", + "checksumValue": "cdea48e7cf9f9427a9b9b1b8ddf604f6443864222a8abc8acbbe8ebea020f9b5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/ppc8260-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-ppc8260-linux-macros-4d3fbd7f2e338bf8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "algorithm": "SHA256", + "checksumValue": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/ppc8560-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-ppc8560-linux-macros-d1aa45670f4ecf3f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "algorithm": "SHA256", + "checksumValue": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/ppciseries-linux/macros", + "SPDXID": "SPDXRef-File-...rpm-platform-ppciseries-linux-macros-72c84a7592207973", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "algorithm": "SHA256", + "checksumValue": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/ppcpseries-linux/macros", + "SPDXID": "SPDXRef-File-...rpm-platform-ppcpseries-linux-macros-fe23acc7f29f87b0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "algorithm": "SHA256", + "checksumValue": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/riscv64-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-riscv64-linux-macros-123eb4726fd7bb4f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "61c44e56cb3bbafac9f76e9d470b4161c9a0a7af" + }, + { + "algorithm": "SHA256", + "checksumValue": "8459c664f1b74307f8997a51a866994de2f9878535ad03e0b33d2555ca8a6a82" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/s390-linux/macros", + "SPDXID": "SPDXRef-File-usr-lib-rpm-platform-s390-linux-macros-9e87c4f4f5dd7f9d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5bfd031c538813400cafd029edc0c42b16b5ea69" + }, + { + "algorithm": "SHA256", + "checksumValue": "907abae595f1ad1c0454ecd5701143f0ddef5d9e3cae4cd59e4ffea503e48383" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/s390x-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-s390x-linux-macros-a49c7cc8554394e4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "29789a9eb19e091232733ea50fd93bdb32db6c0c" + }, + { + "algorithm": "SHA256", + "checksumValue": "54ce0879d7063edc4911145ab7013c355dd91d4f1e4cefc73176d982f9ead05e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/sh-linux/macros", + "SPDXID": "SPDXRef-File-usr-lib-rpm-platform-sh-linux-macros-c9c46e2fd50b9998", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5630a3a3e4da8cc75361ba46fde82d33d271e3a9" + }, + { + "algorithm": "SHA256", + "checksumValue": "647808e04766e4243c1b2a1d9ed0ad3bbe81de31b5243dae8c02bb5c07493852" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/sh3-linux/macros", + "SPDXID": "SPDXRef-File-usr-lib-rpm-platform-sh3-linux-macros-e7e92d3264e62f48", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "69e724f668db99cb3d09dcc6add5d0a9d179370e" + }, + { + "algorithm": "SHA256", + "checksumValue": "44a103b488cd5934b5e18e34998eccc43c86463558c6cf1f54402bdc26deaac3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/sh4-linux/macros", + "SPDXID": "SPDXRef-File-usr-lib-rpm-platform-sh4-linux-macros-60cda47c3612fb98", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6e4c31bddf33a2e4701f85ec40f7c58bdab21964" + }, + { + "algorithm": "SHA256", + "checksumValue": "0325b105e93df85c946909fdeb8ec7412df99be3d311d0222745764bcb707fb0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/sh4a-linux/macros", + "SPDXID": "SPDXRef-File-usr-lib-rpm-platform-sh4a-linux-macros-d31e7007a922c92f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4321e3542c72da2e0f9a464dca3b723dda394314" + }, + { + "algorithm": "SHA256", + "checksumValue": "3818e64c0441e5db247356e8b0bcc3b33f9b308a1d71f7a5061a2e9fc57aed59" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/sparc-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-sparc-linux-macros-b9040db32c3f5e83", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a858e0beccd990689bc5117057b3b53073035866" + }, + { + "algorithm": "SHA256", + "checksumValue": "6437bc458ca7170aa14cf3f8172270236b72d2a32728a9ec89eb03a49720544c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/sparc64-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-sparc64-linux-macros-71a974a45dfc01c1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4ea3f624c000220861511178b856f774e4ea51fc" + }, + { + "algorithm": "SHA256", + "checksumValue": "95676b8042844423a2cee2ae9c5186c3fa17f82dc17ca73a1c9613714b67b161" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/sparc64v-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-sparc64v-linux-macros-e0f6dc1403a7fc83", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "39c2957b57896a69ad9f789725f7efdaf55839de" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a2275952bd5c1635bceb9382bbf73547b05502d96bc0360c7cbb64c8a2e15cf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/sparcv8-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-sparcv8-linux-macros-a22a3cb85a3df386", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0c5dc51c492271a5541c6e4f258f336e7449f240" + }, + { + "algorithm": "SHA256", + "checksumValue": "091a4bb25ce60367d5b97600cdca92e695960de54e6e70ca596df95057d634d6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/sparcv9-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-sparcv9-linux-macros-71149ce0d4fa13e8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a858e0beccd990689bc5117057b3b53073035866" + }, + { + "algorithm": "SHA256", + "checksumValue": "6437bc458ca7170aa14cf3f8172270236b72d2a32728a9ec89eb03a49720544c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/sparcv9v-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-sparcv9v-linux-macros-dc644502f7b052c1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c7d766e25950f8e73d1dca7113c3d8f476c8fd09" + }, + { + "algorithm": "SHA256", + "checksumValue": "486d438b82a0fc17f7934fc60dc2cb369c993fb2b52778c4e4a44c06bca056c4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/platform/x86_64-linux/macros", + "SPDXID": "SPDXRef-File-...lib-rpm-platform-x86-64-linux-macros-0d7c62d8d6903a19", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "561006caa231531660ea8eb37cf1757417b500e1" + }, + { + "algorithm": "SHA256", + "checksumValue": "92db1b683d4178016d645ee5a912e572ddaa62d281caec616677c75da1d115e7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/rpm.daily", + "SPDXID": "SPDXRef-File-usr-lib-rpm-rpm.daily-06f279013c2ddb0d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "eaa218dba53c38043c757407c824fb199cd8e0ff" + }, + { + "algorithm": "SHA256", + "checksumValue": "b98748f664b3245cb7f3d22927b541ee659c221094df7e4d7e5950b6d73eb37d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/rpm.log", + "SPDXID": "SPDXRef-File-usr-lib-rpm-rpm.log-cc798dcb38eba1a3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "29c0990a863f9f69f4ab26b4a0c31b3eff432a5a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ed0a8b7f8ec41ea0d6d8d7ccdc698d216cd7a7154e77bbdaf8eb02bc4535ab0a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib/rpm/rpm.supp", + "SPDXID": "SPDXRef-File-usr-lib-rpm-rpm.supp-8044442fd16feb3e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9b3ed20f6fdb44d14c2d2087c012d137a8d33acf" + }, + { + "algorithm": "SHA256", + "checksumValue": "d88d7b62b79bf754a47ba69d0997ae82c4f0e5ea6af3f8fe2e40ffb1fc3fe054" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib/rpm/rpm2cpio.sh", + "SPDXID": "SPDXRef-File-usr-lib-rpm-rpm2cpio.sh-d2e455bcbb756676", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "764bdbd8b22ee603b69dce104939e6a542510247" + }, + { + "algorithm": "SHA256", + "checksumValue": "e23cd42e7200d3ac193d2d299ecf0fadda19f2306a9a232be71147be0c3cb31b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/rpmdb_dump", + "SPDXID": "SPDXRef-File-usr-lib-rpm-rpmdb-dump-6d23106926cedc71", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b598461dc785d6c9758bbebd2430571099d12605" + }, + { + "algorithm": "SHA256", + "checksumValue": "bf09433a9284ba72a3e7e698d74f7d3873dab852d4aa4a0e1ef78b2a1711c96c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib/rpm/rpmdb_load", + "SPDXID": "SPDXRef-File-usr-lib-rpm-rpmdb-load-d0ceb81547867a2e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "22634bc843cf4129f9a6197031f9c3975ad59acf" + }, + { + "algorithm": "SHA256", + "checksumValue": "9e924a2590ec3c4322f07e24f1ed7f3aa16f13e2c38496a78f7ab873d238b27e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib/rpm/rpmpopt-4.16.1.3", + "SPDXID": "SPDXRef-File-usr-lib-rpm-rpmpopt-4.16.1.3-ce9dbdde35edfecd", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2ce2612ca730924fe2e23dcf51b1a1594dd09926" + }, + { + "algorithm": "SHA256", + "checksumValue": "00071b0002402da148d4338cb3578b994a1b248510f79e6d52d8e647b27a5b59" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/rpmrc", + "SPDXID": "SPDXRef-File-usr-lib-rpm-rpmrc-c8315aa5258a6107", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0663b885793778464c96e10365079fba0876a748" + }, + { + "algorithm": "SHA256", + "checksumValue": "5d9a1c85de3205a6423a2bf71025d71d11e4cbbc1da9318cb72a0f0789baa437" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/rpm/tgpg", + "SPDXID": "SPDXRef-File-usr-lib-rpm-tgpg-65b422093ea150ab", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "65838988252004b9373bb969e44be70f95e868d9" + }, + { + "algorithm": "SHA256", + "checksumValue": "2301f06a63659cc2acd2f8c3c00f19a4cfeb427b916345299a3112844ae2b5b0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib/swidtag/redhat.com/com.redhat.RHEL-9-x86_64.swidtag", + "SPDXID": "SPDXRef-File-...com.redhat.RHEL-9-x86-64.swidtag-f1544ef0e6f4315a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "68b18fb7002f6d32299e0d3bc253f188894e0b1d" + }, + { + "algorithm": "SHA256", + "checksumValue": "d6edae22d91b9a245159ebd816e61b855571c620cf56e68cbf6d0b177cf0cf06" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib/swidtag/redhat.com/com.redhat.RHEL-9.7-x86_64.swidtag", + "SPDXID": "SPDXRef-File-...com.redhat.RHEL-9.7-x86-64.swidtag-436b1621020334c0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b275cf42974b0e28617e06d85ce02ed8554f1732" + }, + { + "algorithm": "SHA256", + "checksumValue": "1d004d3a5edd36b8efc6b61635112f69016dd9f29e60f2a00bd74521a5f7b4b2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/sysctl.d/50-redhat.conf", + "SPDXID": "SPDXRef-File-usr-lib-sysctl.d-50-redhat.conf-ff6a3189201331ec", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d2656a46572e258b17c5703dd96f61f9338b2885" + }, + { + "algorithm": "SHA256", + "checksumValue": "cff0531af9151667207f590615894598494081fb3d6c4db0728fecfb41fbce92" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/systemd/system-preset/85-display-manager.preset", + "SPDXID": "SPDXRef-File-...85-display-manager.preset-5fc131a7cd3b5997", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "75c04345a5c262bae5f12b29c968e68a0dfbefad" + }, + { + "algorithm": "SHA256", + "checksumValue": "037ee720a5c511d7b257216cc81b55b5ebeb09775426288f2d46d614594d9e56" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/systemd/system-preset/90-default.preset", + "SPDXID": "SPDXRef-File-...system-preset-90-default.preset-093ca300cfa0cb3e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8b89ae75968a8da59c2fca9d25dc4122c6cedbe1" + }, + { + "algorithm": "SHA256", + "checksumValue": "e627a4caddb0968721f934b58785d883ea01a977144750f9d39ad838e922f19a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/systemd/system-preset/99-default-disable.preset", + "SPDXID": "SPDXRef-File-...99-default-disable.preset-aab8806f5eb00d9d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b442ebba4890435070a7e468358b191883a71374" + }, + { + "algorithm": "SHA256", + "checksumValue": "3127b197b9eae62eb84eeed69b0413419612238332006183e36a3fba89578378" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/systemd/system/rpmdb-rebuild.service", + "SPDXID": "SPDXRef-File-...systemd-system-rpmdb-rebuild.service-a4781691b8b11ddb", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d3cbdc5e141313c587cf9fd2428fc6aaebff1364" + }, + { + "algorithm": "SHA256", + "checksumValue": "4ec87c1c7fcdc16d7799fe781fa6a2042cf0ed0c3f641c4c7721e78989749a5b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/systemd/user-preset/90-default-user.preset", + "SPDXID": "SPDXRef-File-...user-preset-90-default-user.preset-74da127c15a13fa0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8379013fe884529a5adde637f5ae2bffe8cb2976" + }, + { + "algorithm": "SHA256", + "checksumValue": "ba8ff51494b993c5dd3fe73b82cb12abd2ff2212303c0929d879c990d2d85ec1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/systemd/user-preset/99-default-disable.preset", + "SPDXID": "SPDXRef-File-...user-preset-99-default-disable.preset-71df7a257a3f5f8b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b442ebba4890435070a7e468358b191883a71374" + }, + { + "algorithm": "SHA256", + "checksumValue": "3127b197b9eae62eb84eeed69b0413419612238332006183e36a3fba89578378" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/tmpfiles.d/dnf.conf", + "SPDXID": "SPDXRef-File-usr-lib-tmpfiles.d-dnf.conf-f3601cef86b4f2cd", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ad2b4fc104428f80282f94f4b925ff12ba92aba7" + }, + { + "algorithm": "SHA256", + "checksumValue": "365360de240de77d77843de09d14272cb91fe853400473178f44903de4949b68" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib/tmpfiles.d/libselinux.conf", + "SPDXID": "SPDXRef-File-usr-lib-tmpfiles.d-libselinux.conf-87bcdfdfb15d3488", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9115ba504c1790e26dc1078d4f549fb6f9c5a184" + }, + { + "algorithm": "SHA256", + "checksumValue": "afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/tmpfiles.d/rootfiles.conf", + "SPDXID": "SPDXRef-File-usr-lib-tmpfiles.d-rootfiles.conf-a3ec0861f75a8a31", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fced9b9b3f40a2333459deafdbfd48f6e8b7ded2" + }, + { + "algorithm": "SHA256", + "checksumValue": "b2858a8e0ae109193e28d96f7fd8a8cfa1b42aad1766f5932814321dd821b7c8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib/tmpfiles.d/setup.conf", + "SPDXID": "SPDXRef-File-usr-lib-tmpfiles.d-setup.conf-db4305a1b2dc79a9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e4d485145026d758bcf51aa356aa1795981e3ab5" + }, + { + "algorithm": "SHA256", + "checksumValue": "b1a7958d03497b0e231f8f14ee501ebb4d15a822d096c180226af5429df15f78" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/.libgmp.so.10.4.0.hmac", + "SPDXID": "SPDXRef-File-usr-lib64-.libgmp.so.10.4.0.hmac-ef5630fdf7377aa2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6e6c4061b34937a88c91be5a9219abe8d626e0db" + }, + { + "algorithm": "SHA256", + "checksumValue": "fd921c4a661f25dee6ec4d8de64d92baf7a61ddd3f33694da12f83b43fd534b9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/.libgnutls.so.30.37.1.hmac", + "SPDXID": "SPDXRef-File-usr-lib64-.libgnutls.so.30.37.1.hmac-7846d632fac88d93", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ee602a75ec9735274fb703b94eb93095c89d1deb" + }, + { + "algorithm": "SHA256", + "checksumValue": "a9c51246fda5f0075b12d888c918478a7257f53b79ef477474dbb8ff0b853937" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/.libhogweed.so.6.10.hmac", + "SPDXID": "SPDXRef-File-usr-lib64-.libhogweed.so.6.10.hmac-eb67df499c22e945", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1f313ee78e096a3560379be7f609ab26e7bf83f6" + }, + { + "algorithm": "SHA256", + "checksumValue": "68415d666e8e68c53314e166e58224b00d7e509642ae3a639892317d21bf7bdf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/.libnettle.so.8.10.hmac", + "SPDXID": "SPDXRef-File-usr-lib64-.libnettle.so.8.10.hmac-baeb2ef9e81c6f00", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7923662b51197c040e769a7ec699af02ad52563c" + }, + { + "algorithm": "SHA256", + "checksumValue": "de1a92dfae5ba529c92fdcf4c9eeb9e679fd25519cd43b83db042f37fdee3262" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/audit/sotruss-lib.so", + "SPDXID": "SPDXRef-File-usr-lib64-audit-sotruss-lib.so-99df092f7bb8222f", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4090959f8a636606947f62c1cf7e9b8dbfa018eb" + }, + { + "algorithm": "SHA256", + "checksumValue": "b8532209ffbc6571d6f9ac43d5eba4011cb296f48e2019496e8d98c7cbe1904e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/engines-3/afalg.so", + "SPDXID": "SPDXRef-File-usr-lib64-engines-3-afalg.so-c302ae351fd4cf79", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7fa2d7d068a0dee88f2b0fcca411b1e6df2a85e2" + }, + { + "algorithm": "SHA256", + "checksumValue": "54eafc93c9df8c45a2fd558969f12dbb805b2dacbf424fbce915abebfb441575" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/engines-3/capi.so", + "SPDXID": "SPDXRef-File-usr-lib64-engines-3-capi.so-112e864d5ac992aa", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d4f4062e905e3ab4518277ae8e297bd651458039" + }, + { + "algorithm": "SHA256", + "checksumValue": "bae170b889544162be76613fcfc2d8115ab0aeac72f9419d3016c567bd28089f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/engines-3/loader_attic.so", + "SPDXID": "SPDXRef-File-usr-lib64-engines-3-loader-attic.so-27b4483b3942a858", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4c9e82c8f4a5392d36fec495a5d4911c9c03f1d0" + }, + { + "algorithm": "SHA256", + "checksumValue": "15280e86932817dd875496788a9bca4f96a0b2cfe1c32deec3ec41aff17ca25c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/engines-3/padlock.so", + "SPDXID": "SPDXRef-File-usr-lib64-engines-3-padlock.so-d32171e48673fb5e", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d1406dacafa61dc6a7e24cf5a853da985f2c672b" + }, + { + "algorithm": "SHA256", + "checksumValue": "01c52ed53ca72f536ec290b68c2a86717fa48e1e34393399cc623fb183e488ea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/fipscheck/libcrypt.so.2.0.0.hmac", + "SPDXID": "SPDXRef-File-...lib64-fipscheck-libcrypt.so.2.0.0.hmac-e6f45669dd679452", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5c04277c82d9b718135c58aa07fa2de027d1bcc9" + }, + { + "algorithm": "SHA256", + "checksumValue": "bdba59b24107da95ade6c1a6c359861baec8182ae70e871424578ef9c61cd389" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/fipscheck/libgmp.so.10.4.0.hmac", + "SPDXID": "SPDXRef-File-...lib64-fipscheck-libgmp.so.10.4.0.hmac-3e384d933fad624e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6e6c4061b34937a88c91be5a9219abe8d626e0db" + }, + { + "algorithm": "SHA256", + "checksumValue": "fd921c4a661f25dee6ec4d8de64d92baf7a61ddd3f33694da12f83b43fd534b9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/gawk/filefuncs.so", + "SPDXID": "SPDXRef-File-usr-lib64-gawk-filefuncs.so-86a9e363787cae70", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "37eaa70235c34188b98e5202fa9bb1fbbfa06593" + }, + { + "algorithm": "SHA256", + "checksumValue": "08daf63964a4da243a342a71cd900b6bbc536d63e65b3fa200cdf30febe56063" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/gawk/fnmatch.so", + "SPDXID": "SPDXRef-File-usr-lib64-gawk-fnmatch.so-6459258497686318", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "11719811351f67dca282058ef12e299dc047e266" + }, + { + "algorithm": "SHA256", + "checksumValue": "6fc76e3013bedf78d4bece60f60bcc9bfdbef00c659513337f2398907108d1c8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/gawk/fork.so", + "SPDXID": "SPDXRef-File-usr-lib64-gawk-fork.so-7b5244660b3ff49f", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7c6054c5a245ffece9e055c31b1826a4c6c7e6b1" + }, + { + "algorithm": "SHA256", + "checksumValue": "ecad486105c51fa598dd4b727e3734d4655f242174d2b31c5e04c1e2f5b43193" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/gawk/inplace.so", + "SPDXID": "SPDXRef-File-usr-lib64-gawk-inplace.so-2a9ba5e47a1caf49", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "85cda1a73ff8d854c57fcb7f89ac239da07d6616" + }, + { + "algorithm": "SHA256", + "checksumValue": "7e9fc9a7602dd997b880518d70bc7bc32d6929b96f939b4359c019543a72d1f1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/gawk/intdiv.so", + "SPDXID": "SPDXRef-File-usr-lib64-gawk-intdiv.so-e1955cc8bd7d7354", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c21b8aba737e1b229cc92f34416c7b2ca80276bc" + }, + { + "algorithm": "SHA256", + "checksumValue": "89b8ccda8a2bbba4276f13ecdf6ef8bd9419d73b5c860ad8f02c3d6ee9dd0193" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/gawk/ordchr.so", + "SPDXID": "SPDXRef-File-usr-lib64-gawk-ordchr.so-d548c3c0c2e1c5f3", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "196f7a4cb44e703e50c9b884a4f77cb24aafc125" + }, + { + "algorithm": "SHA256", + "checksumValue": "fe87bf2d1356a8d568a47705a26f59c589011c819fa8a433b50999f76822932f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/gawk/readdir.so", + "SPDXID": "SPDXRef-File-usr-lib64-gawk-readdir.so-e91e2e6213b87b0b", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3d521cd923eb6ca57db65ef29afa0cab9d3309cb" + }, + { + "algorithm": "SHA256", + "checksumValue": "8553215e8ffebdcc353bc16e15ff10abb538d07def13488ad19f1ef80eb8d07d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/gawk/readfile.so", + "SPDXID": "SPDXRef-File-usr-lib64-gawk-readfile.so-23d013f0de6bb227", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7a013b78afc9a3d8c4ffedd8ac551fba321d9ca4" + }, + { + "algorithm": "SHA256", + "checksumValue": "5ce8ed25ccc02ae960b6123cf804cd43bd2d165962e907a0ba311b8785531370" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/gawk/revoutput.so", + "SPDXID": "SPDXRef-File-usr-lib64-gawk-revoutput.so-64d9d5371892c01a", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "576dc35ec1edb574756b1bafb77d5ae087791e18" + }, + { + "algorithm": "SHA256", + "checksumValue": "46dca6dece20b4bb37cb091a82ca6e4ffd32398e2d1b4669327b335ed359dea1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/gawk/revtwoway.so", + "SPDXID": "SPDXRef-File-usr-lib64-gawk-revtwoway.so-9eebb7943e5997ad", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "32af370c9708b622c8f64b8b8388de36eec592b7" + }, + { + "algorithm": "SHA256", + "checksumValue": "f1cc9a475e8154da632614e48fb8836b994643947582eb0dc5486a5a105e0b8b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/gawk/rwarray.so", + "SPDXID": "SPDXRef-File-usr-lib64-gawk-rwarray.so-9b4fdfd089bd0f72", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "232077fc412b5fa8cdeb7c2ce5f2537365d0fcc6" + }, + { + "algorithm": "SHA256", + "checksumValue": "395be1e8e158672cbe30547f78daa93d1b7525a5bb893ae36b66fc9f2c81fa72" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/gawk/time.so", + "SPDXID": "SPDXRef-File-usr-lib64-gawk-time.so-d64f3b4ac3fb03ad", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3a9feb12a625c8b025e6fff008d799913f86b873" + }, + { + "algorithm": "SHA256", + "checksumValue": "17df1cec822ba1dd53c9c5a4f5ba9c880c6362a68ecf76671b7b9c6fb5947056" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/gconv/ANSI_X3.110.so", + "SPDXID": "SPDXRef-File-usr-lib64-gconv-ANSI-X3.110.so-10db71b631af3760", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d6de4f4e8dcd18d24aba7144c04fd5e21f7a517b" + }, + { + "algorithm": "SHA256", + "checksumValue": "1644c0be67e4481de99e2d9f95c850443c7b030f483753f622ec4fbf99db6760" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/gconv/CP1252.so", + "SPDXID": "SPDXRef-File-usr-lib64-gconv-CP1252.so-e71a752222ab1cf0", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "95bf40787e83666dfb66392a63430dbf51fe6105" + }, + { + "algorithm": "SHA256", + "checksumValue": "563b2c39b815b92da2db23382673650ca68552c6485101b457b1bef8821d48bb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/gconv/ISO8859-1.so", + "SPDXID": "SPDXRef-File-usr-lib64-gconv-ISO8859-1.so-367d12ccb8f871f1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c31b278454755b4b56a1bb5df5c5f7859b46d12c" + }, + { + "algorithm": "SHA256", + "checksumValue": "376744f1ba07d1feaffad5cbb2c4bf68e3ff2ff9cd0e0ccfb288405824a48e14" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/gconv/ISO8859-15.so", + "SPDXID": "SPDXRef-File-usr-lib64-gconv-ISO8859-15.so-9679b18dcdd53e17", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "72f6c1850f62d43d36b9f6e95e66145bc824070e" + }, + { + "algorithm": "SHA256", + "checksumValue": "9a5470d2aff600ca1ea7fed177a456e599239614f48a43e8c3e1d623b1af78d0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/gconv/UNICODE.so", + "SPDXID": "SPDXRef-File-usr-lib64-gconv-UNICODE.so-2990c286d4a80ee1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a218f9db19f889674d5406f95dcdef4efbf5aff4" + }, + { + "algorithm": "SHA256", + "checksumValue": "1f6e20b20180e844c8fb780312973b847cc34c607b86480b6790abf50b5023a5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/gconv/UTF-16.so", + "SPDXID": "SPDXRef-File-usr-lib64-gconv-UTF-16.so-6e1ba648d2b11550", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c59c57dd1392dc92b5e584847d915fcc2f08b226" + }, + { + "algorithm": "SHA256", + "checksumValue": "437fab3ea8ee82f9660d5fd20742af56b720019cf20b10e72754e2f1c0270ef7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/gconv/UTF-32.so", + "SPDXID": "SPDXRef-File-usr-lib64-gconv-UTF-32.so-3d05d8fb200663bd", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a2ed303e93945ebfe7fc69438004f77f3b032d33" + }, + { + "algorithm": "SHA256", + "checksumValue": "df2bf0182e2017d41c5d284641d9cda62a3c3141bf6280385bad5a604ac67428" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/gconv/UTF-7.so", + "SPDXID": "SPDXRef-File-usr-lib64-gconv-UTF-7.so-148a25b1c2d99bc2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d43ebbb8e1bceb0828c191d0c05babab730af79c" + }, + { + "algorithm": "SHA256", + "checksumValue": "a3bd3ef13845da8d804473bc6cb04749e1de48a5db46304043ba20d9251614d8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/gconv/gconv-modules", + "SPDXID": "SPDXRef-File-usr-lib64-gconv-gconv-modules-ac52326c6010ee90", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ab6ec0f61e3c8d08fa9ad986790557b78568138f" + }, + { + "algorithm": "SHA256", + "checksumValue": "9976193fd6fb671112a0f10486e50ad3bfb79e9a08429544c820365cdd3bfd35" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/gconv/gconv-modules.cache", + "SPDXID": "SPDXRef-File-usr-lib64-gconv-gconv-modules.cache-a536ab71c04de1d4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "422a05b8691abab797d08753f682060d0fd5fbff" + }, + { + "algorithm": "SHA256", + "checksumValue": "32be69bf0c00481b7279aeb8c0d7920f3da4d95f0743924c0c9cf63a20b9c9b1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/girepository-1.0/DBus-1.0.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-DBus-1.0.typelib-3203fde87778c9ed", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a0c3dd54e7942d3f60f78f581572c2f0539832e9" + }, + { + "algorithm": "SHA256", + "checksumValue": "0843f4d6a549703df7c07f8e96d3c47752123ecf910c7571d786f5347fa02234" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/DBusGLib-1.0.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-DBusGLib-1.0.typelib-0ddc9dba708b678b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "35bfa94bd1942481f5fab66ea134badddf242eea" + }, + { + "algorithm": "SHA256", + "checksumValue": "2aa3277d88103f0c475700cd56fcadbcd7ddb2a588cff93696efd4922e151807" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/GIRepository-2.0.typelib", + "SPDXID": "SPDXRef-File-...GIRepository-2.0.typelib-c9e7cc7fd09f7054", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b3800c684c910bdee152fa2cd1eb4d1333b2d6a4" + }, + { + "algorithm": "SHA256", + "checksumValue": "c9a2d028aa8df8bf3bab2c192f2622e6c9c9b10869b7153a69b861776b95662f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/GL-1.0.typelib", + "SPDXID": "SPDXRef-File-...lib64-girepository-1.0-GL-1.0.typelib-a6ecbe53b00c0170", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2764e078b231ca64f9ee887829caf33ad16b5fda" + }, + { + "algorithm": "SHA256", + "checksumValue": "e6677facd41cc99b3e3e1a9007d9762b00a446b42206d78dd28ea2653478bc80" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/GLib-2.0.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-GLib-2.0.typelib-bf0b590157599e95", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4ddd34f845a98636f83726958b81a068d10fed07" + }, + { + "algorithm": "SHA256", + "checksumValue": "fba14550feaa86c2c00a0f36bdb6aa30ae4ad45a103b909929c326804f96117f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/GModule-2.0.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-GModule-2.0.typelib-838664dccf164d17", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d4b6921ffe93cef4846e7513049fb788ab2b6106" + }, + { + "algorithm": "SHA256", + "checksumValue": "7bc362f60318f3a313498585ee80c9d70ea64d81e6f913b17a094dd92f2d86c6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/GObject-2.0.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-GObject-2.0.typelib-47daa9b0930ea0f5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4653544a623da01fe9f97f47f200d4fe3800fcc5" + }, + { + "algorithm": "SHA256", + "checksumValue": "0b8b1f8589a4664de9d45e3104c84ef1007142f268c86cd74ec3d41dba7ede07" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/Gio-2.0.typelib", + "SPDXID": "SPDXRef-File-...lib64-girepository-1.0-Gio-2.0.typelib-8a3d13c3ee10bc95", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e52f933b9d3633a31c6876ab3db469a11baf6d6e" + }, + { + "algorithm": "SHA256", + "checksumValue": "23f713c670592ea3a475a841c2390a686426f6f08575e9d2aa4ab9a9f4d2d63f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/Json-1.0.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-Json-1.0.typelib-e43bb769482b55c9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6adeb0eb8aa9915248b546ad5025aa99dfb344eb" + }, + { + "algorithm": "SHA256", + "checksumValue": "7a33c50a8748297d29811226528c592ce323a80d024c898c03bc0c59e8ec169b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/Modulemd-2.0.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-Modulemd-2.0.typelib-27ae868c8ec36403", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b94ae13c66d2ad4460f3e81e1a65732168e90b06" + }, + { + "algorithm": "SHA256", + "checksumValue": "b2efe05bbd9a1fccb5399815baa12ae9fb7f5776b30ea63517abda946089f4a0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/Peas-1.0.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-Peas-1.0.typelib-81bbe926b6aead1e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f55cba402d91bddda9b68ebcf939968f85b32ad3" + }, + { + "algorithm": "SHA256", + "checksumValue": "f565f6faf06dd6ab0d48b8222c9a57f8afd8fb3acac9b63bd72955c05854702b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/Vulkan-1.0.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-Vulkan-1.0.typelib-1a3133d2f0305784", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "990f50121bdb450e7cc284416847f9ec12e4d667" + }, + { + "algorithm": "SHA256", + "checksumValue": "c90a6028c5b4903ca95569cce7068138396c68d86a7d029755efc97c8b7b4640" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/cairo-1.0.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-cairo-1.0.typelib-ec87058761e8948b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e078bece9d494ab88f1fb1df74f825f2080c5a12" + }, + { + "algorithm": "SHA256", + "checksumValue": "73a442091999a33cb0927163aaa2052bb2c62dd5a2921e616168ed2e73edf582" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/fontconfig-2.0.typelib", + "SPDXID": "SPDXRef-File-...fontconfig-2.0.typelib-d9ff4f32eeb17c6b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f49aa46670adb0309fd3d7dea310f413ea08a60" + }, + { + "algorithm": "SHA256", + "checksumValue": "17dd220833e93884c4b261336c9bcd1bd546ed2c10920d578de04138182debec" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/freetype2-2.0.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-freetype2-2.0.typelib-7ab7f3522d309852", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "56fa561a33b695289715386cf38125a2d491a13c" + }, + { + "algorithm": "SHA256", + "checksumValue": "03a385fb9e769b084d5df54aae60bbcfa7ca06b14d5a514f5251a175ddb77b3d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/libxml2-2.0.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-libxml2-2.0.typelib-18cf06d4abbb39ce", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d82473e07cb70a82563b48efb1973b02bc28fdfd" + }, + { + "algorithm": "SHA256", + "checksumValue": "428ea3f8b393c44b7682acdcad718d5f6dc87ca6adc6417af06e3f22d8f2aa1b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/win32-1.0.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-win32-1.0.typelib-c6783499aa12b204", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5f289edeef92d2fdfd6ed220ebcc517e9d56fd21" + }, + { + "algorithm": "SHA256", + "checksumValue": "f58e32852eeba023aa69ffc0a384452a99df362d91c17ebf1c7e6d72baa8b75c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/xfixes-4.0.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-xfixes-4.0.typelib-67c5ab204d910f75", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "87adc0f52a16dabaf8d2bb73ef670644af6c6676" + }, + { + "algorithm": "SHA256", + "checksumValue": "e55b4e0489c9aac5c7f055f4a1b40e0f92417e0db7c02d1611d342a3396c0890" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/xft-2.0.typelib", + "SPDXID": "SPDXRef-File-...lib64-girepository-1.0-xft-2.0.typelib-85e93a42c71df820", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7458fb1126bafae2ab26b5fc526db68eba7dc844" + }, + { + "algorithm": "SHA256", + "checksumValue": "aa4e253474c1084af97eeec58108590488d2b4e82cf9d37c57160c01e6480a6e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/xlib-2.0.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-xlib-2.0.typelib-32a0c00ecef8529c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a1904a60e3355033ed511e7e60912d2b51c23812" + }, + { + "algorithm": "SHA256", + "checksumValue": "4450fa0426b410db5a219f64b4e0d7f9b0be17ae81b9a6947045aeaacf417f91" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/girepository-1.0/xrandr-1.3.typelib", + "SPDXID": "SPDXRef-File-...girepository-1.0-xrandr-1.3.typelib-9e393ba47e750cde", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7e2fc5c059b74dc675e5b84eafa4937ab3adc31b" + }, + { + "algorithm": "SHA256", + "checksumValue": "860b43fd4ff40bae47b48111ff49d432acf96c0211a95b26df5ae8c32179591e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/krb5/plugins/preauth/spake.so", + "SPDXID": "SPDXRef-File-...lib64-krb5-plugins-preauth-spake.so-d36ea61b0f7b6a70", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "21acf8b6cd1e7ecb531ed9cd0abb9985b0d965df" + }, + { + "algorithm": "SHA256", + "checksumValue": "178de7b6dae35770616b6a7d7501681813bf42a38fbad7c58a20b7df0bec3824" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/krb5/plugins/tls/k5tls.so", + "SPDXID": "SPDXRef-File-usr-lib64-krb5-plugins-tls-k5tls.so-001812e01c9af599", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "622f9e6902e23963c9ca73dddb556b1d61c77c20" + }, + { + "algorithm": "SHA256", + "checksumValue": "fdf92bb3901e721908772b7981abe5646e43233c5ed73e7ac6598e75e80b0734" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/ld-linux-x86-64.so.2", + "SPDXID": "SPDXRef-File-usr-lib64-ld-linux-x86-64.so.2-9195ac6a4e9b45d6", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16169962915c36355293ecba579047d880f45bad" + }, + { + "algorithm": "SHA256", + "checksumValue": "5c3f5bb169dc33a7d4b31e51eb40020e993e35cda989c24a3313c2fe9cdc2376" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libBrokenLocale.so.1", + "SPDXID": "SPDXRef-File-usr-lib64-libBrokenLocale.so.1-13a9f52f69916435", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9a685e1184299e88526e9c007c1bd69b9b313e3c" + }, + { + "algorithm": "SHA256", + "checksumValue": "7edfeb32d0c6e94b6278c8dbc45e44f5a3da9c0aff4a0ba6e0921c84c512c121" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libSegFault.so", + "SPDXID": "SPDXRef-File-usr-lib64-libSegFault.so-8dcdbc2daec313fa", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "491d8e11683f0b8b2121c897ae870fcdff2cc565" + }, + { + "algorithm": "SHA256", + "checksumValue": "d1977600b89705a3667d947fa34f184a2956c2f0b0b9418339cd730c78127930" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libacl.so.1.1.2301", + "SPDXID": "SPDXRef-File-usr-lib64-libacl.so.1.1.2301-ee957d0fd6dceb6b", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "94d85a7ef951984cc7d9337ba6f4adf1b09a74dc" + }, + { + "algorithm": "SHA256", + "checksumValue": "4894d693ef1fd6acbd95a8ef1873716b6086523084fceca0b16f430acb2d67c7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libanl.so.1", + "SPDXID": "SPDXRef-File-usr-lib64-libanl.so.1-a6f9568da893cbea", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c6a76807d9b4b6067ca80ad6f887545939b4b349" + }, + { + "algorithm": "SHA256", + "checksumValue": "59881a9701e9bc254b407ec15f61234107f3e35ca9904fafbc6a03ef87818e83" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libarchive.so.13.5.3", + "SPDXID": "SPDXRef-File-usr-lib64-libarchive.so.13.5.3-9b76edb27d874f0d", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1f3fafeaee91f5c8e142ade2263bc53f245fa4d1" + }, + { + "algorithm": "SHA256", + "checksumValue": "0370762f3d8750f029a50990bee15b28b5c2550cf956e02803b5a0f011d2c846" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libassuan.so.0.8.5", + "SPDXID": "SPDXRef-File-usr-lib64-libassuan.so.0.8.5-20166f892a70cb1d", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d7073b36a9259025a56139b223bd1b266dc3154b" + }, + { + "algorithm": "SHA256", + "checksumValue": "2802ab456d7ce9730af980620dc280917270b33efb514af96ed9fafd4f7237d9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libattr.so.1.1.2501", + "SPDXID": "SPDXRef-File-usr-lib64-libattr.so.1.1.2501-37278abcf11da63d", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cf304368638fcb8aef50f0e1ded25deadb64b33c" + }, + { + "algorithm": "SHA256", + "checksumValue": "944c2763b2c727d3126e9f60edac6189d9ac072cb91538eda0f4cc55bc24a5a0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libaudit.so.1.0.0", + "SPDXID": "SPDXRef-File-usr-lib64-libaudit.so.1.0.0-3c3792c46b7bdb52", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4b7ccff67115924baba546d181ff92f1856d0f13" + }, + { + "algorithm": "SHA256", + "checksumValue": "fb35b66ad1159789ac4cca877af8866c4134763506773135d392009bcb598bb4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libauparse.so.0.0.0", + "SPDXID": "SPDXRef-File-usr-lib64-libauparse.so.0.0.0-aa0cee721cb7084a", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f5cc86f3991a87e486daac74bed5f1c8d9f56277" + }, + { + "algorithm": "SHA256", + "checksumValue": "1e642599409fbfa95199c90cc97fcade6e65d3dd5ee81bf8c39cae4ebab93f3e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libblkid.so.1.1.0", + "SPDXID": "SPDXRef-File-usr-lib64-libblkid.so.1.1.0-b3bce0528aee3419", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b64d59d10011d6e50b2a3b350cb615143be87e11" + }, + { + "algorithm": "SHA256", + "checksumValue": "cced98d63ab6db38442f52670a605af3dd36f1caafe19f86e1fd2ee850655206" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libbz2.so.1.0.8", + "SPDXID": "SPDXRef-File-usr-lib64-libbz2.so.1.0.8-03fde1b1904f0a48", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7b74c640e36fea8d0196a28e381a00684c488bf5" + }, + { + "algorithm": "SHA256", + "checksumValue": "0be7c010debc1bc5b53f59449ee204e5f927978439e6bd5df256cd36c288272d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libc.so.6", + "SPDXID": "SPDXRef-File-usr-lib64-libc.so.6-898c7000b5881f61", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "93f346879e34d35b0c96c6f6be965af2ef03a86a" + }, + { + "algorithm": "SHA256", + "checksumValue": "e3b8bd13af7d81fed68c43d2ed3ea54db6e23a44499519d783e77edf8022581c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libc_malloc_debug.so.0", + "SPDXID": "SPDXRef-File-usr-lib64-libc-malloc-debug.so.0-7907305384f2540e", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "58ea847984b2c59164b7e8301b5405920c7a6edc" + }, + { + "algorithm": "SHA256", + "checksumValue": "e34fd1525218ce9f30738a4ac10d1261745d8ccd83f36126eecc59e511d4d71e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libcap-ng.so.0.0.0", + "SPDXID": "SPDXRef-File-usr-lib64-libcap-ng.so.0.0.0-874052fff98a4177", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "98046eaa771d306fe8be38bfff4913df74f41283" + }, + { + "algorithm": "SHA256", + "checksumValue": "0f03248a4184699f298d006c36cad963dba065d451ed8dc187aceb7c1e3fff81" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libcap.so.2.48", + "SPDXID": "SPDXRef-File-usr-lib64-libcap.so.2.48-7b4d7d0f77ce8dc2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2df0c3605badc228ba578e14c3477b1b0d1abe67" + }, + { + "algorithm": "SHA256", + "checksumValue": "29a6c106d86e91a4f3c6cbbe4645a2e08fc792522849ae21dcb1e605fa17144a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libcom_err.so.2.1", + "SPDXID": "SPDXRef-File-usr-lib64-libcom-err.so.2.1-3aa74c97ee3ced19", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d8d22c28a0ded2cbcedc056bad3ca7a1b4a01eb4" + }, + { + "algorithm": "SHA256", + "checksumValue": "e21a880da89989009a63efb976c7c9c50980724b168099b310939aad5a16057f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libcrypt.so.2.0.0", + "SPDXID": "SPDXRef-File-usr-lib64-libcrypt.so.2.0.0-c1d8fac200470efc", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ac63dc058acacd5935ff0887b206e6a2f76816bb" + }, + { + "algorithm": "SHA256", + "checksumValue": "67847e804cdd224fc438207e6919a69ce03cdede0fa3f3467fbd09b554640667" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libcrypto.so.3.5.1", + "SPDXID": "SPDXRef-File-usr-lib64-libcrypto.so.3.5.1-c1f88b3854213579", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "771f24202922592d78bd91e48c697ee840b766e8" + }, + { + "algorithm": "SHA256", + "checksumValue": "449d65e825fef0087c0c6351b8dd58895ce519e599fd57a1236cba42ccbb19c6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libcurl.so.4.7.0", + "SPDXID": "SPDXRef-File-usr-lib64-libcurl.so.4.7.0-fab1deefcb5e0964", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c7d8f88f628082db0acd6d616644e6f3740febca" + }, + { + "algorithm": "SHA256", + "checksumValue": "455008f34e03dfe048eb134380c9ad2c61f4f9ed4e6033760427ef6ae37a92b9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libdl.so.2", + "SPDXID": "SPDXRef-File-usr-lib64-libdl.so.2-6310624b78c38417", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2508120f5b29406dbfbc54090c2606bb838077ed" + }, + { + "algorithm": "SHA256", + "checksumValue": "4731f911c5ae24b2428705a9b0ad77b5a5902445a55f667d8ad19066616104d1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libdnf.so.2", + "SPDXID": "SPDXRef-File-usr-lib64-libdnf.so.2-b392fb15dd7ac667", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5102b504921f005899a29173dc7ae838d85c7c3e" + }, + { + "algorithm": "SHA256", + "checksumValue": "a7da408ef9d424047efa4b59f7e69272b93fb6979b956d286939fcb6292bb837" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libdnf/plugins/README", + "SPDXID": "SPDXRef-File-usr-lib64-libdnf-plugins-README-2a53cced56358980", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "557ca9f62680017df81311fafa956b9baa3e036b" + }, + { + "algorithm": "SHA256", + "checksumValue": "73532ee155af95978529b5d896ed657ac8823a3ab32959bdde9719b35e6a7ae6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libdrop_ambient.so.0.0.0", + "SPDXID": "SPDXRef-File-usr-lib64-libdrop-ambient.so.0.0.0-873c917cafce7f50", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3e283fefd85ac380b7c83f9e9bd3c6319ce3cca4" + }, + { + "algorithm": "SHA256", + "checksumValue": "37552076c61781047d691ace88972921141f471ca1c76f223b48331d6350c70f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libevent-2.1.so.7.0.1", + "SPDXID": "SPDXRef-File-usr-lib64-libevent-2.1.so.7.0.1-caa129ad797767a7", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f20129854c8aeac2120d5b8e20203cbca02b65de" + }, + { + "algorithm": "SHA256", + "checksumValue": "bb9471ece95b9eed40f0a6b30d90305f8586573ef511945d0852aab8cd544c6f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libevent_core-2.1.so.7.0.1", + "SPDXID": "SPDXRef-File-usr-lib64-libevent-core-2.1.so.7.0.1-0641d6c97b0ce150", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "88dd27a01a0563fb9334fbcd29474d0d4db5ed7e" + }, + { + "algorithm": "SHA256", + "checksumValue": "62e6a6c76d6478a2c2aa9548c5e8ee62d51fb2b9c3f59fdf773f3a8d7cab6b38" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libevent_extra-2.1.so.7.0.1", + "SPDXID": "SPDXRef-File-usr-lib64-libevent-extra-2.1.so.7.0.1-7e97c46e2ba7aa0e", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8e4573d1ff82fb9911793412593a90beee3914b9" + }, + { + "algorithm": "SHA256", + "checksumValue": "55995d6af18cb176d702d4f5ac0cc88816d91121b213425d688ddfe4520877d5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libevent_openssl-2.1.so.7.0.1", + "SPDXID": "SPDXRef-File-...lib64-libevent-openssl-2.1.so.7.0.1-126ddf605a08aa6f", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1d4c956778f6b27e5d8fb61d75e5c7ef21d86436" + }, + { + "algorithm": "SHA256", + "checksumValue": "639f118b45454cf12f92f9cb4ef1ffce8ac016729fb7c6089328859d54b25394" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libevent_pthreads-2.1.so.7.0.1", + "SPDXID": "SPDXRef-File-...lib64-libevent-pthreads-2.1.so.7.0.1-4032189b898fefaf", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a22122596aeaf38cde41102703db1dce48a55755" + }, + { + "algorithm": "SHA256", + "checksumValue": "65bdebb29d7a1b9b3704d9e0a626d372548dcbae9e606282ece94ed4149c4569" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libffi.so.8.1.0", + "SPDXID": "SPDXRef-File-usr-lib64-libffi.so.8.1.0-c9e0a30b10d2fe01", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "652d8774241577295e1ee6a0d2e57a6d5d1a1331" + }, + { + "algorithm": "SHA256", + "checksumValue": "c575bec3faae030f61b7dd26a40480e60e6f0060e2b4d3a6f3cacd6da9fc01ff" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libform.so.6.2", + "SPDXID": "SPDXRef-File-usr-lib64-libform.so.6.2-92877ee769577e05", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "92da432723928e257b221e41ffb32b63fccc5e95" + }, + { + "algorithm": "SHA256", + "checksumValue": "4ed3ae67b980e0d0d15c16359295dbbd644e9f9d8ebaa841100d76713fbf995b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libformw.so.6.2", + "SPDXID": "SPDXRef-File-usr-lib64-libformw.so.6.2-620ece52533dccad", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a54c4a2a83b10b045e7a9cbb05f73338c020fbc4" + }, + { + "algorithm": "SHA256", + "checksumValue": "977d21efa2c28e36821eddf3870647c5d53c0ffeffd12ba9048773e85f858bc2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libgcc_s-11-20240719.so.1", + "SPDXID": "SPDXRef-File-usr-lib64-libgcc-s-11-20240719.so.1-56b979a8eab3398a", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "61948bcbf32e52fce58d08a0f8581543583fc102" + }, + { + "algorithm": "SHA256", + "checksumValue": "479b7e606457239009cff27bc79bd82eb7dbe0fe83f0df037721b102b823173c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libgcrypt.so.20.4.0", + "SPDXID": "SPDXRef-File-usr-lib64-libgcrypt.so.20.4.0-64405ea653cfe62f", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "62a55f264e929f20ab20ad8dfea9b94e6d8047c8" + }, + { + "algorithm": "SHA256", + "checksumValue": "ad3532c2f6a3bb7bf5d4cf3b5014e3db23a99ae4d7876882ccf56e898af6e81d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libgdbm.so.6.0.0", + "SPDXID": "SPDXRef-File-usr-lib64-libgdbm.so.6.0.0-62aab177572c81d2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "788eaf9def72fe7cf0b5b0df4ca3e4443c30ee60" + }, + { + "algorithm": "SHA256", + "checksumValue": "bdc7274699add513c815dae574464f2dd2c5d25ac0365cb840d55faad3551989" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libgdbm_compat.so.4.0.0", + "SPDXID": "SPDXRef-File-usr-lib64-libgdbm-compat.so.4.0.0-bea130dbfc935616", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a5ae97bd3dbe08e0eb1ae86220f534bd5425b547" + }, + { + "algorithm": "SHA256", + "checksumValue": "0b6e593bcda737cc2634fbf08b69f7cd12d01bc1db04ff7d95e2cecca0394463" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libgio-2.0.so.0.6800.4", + "SPDXID": "SPDXRef-File-usr-lib64-libgio-2.0.so.0.6800.4-b73ccb7a63516532", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "45e59cc5efec21375122467c1c00f30ef6ccc7db" + }, + { + "algorithm": "SHA256", + "checksumValue": "ce99afd8ea679192db041ae8f2a58d3a7e8cb0d8dd922b496ca7c3ad10f5ffb3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libgirepository-1.0.so.1.0.0", + "SPDXID": "SPDXRef-File-usr-lib64-libgirepository-1.0.so.1.0.0-e69d26bcb0a24e1b", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ba9788ef4fdfb288815525c1c74afbf8fa2d5557" + }, + { + "algorithm": "SHA256", + "checksumValue": "20c154e743cea2df90cec58d41e9b5e26bc10cd1a0cb9f616d81e48cabf4e0fe" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libglib-2.0.so.0.6800.4", + "SPDXID": "SPDXRef-File-usr-lib64-libglib-2.0.so.0.6800.4-aa17c20def3d2ed1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "28d920c7432c7a71dbc07ce15a9603b99fa13596" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a9f544c29e2d39e26e70621121b12d3be42157b09124f18df53205ea87ba6c2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libgmodule-2.0.so.0.6800.4", + "SPDXID": "SPDXRef-File-usr-lib64-libgmodule-2.0.so.0.6800.4-1280ca8837f1e5f5", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "eefb00e05d157458fa14f81eee9c9a67d0115d73" + }, + { + "algorithm": "SHA256", + "checksumValue": "e9e6029eedc9fd114d0ac05a54e2ed851f4e13093e2a01cc59e1b05fffadb3c5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libgmp.so.10.4.0", + "SPDXID": "SPDXRef-File-usr-lib64-libgmp.so.10.4.0-76096f929a097db2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "32475e5d51d9b9b5b2bd99731601e258d65627b1" + }, + { + "algorithm": "SHA256", + "checksumValue": "b9d1265de01c92a6565272aa3ffa30034fe3656c73c348fc988a2e65389d6782" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libgnutls.so.30.37.1", + "SPDXID": "SPDXRef-File-usr-lib64-libgnutls.so.30.37.1-9664c43dc87b8ed4", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "431d9dadcd55d31546d3642efbd71fd9c0104814" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc8f3f4a34f9ab56be7690b75320f9855286bab6de12117df1bbd7a581ee60a2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libgobject-2.0.so.0.6800.4", + "SPDXID": "SPDXRef-File-usr-lib64-libgobject-2.0.so.0.6800.4-9992a8eaecbbd713", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8855ee876d49acc937fd86eae0e88d1bb8239d70" + }, + { + "algorithm": "SHA256", + "checksumValue": "a07a109964b6df13008ac0355a31e002805f31b92be6670f7ca15f3f754b9ecd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libgpg-error.so.0.32.0", + "SPDXID": "SPDXRef-File-usr-lib64-libgpg-error.so.0.32.0-6b8f40a297fb9256", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0c197bcbbd57299c70775b9a50ec2a8f5f33e8b8" + }, + { + "algorithm": "SHA256", + "checksumValue": "7c35a3105985309405449a6f609cab1b0971fd65d44d70c4780106c12673ba08" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libgpgme.so.11.24.1", + "SPDXID": "SPDXRef-File-usr-lib64-libgpgme.so.11.24.1-3c3cb91a078fde6e", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "732b6788c2f9089361158c53f5c147fbc39935cf" + }, + { + "algorithm": "SHA256", + "checksumValue": "0ba972ec6ce71ecb0d07f1a5fa318c2f498eb671327ba444393cb3a1b6b497a4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libgssapi_krb5.so.2.2", + "SPDXID": "SPDXRef-File-usr-lib64-libgssapi-krb5.so.2.2-dab0f87cf2057742", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ee04d27dd97096c829932cfa5c368057b0b242f3" + }, + { + "algorithm": "SHA256", + "checksumValue": "82e569d3d5a8b53efc1818912cd391752b4bc0f425399a323818884d6f2f6783" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libgssrpc.so.4.2", + "SPDXID": "SPDXRef-File-usr-lib64-libgssrpc.so.4.2-40cfbade72a94901", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "54b6e59cbdcae115f03061082f133455f809de8e" + }, + { + "algorithm": "SHA256", + "checksumValue": "26b095804e484decf7f5311731111c5333abb0e6ec891f07efd5a6c6057a7ea7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libgthread-2.0.so.0.6800.4", + "SPDXID": "SPDXRef-File-usr-lib64-libgthread-2.0.so.0.6800.4-d99f54c344ef6351", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b690ada5da2b4697523336a6b03b6297d501abcb" + }, + { + "algorithm": "SHA256", + "checksumValue": "33e1f84aa7f1483707971e3adc632e5672b00aa1299bc71bf94eb082df45a25d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libhistory.so.8.1", + "SPDXID": "SPDXRef-File-usr-lib64-libhistory.so.8.1-315872dd93390c03", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ee35f373b496c24e9b0eb04c51f51ff141c2ec16" + }, + { + "algorithm": "SHA256", + "checksumValue": "1624092f4c9c1b6dba385d4a2acf707f02620f4ea6e4de478887f9dbae31c66a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libhogweed.so.6.10", + "SPDXID": "SPDXRef-File-usr-lib64-libhogweed.so.6.10-59528e0c83849368", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ccf086c17f2bf1f4119abf78370a7c8dbf200c2b" + }, + { + "algorithm": "SHA256", + "checksumValue": "14f31299ff681777715ecc787249d1033acd9032ea5870406014b7a13d9a8ea6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libidn2.so.0.3.7", + "SPDXID": "SPDXRef-File-usr-lib64-libidn2.so.0.3.7-f25c4208eeb070b6", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "885dcf79a492efb10cb15e13ad80a0f889cbd09c" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc245bad13edbcd52b6f654a3de2ddcb017c92590e0b7b473b8a69a3db3a2b9c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libjson-c.so.5.0.0", + "SPDXID": "SPDXRef-File-usr-lib64-libjson-c.so.5.0.0-77c9b4d0917880dc", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5cb568c7b5fbd446a520efe927ff3dee04b6da8d" + }, + { + "algorithm": "SHA256", + "checksumValue": "8aa6483f266303dd0116a85882806382c9e254bceeb17be1c1f8933a1ea9f33e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libjson-glib-1.0.so.0.600.6", + "SPDXID": "SPDXRef-File-usr-lib64-libjson-glib-1.0.so.0.600.6-b4b67fbfb5f5e23e", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a24f2e1e611e1ebeed67b9bcf2c3e2e6615e02c9" + }, + { + "algorithm": "SHA256", + "checksumValue": "9ffe45c8c5b88fabf34a007c4b0ccc0322728f5790e43e11785ccdad64557a0e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libk5crypto.so.3.1", + "SPDXID": "SPDXRef-File-usr-lib64-libk5crypto.so.3.1-e66eb4f8be4409fb", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "10c6ac6819a931dd119885e6a1db5862f6ae3954" + }, + { + "algorithm": "SHA256", + "checksumValue": "188823b6e7bdf0ea2f455bb6f84ca33610ca7f657a585632790325b21461dd93" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libkdb5.so.10.0", + "SPDXID": "SPDXRef-File-usr-lib64-libkdb5.so.10.0-142bc36112f14a35", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e042ea6678c360ecc0d02a5705b035a65e745468" + }, + { + "algorithm": "SHA256", + "checksumValue": "a6fd5fccfaf480ec863329af3ff9bb1f42cdcb01528f0184ac7c97ae0e558d4d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libkeyutils.so.1.10", + "SPDXID": "SPDXRef-File-usr-lib64-libkeyutils.so.1.10-09908bd891f4a1fb", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b80385902e58f095f0f4b2f4e7707e38152bc853" + }, + { + "algorithm": "SHA256", + "checksumValue": "b0aaec55115d2ab97e1a70cb4c9a1b036d839d7922e67d3e610cd3ccd58521e3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libkrad.so.0.0", + "SPDXID": "SPDXRef-File-usr-lib64-libkrad.so.0.0-6a6b8cc19b094b2c", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "aa6f1fc7145b5b94fce1eafdf9fb68335ecc99f9" + }, + { + "algorithm": "SHA256", + "checksumValue": "3fdad8aa5aa7543e7b67155edd0cb65ca779a178db0453a7282d9d4aeecc6fbf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libkrb5.so.3.3", + "SPDXID": "SPDXRef-File-usr-lib64-libkrb5.so.3.3-810479e6a3eae050", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3504036a38ebb387b7478e859cbd5c326b414f17" + }, + { + "algorithm": "SHA256", + "checksumValue": "68b134bf28e83fff5b2b5e5712d7c97c37066aa0e8046f6404f75fa19ed6cb1c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libkrb5support.so.0.1", + "SPDXID": "SPDXRef-File-usr-lib64-libkrb5support.so.0.1-65c571a404e6bbe2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4614230f2837087cdd0e24850fdd00c6b991082e" + }, + { + "algorithm": "SHA256", + "checksumValue": "2878776878909e50f19257646d0ec09e1adc75046209efff67f663912e6e6602" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libksba.so.8.13.1", + "SPDXID": "SPDXRef-File-usr-lib64-libksba.so.8.13.1-1e29db6133907052", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b75cef0731f4977cfbcda33d8458b37fcf05ce8e" + }, + { + "algorithm": "SHA256", + "checksumValue": "081792cc346461618b8723abc84afe792870d36452f47a3c2e7acab017c1021b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/liblber.so.2.0.200", + "SPDXID": "SPDXRef-File-usr-lib64-liblber.so.2.0.200-57cbd1b8c9f3214c", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "89913b0a7815cf52ecffd4b5157164404778c609" + }, + { + "algorithm": "SHA256", + "checksumValue": "cd4dbbf1476eb6dca1416018e12a6aaea0fba10595fe8209d22f67b07b5eb280" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libldap.so.2.0.200", + "SPDXID": "SPDXRef-File-usr-lib64-libldap.so.2.0.200-9e9bb1f6d2ddc650", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e7c372e56c06960fe4c5340f1c6cdba486cd1eff" + }, + { + "algorithm": "SHA256", + "checksumValue": "eb1f24b4e29e3d4400220b7be5bbdd23e6207ebe9a39bf5798b2bef268c1d03f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libldap_r.so.2.0.200", + "SPDXID": "SPDXRef-File-usr-lib64-libldap-r.so.2.0.200-5ee50c5b622f51d8", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b443ce7c4836280e4fb8318aa1607515668f6cc1" + }, + { + "algorithm": "SHA256", + "checksumValue": "52306b17c10badd3df615a0b37d84f3e8b369dd744008f0e8aa6466cb3314c0b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libltdl.so.7.3.1", + "SPDXID": "SPDXRef-File-usr-lib64-libltdl.so.7.3.1-0d3040dbb5de38e4", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a85d004047809a62591877cb0091236393cbe0d2" + }, + { + "algorithm": "SHA256", + "checksumValue": "0109357682ea87d4b4f479117555f863a0b3d2959100fc31a27252fffc5b5306" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/liblua-5.4.so", + "SPDXID": "SPDXRef-File-usr-lib64-liblua-5.4.so-f18c9f92057ac960", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2c34f6a723b87db49b380ae747c19c134f5daa38" + }, + { + "algorithm": "SHA256", + "checksumValue": "a51bea6a192c1ae861b20f871fca5e3ea4751b9ad31ca448d9799965d4b208fc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/liblz4.so.1.9.3", + "SPDXID": "SPDXRef-File-usr-lib64-liblz4.so.1.9.3-07c7e420648edb7f", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9d7a2adf1f1ad3f6c1a57fc2fb4fc136e97a307c" + }, + { + "algorithm": "SHA256", + "checksumValue": "cd2cd6b9b4ddc0fda8eb8bd2597566f50efd4848ce24f071c88385bae200e166" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/liblzma.so.5.2.5", + "SPDXID": "SPDXRef-File-usr-lib64-liblzma.so.5.2.5-d25c76d984b3aa3b", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1c20beff7a63fea7251efb9f1435c619828244dd" + }, + { + "algorithm": "SHA256", + "checksumValue": "16125c779c2442c5bc32a3aeded7e6a5e70c9112864eebb5bb061651222a2dda" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libm.so.6", + "SPDXID": "SPDXRef-File-usr-lib64-libm.so.6-9c5b99a9203f7dc7", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "40491ae304c8d0a6850837e028c18d6812c6f30d" + }, + { + "algorithm": "SHA256", + "checksumValue": "2d3d7de18f6db76e4fb7adb884bb1f9a3dfadd12fcbcd83748da4bbb3ec342df" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libmagic.so.1.0.0", + "SPDXID": "SPDXRef-File-usr-lib64-libmagic.so.1.0.0-33e898c1f45c8cd6", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "228ac994fe088a510f8caa60e52052573e5ee01d" + }, + { + "algorithm": "SHA256", + "checksumValue": "a0909463137c552f416e7438e4f97beaef6940154c17a974467d339618ad70c2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libmemusage.so", + "SPDXID": "SPDXRef-File-usr-lib64-libmemusage.so-164c9dcdd18d1fc9", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "49f6d6199a79378b61d8f92bda53602109691077" + }, + { + "algorithm": "SHA256", + "checksumValue": "3ccec15ee85e4f96294016eb3bbad83dc581646f819a396d1f255c023d38464d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libmenu.so.6.2", + "SPDXID": "SPDXRef-File-usr-lib64-libmenu.so.6.2-180fe3cdf9d49788", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "eeec5cc725fe6bd9bfabb7758c6019383454fa2c" + }, + { + "algorithm": "SHA256", + "checksumValue": "34513df5ec6d91e250f8a286f20065b28a785191b1e9fedaf2ce6bfe512cdebf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libmenuw.so.6.2", + "SPDXID": "SPDXRef-File-usr-lib64-libmenuw.so.6.2-21e1efe3fc994cb7", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "92183ade94603efcc5a6d9788b66fc4e740a0dd2" + }, + { + "algorithm": "SHA256", + "checksumValue": "f5f6ac15283f0c5dc949db6fe0a2c1081d348e670a4508cced0a3788e67b6f5d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libmodulemd.so.2.13.0", + "SPDXID": "SPDXRef-File-usr-lib64-libmodulemd.so.2.13.0-88ecb7a06373bb64", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1b941e764c69a1b87880d5f18d6dde61c61daec9" + }, + { + "algorithm": "SHA256", + "checksumValue": "55d52f9d60881e172cfdea50c658d4890e2d5fd0cc9bc5bc69b3955514f0ff0d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libmount.so.1.1.0", + "SPDXID": "SPDXRef-File-usr-lib64-libmount.so.1.1.0-93fe09231cb93279", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e55a3e8e1a22365cc7f632b70d0d1e618256c031" + }, + { + "algorithm": "SHA256", + "checksumValue": "7b81c8c9169422ad2d4270b63d1fa817479edf0575ed1fa35178f0382e04e7fb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libmpfr.so.6.1.0", + "SPDXID": "SPDXRef-File-usr-lib64-libmpfr.so.6.1.0-c430935fd8f2dc21", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "04bc73f1550e9d40f9582f2d7e84e5ea7d989917" + }, + { + "algorithm": "SHA256", + "checksumValue": "737d4ad1015f97e0bfa59cc62d79e2a5fe7ac62148fd7f2826977de75f2f9ba4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libmvec.so.1", + "SPDXID": "SPDXRef-File-usr-lib64-libmvec.so.1-cc6fde5122ccb21c", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2187973825273dfecbec9d1757814ea1a4aeeff5" + }, + { + "algorithm": "SHA256", + "checksumValue": "2ab11542d16a97109f41000260ecb3fe42db527bbf6df141de9cfb443a6eea8e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libncurses.so.6.2", + "SPDXID": "SPDXRef-File-usr-lib64-libncurses.so.6.2-abab580ee1866cde", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1c8f0cf657b19227886823c5eb43805e3aa49334" + }, + { + "algorithm": "SHA256", + "checksumValue": "5167c013b62e1c1d80af8fcfc89259a71d9510729407994a0fef2009f31a9c7d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libncursesw.so.6.2", + "SPDXID": "SPDXRef-File-usr-lib64-libncursesw.so.6.2-a49ecb62b0ebac88", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4d9ee876972ca2039b91c5e2491b53048c0d2311" + }, + { + "algorithm": "SHA256", + "checksumValue": "a884db5dbd02cbf96325bdef4452111ecf35c657aba7543d9f9a4dad17692592" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libnettle.so.8.10", + "SPDXID": "SPDXRef-File-usr-lib64-libnettle.so.8.10-e6663d1e664c7729", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0f19b129fba547cefd4a37ba1784b92ccbe44877" + }, + { + "algorithm": "SHA256", + "checksumValue": "d39fc751ef9f42edf10567fea505c55ef70dd2ebda3602c181cafd2fadc52e76" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libnghttp2.so.14.20.1", + "SPDXID": "SPDXRef-File-usr-lib64-libnghttp2.so.14.20.1-a2d7e7570645fbd9", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "67566f22812d095385f7f0bd5d5c12ffa53cef33" + }, + { + "algorithm": "SHA256", + "checksumValue": "04be3e1e30dc721889595dfc826aefb82d84994218b1e433f81f7e727c39791c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libnpth.so.0.1.2", + "SPDXID": "SPDXRef-File-usr-lib64-libnpth.so.0.1.2-cb56001146a5f57c", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "42eedfa668f126069ef7b65e06610e02484dda2d" + }, + { + "algorithm": "SHA256", + "checksumValue": "a90bc7657c5f2a4aeee8e6068c4e7318e856d5870e59203cc0f38e0d3e27ed78" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libnss_compat.so.2", + "SPDXID": "SPDXRef-File-usr-lib64-libnss-compat.so.2-076c827c3f1dc44e", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7bc282d508d9d82804bb97ea8ce96a41d69b72b5" + }, + { + "algorithm": "SHA256", + "checksumValue": "bdbc0ab86029cc1326e82aa13d5a8d76a63845b8d9b9a43488c9d17e1e27e0d2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libnss_dns.so.2", + "SPDXID": "SPDXRef-File-usr-lib64-libnss-dns.so.2-cb11cdc4189fc7fb", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fd115375aecdc5255d09b788f8b975cfb11501c3" + }, + { + "algorithm": "SHA256", + "checksumValue": "7e870759cab5cf5f75e64ba29cfd61918549dbb7ae4575f1272031d741d15b06" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libnss_files.so.2", + "SPDXID": "SPDXRef-File-usr-lib64-libnss-files.so.2-640d7278e8974c51", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1fdfa797fd34e7fb4151584d16d4fe74c7b301fd" + }, + { + "algorithm": "SHA256", + "checksumValue": "33d3c38795fc9591a1be00f562485acdd4b4470388cf14a6d6ac22635c4e3a67" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libnss_myhostname.so.2", + "SPDXID": "SPDXRef-File-usr-lib64-libnss-myhostname.so.2-37b798076510be9c", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d32afe106880d2d4a305832c73c15753d34a051b" + }, + { + "algorithm": "SHA256", + "checksumValue": "2f7bc8428b97a496b43d0bf8a462e9e6bb9e4dfdf3992690dfbf02ffa6c52bdd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libnss_resolve.so.2", + "SPDXID": "SPDXRef-File-usr-lib64-libnss-resolve.so.2-a5e14019242958a4", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b0d417f3234f676af07c009a8a681a446d05c9ba" + }, + { + "algorithm": "SHA256", + "checksumValue": "3d1a8fb6a740b2f54a34a62fe3e22c23478e13e468f689455d3a750560fb2fa2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libnss_systemd.so.2", + "SPDXID": "SPDXRef-File-usr-lib64-libnss-systemd.so.2-5109f754756ed3e7", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1e4674de827b41b479c078acf288f281e56245a9" + }, + { + "algorithm": "SHA256", + "checksumValue": "b31efa30a02ec58c3425a8aec2f958081d96f56c3f7b1d0558b70410f8789949" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libp11-kit.so.0.3.1", + "SPDXID": "SPDXRef-File-usr-lib64-libp11-kit.so.0.3.1-4b7e13d2d8bedc71", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ddd78d6340c805bf19000f4bf16f8f198fb8cc95" + }, + { + "algorithm": "SHA256", + "checksumValue": "9eec2de8301813279c4ade5b8705229d75eebd3d55d28bf42141d61a43055be0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libpanel.so.6.2", + "SPDXID": "SPDXRef-File-usr-lib64-libpanel.so.6.2-2669fc1c6862e336", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c7b8b64d10d92df2cce9b24e2b320b3c88899e1b" + }, + { + "algorithm": "SHA256", + "checksumValue": "2c7538c00c9b18da60d7a1d7370557e36486597a513af8d7918d82dad73711a1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libpanelw.so.6.2", + "SPDXID": "SPDXRef-File-usr-lib64-libpanelw.so.6.2-61853170048c8d39", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "34e1efebc642f4a686b5f9c6c49d0d09a4475c47" + }, + { + "algorithm": "SHA256", + "checksumValue": "a2629dcf273b9741a5bd67855fa276a0d532dd9453815246a8d3f42a229219d8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libpcprofile.so", + "SPDXID": "SPDXRef-File-usr-lib64-libpcprofile.so-023549e866ed57ef", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "edd1a1364ecb26c0f0f077283a79a71ed3d5ebeb" + }, + { + "algorithm": "SHA256", + "checksumValue": "75d3aebcd4c6a1d25e76e031c2ad722c607e7976f3d9d541195c3319c7580915" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libpcre.so.1.2.12", + "SPDXID": "SPDXRef-File-usr-lib64-libpcre.so.1.2.12-61217bc8d6063ca5", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "342f304c2c94ed6be689e3d6a4bf43f3f9dd013e" + }, + { + "algorithm": "SHA256", + "checksumValue": "853849dc5e7393ec3451683443d164b12783019e1b68bc64b49c64812886364d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libpcre2-8.so.0.11.0", + "SPDXID": "SPDXRef-File-usr-lib64-libpcre2-8.so.0.11.0-11d09b8e145a45b4", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "db7a2cef3127771056ee892267c25685dc314eb9" + }, + { + "algorithm": "SHA256", + "checksumValue": "9a7c5324aa19b789ec6451fac312238ba8b266886e37f2dcad51b612deaae96c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libpcre2-posix.so.3.0.2", + "SPDXID": "SPDXRef-File-usr-lib64-libpcre2-posix.so.3.0.2-225f79c9b0575a25", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a3e8ef0589686f39054ecb031e75898288209b3d" + }, + { + "algorithm": "SHA256", + "checksumValue": "cd07b910ec2713c62bd756ca1b5b1b33822fe53b0c22b57bb21a7277c6d38664" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libpcreposix.so.0.0.7", + "SPDXID": "SPDXRef-File-usr-lib64-libpcreposix.so.0.0.7-ba67a519ab935fa6", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a9aaf3592a59f95df4797d0b993e3aafbe66373f" + }, + { + "algorithm": "SHA256", + "checksumValue": "a829890434a50682fa95b2278d8daf3037a6bb195c4ad31d7c14901168ba6a7d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libpeas-1.0.so.0.3000.0", + "SPDXID": "SPDXRef-File-usr-lib64-libpeas-1.0.so.0.3000.0-196b545787abaf02", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5dd09d787c6efcc89059b45c90cd5d371505c8c4" + }, + { + "algorithm": "SHA256", + "checksumValue": "f8b1dc530521545628192a831eaf36cc36499bd1ac28c8241bc6f2d114753df9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libpopt.so.0.0.1", + "SPDXID": "SPDXRef-File-usr-lib64-libpopt.so.0.0.1-5563d371a9f13ec7", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "aa7f191ea0894ab9c74aa189e905a7cfacad919e" + }, + { + "algorithm": "SHA256", + "checksumValue": "5e9f3f8a88255fcb88220f7af51a96fb7328a2ea73154dd306277271571acffd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libpsx.so.2.48", + "SPDXID": "SPDXRef-File-usr-lib64-libpsx.so.2.48-1897bbb4f7efd63c", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7ba1d74b1615f86d8e98d8612deca8bb8076a45e" + }, + { + "algorithm": "SHA256", + "checksumValue": "8c94570f7cb8f2a90cd349009861fd26c98bd7da7ef189f18360ef44c154594e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libpthread.so.0", + "SPDXID": "SPDXRef-File-usr-lib64-libpthread.so.0-d19d670da6254e2f", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d0ba899f8539d26f0dcf32a2a9b68e535f84d68e" + }, + { + "algorithm": "SHA256", + "checksumValue": "83dc268d2bc39b1bc7ea9bc47f80d2b03d584b97471e1d350ae8570c9e451080" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libreadline.so.8.1", + "SPDXID": "SPDXRef-File-usr-lib64-libreadline.so.8.1-cf56343ce42be2bf", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d7042d8c19057b1da6d78ae87c60cc937b0e764a" + }, + { + "algorithm": "SHA256", + "checksumValue": "cd005d15fd3c6546b1ce73e629e516a421c9b0776cb7a0609f45c5c2f8d395bb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/librepo.so.0", + "SPDXID": "SPDXRef-File-usr-lib64-librepo.so.0-f90f9b325a9a1788", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "77016ea3e1a253ed36486def76e462a23e52487b" + }, + { + "algorithm": "SHA256", + "checksumValue": "3702d466122ae54e25448209571edaa4588e2b77e5c301102d99240e4a4f339b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libresolv.so.2", + "SPDXID": "SPDXRef-File-usr-lib64-libresolv.so.2-664d277def349e86", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "36a20966380f36dffa15dcdcea43ea896fb5af7a" + }, + { + "algorithm": "SHA256", + "checksumValue": "f108336535775d00ddac47c7c663e22f38137102e8e674d9ab9a091a43473948" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/librhsm.so.0", + "SPDXID": "SPDXRef-File-usr-lib64-librhsm.so.0-64b06586db1d77b9", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7c40890f3df5a0abb1902afa7024f877eaf13b77" + }, + { + "algorithm": "SHA256", + "checksumValue": "a5e26140e65f99559e39b6d532399de433af5e0eac6020301f98cdf2a1323977" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/librpm.so.9.1.3", + "SPDXID": "SPDXRef-File-usr-lib64-librpm.so.9.1.3-b7a5e9efcb9b8596", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6c02e48748079674b08c4e220b5209cae294b0c9" + }, + { + "algorithm": "SHA256", + "checksumValue": "402844cc65877b72fe5a013de4e83ac6aa3efeb0d91ec6b78dc41c911a65a58c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/librpmio.so.9.1.3", + "SPDXID": "SPDXRef-File-usr-lib64-librpmio.so.9.1.3-5d732d586d21e1a2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c8d8a642abd7cbc609be7d61a6d086277d47d79b" + }, + { + "algorithm": "SHA256", + "checksumValue": "414b4c6dd584b0a9ab9de230cd395bd9bd57daad6979798fe9c716140aa8a027" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/librt.so.1", + "SPDXID": "SPDXRef-File-usr-lib64-librt.so.1-bf18eec22303c1b8", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0acf5c262e7a268c89ecbe021fa658e7809ad178" + }, + { + "algorithm": "SHA256", + "checksumValue": "e7739dc9abc514845ad06d7e1cff374e384f5014d04c5e60c40a1e033f8a95a9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libsasl2.so.3.0.0", + "SPDXID": "SPDXRef-File-usr-lib64-libsasl2.so.3.0.0-7e81ec7a8f66c3ca", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5456bc1a5aa90e5534f0d3d577e202d2f16ba36f" + }, + { + "algorithm": "SHA256", + "checksumValue": "2e3d8149a9cddffd1c8dc2ed69db920d15d8d620a6472906181e79ac33342c9c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libselinux.so.1", + "SPDXID": "SPDXRef-File-usr-lib64-libselinux.so.1-89115b1e9262abe4", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "40711929238836e2a8ec63dfc23135c718aba5df" + }, + { + "algorithm": "SHA256", + "checksumValue": "540225279c84a9ff7c668625b1987aa7f3be24215eb9480c0be73f47818df14c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libsemanage.so.2", + "SPDXID": "SPDXRef-File-usr-lib64-libsemanage.so.2-f4640f5ead471b71", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b1b1b3a36aef3393cc22884dcc355446a134b261" + }, + { + "algorithm": "SHA256", + "checksumValue": "f2a08e1895cf389d80fda8b76380b2d6135930d1b31789fb678711f97dbc553c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libsepol.so.2", + "SPDXID": "SPDXRef-File-usr-lib64-libsepol.so.2-840c32fd3150949d", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "463ee022c64c4f6973022558376f64499bc04927" + }, + { + "algorithm": "SHA256", + "checksumValue": "3b432f1a220b54f86e576e3a4b580e7ed99b1fc73e6cde52b21157c2c2271665" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libsigsegv.so.2.0.6", + "SPDXID": "SPDXRef-File-usr-lib64-libsigsegv.so.2.0.6-9f3a8aed149de7d0", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c406b306355f1c1c06880f216c6b43f8c08a7d7a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ed87f1cc009a33dec708be009dee5f66ac26f2b5e1638d8ff2c460e8c34f3375" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libslapi.so.2.0.200", + "SPDXID": "SPDXRef-File-usr-lib64-libslapi.so.2.0.200-2a65f2229e73080a", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "720df6f74398d5bb9935c7d3486496369f670ede" + }, + { + "algorithm": "SHA256", + "checksumValue": "df9f0e4780d61d1db2d01b9b6475685031956d1cf4bd194f9d58065741fbc4d6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libsmartcols.so.1.1.0", + "SPDXID": "SPDXRef-File-usr-lib64-libsmartcols.so.1.1.0-10fc03496e85dae5", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fa7f05edc58ee16d4bece860683c2b70660a3334" + }, + { + "algorithm": "SHA256", + "checksumValue": "03bf745caba1ab8438e6b8c3b1a45940a6908f95ab94f48415b6f56c85db20cf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libsolv.so.1", + "SPDXID": "SPDXRef-File-usr-lib64-libsolv.so.1-c1271ae5fbf0e0c3", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6e7c34a210e2d38bd03b23ee88a5e4e9d3a86267" + }, + { + "algorithm": "SHA256", + "checksumValue": "073f24f7025c724f73f34a4657a56144ed6ecb2dd2a2a711d44302f92f4738a5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libsolvext.so.1", + "SPDXID": "SPDXRef-File-usr-lib64-libsolvext.so.1-c47cc5d32f44cc87", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1a06ee428720abbf5e2935058cfcefaafee33547" + }, + { + "algorithm": "SHA256", + "checksumValue": "5b399a58080823e1a335fea1e445adb5c4b862bd6421840d5273e64f85463962" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libsqlite3.so.0.8.6", + "SPDXID": "SPDXRef-File-usr-lib64-libsqlite3.so.0.8.6-9e76aa220f9aaf91", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3004f7bc2730c1996be0d97c0815edf7cf63296d" + }, + { + "algorithm": "SHA256", + "checksumValue": "2a7040e37b57d51f6b157875e7610b37491d0cb4dd69ed5055921da43b855e8c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libssl.so.3.5.1", + "SPDXID": "SPDXRef-File-usr-lib64-libssl.so.3.5.1-600acfaadf45a128", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "92752058bec7715c5cfd1a64ea45f7ea8c14b2ea" + }, + { + "algorithm": "SHA256", + "checksumValue": "a8a5b51a76acfca3aee2429f2114f47ae2f9d0e4fc912673ef82d3d18eb0c22e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libstdc++.so.6.0.29", + "SPDXID": "SPDXRef-File-usr-lib64-libstdc--.so.6.0.29-6de1484d06c4f0ad", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "869c163d5601ff8f79f22324b0a5bb615b7f92d8" + }, + { + "algorithm": "SHA256", + "checksumValue": "643060c81562d0c1bd8a0ec3888068cf5577d6ce8fa7d4aba5c509f7bb258bd9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libsystemd.so.0.35.0", + "SPDXID": "SPDXRef-File-usr-lib64-libsystemd.so.0.35.0-d9bf5c868eb88dae", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "84fd24d02e62e921ba0d27dc1355e55d6cc3ce1c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a20a2daf7dcd24dfdb8b7ccf0c8a2a33d5251a445da3b55de0d16ca78593437" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libtasn1.so.6.6.0", + "SPDXID": "SPDXRef-File-usr-lib64-libtasn1.so.6.6.0-a7aebe099275d13d", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6efff212494e34ac66be2f0ec3735b0418d1cc11" + }, + { + "algorithm": "SHA256", + "checksumValue": "f1e7a272c3ebc0068992ea6c098cd8ccbc79818762e67cce26647e3fb04b24dd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libthread_db.so.1", + "SPDXID": "SPDXRef-File-usr-lib64-libthread-db.so.1-ae3fc97113fbe7ca", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2b8fc0fbb5bc957182c263cb57e57db69e4b872b" + }, + { + "algorithm": "SHA256", + "checksumValue": "7bce176450f85680f3dfe6661359ca884fba6650c414de747be5f997d8e1596e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libtic.so.6.2", + "SPDXID": "SPDXRef-File-usr-lib64-libtic.so.6.2-7f4d4f7aa9afb6fb", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7ae4f0ddfa6b940edcc1d14da97fe186d7fcbc99" + }, + { + "algorithm": "SHA256", + "checksumValue": "169fd0998038aa0987f25827f8ce0fe9ee9ea82846958237c22f57bf0137209f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libtinfo.so.6.2", + "SPDXID": "SPDXRef-File-usr-lib64-libtinfo.so.6.2-2187328ae913998e", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dba29705317e7e0b34a78fc29afe5869d1253b69" + }, + { + "algorithm": "SHA256", + "checksumValue": "7f6e6b4b437315880fb459256f663fe1cf96ffd437f9bdcdddc5c5104b89c3ff" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libudev.so.1.7.5", + "SPDXID": "SPDXRef-File-usr-lib64-libudev.so.1.7.5-6756fb3d8b92dd02", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "013a4094b9557ae39eb17409fbba39e8879dc1f2" + }, + { + "algorithm": "SHA256", + "checksumValue": "afbc80413aeb6161f62fe0947c37ed50616f280592bd12023bf3b32f80bb4b36" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libunistring.so.2.1.0", + "SPDXID": "SPDXRef-File-usr-lib64-libunistring.so.2.1.0-24d9c2015a515f85", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "011b23aeff6c2a0d175aebc8729a23a863566974" + }, + { + "algorithm": "SHA256", + "checksumValue": "70b4c4050c4319fb109a3cf5745f9a6ab2e5862c6bc809aea0e4cb94c87978ef" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libusb-1.0.so.0.3.0", + "SPDXID": "SPDXRef-File-usr-lib64-libusb-1.0.so.0.3.0-d1c85f195452933d", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a3555cf89d10c168db67ef5600c57a756ef416c2" + }, + { + "algorithm": "SHA256", + "checksumValue": "09b5033698a18d0a8c10869482ebb4b6a978d8066d3f62e73c62def304a3ceeb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libutil.so.1", + "SPDXID": "SPDXRef-File-usr-lib64-libutil.so.1-e4935d5aa0ba62ff", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "25e6d9a06ab0281ce358e7ebb02cf07edbe3a19e" + }, + { + "algorithm": "SHA256", + "checksumValue": "1da739d3692933ac28b1c4fd1d0f94a0976f3286c0bf8b2e5e5db49ca7e854fd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libuuid.so.1.3.0", + "SPDXID": "SPDXRef-File-usr-lib64-libuuid.so.1.3.0-2f4c1c268d776d3e", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6b6260d7fb20c57b211971d87625b83258590c55" + }, + { + "algorithm": "SHA256", + "checksumValue": "529d3f74689adfa49e416bdd75385f06733568724ebaf8411a5e0de140d8621a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libverto.so.1.0.0", + "SPDXID": "SPDXRef-File-usr-lib64-libverto.so.1.0.0-4a37b99f0e0affbc", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ca3544d440ec0e684380ab8377f2a0a3951d12ed" + }, + { + "algorithm": "SHA256", + "checksumValue": "958431bde9ce05c76a54d56ed3a89fae93704e62d7e5c697ed9816c256611efc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libxml2.so.2.9.13", + "SPDXID": "SPDXRef-File-usr-lib64-libxml2.so.2.9.13-9548eb24c8261a07", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ab4be0119c30d9af379a3e12b40c11b71def465b" + }, + { + "algorithm": "SHA256", + "checksumValue": "8eb25143b2fa588a7b9f4af0a8f44d580501d59ee5d7e2f20d726b2aaffab1a9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/libyaml-0.so.2.0.9", + "SPDXID": "SPDXRef-File-usr-lib64-libyaml-0.so.2.0.9-4958c0305cc0c1c1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b735b32b9f03ca776b34dabfe5ba03ba49d44c2c" + }, + { + "algorithm": "SHA256", + "checksumValue": "65b0fa7db95791f0b54442efde3dda6c81704eb0c0134e9371cfc76bd349f67c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libz.so.1.2.11", + "SPDXID": "SPDXRef-File-usr-lib64-libz.so.1.2.11-b19008fcaf37b79a", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "293a86297efce3f36c02972678590049bc8882ab" + }, + { + "algorithm": "SHA256", + "checksumValue": "fae9fde931c0df13874fa4cf12cff3047c2570956b496d161fdf4aee7d62b3d7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/libzstd.so.1.5.5", + "SPDXID": "SPDXRef-File-usr-lib64-libzstd.so.1.5.5-cd4bf5eeea9572a1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a58e10768bd5a2a16cc7dfb5b04843ce9c4f0456" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc1ccdc94eea889670d6258a70ae51be922be6a4740eb44eee4f1baf012136b7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/ossl-modules/fips.so", + "SPDXID": "SPDXRef-File-usr-lib64-ossl-modules-fips.so-67ddf331d95fbab9", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "64be15e12fa7a8b28d498c422f7d866fe235e5db" + }, + { + "algorithm": "SHA256", + "checksumValue": "c197b6ddf74532f477bcb34e25b6e109491765d577b9fe1a4c4759239b6aae06" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/ossl-modules/legacy.so", + "SPDXID": "SPDXRef-File-usr-lib64-ossl-modules-legacy.so-074d9b8ca153069f", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fe7c6850a1685449f472f02e2894e4a20c2ca0d7" + }, + { + "algorithm": "SHA256", + "checksumValue": "1e4dd1d9a0a9780f300331ba5d4351f9bc9cbd89130d1d6797e84bcc170c10f0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/pkcs11/p11-kit-trust.so", + "SPDXID": "SPDXRef-File-usr-lib64-pkcs11-p11-kit-trust.so-d6f9cc0f25c163fa", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "24c4f04076d3fc00ffe57132d886e5095530c047" + }, + { + "algorithm": "SHA256", + "checksumValue": "f3cf20976d79dc24c45caa5fc941b954680f634a7fd7fb5101c94025de77f23c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/lib64/sasl2/libanonymous.so.3.0.0", + "SPDXID": "SPDXRef-File-usr-lib64-sasl2-libanonymous.so.3.0.0-86bf2ecd1788501f", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5a27a0e2b06d9a3f088b71c8bfaaafaa202e8473" + }, + { + "algorithm": "SHA256", + "checksumValue": "3f5750048d1f5f2fc02a64b4c3e479d2da16049a7c262d4b3a6d620ba7a37751" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/sasl2/libsasldb.so.3.0.0", + "SPDXID": "SPDXRef-File-usr-lib64-sasl2-libsasldb.so.3.0.0-67d38e340f4577d3", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c5785b55310e9af50cb520d5bb31dab7e894a1f6" + }, + { + "algorithm": "SHA256", + "checksumValue": "ce60ecb1bf8fbf5d898712b1fbcbc743359ce1d2f8de8e148031e5189ba48132" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/lib64/security/pam_cap.so", + "SPDXID": "SPDXRef-File-usr-lib64-security-pam-cap.so-6e696beaf5a6f45a", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cc86b6d3fde4d80d002a814e4a2bfaed78d1848f" + }, + { + "algorithm": "SHA256", + "checksumValue": "6bb873cae41c79e835c80198f456151d80e6f85d5886726ede088e5508db5307" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/libexec/awk/grcat", + "SPDXID": "SPDXRef-File-usr-libexec-awk-grcat-e7b09fa086b60c5a", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "759442278b5e8da98d08e4d4f452e42c35bf794d" + }, + { + "algorithm": "SHA256", + "checksumValue": "01b5deef8969921f03e9f272b9503238c633c2f346806f2ba7f9ae22df6c7782" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/libexec/awk/pwcat", + "SPDXID": "SPDXRef-File-usr-libexec-awk-pwcat-c668344a0bca4102", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "11c01eabcee7e5a115eff682afa4ab36ce1705fe" + }, + { + "algorithm": "SHA256", + "checksumValue": "e77e5d5f4347b0c44c70c9320fe5276215bab80bd1f75db796520ecf24da029b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/libexec/coreutils/libstdbuf.so", + "SPDXID": "SPDXRef-File-usr-libexec-coreutils-libstdbuf.so-e3d3859fc36afde9", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7a395a2cd0ba62aeb989494acb47a98ef7da7d0c" + }, + { + "algorithm": "SHA256", + "checksumValue": "12e5481fd926dabcd9304ad69f70ff0bdcb8f69a2a78bce13bdd432dc362ec43" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/libexec/dirmngr_ldap", + "SPDXID": "SPDXRef-File-usr-libexec-dirmngr-ldap-c34070cd9804459e", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "45403f9f9fd294d93e2aecb0a9e7da4bc6fb2a22" + }, + { + "algorithm": "SHA256", + "checksumValue": "b6ee806155d883a9a6809a25f6fd05e76ed29a6206c7b19ade7cf8050ebccb90" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/libexec/fips-setup-helper", + "SPDXID": "SPDXRef-File-usr-libexec-fips-setup-helper-4e0814ecba9a840f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d4ca662c6962fc22af5ee0ffedd594be438bf8e0" + }, + { + "algorithm": "SHA256", + "checksumValue": "98842d7aab2119a5258e0931c538111d4eb9099395b539b764dc6de427de8939" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/libexec/getconf/POSIX_V6_LP64_OFF64", + "SPDXID": "SPDXRef-File-...libexec-getconf-POSIX-V6-LP64-OFF64-1716d1a69e4531ec", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "81140d839d18f2761b00df07b72c3fef8a43c11a" + }, + { + "algorithm": "SHA256", + "checksumValue": "f01154b2747461aa3011213d2a2d018d04bf4241ebc0649822a28b9d863eb370" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/libexec/gpg-check-pattern", + "SPDXID": "SPDXRef-File-usr-libexec-gpg-check-pattern-0b538d4e3bdd8dca", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "942e225856be050a94df58a50baf8a85a0f1fd9f" + }, + { + "algorithm": "SHA256", + "checksumValue": "6c5199a71deb82996d035c4622891ab1a9e93cde709733e68a03571ff8cb1a4b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/libexec/gpg-pair-tool", + "SPDXID": "SPDXRef-File-usr-libexec-gpg-pair-tool-52874dccfe95c831", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f1326d87ef00379a30534c1fa6048c1f7d901d5" + }, + { + "algorithm": "SHA256", + "checksumValue": "a33a4303e9f9a5232c7fa52d5c7d3c74f70e830d2e96d9fd1f9b042f9c025675" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/libexec/gpg-preset-passphrase", + "SPDXID": "SPDXRef-File-usr-libexec-gpg-preset-passphrase-23d7f71ae89b5434", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bb48fdf4bdd230a0328514ddd7adffd449658376" + }, + { + "algorithm": "SHA256", + "checksumValue": "69c20fb4a9ccc913661f0e23df84ecbf10c8ea4bfd3d8ae8ddb6b144747edbbc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/libexec/gpg-protect-tool", + "SPDXID": "SPDXRef-File-usr-libexec-gpg-protect-tool-3cb192baafd3b531", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "234503e2e761a9c4d7454ce7e37ffcc67fa91658" + }, + { + "algorithm": "SHA256", + "checksumValue": "bc423e2f7d0daf95dc36e7952a788764a512aed6e899a6ff57c63890112374c4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/libexec/gpg-wks-client", + "SPDXID": "SPDXRef-File-usr-libexec-gpg-wks-client-11a2f3793b9fe540", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fbe48d6a850791aad7e41ba92583ca7260e89ab5" + }, + { + "algorithm": "SHA256", + "checksumValue": "3f1de40f9613d4dcd75a04578bca75cce9225eef0c4bb79e7efd9bcf528ce6d6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/libexec/grepconf.sh", + "SPDXID": "SPDXRef-File-usr-libexec-grepconf.sh-9f5373b01acacc41", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "676e6b27856f77ef2f4d401fdcfc8ed46c25020b" + }, + { + "algorithm": "SHA256", + "checksumValue": "b91c10cb140a1593b37fba2dcab5cddf53c8e2c5104980b2ed7a1b42b7aa7d1b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/libexec/keyboxd", + "SPDXID": "SPDXRef-File-usr-libexec-keyboxd-065c6ce3e216c867", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "79a0b70430cde458073e8a60ced78ddb0801be94" + }, + { + "algorithm": "SHA256", + "checksumValue": "15c1d0a42e84a5094d429b93f37186220a4288173fa2c5bc9a8d2a5b8af6587b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/libexec/p11-kit/p11-kit-remote", + "SPDXID": "SPDXRef-File-usr-libexec-p11-kit-p11-kit-remote-c12db9c09490c941", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "22308d08d710fef01c0d86b09bb62b73dc5fb85e" + }, + { + "algorithm": "SHA256", + "checksumValue": "0cdd6b349a22932ae1021cae38105908711ecd6ae77c0054838033a5d7bedec7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/libexec/p11-kit/trust-extract-compat", + "SPDXID": "SPDXRef-File-...libexec-p11-kit-trust-extract-compat-7ef56425a25f608f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0901ecfb340c91cb7f8b0d6ae6a73a1fd7309290" + }, + { + "algorithm": "SHA256", + "checksumValue": "e3b9b63689b120e461687c7febc6ab0c3d33d6acd6f943c46113c9ed284b49ac" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/libexec/scdaemon", + "SPDXID": "SPDXRef-File-usr-libexec-scdaemon-354c42ab720de6f2", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7f055ca27a54d3fb3a7dbf140bc836ec0864982d" + }, + { + "algorithm": "SHA256", + "checksumValue": "46c51066517183a224049cfc8303c3af8c7df759e9036f01d76abbfc7fd79ded" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/local/lib/libssh2.so", + "SPDXID": "SPDXRef-File-usr-local-lib-libssh2.so-3791337a2e68fc20", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:6c7de3a89a06cc6fb80f8ce2113fe04dc919d7de7c58c25f62b245e61b77e73e" + }, + { + "fileName": "usr/local/lib/libssh2.so.1", + "SPDXID": "SPDXRef-File-usr-local-lib-libssh2.so.1-bdeb3a841c55c4e0", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:6c7de3a89a06cc6fb80f8ce2113fe04dc919d7de7c58c25f62b245e61b77e73e" + }, + { + "fileName": "usr/local/lib/libssh2.so.1.0.1", + "SPDXID": "SPDXRef-File-usr-local-lib-libssh2.so.1.0.1-407f9c72dd226086", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:6c7de3a89a06cc6fb80f8ce2113fe04dc919d7de7c58c25f62b245e61b77e73e" + }, + { + "fileName": "usr/local/lib64/libgit2.so", + "SPDXID": "SPDXRef-File-usr-local-lib64-libgit2.so-c03425ae2dddd928", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:2dd56835d8c56f3444b57498c321c66c12efecb37d70724c051dbcb9346de8f9" + }, + { + "fileName": "usr/local/lib64/libgit2.so.1.9", + "SPDXID": "SPDXRef-File-usr-local-lib64-libgit2.so.1.9-b0b3df9ccdee8153", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:2dd56835d8c56f3444b57498c321c66c12efecb37d70724c051dbcb9346de8f9" + }, + { + "fileName": "usr/local/lib64/libgit2.so.1.9.1", + "SPDXID": "SPDXRef-File-usr-local-lib64-libgit2.so.1.9.1-0920be45b70234f3", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:2dd56835d8c56f3444b57498c321c66c12efecb37d70724c051dbcb9346de8f9" + }, + { + "fileName": "usr/sbin/addgnupghome", + "SPDXID": "SPDXRef-File-usr-sbin-addgnupghome-602a7edba2b31626", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ec930db595f079fefc1def3f6345e06dc5b2f8b5" + }, + { + "algorithm": "SHA256", + "checksumValue": "5a0b0b80fb7121d408fbd732f278ddaa93dd092bd5551b9b42dfffa5ac28199a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/sbin/alternatives", + "SPDXID": "SPDXRef-File-usr-sbin-alternatives-d536adb8f0ad5bbf", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "67c3a94eaba528d07aa2a9a07d41edb753de1b97" + }, + { + "algorithm": "SHA256", + "checksumValue": "b432a2af811781d961fac005249930fea6c7510687ec377414166eeed06f8c9f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/applygnupgdefaults", + "SPDXID": "SPDXRef-File-usr-sbin-applygnupgdefaults-2ec5b1c87fd0a215", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "19b7b3ffe3e69f6b17f3bc4f6d6717ea843bf735" + }, + { + "algorithm": "SHA256", + "checksumValue": "27c38fc03c86c8712ecbaf1ff689ef8061c0e9ab9ca5cf9d98a35b0c49a34a33" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/sbin/capsh", + "SPDXID": "SPDXRef-File-usr-sbin-capsh-34f8467e3a606deb", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "846a33d5de64467997f0c06ef74025bdd53747e0" + }, + { + "algorithm": "SHA256", + "checksumValue": "a919dce6901fcc23b1379e94c4e0ddeb160c28c805a44b13b9e7d5a64c080f8b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/chgpasswd", + "SPDXID": "SPDXRef-File-usr-sbin-chgpasswd-f33afab34bceebb1", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bbe9eacb1054c4755515620eacd5b8e58263985b" + }, + { + "algorithm": "SHA256", + "checksumValue": "ecdec0e57aada7c08b4c658fe35558f9e30fe9f7e1d4360e8009fb90a9202366" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/chpasswd", + "SPDXID": "SPDXRef-File-usr-sbin-chpasswd-0318fa63a12c4a45", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9d1ec69bbb784f6c8c20c9aeadee06a6b53b66c2" + }, + { + "algorithm": "SHA256", + "checksumValue": "7896f25aeef8f5f1dfcc5865a9dcb9019a7edc9b449b1e4ac9746d391ad6ba88" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/chroot", + "SPDXID": "SPDXRef-File-usr-sbin-chroot-111b65a59d05de01", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "47f6ebfa5a2e0ac5671332f3bf3fefdde5c8ed26" + }, + { + "algorithm": "SHA256", + "checksumValue": "739f7aeb037de1264e7801b4a2b01b6e98bf66b1fe81c751989241de6f878b19" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/g13-syshelp", + "SPDXID": "SPDXRef-File-usr-sbin-g13-syshelp-e199d7c82c646f70", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "39e5e1e65b4fe341ab0bed190e21b7855b2e6ca1" + }, + { + "algorithm": "SHA256", + "checksumValue": "98e57e6a162f9cd1b8f0472277ad359fb16c241e854a9d5d3815b0774326d72f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/sbin/getcap", + "SPDXID": "SPDXRef-File-usr-sbin-getcap-c1427ebe890dcc80", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fc72d542eb85d57677eebfa803702e4989152115" + }, + { + "algorithm": "SHA256", + "checksumValue": "91059a58403b474157208979a029c3d47c12155a741200672c12b24a6ed44a37" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/getpcaps", + "SPDXID": "SPDXRef-File-usr-sbin-getpcaps-8a707565ca91434e", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "304b5a9328285771328c91c9071fb761a273c117" + }, + { + "algorithm": "SHA256", + "checksumValue": "452e8c8b360c1c245307cf1b826f61e539862814c3be5de1624c9913f5175c09" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/groupadd", + "SPDXID": "SPDXRef-File-usr-sbin-groupadd-74be897ab6c1efcb", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4c67f58787c3e932d187244685ddc088f0890716" + }, + { + "algorithm": "SHA256", + "checksumValue": "c212db3ba1a3d8c510d3c6ae2267f3e7c9a44a28c132c58189d60e7d57266eda" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/groupdel", + "SPDXID": "SPDXRef-File-usr-sbin-groupdel-2556d4cc0a065d36", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b3764d3f80620dd582c6e21d16791be710733cbc" + }, + { + "algorithm": "SHA256", + "checksumValue": "d217dd3a21566ac3916682b469cf9bf08fc36c09e411c004b1acf590d22ad4e1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/groupmems", + "SPDXID": "SPDXRef-File-usr-sbin-groupmems-0c8befd445f256b3", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0ca7b979ce118f5a870d53267cff7b7bebe141f8" + }, + { + "algorithm": "SHA256", + "checksumValue": "ebd54ce8fb0a1f3d291a80c8f6837709a0d40bd8313015bb0d2d0ff47c28021f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/groupmod", + "SPDXID": "SPDXRef-File-usr-sbin-groupmod-cc64b9fa91010ff6", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c2c8c306b81b62d4c33b60ec28a43ccc946547ca" + }, + { + "algorithm": "SHA256", + "checksumValue": "b3f14c7f5eef120c5696e583a43c973e7cab820455682fe2c20fe08473252128" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/grpck", + "SPDXID": "SPDXRef-File-usr-sbin-grpck-b6b95802760806da", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a5eccf1d048a2014c60d105efbff2667e349063b" + }, + { + "algorithm": "SHA256", + "checksumValue": "49ac971fae50937b2867db851e690c29ea169af0dc2bc05d98a4c2c09b5030bb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/grpconv", + "SPDXID": "SPDXRef-File-usr-sbin-grpconv-ab69700c9a4b85fc", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2fd84a4c1daa7aa0bcac2f2e372dfebc86f9501d" + }, + { + "algorithm": "SHA256", + "checksumValue": "0e17621db09d8e4aa82302048b9c9ca79e46714c9cc1a5e23557cf61a4ae8bc5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/grpunconv", + "SPDXID": "SPDXRef-File-usr-sbin-grpunconv-c73f0ac2f71e5768", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "64e887baf4a9e22e1442c6027801735b5d0b1a0e" + }, + { + "algorithm": "SHA256", + "checksumValue": "5c4a66ba5ca8d17b353c9f4ea50ece515f22fe3138943c0d8981d857c9f2174f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/iconvconfig", + "SPDXID": "SPDXRef-File-usr-sbin-iconvconfig-64575dd9d0be23a4", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6bcdbf5fccc474565384b63b77d85247fc83f290" + }, + { + "algorithm": "SHA256", + "checksumValue": "32a2f84bdc83abe12f1ad68520ccfff38e32f9cf199f8c701601a5faa5d8735e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/ldconfig", + "SPDXID": "SPDXRef-File-usr-sbin-ldconfig-7536453ef2a26c46", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "38654bbc8d6fa006477ef67697afc5d2040e292b" + }, + { + "algorithm": "SHA256", + "checksumValue": "df210f9db42ec59cecf3a7879141cf6a43d2825b9a4764eb507dce913fd74ca3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/newusers", + "SPDXID": "SPDXRef-File-usr-sbin-newusers-f90e01085c96de5d", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c48f8fbd5800aee651df63757f7b9b351310ce94" + }, + { + "algorithm": "SHA256", + "checksumValue": "903936f7d3d8b3defc8e0adf429804739684b32e1b959e269df8b1c814099537" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/pwck", + "SPDXID": "SPDXRef-File-usr-sbin-pwck-3989eec5a7cefa6c", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4d0a350644784b26d850dd3fe28934158e161f87" + }, + { + "algorithm": "SHA256", + "checksumValue": "6e334199eb49cc3ca096149f91933e40ead747da5bba47d35f534bbadfe6cf3e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/pwconv", + "SPDXID": "SPDXRef-File-usr-sbin-pwconv-ec97b8fc62a55343", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f08af5c40b65d2d5d9baffdf9bfeb044cd0627a" + }, + { + "algorithm": "SHA256", + "checksumValue": "988929767fd0e92f2e070cb1a3c6c176097381e9a604a1fec4b511d145c566ed" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/pwunconv", + "SPDXID": "SPDXRef-File-usr-sbin-pwunconv-8568fb8ca2582731", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "97fa431087d528da73789d941ef0872511e960d9" + }, + { + "algorithm": "SHA256", + "checksumValue": "2755c539e10308a55440c2bba4e733d014c8f3c346d114514c4588808716e371" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/sasldblistusers2", + "SPDXID": "SPDXRef-File-usr-sbin-sasldblistusers2-a903dcfa92379f1c", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9f9bfa00aaf8df309062b99273521df28cf8f847" + }, + { + "algorithm": "SHA256", + "checksumValue": "41dde1653f48b854d0b928dc3242c1ac9a7cf222925b5b7bb00e38ca2115fdbc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/saslpasswd2", + "SPDXID": "SPDXRef-File-usr-sbin-saslpasswd2-d20220678434ab7f", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f6d1be27468f4c5dcd5387aff3e05ae5dcce8a2b" + }, + { + "algorithm": "SHA256", + "checksumValue": "9b6cf403d1d2a816351473d85e638b94ac60d6f729d92a6b812af52de04839e1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/setcap", + "SPDXID": "SPDXRef-File-usr-sbin-setcap-b0a10e424e7b1086", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6e8be06b74a7e4d47eb469f996c525accc5d4b4c" + }, + { + "algorithm": "SHA256", + "checksumValue": "6ed2c35ad6d405cc7060467f52ae68db70a2b219b5840193f3eb43a6dc636293" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/useradd", + "SPDXID": "SPDXRef-File-usr-sbin-useradd-84bb3257aae64297", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d360104341866da1ea812f15ad4e93e9fcdb9782" + }, + { + "algorithm": "SHA256", + "checksumValue": "7de0113096523518f915f2abfa1fa02a4842a3412e0acf380bf25581ef06809c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/userdel", + "SPDXID": "SPDXRef-File-usr-sbin-userdel-687b78fb392028b5", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6d33f7c1e6b5b93b4acdf7e5117489df1e81c254" + }, + { + "algorithm": "SHA256", + "checksumValue": "07fba687576480843c16c4e29683318f84a9ab8b514db6556691d25056583c28" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/usermod", + "SPDXID": "SPDXRef-File-usr-sbin-usermod-4848c9705b78b970", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2b9d099d0a0ab7cfb87939193347f3506c0a5257" + }, + { + "algorithm": "SHA256", + "checksumValue": "4c7fb62ea533f122b57fd2173a023d4bf5f6f5adb859488a8dd5b89e861c7828" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/vipw", + "SPDXID": "SPDXRef-File-usr-sbin-vipw-04c372714feedfa3", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "98b51e5cdc3658bd2210ec29437190bf5e5bae81" + }, + { + "algorithm": "SHA256", + "checksumValue": "1c685db51740be4f85e13faeb3322e210468db9bced41d9d8522f914f5c96035" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/sbin/zic", + "SPDXID": "SPDXRef-File-usr-sbin-zic-879ec3ccb9c2d440", + "fileTypes": [ + "APPLICATION", + "BINARY" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "09c363206713740a91fd1b1a6042b75e8cc16d61" + }, + { + "algorithm": "SHA256", + "checksumValue": "0f3d1cea614a46ced60f0d43ef21a40bb7d72c6e94a47883504fecf29b12f41b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/awk/assert.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-assert.awk-43f5c8e2c050e9b4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "988b7bae890aa00936e30a528cd282f35463b5cc" + }, + { + "algorithm": "SHA256", + "checksumValue": "07f9e0362956d40ea6a92bedd4f292666185d038885387cb00adb5ade1582d93" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/bits2str.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-bits2str.awk-a7ff93fae1c38258", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f0e66d5f21580eabedb241107bfa7f84598144eb" + }, + { + "algorithm": "SHA256", + "checksumValue": "d7529387edb12e4054b384e96bc4911cb3b0e544602fb1e9de8a983f5fd46c5a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/cliff_rand.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-cliff-rand.awk-3f9e7beb12691dc7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "83aae44c23414de4e961a5899e5bc83f09649fda" + }, + { + "algorithm": "SHA256", + "checksumValue": "41b20eba1d788cdc7d64c3860315b3bb8613f80b5f7d8f04774c31caef64dd42" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/ctime.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-ctime.awk-03ded06f5978a219", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "995c25fb72416266c582c23f0c7430ffb8cc1acd" + }, + { + "algorithm": "SHA256", + "checksumValue": "cf1b816f600516ec0a4f84901e12c48f44c5309bd6bd7b32f9a17abd026f2b86" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/ftrans.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-ftrans.awk-9177f91992e80c85", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6754f46ec10f7681756924cc2ff2901576174412" + }, + { + "algorithm": "SHA256", + "checksumValue": "9957afaddfec5f2c6bc4f9cb12c576e6c367c1b681a472e91ced9caff5292722" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/getopt.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-getopt.awk-e01b45f2896e2b8f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c219bd8577d864cfbcce5383b71d0fcd2d613ab3" + }, + { + "algorithm": "SHA256", + "checksumValue": "0144e3be4c5abc67bdace3b41a03cfea94a778268ca4df7efe5931737306e888" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/gettime.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-gettime.awk-3ce5c71bd91a6fb8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8b5f919aaa995229b3d35bd3dcf6a55a272ae637" + }, + { + "algorithm": "SHA256", + "checksumValue": "7baacb670919547d1fc2ec186d6ad937c6f7cc2d03e0b2e8f6802742dc7c6023" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/group.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-group.awk-f68d462d6f0dec41", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "59f1283139b9ede22bb4946159a57db2ab950206" + }, + { + "algorithm": "SHA256", + "checksumValue": "dcabe4d2e2f93972471e7eade26a7779e0c160c23570d3b32509433756083073" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/have_mpfr.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-have-mpfr.awk-504ece9f854051a7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b333a7cb12ddbf6625f3cb68321296aa490063d1" + }, + { + "algorithm": "SHA256", + "checksumValue": "40d45f7e243e4f7faa1335852c5839fa80c60d70eccd94918cee7edbc58fd9a4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/inplace.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-inplace.awk-21f69a66a8e1f30d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "49af3c8ab5fc51ce3bf9644a8902cc5aaac828bc" + }, + { + "algorithm": "SHA256", + "checksumValue": "c9420b8b4cef25e7f7982800a24d7ecdf2708e9514e8d0f48f471b6bdfec7f1e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/intdiv0.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-intdiv0.awk-cad2d692d922a012", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b0b21f70c7b88ac4e15570af9fdbf58736a7acf0" + }, + { + "algorithm": "SHA256", + "checksumValue": "c184f8a175c7226e9c567a8bb91e5e67ed8e239769012ad16f93c48f8e328bfd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/join.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-join.awk-57a23fddeb51a231", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "66c87357ce4c55e201e7e6ff5cfbc1795875f30c" + }, + { + "algorithm": "SHA256", + "checksumValue": "9af26157a40c1e1c09dfa73152e07cbff4c4f4b31b7bf8132572270da6dfc052" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/libintl.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-libintl.awk-c5d5d77dbb5b491d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d38956139eb1f3848b26e10cac26951fcb637a09" + }, + { + "algorithm": "SHA256", + "checksumValue": "2b3a65b9053d2f4f08733870ef2cf1b5ee8aeba74dc6b9b1d1610fc0d9ac0eee" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/noassign.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-noassign.awk-0a88a27a0a532250", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "286163f5748bd207c1cccec304db9dbb3745515d" + }, + { + "algorithm": "SHA256", + "checksumValue": "7ffc84e6d111aaf56cb0d3756bbcbd73e2510069ee6fc05bc1ea0e412884663e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/ns_passwd.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-ns-passwd.awk-af584ef6a682393d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7c7e1715594a43efb0ce3190414dedc5817cf8b5" + }, + { + "algorithm": "SHA256", + "checksumValue": "65670dbe643091de33dd490b71609677c875166d0aa59378a6576f979ba9886a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/ord.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-ord.awk-e2d294e2988586b1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "87c053430fed042fc413fdbb2f1a9a2f228f4f81" + }, + { + "algorithm": "SHA256", + "checksumValue": "e7d37acc67a101dd2e23c19ed3f9dfd5d01ea93af63b2ebc8679976e1ef051ce" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/passwd.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-passwd.awk-604ed35d2e3c3905", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "94fe0019f12e4cca0bb6995655363e14b3a71a7a" + }, + { + "algorithm": "SHA256", + "checksumValue": "bdaf71595b473e0cfffaa426f451e1cbeae6d8a9047c5e78cf254b33586ac5eb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/processarray.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-processarray.awk-db8886a0050e15b4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a55964177451767adb55da211e29b1fffbf3134c" + }, + { + "algorithm": "SHA256", + "checksumValue": "ac1e8e8dee8105c5c1ab2a1b87fcb668885473b7e90b7b0c137275742c704166" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/quicksort.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-quicksort.awk-eeb961a2a9d5084b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5f0f77de69c1cca88a9b36fb65c527a3cb612ee8" + }, + { + "algorithm": "SHA256", + "checksumValue": "b769b7a892acedcdb98d18c3cf05544d4d85488a0378aaacba0c6e2ddb71bf35" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/readable.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-readable.awk-c57d87b0b5a2fdf1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16d49f6cc9809e837c041e15c1bbea974ee48e34" + }, + { + "algorithm": "SHA256", + "checksumValue": "06e27abeb78eff929cb1f44256f195fe2d86ebb62814f731f420df286c8f1094" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/readfile.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-readfile.awk-89e5a19c73e3c007", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ba25be8407fcb21803e70800e33cc66e4c56f9df" + }, + { + "algorithm": "SHA256", + "checksumValue": "751d619465eb57c9d6314eb2a97e783ff84ff108cd1c4efeff8f62400dd77609" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/rewind.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-rewind.awk-a586091b446e0346", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a981bfceae29b029950fcd889e9e9af0a163fd68" + }, + { + "algorithm": "SHA256", + "checksumValue": "878279434b70956b26eca128a0939c1a14da97b1626fe402eb76d44485fbc268" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/round.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-round.awk-4faae474a1995428", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ac2465e7f1e5316549d445a12a21896e989e4afe" + }, + { + "algorithm": "SHA256", + "checksumValue": "28b705d2e2b01cc3ed450cc42e2ff99b058b55ef5a49cbc483aded7bdfa58aff" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/shellquote.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-shellquote.awk-ffd67d68e23c19c8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e843b07b4988ab9f6b9f847d7f891a281f7383b2" + }, + { + "algorithm": "SHA256", + "checksumValue": "78e7df6e31f55536a4c3853f6d54644877aa892ed7fc6e1d4dc9080284d78565" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/strtonum.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-strtonum.awk-ff0ea36e439da173", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4b66da8d9923f57e8da8ce6746cdd007c939f1e9" + }, + { + "algorithm": "SHA256", + "checksumValue": "abd27d285278e83655617efbd8e09b5f5271dd6ede37847b0ebd6632be2dde74" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/walkarray.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-walkarray.awk-af1939bedac4fc42", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "54771f1379f65d9b1d01550d191d624d8afe0293" + }, + { + "algorithm": "SHA256", + "checksumValue": "3a7f02f135e91bbf1c1cd498ea0e1489802d58c83bb4d112c0a407593db31dd8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/awk/zerofile.awk", + "SPDXID": "SPDXRef-File-usr-share-awk-zerofile.awk-0459a6aa08d9b230", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b34e3b5801b20cfe2f3d3188058b5b7b8a7f3c71" + }, + { + "algorithm": "SHA256", + "checksumValue": "c20a5e00b43fbfb9ea420da93f64422ce13d4aebb3b725e2ac3ba0102f169bee" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/bash-completion/completions/gapplication", + "SPDXID": "SPDXRef-File-...completions-gapplication-558485814f2546ce", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a8ce8d6253282622367216c4103e99a4627122f8" + }, + { + "algorithm": "SHA256", + "checksumValue": "199885a791120de218784b28d189becea2cdbdd1c297e8a4a92602a969857fe7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/bash-completion/completions/gdbus", + "SPDXID": "SPDXRef-File-...bash-completion-completions-gdbus-63fcf5c880513783", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b10d7ce36f18627e7610b5fa1f9f56526cb4b645" + }, + { + "algorithm": "SHA256", + "checksumValue": "819c76693b994a291c175c3d7a394022b7429644794816071ae40b5ca405105e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/bash-completion/completions/gio", + "SPDXID": "SPDXRef-File-...share-bash-completion-completions-gio-2d800e884032c615", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a134f412a1a77a1f7ae2a996bf5f96064341695a" + }, + { + "algorithm": "SHA256", + "checksumValue": "5da96db9ea9295e068a1c6c046b5ee32718489af43a949425b7d8c6cdc2ca493" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/bash-completion/completions/gsettings", + "SPDXID": "SPDXRef-File-...bash-completion-completions-gsettings-47a82969cc47629d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "26096b914c674eb35632b2dad7ed967726dee6aa" + }, + { + "algorithm": "SHA256", + "checksumValue": "8b0b278b6e20a401e94afb6164f99f73ee49af70e12e6c7c054a48fc8dccb552" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/bash-completion/completions/p11-kit", + "SPDXID": "SPDXRef-File-...bash-completion-completions-p11-kit-8696c78b618bb236", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cc2413a2f6841811720c23b832d2fee9f9737273" + }, + { + "algorithm": "SHA256", + "checksumValue": "eb0648a5487f28baa01ac6247de2fc187a25745159bf017054b04e1ce8cc6411" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/bash-completion/completions/trust", + "SPDXID": "SPDXRef-File-...bash-completion-completions-trust-f977a337241b88a6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8cbc3774e9ff169e5d4a6ec0036636726fe61530" + }, + { + "algorithm": "SHA256", + "checksumValue": "c4304c6b8c8af29909280a836e26cc6072f6d6994bab6a23efefc4fd7655f03a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/crypto-policies/DEFAULT/bind.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-DEFAULT-bind.txt-afdd73f093ebb639", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "605a441522efb7132b8d48aa48458564329a6f4a" + }, + { + "algorithm": "SHA256", + "checksumValue": "a58c1a9dc160a31aa185d74a96538aafa634864b8868129ffac0544e789e03e0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/DEFAULT/gnutls.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-DEFAULT-gnutls.txt-1d7fd03128d7e4d2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d89af03fbc6b90c653497d1c369daa37b1eab484" + }, + { + "algorithm": "SHA256", + "checksumValue": "9658d45476815d507ec7598a09b8f32bb67f1f12b1204b0a9ecd9d165a3e8116" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/DEFAULT/java.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-DEFAULT-java.txt-882e9fef471425f7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8897f89dfc3de73c0c69444e45a70250245baf8d" + }, + { + "algorithm": "SHA256", + "checksumValue": "21e27a8d83a44a6c1179effe601e95cb3d7373735cc7520cd47be0652dd18945" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/DEFAULT/javasystem.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-DEFAULT-javasystem.txt-a38e5ca8cef6d8f6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4323cbb7ef0fe3ac978c43cda15d8d14f464150b" + }, + { + "algorithm": "SHA256", + "checksumValue": "0ddb088db3d8d923e57dfe61dff5e3faadb41108c85b6eb1885b6a4838d382c3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/DEFAULT/krb5.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-DEFAULT-krb5.txt-3f42f7a518ff9cd2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "72ba20eb8d03021c3e265fab393b35d32a1b2a66" + }, + { + "algorithm": "SHA256", + "checksumValue": "0c1e430ee375bf679019a42098629b7cccc6ca5a530479d787c5fde204da1cb7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/DEFAULT/libreswan.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-DEFAULT-libreswan.txt-561140d4efe66e37", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ecc7a1a59913ebaf6150ae5ace344496bb7a2dc4" + }, + { + "algorithm": "SHA256", + "checksumValue": "ba0a4319962f0e6a3e83a404becf46a8bb0cf7929ef2b7032fec9ee1b95dd27b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/DEFAULT/libssh.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-DEFAULT-libssh.txt-86552a9b61a01a58", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8a5b0929bfb7224052c876f632963d10bfad546f" + }, + { + "algorithm": "SHA256", + "checksumValue": "4cb91562666463b60e23b6b3f0a50164959226126847ee6da1df8f7f0f071da7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/DEFAULT/nss.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-DEFAULT-nss.txt-2065aab50b73cc76", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1e00e1c1a6d4cdbd468536af85464167006bba10" + }, + { + "algorithm": "SHA256", + "checksumValue": "6e1b17a238bc9879954790db1715dfa69029b0d4e9d566263c804dfb97261d0f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/DEFAULT/openssh.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-DEFAULT-openssh.txt-8711641c4e8bbd25", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2845793a18956f0dfacee7d0127377123edce519" + }, + { + "algorithm": "SHA256", + "checksumValue": "7716f34aeb67783ba9eeca7e35313fdde274231d902eea760ac4ccb58de165e4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/DEFAULT/opensshserver.txt", + "SPDXID": "SPDXRef-File-...DEFAULT-opensshserver.txt-8380dd3e428b0f55", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "077d449b4c0798e1df2c33cebd0b436d720c2314" + }, + { + "algorithm": "SHA256", + "checksumValue": "1113a9f57ae80185b59413b7a04f9cd2e5bd3bda51ef703f4f785658a25046d6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/DEFAULT/openssl.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-DEFAULT-openssl.txt-fdd5ef7ec49ba6bf", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "de48e374101ef029afd15af20331bc40a7db9b62" + }, + { + "algorithm": "SHA256", + "checksumValue": "14c0ac8298081902c37730227e3385e5db9bdb414fc00469a5453d9d8edbcb89" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/DEFAULT/openssl_fips.txt", + "SPDXID": "SPDXRef-File-...DEFAULT-openssl-fips.txt-da22838b523ebb31", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cc622bfbd11b46609501b48c2c995748f5f050ef" + }, + { + "algorithm": "SHA256", + "checksumValue": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/DEFAULT/opensslcnf.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-DEFAULT-opensslcnf.txt-7702c5c821e9f285", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d2e66057baf470b4c5a5dbe3f35fa55932a68322" + }, + { + "algorithm": "SHA256", + "checksumValue": "5db272604fd06ed01b7bf95427e133ca891aacc5eb8158ebe5437c7ffe63db73" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt", + "SPDXID": "SPDXRef-File-...DEFAULT-rpm-sequoia.txt-f2121e401df4d509", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "32efa04d4a9823c31ea308029087c33450eb5b38" + }, + { + "algorithm": "SHA256", + "checksumValue": "94e0021e1dfb6a505ae320fd1a810d959f9a8196876112df0b8bd13d1819a6b1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FIPS/bind.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-FIPS-bind.txt-b8bc1d0869ed022a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "71e5c02490106a7e44c7a13d948a2ec5d0abf104" + }, + { + "algorithm": "SHA256", + "checksumValue": "2d3530ededdc39742969f28ff137f88e429a5b80e55fb9dcb8ed51eabc14ed0d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FIPS/gnutls.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-FIPS-gnutls.txt-4ee5f68b748edff0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ccd77eb0f502e271942b40b00fd36e53810bd01e" + }, + { + "algorithm": "SHA256", + "checksumValue": "ba59572ce09550c61e75c70c5bfc0d800661c7011cbced1ad943b408bfde381c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FIPS/java.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-FIPS-java.txt-57dc34cef5fc7029", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6e44d7916183482bdd94616bbc60e582e4e41c56" + }, + { + "algorithm": "SHA256", + "checksumValue": "2545c17c559c1177239b3bc9292a2b50ca3e1400961ed515a9e50d8bc9991175" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FIPS/javasystem.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-FIPS-javasystem.txt-f807571eba875c73", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "166c6a8deb42755abcbac6ac29e82a4a2aa937f3" + }, + { + "algorithm": "SHA256", + "checksumValue": "22f46a8509ac1c19bc76b9ab235820964e9a0469b9f2ba58c8be0aa8da9a8890" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FIPS/krb5.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-FIPS-krb5.txt-abe5d35fd9e4b896", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ad94e4628a6030edf463645b15033ff36ddfc9fe" + }, + { + "algorithm": "SHA256", + "checksumValue": "9c1a4d25952e9ba252dfdd110c40ee363a8c69a1f57c396f9c021255f613994a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FIPS/libreswan.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-FIPS-libreswan.txt-9d3c270b586cf9e8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "83981746cf3d6c5bad3f550e449f03719519b5ac" + }, + { + "algorithm": "SHA256", + "checksumValue": "3121515ad310fee218aececa8ba41517cb2ff38dbd7903f1cf7712979b872527" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FIPS/libssh.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-FIPS-libssh.txt-60b3bbf1dc150e29", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5672b8bd969dc3501cb71d6824adb72cb3a0c9aa" + }, + { + "algorithm": "SHA256", + "checksumValue": "fa908a498254cbe4cbe1ee45e59896c140021fe9ff0ba6796f11784df73d713b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FIPS/nss.txt", + "SPDXID": "SPDXRef-File-usr-share-crypto-policies-FIPS-nss.txt-6cff7cc34969a538", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2552edb2edd9ec5d747bd677063976a622050529" + }, + { + "algorithm": "SHA256", + "checksumValue": "f4b387df3824b2831e6ae76c6de4661f879d63366f2737e75222eaf53fce0f76" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FIPS/openssh.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-FIPS-openssh.txt-c102b34d4850f420", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cb3aad188bfde60a17b1abdc5306a0d8d6c0411f" + }, + { + "algorithm": "SHA256", + "checksumValue": "8606bb4030c091ffff8f8c3f154eefe322dc78953fed05921b660b91a9a1832b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FIPS/opensshserver.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-FIPS-opensshserver.txt-65edcd9856a2ba28", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "33c5a48baccde13b6de29ba101f5ffee94af2b0c" + }, + { + "algorithm": "SHA256", + "checksumValue": "fc29f93c9ba35b0c98eadc4a5d535750f7ad1439eb7425b46e5fd34958b9a00d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FIPS/openssl.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-FIPS-openssl.txt-6595665567b15dfd", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "37d17ac5c814e574ac852f082b4c279d0a874aa6" + }, + { + "algorithm": "SHA256", + "checksumValue": "eacc37ccc326fa7a92d1f3bdbe647b8b60c01ef9a2b1cba2980450cce218df54" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FIPS/openssl_fips.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-FIPS-openssl-fips.txt-8e3c8bdb7f75bd5d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cc622bfbd11b46609501b48c2c995748f5f050ef" + }, + { + "algorithm": "SHA256", + "checksumValue": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FIPS/opensslcnf.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-FIPS-opensslcnf.txt-0522bcec26e6a026", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c28ee6488f7a6a0f5294f21219a0f967b84d6ce9" + }, + { + "algorithm": "SHA256", + "checksumValue": "4acf50471178bbca3568561d0d48be519704b2a729d37b2594671bc7cbe38e4d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FIPS/rpm-sequoia.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-FIPS-rpm-sequoia.txt-878ecff90dec0cfb", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cf72297a33754b49aef76339f6a5313efbfe1f35" + }, + { + "algorithm": "SHA256", + "checksumValue": "010e040a5df0846e09730544fc2ff1c8071bbe6ad50aa61fb6e10097f887ea15" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FUTURE/bind.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-FUTURE-bind.txt-e70790cfb823b2ce", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "605a441522efb7132b8d48aa48458564329a6f4a" + }, + { + "algorithm": "SHA256", + "checksumValue": "a58c1a9dc160a31aa185d74a96538aafa634864b8868129ffac0544e789e03e0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FUTURE/gnutls.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-FUTURE-gnutls.txt-df6d8ed5a12429b0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5f4d96a16eaa98cf32c80f6b2f7bfd7b88810b93" + }, + { + "algorithm": "SHA256", + "checksumValue": "d68afbedf284403094b49b6fd6e164af1df71df6bfc7260ac9c2f35d0d4044a0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FUTURE/java.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-FUTURE-java.txt-f72f9876da0bf51a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c7454d459d658c9b5b6c5964fc09307693fba82c" + }, + { + "algorithm": "SHA256", + "checksumValue": "f99bfe41709855b20552f414f78b7a1aab6154ba588bdac72ded87f8d8c80ddb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FUTURE/javasystem.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-FUTURE-javasystem.txt-c5064e1c6b2b82fd", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "80c52e731c59f7608add17bed269f77991dc9bc1" + }, + { + "algorithm": "SHA256", + "checksumValue": "d43f7ce398de1cd518cd0864b58d74d50a8375b800b3231db853ac86175b6d19" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FUTURE/krb5.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-FUTURE-krb5.txt-4f619fe86f82aca9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "56dd8be43a1b39e110d976b23e051ec5f1151428" + }, + { + "algorithm": "SHA256", + "checksumValue": "f7500ad5181c77fd45da469fd7a0991caf7bc29b6c2f4f10bc966c3920fa905e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FUTURE/libreswan.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-FUTURE-libreswan.txt-2cc560a83b80dd47", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5961e83f826770433c93f8823501d3017e39efde" + }, + { + "algorithm": "SHA256", + "checksumValue": "fada0c0238bc899aa3328e6f86b940a7f5a25cdef647ef28c243f89c3db67100" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FUTURE/libssh.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-FUTURE-libssh.txt-44833f78acc30bc1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1287e83e94e62b2b32b6f5695922f4fb2dfabc3b" + }, + { + "algorithm": "SHA256", + "checksumValue": "ee3a3567708dd4b79451deef173fe5b8443614d8fb81127dd91f98fb6ff35487" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FUTURE/nss.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-FUTURE-nss.txt-eb3af61ac7994eee", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e036cb3c2f35142404150ee9e581f18bbd602df3" + }, + { + "algorithm": "SHA256", + "checksumValue": "10a7d15cc2b678c044b2b749d7a0cf9e8706668888b94cea91866fb847588425" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FUTURE/openssh.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-FUTURE-openssh.txt-b8d925cbba552dae", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "84b1e7738c9e8f69db75e27dc13e0abb80583986" + }, + { + "algorithm": "SHA256", + "checksumValue": "cdd99a01e5c7e4ff862b88e5a228f4bb4583b4039a4ff7ceb89b2869b8780059" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FUTURE/opensshserver.txt", + "SPDXID": "SPDXRef-File-...FUTURE-opensshserver.txt-da0bddfcd645ebdf", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ecf62f5ba1487bc1a7776b56d3c4c092af438330" + }, + { + "algorithm": "SHA256", + "checksumValue": "621a381b8c829f95a45dd56ace4b7788dd09db9be43b20897742c0d7478ef27b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FUTURE/openssl.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-FUTURE-openssl.txt-51a16dd2240268af", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7cd1bacf1c7e9378978c9258589dc0c9d17de607" + }, + { + "algorithm": "SHA256", + "checksumValue": "37d50085b783cc65da67a6ead91da93a3dae6ac74d44004b5c6dc9ba41235496" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FUTURE/openssl_fips.txt", + "SPDXID": "SPDXRef-File-...FUTURE-openssl-fips.txt-8e3c16288ba60b3a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cc622bfbd11b46609501b48c2c995748f5f050ef" + }, + { + "algorithm": "SHA256", + "checksumValue": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FUTURE/opensslcnf.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-FUTURE-opensslcnf.txt-1044ecf2ad0ce2c4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8ee682d486edb1422bf8d4f2c7f870e61b19a41d" + }, + { + "algorithm": "SHA256", + "checksumValue": "b8b47a18eaea88dac742a8834c0e5de7ea067974188aa796ee15099e3f216042" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/FUTURE/rpm-sequoia.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-FUTURE-rpm-sequoia.txt-e911694cbc73fcea", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f12068092df36d310de8bd1308aedcf098b5f5da" + }, + { + "algorithm": "SHA256", + "checksumValue": "abd2ec14c14a90c588d1180daafb98fc93537830da0eb87a8fd127e60a906f8b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/LEGACY/bind.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-LEGACY-bind.txt-8bf3176e21b3abc5", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c1d7811878d0056763d0d5c90dc9b7f407d84522" + }, + { + "algorithm": "SHA256", + "checksumValue": "de64669cdf2f9b5074089e202ea7f0bc04c94087c1e7ee0c3eba753b8c89c692" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/LEGACY/gnutls.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-LEGACY-gnutls.txt-b0484622aa727260", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "39130d031006a095247af4e080708f079b5d865b" + }, + { + "algorithm": "SHA256", + "checksumValue": "f1bce6a203cb2ec468342c6106f9c17db6569e19b85b6eabbcfe3b0cabb5053b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/LEGACY/java.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-LEGACY-java.txt-d1f527359f518a57", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "31540a551281834e6dfe9250e8d8e47dfac55666" + }, + { + "algorithm": "SHA256", + "checksumValue": "3ebe7bb711949d996bd3470541c3e20a72fc9d5045a6854ef99d679d073a4c97" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/LEGACY/javasystem.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-LEGACY-javasystem.txt-869d689a25f2e1d8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4323cbb7ef0fe3ac978c43cda15d8d14f464150b" + }, + { + "algorithm": "SHA256", + "checksumValue": "0ddb088db3d8d923e57dfe61dff5e3faadb41108c85b6eb1885b6a4838d382c3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/LEGACY/krb5.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-LEGACY-krb5.txt-bb6f1a66cbc46ca9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "72ba20eb8d03021c3e265fab393b35d32a1b2a66" + }, + { + "algorithm": "SHA256", + "checksumValue": "0c1e430ee375bf679019a42098629b7cccc6ca5a530479d787c5fde204da1cb7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/LEGACY/libreswan.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-LEGACY-libreswan.txt-29b57084e873a85b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "beb448d776d56b66f4f972ab0bda0b7797b7b7ae" + }, + { + "algorithm": "SHA256", + "checksumValue": "ad8cfdb3cf11f8a18a8d66c5b243ac449587a735355ae1e346cf8d5aabd02ac4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/LEGACY/libssh.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-LEGACY-libssh.txt-72c4214de7eaf7c3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0e9e88e99ae6119d46bce76bf259b7ea68ac7191" + }, + { + "algorithm": "SHA256", + "checksumValue": "9d0c42289b99760aa2079eb88be6b75fa5d5f346b6939ce4fd8cadc67cf04d9f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/LEGACY/nss.txt", + "SPDXID": "SPDXRef-File-...share-crypto-policies-LEGACY-nss.txt-72f663c04a0c56fc", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c135b486fc928b8ff2533917f10bc3b79ae2e16e" + }, + { + "algorithm": "SHA256", + "checksumValue": "2d8d23e37610b61a50e7557a4fdc86e3a4cf58599c3031e6590942eba0fe51c6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/LEGACY/openssh.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-LEGACY-openssh.txt-b307e99b0bf1a901", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "91e89d67bc23686d47b556a42db5454f53f3f068" + }, + { + "algorithm": "SHA256", + "checksumValue": "9b1a630302e80162acf8e683ce6ff77262683d7e4a8d7a04553c8c38110d7ca7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/LEGACY/opensshserver.txt", + "SPDXID": "SPDXRef-File-...LEGACY-opensshserver.txt-cfea9a73750a32b2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6a01238d34b30151929f1c2929ccee78663853a6" + }, + { + "algorithm": "SHA256", + "checksumValue": "2490d30ff79c21c5271d1a0845b95c56ebc29db351bce17468a0e114f9671a5e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/LEGACY/openssl.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-LEGACY-openssl.txt-9197b3a790c9df93", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "de48e374101ef029afd15af20331bc40a7db9b62" + }, + { + "algorithm": "SHA256", + "checksumValue": "14c0ac8298081902c37730227e3385e5db9bdb414fc00469a5453d9d8edbcb89" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/LEGACY/openssl_fips.txt", + "SPDXID": "SPDXRef-File-...LEGACY-openssl-fips.txt-9672f29db1784412", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cc622bfbd11b46609501b48c2c995748f5f050ef" + }, + { + "algorithm": "SHA256", + "checksumValue": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/LEGACY/opensslcnf.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-LEGACY-opensslcnf.txt-db84aa46836bf358", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "70af93215efde42382828e704f30f60120ec156a" + }, + { + "algorithm": "SHA256", + "checksumValue": "dcb4cfdc6b5b7566f33964a8517b55aa03607ea0f985bdb9e8ec815dc740b76c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/LEGACY/rpm-sequoia.txt", + "SPDXID": "SPDXRef-File-...crypto-policies-LEGACY-rpm-sequoia.txt-053bcf254f43a96f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "32efa04d4a9823c31ea308029087c33450eb5b38" + }, + { + "algorithm": "SHA256", + "checksumValue": "94e0021e1dfb6a505ae320fd1a810d959f9a8196876112df0b8bd13d1819a6b1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/default-config", + "SPDXID": "SPDXRef-File-...share-crypto-policies-default-config-913208470fae46ec", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "856da16030f51b488d6c93cd20b8674b578d233a" + }, + { + "algorithm": "SHA256", + "checksumValue": "2f6b44a5d39b9b62dfd5602a979abb7a6547e5662f7ae89934e53079b9bef24d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/policies/DEFAULT.pol", + "SPDXID": "SPDXRef-File-...crypto-policies-policies-DEFAULT.pol-b80049f0c6041e3f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6ddfd7835c3fd297e3c123be014a6ecfde1e567f" + }, + { + "algorithm": "SHA256", + "checksumValue": "6abb1869ab38cbfe389436d2c0edc135bff11eaa26d45f950676fcfa53e09501" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/policies/EMPTY.pol", + "SPDXID": "SPDXRef-File-...crypto-policies-policies-EMPTY.pol-9133809489ed5bd0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "11a373bb26f1088fab6c02691fcf455c91433d64" + }, + { + "algorithm": "SHA256", + "checksumValue": "17348db5605b98f88f38704b2de8c0eb91a066be19c4c993d2ed0d8dbf411ddd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/policies/FIPS.pol", + "SPDXID": "SPDXRef-File-...crypto-policies-policies-FIPS.pol-90ab5cddee596df7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "237284c26a9b8fe12579dc0a2cbee68183801303" + }, + { + "algorithm": "SHA256", + "checksumValue": "453ebba9bf853cc9351d8568bce931c594337a178f27978a80fba5cedac24f64" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/policies/FUTURE.pol", + "SPDXID": "SPDXRef-File-...crypto-policies-policies-FUTURE.pol-a392553ad2d8f3f6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1b66f17a3efeb6c11975e182debdfdf35cf31c6d" + }, + { + "algorithm": "SHA256", + "checksumValue": "84731b8aa062979ae374fe22a15beb2cbf2944d972d10bac119ce9627c6a69dc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/policies/LEGACY.pol", + "SPDXID": "SPDXRef-File-...crypto-policies-policies-LEGACY.pol-410c97f05ec8cc4e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "303cc51b569f67ab45fe1f2fe7074b2c8829ecef" + }, + { + "algorithm": "SHA256", + "checksumValue": "ed1cb209664939c3eec280015e9a322d59c0ae067f6a9514fb70f5bc19476b92" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/policies/modules/AD-SUPPORT-LEGACY.pmod", + "SPDXID": "SPDXRef-File-...modules-AD-SUPPORT-LEGACY.pmod-888b6b58afbd2377", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a7677874e757a5c9ea2f298c04e237358d0c2c28" + }, + { + "algorithm": "SHA256", + "checksumValue": "edf8c78bdc5ee2c2b72d63d9c5f8ea662174400fc55b5f59d37b8fbcfb053092" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/policies/modules/AD-SUPPORT.pmod", + "SPDXID": "SPDXRef-File-...policies-modules-AD-SUPPORT.pmod-d876baa9427407a2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1b30ef4624e4d518222a086172bdcb6828214966" + }, + { + "algorithm": "SHA256", + "checksumValue": "c101584cf373bd622b9060f30c0003d5d085273d628eb2ac64b53e4ef84da589" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/policies/modules/ECDHE-ONLY.pmod", + "SPDXID": "SPDXRef-File-...policies-modules-ECDHE-ONLY.pmod-5d0c649679feae87", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9362e76e330ccf7317cc06c23beae559962e45be" + }, + { + "algorithm": "SHA256", + "checksumValue": "661c008361be79add5c086db6aed9e84f7c7b569057023cb548911bb0cec1ee0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/policies/modules/NO-ENFORCE-EMS.pmod", + "SPDXID": "SPDXRef-File-...policies-modules-NO-ENFORCE-EMS.pmod-5903baac62ef6626", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "355dfb5e956ffcc098c3bbe10e6abd3ecd01ffe8" + }, + { + "algorithm": "SHA256", + "checksumValue": "304f4728eb3a09a2ec15eedaeffd1ddad83f0afc3bce911538082e74a9e26776" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/policies/modules/NO-SHA1.pmod", + "SPDXID": "SPDXRef-File-...policies-modules-NO-SHA1.pmod-14f5ce0d98a90b87", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3f272d4e7be4b45af30327905198e5da22bb2b4d" + }, + { + "algorithm": "SHA256", + "checksumValue": "2c36639722c6bf74ff296a606d65fd806e54dd1a2af26871efd139efc208c588" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/policies/modules/OSPP.pmod", + "SPDXID": "SPDXRef-File-...policies-modules-OSPP.pmod-6e35e39585ba7d79", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f776e2b162bd4978450a8d26858173371b140a45" + }, + { + "algorithm": "SHA256", + "checksumValue": "f642d2f8eb25c837335c3e634af670d9c56a27539797d072f751d30e70776569" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/policies/modules/PQ.pmod", + "SPDXID": "SPDXRef-File-...policies-modules-PQ.pmod-38ecd8c72b7eea92", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a8281ec2917d520cb7d70b53adff21f6aef29a4a" + }, + { + "algorithm": "SHA256", + "checksumValue": "a33e31d844a8b8ab138284609b6184a1110d017f61b9f681f8e73989f8a6096c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/policies/modules/SHA1.pmod", + "SPDXID": "SPDXRef-File-...policies-modules-SHA1.pmod-5e724ac7dc6c5896", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "64dad1fb09f3cd4dc67cd6151c933c499f9d0643" + }, + { + "algorithm": "SHA256", + "checksumValue": "926673bbc7ee7b5c81945f10d103178a8cd5c4a309efbf898a7433e7a4ae49fd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/crypto-policies/reload-cmds.sh", + "SPDXID": "SPDXRef-File-...share-crypto-policies-reload-cmds.sh-2db41ac88cdf8431", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a8c2aa59a511c5073192253e154a743bd0ce7d80" + }, + { + "algorithm": "SHA256", + "checksumValue": "69121b6719a4a96cb77bf2372cb58a389b08726e4448b1037b70ec9950af1048" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/cyrus-sasl-lib/AUTHORS", + "SPDXID": "SPDXRef-File-usr-share-doc-cyrus-sasl-lib-AUTHORS-a2f54b1b196c86e0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6abcb830b2a3083de47e32c6acfb6d0d175b3e26" + }, + { + "algorithm": "SHA256", + "checksumValue": "4b5d24c7d184e16bddad18caf7860f62ffff62d74e07b279d5bcdaa9b18b730a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/cyrus-sasl-lib/developer.html", + "SPDXID": "SPDXRef-File-...doc-cyrus-sasl-lib-developer.html-3ba77e6bd881631f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e8aed45c2da52231a7c6845eb51955fd328b7cb5" + }, + { + "algorithm": "SHA256", + "checksumValue": "48a54e0f2da15462dfc331373dffae4f6657d578a5efb934d9764dbc5948c542" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/cyrus-sasl-lib/download.html", + "SPDXID": "SPDXRef-File-...share-doc-cyrus-sasl-lib-download.html-636f619f9c1536be", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5019a386935f6796301259d9e170a2342b2aee44" + }, + { + "algorithm": "SHA256", + "checksumValue": "a5be4ab6e56563267cc4dd25e99bd1eeb88e55a953d04a03544803cb2ffdc9cf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/cyrus-sasl-lib/genindex.html", + "SPDXID": "SPDXRef-File-...share-doc-cyrus-sasl-lib-genindex.html-9e66ce4e0a6eb3cb", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d7e7bb23d60da618f26648e9ea453b9234719dcf" + }, + { + "algorithm": "SHA256", + "checksumValue": "eeb25bd49929d57a75e84f9c4c75f6fa51640627730f691141da8b09d181a7dd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/cyrus-sasl-lib/getsasl.html", + "SPDXID": "SPDXRef-File-...share-doc-cyrus-sasl-lib-getsasl.html-d92702dbbda7e1c4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7445a2e70d7b3edba1972838eddcad6fa151f9a2" + }, + { + "algorithm": "SHA256", + "checksumValue": "3c4eb23173434a69427ede084884d26089d805d56119aadae336bb97872cf45c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/cyrus-sasl-lib/index.html", + "SPDXID": "SPDXRef-File-...share-doc-cyrus-sasl-lib-index.html-b50526e63108f8d2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "08c41ec9f5d0cdadd0b2d4a97191c589966c84a9" + }, + { + "algorithm": "SHA256", + "checksumValue": "7013183e505fee223d6eee95ee75d8675d367e60b65f71bf4dcdd33232afe9fa" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/cyrus-sasl-lib/operations.html", + "SPDXID": "SPDXRef-File-...doc-cyrus-sasl-lib-operations.html-e5fec12d1cea722f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c1b60e44a0a224691e79be31e69d430252fcb086" + }, + { + "algorithm": "SHA256", + "checksumValue": "087f6f07ec6b8dd36e98840d961ceff3f9c0c4816a35ee31b8109f981c66a53d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/cyrus-sasl-lib/packager.html", + "SPDXID": "SPDXRef-File-...share-doc-cyrus-sasl-lib-packager.html-c2da83b6c923127b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "88da744c8a62476bbf99c530ffe6dce7ba60443c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8eaa2b504007fce395ae3cd9f6d3e5e5f732e6c58b761c85d43db434ea25236b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/cyrus-sasl-lib/search.html", + "SPDXID": "SPDXRef-File-...share-doc-cyrus-sasl-lib-search.html-479cbc92a7a36509", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "90196c41de1a7de3c26d0209429d821c7ebaabe5" + }, + { + "algorithm": "SHA256", + "checksumValue": "001df4ff29c794af8c409e16fa2ddc195cce1247474dd701eb530c0187a58476" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/cyrus-sasl-lib/setup.html", + "SPDXID": "SPDXRef-File-...share-doc-cyrus-sasl-lib-setup.html-14a117e88aabf24b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5be0a629828746c9baef4aaf7b54a3e8378ad5dd" + }, + { + "algorithm": "SHA256", + "checksumValue": "0c2a3935f247f3b31c8c666f6b27a62b8b49e211bad56f48b54e06ce621773c8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/cyrus-sasl-lib/support.html", + "SPDXID": "SPDXRef-File-...share-doc-cyrus-sasl-lib-support.html-348d1f812826c9f4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "81d7dd17ec92c63555ce4696828571cce1710618" + }, + { + "algorithm": "SHA256", + "checksumValue": "ae3c8fa1e231022f55cd93f11007725d896c0682aeaecee6586f0535e80d8625" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/dnf/AUTHORS", + "SPDXID": "SPDXRef-File-usr-share-doc-dnf-AUTHORS-f2a10369c567f48e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "562a628ffa7f5c29af93854c74b19c9e0680aa46" + }, + { + "algorithm": "SHA256", + "checksumValue": "5db00f039c2585bde1ff9d1aeb6f8a34d15a0977757a634886f07a3825a0c785" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/dnf/README.rst", + "SPDXID": "SPDXRef-File-usr-share-doc-dnf-README.rst-e45b53ec2f0ac0a0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c008c0a210b781f0fc1a11e790b4ebb5771b15b3" + }, + { + "algorithm": "SHA256", + "checksumValue": "5f8f14bf713fb23e2a644902b815db6204d71e63bdcfac50703242f834a02119" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/findutils/AUTHORS", + "SPDXID": "SPDXRef-File-usr-share-doc-findutils-AUTHORS-2b831b50af534f2b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7ea9914f4209e103b0bd1ecf5ad0ba69fe20ece8" + }, + { + "algorithm": "SHA256", + "checksumValue": "a406e80dc71aabaf208eaf4f8514ff99c296bb07e28cffa426c0f71eaf5c09f7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/findutils/NEWS", + "SPDXID": "SPDXRef-File-usr-share-doc-findutils-NEWS-c29277a285f11a54", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "80742e9e29deea23b382ec1fcf8a4853750bda64" + }, + { + "algorithm": "SHA256", + "checksumValue": "c48bc9776cf09d9c71244d741f5938b578b83ee68800ef786c7f3575266a46cc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/findutils/README", + "SPDXID": "SPDXRef-File-usr-share-doc-findutils-README-a2321d70af729a09", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "36813ee3b13390b210c05c4acdb11db721101bbc" + }, + { + "algorithm": "SHA256", + "checksumValue": "9e69d7c33f690071c03fd778e60bbc8dfce80efee098b81c79b3d3018303ffd2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/findutils/THANKS", + "SPDXID": "SPDXRef-File-usr-share-doc-findutils-THANKS-a222427dafd590d6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2a38c0a3e07ef3a20d82b16eb8d59f051e99f427" + }, + { + "algorithm": "SHA256", + "checksumValue": "9b1acdf8723ab6183c0f191b4e5076c0a6daf88e80136ac05197369041a96616" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/findutils/TODO", + "SPDXID": "SPDXRef-File-usr-share-doc-findutils-TODO-7e256dc3c07e3bbf", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a50629512060bae5e4f384ab80baf92f6e6d88ce" + }, + { + "algorithm": "SHA256", + "checksumValue": "4ecd8ead14e114067b4edb4c3279dc81c2383e2491f91bb12d8ca377878496d2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/glib2/AUTHORS", + "SPDXID": "SPDXRef-File-usr-share-doc-glib2-AUTHORS-b92d7f889edab03c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d33d419446f08f11602192b63a5669123206fedb" + }, + { + "algorithm": "SHA256", + "checksumValue": "52ca4a84d8dc412ead87bc3223c2ec2ac819938337cabecb2bd1994e979d1171" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/glib2/NEWS", + "SPDXID": "SPDXRef-File-usr-share-doc-glib2-NEWS-09b75c7c7656032e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f39d69a01132975efdeb83b97ec5d3236bf907d2" + }, + { + "algorithm": "SHA256", + "checksumValue": "d9d372c412fac473f5ae7cbb9ccf0f535c203dba5a54d3d49a24c17f66e2fe45" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/glib2/README", + "SPDXID": "SPDXRef-File-usr-share-doc-glib2-README-832a99d51bcc976c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "75216795763abba850397d42a95c8059cc62b42d" + }, + { + "algorithm": "SHA256", + "checksumValue": "3debe734c777df09c3c762cadd0fea1bebdb857c55243d605dc5b09211895bf3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/gnutls/AUTHORS", + "SPDXID": "SPDXRef-File-usr-share-doc-gnutls-AUTHORS-09778ad4d5c0d6cc", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c9ad6f40606f8bc589be4b8e5fca174e0b71e2cd" + }, + { + "algorithm": "SHA256", + "checksumValue": "a13baf7a36ec910b8c5b752c475aa8e1c0e24a60fd08bdae8506c9cdb53711b1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/gnutls/NEWS", + "SPDXID": "SPDXRef-File-usr-share-doc-gnutls-NEWS-72fed51334ae231b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3321bdd18d25f24c6ef468c2e6834b2af6ac05d7" + }, + { + "algorithm": "SHA256", + "checksumValue": "f1c48c1f0587d909d08764fc379dcc647935680297a293ba000606811a7a5209" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/gnutls/README.md", + "SPDXID": "SPDXRef-File-usr-share-doc-gnutls-README.md-58756d9f36396527", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f49f88f544dac452f0e8fb3b11ca32fea1eb14ef" + }, + { + "algorithm": "SHA256", + "checksumValue": "b5bc4c00d2004fd1088ab3f1523576a32c3dcf6612f5ab485479e37f89756e91" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/gnutls/THANKS", + "SPDXID": "SPDXRef-File-usr-share-doc-gnutls-THANKS-a04110cf28fb5340", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0484d82a5b452924b5f5c8c867896091a123b272" + }, + { + "algorithm": "SHA256", + "checksumValue": "0795315b015c1b92beab235ce9b843e8bae9d89f47a599e5bed8fd578f35a8e3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/krb5-libs/NOTICE", + "SPDXID": "SPDXRef-File-usr-share-doc-krb5-libs-NOTICE-a123f7eee70c72eb", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "63254f2d180b67ee59eeaf23bbe986c939888482" + }, + { + "algorithm": "SHA256", + "checksumValue": "0d5373486138cb176c063db98274b4c4ab6ef3518c4191360736384b780306c2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/krb5-libs/README", + "SPDXID": "SPDXRef-File-usr-share-doc-krb5-libs-README-bfcafeb6183520a2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d4b6ebeedbc90de39434a56323a90fec6ecb5558" + }, + { + "algorithm": "SHA256", + "checksumValue": "8f61caf687d0ec6fa67fe96187f581fd80bf71faf1463929d0017faa5d29f1cc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/libarchive/NEWS", + "SPDXID": "SPDXRef-File-usr-share-doc-libarchive-NEWS-f244dcf2fc44b61b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cfccfe9002fcbeb8d5504a92c0bd040812bd9d69" + }, + { + "algorithm": "SHA256", + "checksumValue": "a2b619bb37a6bdc592c11974f4924677612195c6da72132081f24cb73e13ffaf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/libarchive/README.md", + "SPDXID": "SPDXRef-File-usr-share-doc-libarchive-README.md-d445ce13fbbc3dfd", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b3d673c8e1937e93a63bfc029ccd55573326f44d" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ea8f1b994736b8319f72d290ea18edee9da1ec8095c42cc44292ce961965fe4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/libblkid/COPYING", + "SPDXID": "SPDXRef-File-usr-share-doc-libblkid-COPYING-6c3fe7be3bf29827", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "93e45afdb0d7c3fdd6dfcc951b8a3421660f2811" + }, + { + "algorithm": "SHA256", + "checksumValue": "f03b01c1251bc3bfee959aea99ed7906a0b08a2ff132d55a1ece18ee573a52a1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/libcap/capability.notes", + "SPDXID": "SPDXRef-File-usr-share-doc-libcap-capability.notes-0f0ce024c81213be", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dfc01dec23013354ea56dff88baa0254c0d87f07" + }, + { + "algorithm": "SHA256", + "checksumValue": "1da6f6022ce14b9877f4f5929aafa5d4f1cb88b8a87e5c3eeb3d6f0371a7beb9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/libdnf/AUTHORS", + "SPDXID": "SPDXRef-File-usr-share-doc-libdnf-AUTHORS-5cf0045bda65895b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "eef667365b106e5e2bf0737e1df3e735af221ee9" + }, + { + "algorithm": "SHA256", + "checksumValue": "31d97c50072e6fa08fbfd81d27f7a4640be7b69ba11f74d6497e2d2b47ab2efb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/libdnf/README.md", + "SPDXID": "SPDXRef-File-usr-share-doc-libdnf-README.md-2f93b603c0f10ccc", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e9af3d04907fccb5fd3fa22df3a6a8c0fb70badd" + }, + { + "algorithm": "SHA256", + "checksumValue": "568c897e8db9ba48829b56c74ec080a43a67a9000b8c604df98c98bfb9fd4388" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/librepo/README.md", + "SPDXID": "SPDXRef-File-usr-share-doc-librepo-README.md-e47abad8b54b40c6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cbeab662650a5dc943d40b929d77d0ae0e8c5a67" + }, + { + "algorithm": "SHA256", + "checksumValue": "126179a488975283a8ce48cd771b2816ada6771ac9f7b853ceb09fd31665e2b9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/libtasn1/AUTHORS", + "SPDXID": "SPDXRef-File-usr-share-doc-libtasn1-AUTHORS-8b10aaeddcc8bbd0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9f8a0b66fa3f77b4490d1c19b49629b6659046f4" + }, + { + "algorithm": "SHA256", + "checksumValue": "949894e3b1d3952cbe5e2b16fcdcd2192d967e5da20d1f71bd8f434f6ccec2b1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/libtasn1/NEWS", + "SPDXID": "SPDXRef-File-usr-share-doc-libtasn1-NEWS-a2c8b5224135e21a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d558a897bc83547a1d96b24577f75bb36de7a1cc" + }, + { + "algorithm": "SHA256", + "checksumValue": "cd659d7c4dab21bbaecb9aa4c2908018a30b88e33b3bcc556484b177c2a78341" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/libtasn1/README.md", + "SPDXID": "SPDXRef-File-usr-share-doc-libtasn1-README.md-e96158079ca16b1c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cddb140f1be1a540af4f251ee4c4974e136811d6" + }, + { + "algorithm": "SHA256", + "checksumValue": "48572667217bbe68ab05d2188c09e45e569c04d3d16a0db4bddb42dcb1ae349b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/libxml2/NEWS", + "SPDXID": "SPDXRef-File-usr-share-doc-libxml2-NEWS-26101b2a73c22813", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bc4da39c644ea8ea254aa2cae1038bd144361e54" + }, + { + "algorithm": "SHA256", + "checksumValue": "847ddd05b336af3cb92cd69e855383c2f3b1cc5c0707afa5b081c50529a70671" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/libxml2/README.md", + "SPDXID": "SPDXRef-File-usr-share-doc-libxml2-README.md-5600ce50a10eb4d4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4d0879ad47deab4a30887505ee1afe6e755489fa" + }, + { + "algorithm": "SHA256", + "checksumValue": "163a54f9593b6a7ef39caca031a9b9899dd60b3bb943527e71d699fabf5564ea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/libxml2/TODO", + "SPDXID": "SPDXRef-File-usr-share-doc-libxml2-TODO-518d26076223bf16", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "be6d5916d015d930331e4a8102db4f899896fae5" + }, + { + "algorithm": "SHA256", + "checksumValue": "8cbe077cd85d513ca3f3a8a51c3ccae43f6485b043aa1253954d0bddf5f9c817" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/ncurses-base/README", + "SPDXID": "SPDXRef-File-usr-share-doc-ncurses-base-README-ab815bf6c0edffd2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6c124560cd62bdb59839d2219e1bbd33fcee7aa4" + }, + { + "algorithm": "SHA256", + "checksumValue": "07794ece2a1bbeb5f3760c201700436d9d88f77e902dc809dc44474345d7bfcb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/nettle/AUTHORS", + "SPDXID": "SPDXRef-File-usr-share-doc-nettle-AUTHORS-d8440719a2647712", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "04fbd8d41d82f816099fdc8fa79becada57c46bb" + }, + { + "algorithm": "SHA256", + "checksumValue": "6fd91e60caa0c33dd22888b710fcfa36532bbbef00d85c78de385dcd97f7b9ee" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/nettle/NEWS", + "SPDXID": "SPDXRef-File-usr-share-doc-nettle-NEWS-b38fb49ec7a7ad9a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0404f925c3cf59613eccde257ef0a65ff8fed984" + }, + { + "algorithm": "SHA256", + "checksumValue": "a903faa402c389ef025f85eefbd860abca64fbe78d12b3a25a38e2aed351ca2b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/nettle/README", + "SPDXID": "SPDXRef-File-usr-share-doc-nettle-README-80154d44abd9a5df", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "354c1f9b4cf4cf475d01c01f10abaf7febe856de" + }, + { + "algorithm": "SHA256", + "checksumValue": "02cb98d7b68bd895fe26752c5f10d7eb23623dff90238998e019c26994c6739b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/openldap/ANNOUNCEMENT", + "SPDXID": "SPDXRef-File-usr-share-doc-openldap-ANNOUNCEMENT-06ddd2c5ab1466d1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9c3f398729454628f2aa452e96be92be21ad9c7d" + }, + { + "algorithm": "SHA256", + "checksumValue": "bab2a80eab7ad580f678d677fb9a6ef2aa8608af0dda0c0b360a4ed288cbb10d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/openldap/CHANGES", + "SPDXID": "SPDXRef-File-usr-share-doc-openldap-CHANGES-e3c8722270703b1f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "05c4a531a01be3039c428ac36d3b50bfb2fae92d" + }, + { + "algorithm": "SHA256", + "checksumValue": "8266a11815b7f36f069fc10e31e40adeb6c11c48167c3b09c453931bf290c206" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/openldap/README", + "SPDXID": "SPDXRef-File-usr-share-doc-openldap-README-af87b9e7aabb7c0d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "528c1f6f9eaf19b83dbf9fbc8eb666fc3fe4291e" + }, + { + "algorithm": "SHA256", + "checksumValue": "5bf8efa8807f8d11f2040fda7d691e175494364b865bd31ef264d5cf05d64616" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/openssl-fips-provider/README.md", + "SPDXID": "SPDXRef-File-...doc-openssl-fips-provider-README.md-a38d4d64727600bf", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3fffa80240ed8b796e9156fac6ab1b934d91aca5" + }, + { + "algorithm": "SHA256", + "checksumValue": "752bf68e811026a9249b09b74c1fd1286d589c0a197d74281467e6696350a65d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/openssl/NEWS.md", + "SPDXID": "SPDXRef-File-usr-share-doc-openssl-NEWS.md-966b775465888454", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9394286c79376d10c0e6f044591f08038324cc0f" + }, + { + "algorithm": "SHA256", + "checksumValue": "2fba7a5c465ae545e821fd2db834e7b2de003f92efc906c565e0a5951f54a528" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/openssl/README.md", + "SPDXID": "SPDXRef-File-usr-share-doc-openssl-README.md-2dda2c3f18ee55a7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3616dd742d101c0f16616f2008d6a8522b186677" + }, + { + "algorithm": "SHA256", + "checksumValue": "2bfd51ec120e0795439788274b5f447bb8559818fc4927e4712e73ac54c01c3f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/redhat-release/GPL", + "SPDXID": "SPDXRef-File-usr-share-doc-redhat-release-GPL-2d96fcb60e6d6812", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/redhat-release/GPL-source-offer", + "SPDXID": "SPDXRef-File-...doc-redhat-release-GPL-source-offer-ecc1c4f163b4ad49", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f87e1e4eaa28bc4b242269c832c1e45f65f954d1" + }, + { + "algorithm": "SHA256", + "checksumValue": "025c99694c7fa9dd8a6a9cc0d450dbd36427cdff856771499718a421ab217482" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/rpm/CREDITS", + "SPDXID": "SPDXRef-File-usr-share-doc-rpm-CREDITS-7e9fece2ad52f597", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0363cf8a78176f5806241ea47cbff8bab6b929ee" + }, + { + "algorithm": "SHA256", + "checksumValue": "eca98e23b93ba154007bc76bb763d52167255a5def83715727946e2b14bc847d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/rpm/builddependencies", + "SPDXID": "SPDXRef-File-usr-share-doc-rpm-builddependencies-ba367ba1a6a17446", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a83b0fd6b0bc12a6225678d72a75fa97844f0e0f" + }, + { + "algorithm": "SHA256", + "checksumValue": "1580050367dd281a03cb5d5e8692349829f1b21e48ebb328cbacf7e7e09d04ad" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/rpm/buildroot", + "SPDXID": "SPDXRef-File-usr-share-doc-rpm-buildroot-70e0901d857c8852", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "850853187ebb434876fd72acc7486c8191d52d41" + }, + { + "algorithm": "SHA256", + "checksumValue": "7eac4a3d80abb2c002735348520f939cb43d21e73d3f52990baf3ba925b40d10" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/rpm/conditionalbuilds", + "SPDXID": "SPDXRef-File-usr-share-doc-rpm-conditionalbuilds-84af44f4271d45ac", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4c0ba174d1d68dbc61743088e883c5e177d78241" + }, + { + "algorithm": "SHA256", + "checksumValue": "70a9517d270bcfd399cd7927aa18d659e0c63395b7d8fa11560ed71b549340a2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/rpm/dependencies", + "SPDXID": "SPDXRef-File-usr-share-doc-rpm-dependencies-618be8f32a42d98b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "83e48f7e8f9d39afc364a2d69655a8d52b7f9a63" + }, + { + "algorithm": "SHA256", + "checksumValue": "397c40977dcd4655cb76ce9847a1968c0de37d3f351b722fb05376969a8dbee2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/rpm/format", + "SPDXID": "SPDXRef-File-usr-share-doc-rpm-format-77d382b59680ea33", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dec1af8f706736d4201f3c658c6bf7e0abb8bdb0" + }, + { + "algorithm": "SHA256", + "checksumValue": "546660743edaa82c31176c705c6452ce0e4600ec1e5a77def2bc1c8c3ea86b8c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/rpm/hregions", + "SPDXID": "SPDXRef-File-usr-share-doc-rpm-hregions-ad0dd43970cd551f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bcfc6bea245367a4bd56560b426f27305a259ad0" + }, + { + "algorithm": "SHA256", + "checksumValue": "013a188ee9adf79a94b8961e4342d6994ee0866f12cea3f6579dcd51eda0d796" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/rpm/macros", + "SPDXID": "SPDXRef-File-usr-share-doc-rpm-macros-35b8382e49af6760", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ef045e38bc1a6a88ae87ef9f40f1801e8ac945e6" + }, + { + "algorithm": "SHA256", + "checksumValue": "960b85cc1ab24fe12ba69e0ffea91ada56b1afc67d6e20bb48903bab4961133d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/rpm/multiplebuilds", + "SPDXID": "SPDXRef-File-usr-share-doc-rpm-multiplebuilds-c72cc34a7734b8ad", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fa9822ea70b4e8691511d07018a56b9c554cbb1c" + }, + { + "algorithm": "SHA256", + "checksumValue": "59e84e15d9af66ed7b693b7c200aa48328bd24d18c9ce53f4c2a36bcefe65a31" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/rpm/queryformat", + "SPDXID": "SPDXRef-File-usr-share-doc-rpm-queryformat-29f580ed6ad02546", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a7e1514a93a90f8ba9b80260df999e9c173b8ef8" + }, + { + "algorithm": "SHA256", + "checksumValue": "ecaaa58e3a380e4def9c2e4bcb315810209a802027fe1b4a7bf2a01f44bc5e3d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/rpm/relocatable", + "SPDXID": "SPDXRef-File-usr-share-doc-rpm-relocatable-9c61ea48cb83168a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "80e0019c56778d0ebde9dccc3245f7616efd4632" + }, + { + "algorithm": "SHA256", + "checksumValue": "3a41eeced53b1c6d1ffcb8df980d98f6b53c8f79cf0b3d78eea66ce058bd817d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/rpm/signatures", + "SPDXID": "SPDXRef-File-usr-share-doc-rpm-signatures-8ea6468decc16ca3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ca9beae334fc974b6a8dfc933ae415d112cead7b" + }, + { + "algorithm": "SHA256", + "checksumValue": "e52f26d6b1474b405e410e0d348b45509aee6168eaae06643ce1298d41a69ed9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/rpm/spec", + "SPDXID": "SPDXRef-File-usr-share-doc-rpm-spec-55e972a9bd3adf7d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "875b6552d0b4c7090981097264b8471d07e5b0bf" + }, + { + "algorithm": "SHA256", + "checksumValue": "02fc972cb34963139c4363ac279905ec6428cbba7e0f4d799c7fc3015fcf1aa8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/rpm/triggers", + "SPDXID": "SPDXRef-File-usr-share-doc-rpm-triggers-fd26c3eb3403b2b5", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7d5bac560078ef15d295c7a6c58f876fb98ab3e5" + }, + { + "algorithm": "SHA256", + "checksumValue": "ac2f2772cf98b150a0c9779d2dae3c6c213c98d85f9c037527c35db57345b906" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/rpm/tsort", + "SPDXID": "SPDXRef-File-usr-share-doc-rpm-tsort-c15c94c1738fbcb5", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "aed363515bef72c6c0a4b3430e400da3557f28d0" + }, + { + "algorithm": "SHA256", + "checksumValue": "533567bdebec1ed11887dc9041d68402a67497d19a3d124a090093ca5bfeb96f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/shadow-utils/HOWTO", + "SPDXID": "SPDXRef-File-usr-share-doc-shadow-utils-HOWTO-819bee19751e8fbd", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "589aba60d5393dcde61320a5db15ae4bcbaa94fd" + }, + { + "algorithm": "SHA256", + "checksumValue": "9786629ea4c20733b576cac0f09a342ff2d971c74abc1c571f9eb1c1ef53219e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/shadow-utils/NEWS", + "SPDXID": "SPDXRef-File-usr-share-doc-shadow-utils-NEWS-acd3a81b3ac2b9e0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "62ad7fa054bdb86fa799cfaad74bacfa53d7133d" + }, + { + "algorithm": "SHA256", + "checksumValue": "b9de8dcd827a89d0eaeaec17ac4a319160dde1dbde618f41bc6ce3a6e877525d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/shadow-utils/README", + "SPDXID": "SPDXRef-File-usr-share-doc-shadow-utils-README-27ac861c1eb25c36", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7e0679a986338cd29afd8dce0d95822c49aeb848" + }, + { + "algorithm": "SHA256", + "checksumValue": "fda044b9c99d2ad2748248f93562138ff0a3582ed1ac300ff5befda04eb0b40a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/sqlite-libs/README.md", + "SPDXID": "SPDXRef-File-usr-share-doc-sqlite-libs-README.md-d50f1628fdf00808", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4df383f341bcdd29371bbbd9a5b1ada698976aa7" + }, + { + "algorithm": "SHA256", + "checksumValue": "8f065f666e82710b9f5dcfc74a6dc04e359a1883c655647e2d97882e1ca42787" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/tzdata/NEWS", + "SPDXID": "SPDXRef-File-usr-share-doc-tzdata-NEWS-d582b81e5c24dbe2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "24d6743ce536c5270aa5cbe9069bde58ee62a417" + }, + { + "algorithm": "SHA256", + "checksumValue": "6786fdd586c42d9dc9e6cf0c977430753c6c4f3b2b9716c8cd12dbbe69a00243" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/tzdata/README", + "SPDXID": "SPDXRef-File-usr-share-doc-tzdata-README-b491273c5071c377", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b612ab352fcb6ac4bb8a4905a1fe342e2d317392" + }, + { + "algorithm": "SHA256", + "checksumValue": "f6d96b82996a6ccac80027816704183c63a754d5b1eb2e7b25858e32164e2707" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/tzdata/theory.html", + "SPDXID": "SPDXRef-File-usr-share-doc-tzdata-theory.html-0687579881861600", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7e13674e161d07553138c3a4db8c0ce7e2228a71" + }, + { + "algorithm": "SHA256", + "checksumValue": "6595250beade4e03269711bff79b07f0bbd00ee93c54fb1931b576786d49ab9b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/tzdata/tz-art.html", + "SPDXID": "SPDXRef-File-usr-share-doc-tzdata-tz-art.html-b1d2358a79ff3e1f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ceb98b07fd544a34453b9b725c4c4227540f294f" + }, + { + "algorithm": "SHA256", + "checksumValue": "0665b9189cf5f6fb2e912c01da70a5ce5543d2f439e8d5be8b1185cea7ea0679" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/doc/tzdata/tz-link.html", + "SPDXID": "SPDXRef-File-usr-share-doc-tzdata-tz-link.html-d31a81ab8db21c1e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "de87135861365dc299b0db394b61aae83f79dc30" + }, + { + "algorithm": "SHA256", + "checksumValue": "f1f9ab582449226111e7eef271a71f25875383c4c236f4531941c69faaab5db3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/fontconfig/conf.avail/20-unhint-small-dejavu-sans.conf", + "SPDXID": "SPDXRef-File-...20-unhint-small-dejavu-sans.conf-f38158a60f58dcf7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "efe047199a3154ded7927e855b0faf545f608f66" + }, + { + "algorithm": "SHA256", + "checksumValue": "9fd242f22463300d6e365ece9d7a74c9a5442d29bf0c67b2b58f64b8c0303a76" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/fontconfig/conf.avail/57-dejavu-sans-fonts.conf", + "SPDXID": "SPDXRef-File-...conf.avail-57-dejavu-sans-fonts.conf-1e810aa32799dda1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "18779a612da3014b2f6392da793723d741176b32" + }, + { + "algorithm": "SHA256", + "checksumValue": "f0decf1d9c3c25bae3db27516c40ce3f80616362942c5cf1a3b9a21a1de1a0c8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/fonts/dejavu-sans-fonts/DejaVuSans-Bold.ttf", + "SPDXID": "SPDXRef-File-...dejavu-sans-fonts-DejaVuSans-Bold.ttf-4ec017684ca0701e", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "87d3dcf4b666f77c320bd30dcdc8ade33d08c160" + }, + { + "algorithm": "SHA256", + "checksumValue": "6e118ccd0d61f948ee8fe7674efd977e319929a81c0a92bd3081676cbd9e7d6e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/fonts/dejavu-sans-fonts/DejaVuSans-BoldOblique.ttf", + "SPDXID": "SPDXRef-File-...DejaVuSans-BoldOblique.ttf-68a7a1aecef0f0bb", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ef1263ea79b647e190cee127cab9a1447ff08032" + }, + { + "algorithm": "SHA256", + "checksumValue": "02eb8bf872f5d62748c2e5580378ea505f0bc64ebfc96ff1f2e1555a7081b09f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/fonts/dejavu-sans-fonts/DejaVuSans-ExtraLight.ttf", + "SPDXID": "SPDXRef-File-...DejaVuSans-ExtraLight.ttf-8f422b316d200560", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "068605e7bfe415e5f349a763aafdf6c19b417689" + }, + { + "algorithm": "SHA256", + "checksumValue": "baea85ba0e558d3999b672844170bee9d43a4d107bbf85a41bc436d0ea1f2ac2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/fonts/dejavu-sans-fonts/DejaVuSans-Oblique.ttf", + "SPDXID": "SPDXRef-File-...DejaVuSans-Oblique.ttf-10e1abf320fef787", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d1f533943748a5794c7d591ec37ed6a2a9edd796" + }, + { + "algorithm": "SHA256", + "checksumValue": "b7f32088fac05f585418f7c6d93951f08968e987a877b4fba96384eb55211181" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/fonts/dejavu-sans-fonts/DejaVuSans.ttf", + "SPDXID": "SPDXRef-File-...fonts-dejavu-sans-fonts-DejaVuSans.ttf-b23178d125545f49", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1678de3625fee2cb91585ac30add82f1be092400" + }, + { + "algorithm": "SHA256", + "checksumValue": "66b8a8ee0a4d1d46ff40f3352b05dbaffb63669c0577096f4a513772d21290f1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed-Bold.ttf", + "SPDXID": "SPDXRef-File-...DejaVuSansCondensed-Bold.ttf-b6ef71dfaf54dd21", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "83f785c82118cb52a1e3806663e882161a895d3d" + }, + { + "algorithm": "SHA256", + "checksumValue": "f24a0c5afd58a647df07b1cd259b87d597fb1b21c76926d227c520321579c1c7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed-BoldOblique.ttf", + "SPDXID": "SPDXRef-File-...DejaVuSansCondensed-BoldOblique.ttf-c3d987af03b2c23d", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "78371892eac1374124d067ac681e8bca7b1cec71" + }, + { + "algorithm": "SHA256", + "checksumValue": "f1bd593e64d302b1e776d0fee1db207f8ce77c3bfaf13e98fffca246ebece1eb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed-Oblique.ttf", + "SPDXID": "SPDXRef-File-...DejaVuSansCondensed-Oblique.ttf-f868e0e9521cbfd9", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7f0b43f650a6e29b3b4e2f0e3e1bce28eae42774" + }, + { + "algorithm": "SHA256", + "checksumValue": "62770f2d0218fb5e839dac94fce530e305aea2c995e688313127b14ba51a8a73" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed.ttf", + "SPDXID": "SPDXRef-File-...DejaVuSansCondensed.ttf-e03106a16175f05c", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b44a6621929bfe826924a50b48083b641a6e4ab6" + }, + { + "algorithm": "SHA256", + "checksumValue": "16b971ef662a96d3e2d65d1756674c510c3af4dfddd99083dcdfb7aa2acd57c2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/gcc-11/python/libstdcxx/__init__.py", + "SPDXID": "SPDXRef-File-...gcc-11-python-libstdcxx---init--.py-0fe68e1bb714f0e3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc" + }, + { + "algorithm": "SHA256", + "checksumValue": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/gcc-11/python/libstdcxx/__pycache__/__init__.cpython-39.opt-1.pyc", + "SPDXID": "SPDXRef-File-...--init--.cpython-39.opt-1.pyc-6f49fe62ba8d300d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e8e84aed632789e7fd868906a645cffc41df1ebb" + }, + { + "algorithm": "SHA256", + "checksumValue": "0b55ea2691d26305fe18eeb3ce8f454b429400c73d236730a3f882448e9b84c0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/gcc-11/python/libstdcxx/v6/__init__.py", + "SPDXID": "SPDXRef-File-...gcc-11-python-libstdcxx-v6---init--.py-37aa0a1b0543f751", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a62f9ccb97c2ac61c72380221a40d1b3a01d0340" + }, + { + "algorithm": "SHA256", + "checksumValue": "2cafc1b79bcd4efab8233623bd93c7e1e1a6c29fcf80d5b7787ea9dbfe80dcda" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/gcc-11/python/libstdcxx/v6/__pycache__/__init__.cpython-39.opt-1.pyc", + "SPDXID": "SPDXRef-File-...--init--.cpython-39.opt-1.pyc-24b3a3f969bb4ffc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3ae2e88eb4bc53274c9f0c31876f5da19938d979" + }, + { + "algorithm": "SHA256", + "checksumValue": "84280c44fc615f742d769887602e8fac7ef4214d914fa7de04d333af7dc3a2c9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/gcc-11/python/libstdcxx/v6/__pycache__/printers.cpython-39.opt-1.pyc", + "SPDXID": "SPDXRef-File-...printers.cpython-39.opt-1.pyc-395fbd00f29f7d3c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "914ba69bda04369538ae67043b436da396e745dc" + }, + { + "algorithm": "SHA256", + "checksumValue": "f86431757b85d352cf151ee3561cc0a709041919b5dd59f34f32be4a58632199" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/gcc-11/python/libstdcxx/v6/__pycache__/xmethods.cpython-39.opt-1.pyc", + "SPDXID": "SPDXRef-File-...xmethods.cpython-39.opt-1.pyc-f8f393ad0c1f8e18", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3218228bf5b5ff3b9c72e8fc211d4e16d4d20793" + }, + { + "algorithm": "SHA256", + "checksumValue": "fb597ed2c0c3453940eef336e47afbc92e7f13f3287ad1a9bdcc91d090631128" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/gcc-11/python/libstdcxx/v6/printers.py", + "SPDXID": "SPDXRef-File-...gcc-11-python-libstdcxx-v6-printers.py-b17c36bfeff5fe18", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "127bd38eba6a5dcfb7ca5aaaeb9b2f899681a636" + }, + { + "algorithm": "SHA256", + "checksumValue": "26feccb2e10bea3e4cf01462ce1801eded90e3b0ab478f33aceea55acfe5cda3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/gcc-11/python/libstdcxx/v6/xmethods.py", + "SPDXID": "SPDXRef-File-...gcc-11-python-libstdcxx-v6-xmethods.py-9a675f46f0e5bbd6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "833b7659fa74e94ecae9b89ab276a9adfd33dfbb" + }, + { + "algorithm": "SHA256", + "checksumValue": "ac13a5d60975756f3a6827e5c97521079b482114346c34b58ffd2d25e38762eb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/gdb/auto-load/usr/lib64/__pycache__/libstdc++.so.6.0.29-gdb.cpython-39.opt-1.pyc", + "SPDXID": "SPDXRef-File-...libstdc--.so.6.0.29-gdb.cpython-39.opt-1.pyc-7048897fa7034e19", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0060f9b71291b6433fc7d97ff53150aaf988d256" + }, + { + "algorithm": "SHA256", + "checksumValue": "40044a0eba476cb704f1c8ac09916d222ab5b8b0f3ccf34d0907fc1f912ecfa5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/gdb/auto-load/usr/lib64/libstdc++.so.6.0.29-gdb.py", + "SPDXID": "SPDXRef-File-...usr-lib64-libstdc--.so.6.0.29-gdb.py-23259e543780ca49", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2be19761420d637dd33273c38510c33de17eee09" + }, + { + "algorithm": "SHA256", + "checksumValue": "930bba9ae3997868e991cab461ce9b9684c137eace1b5f2dbd957e03429105c5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/gnupg/distsigkey.gpg", + "SPDXID": "SPDXRef-File-usr-share-gnupg-distsigkey.gpg-eacb78f0177ac6e1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7f622e5d2234f119ac15213b7d3b300f536803dd" + }, + { + "algorithm": "SHA256", + "checksumValue": "7f04a82407e2074d57efbac9487b4f1ef9bc23c2a55a44ab4b1c396050251bef" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/gnupg/sks-keyservers.netCA.pem", + "SPDXID": "SPDXRef-File-...share-gnupg-sks-keyservers.netCA.pem-fadfa2cc594e6ac1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ce86fdbc099e5607ea8a149d760b30c725e299e6" + }, + { + "algorithm": "SHA256", + "checksumValue": "0666ee848e03a48f3ea7bb008dbe9d63dfde280af82fb4412a04bf4e24cab36b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/info/find-maint.info.gz", + "SPDXID": "SPDXRef-File-usr-share-info-find-maint.info.gz-8666c08c86669390", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9817b738dfbec3d596b9983610a14f451a867b23" + }, + { + "algorithm": "SHA256", + "checksumValue": "8dc95e254c6738d503cf1f0c3fab56487abd49f698a2e5162ed3bba96ae68df7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/info/find.info-1.gz", + "SPDXID": "SPDXRef-File-usr-share-info-find.info-1.gz-6bec087ae55f3170", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bb300f7bd6b8639a267fdf929a756d05573d69e0" + }, + { + "algorithm": "SHA256", + "checksumValue": "9ae179d3eaef0c964b41e1d3e95e6344ebcab7a4f7b7675dfebd3d4ecca68d74" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/info/find.info-2.gz", + "SPDXID": "SPDXRef-File-usr-share-info-find.info-2.gz-4268922d65c4bac2", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "429f52495b0342e778e8b35ccb6370c7b992f6c1" + }, + { + "algorithm": "SHA256", + "checksumValue": "1b8c04a2ddf3b03109a456ba1dee8f26fb602cd585909c92e2d4eadbc6cda6a3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/info/find.info.gz", + "SPDXID": "SPDXRef-File-usr-share-info-find.info.gz-6643a17eada4fe22", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "89deaff5b52a4f5fec879ad68029031a2e927c02" + }, + { + "algorithm": "SHA256", + "checksumValue": "f26a4f7adfe744f46e95c33091593158566156021dbe08f3c30472de32d3703d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/info/nettle.info.gz", + "SPDXID": "SPDXRef-File-usr-share-info-nettle.info.gz-04915934a2e73e28", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c7e25c4af62bb0c9cf14ed5acb9232aa446bb618" + }, + { + "algorithm": "SHA256", + "checksumValue": "fc2a6c6468b27431d68e356f7ed60af36ca75dbf4cbc5cf965e832a927f7ada4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/libgpg-error/errorref.txt", + "SPDXID": "SPDXRef-File-usr-share-libgpg-error-errorref.txt-0022cc837623aa93", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "297b1d47f27ecf5f2b4b625984bf85b85781c103" + }, + { + "algorithm": "SHA256", + "checksumValue": "feddde721e0488a9ea06eed9d12628ed156ca7645fcbc50f6405f16d858ef908" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/alternatives/COPYING", + "SPDXID": "SPDXRef-File-...share-licenses-alternatives-COPYING-6a9d7cb03432b94a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/audit-libs/lgpl-2.1.txt", + "SPDXID": "SPDXRef-File-...share-licenses-audit-libs-lgpl-2.1.txt-e3582f67f8651df5", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/licenses/bash/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-bash-COPYING-181d870990e0b987", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/bzip2-libs/LICENSE", + "SPDXID": "SPDXRef-File-usr-share-licenses-bzip2-libs-LICENSE-334ab95186904be9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ddf157bc55ed6dec9541e4af796294d666cd0926" + }, + { + "algorithm": "SHA256", + "checksumValue": "c6dbbf828498be844a89eaa3b84adbab3199e342eb5cb2ed2f0d4ba7ec0f38a3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/coreutils-single/COPYING", + "SPDXID": "SPDXRef-File-...licenses-coreutils-single-COPYING-83a5e806ca6828ee", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "algorithm": "SHA256", + "checksumValue": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/crypto-policies/COPYING.LESSER", + "SPDXID": "SPDXRef-File-...crypto-policies-COPYING.LESSER-b34e1538c9281ef1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "545f380fb332eb41236596500913ff8d582e3ead" + }, + { + "algorithm": "SHA256", + "checksumValue": "6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/licenses/cyrus-sasl-lib/COPYING", + "SPDXID": "SPDXRef-File-...share-licenses-cyrus-sasl-lib-COPYING-524d8032f81017af", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "86af2c4321b2d4b4f092b31fd897444a701c0085" + }, + { + "algorithm": "SHA256", + "checksumValue": "9d6e5d1632140a6c135b251260953650d17d87cd1124f87aaf72192aa4580d4b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/dejavu-sans-fonts/LICENSE", + "SPDXID": "SPDXRef-File-...licenses-dejavu-sans-fonts-LICENSE-82c2c4328ac0b8d1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2cba132501cc69b943061ac075153ad475c7e72a" + }, + { + "algorithm": "SHA256", + "checksumValue": "7a083b136e64d064794c3419751e5c7dd10d2f64c108fe5ba161eae5e5958a93" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/dnf/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-dnf-COPYING-5cc4a51ee7c8655e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/dnf/PACKAGE-LICENSING", + "SPDXID": "SPDXRef-File-...share-licenses-dnf-PACKAGE-LICENSING-dc88753ee1f91b36", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0445a12ba82a08be59bde464a61176dca779d9d4" + }, + { + "algorithm": "SHA256", + "checksumValue": "c06f0c7eb611c6d77892bd02832dcae01c9fac292ccd55d205924388e178a35c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/file-libs/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-file-libs-COPYING-cb8e98a52ae7350a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9f5bf317af31a6dac50b5f5504aa63b59d05442c" + }, + { + "algorithm": "SHA256", + "checksumValue": "0bfa856a9930bddadbef95d1be1cf4e163c0be618e76ea3275caaf255283e274" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/findutils/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-findutils-COPYING-23ce7a6f5cc39317", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "algorithm": "SHA256", + "checksumValue": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/licenses/gawk/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-gawk-COPYING-cc34ed57e626e93f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gawk/LICENSE.BSD", + "SPDXID": "SPDXRef-File-usr-share-licenses-gawk-LICENSE.BSD-c9e4b809beaa97bd", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f6e5b0b0e8a21707c3c149e15189e9d9d073e6e9" + }, + { + "algorithm": "SHA256", + "checksumValue": "fea62a56afb45d77d33fd57599d5936d01bdda60d738e869df795a7392b1b320" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gawk/LICENSE.GPLv2", + "SPDXID": "SPDXRef-File-usr-share-licenses-gawk-LICENSE.GPLv2-9a3472e293b9bde1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gawk/LICENSE.LGPLv2", + "SPDXID": "SPDXRef-File-usr-share-licenses-gawk-LICENSE.LGPLv2-eb8d2881557e6d12", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gdbm-libs/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-gdbm-libs-COPYING-c85e4b9dfd628442", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "70e64fe9090c157e441681779e0f31aad34f35cb" + }, + { + "algorithm": "SHA256", + "checksumValue": "690d762f2e8e149ab1e2d6a409a3853b6151a2533b2382fae549a176d6bedecf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/glib2/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-glib2-COPYING-34f393bc80919207", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/glibc/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-glibc-COPYING-4c3362aa50faa23f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/glibc/COPYING.LIB", + "SPDXID": "SPDXRef-File-usr-share-licenses-glibc-COPYING.LIB-0c6263baa58699ee", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/glibc/LICENSES", + "SPDXID": "SPDXRef-File-usr-share-licenses-glibc-LICENSES-6e267a1855234be9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7a61ff17323319d01ed2cae913a5febc968d29f3" + }, + { + "algorithm": "SHA256", + "checksumValue": "b33d0bd9f685b46853548814893a6135e74430d12f6d94ab3eba42fc591f83bc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gmp/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-gmp-COPYING-4d97ae3ae35a9c5a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gmp/COPYING.LESSERv3", + "SPDXID": "SPDXRef-File-...share-licenses-gmp-COPYING.LESSERv3-6eabae886edadff7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e7d563f52bf5295e6dba1d67ac23e9f6a160fab9" + }, + { + "algorithm": "SHA256", + "checksumValue": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gmp/COPYINGv2", + "SPDXID": "SPDXRef-File-usr-share-licenses-gmp-COPYINGv2-f92ef671d1cffb18", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gmp/COPYINGv3", + "SPDXID": "SPDXRef-File-usr-share-licenses-gmp-COPYINGv3-f8649341444163e6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e88f6aea9379eb98a7bbea965fc7127a64b41ad9" + }, + { + "algorithm": "SHA256", + "checksumValue": "e6037104443f9a7829b2aa7c5370d0789a7bda3ca65a0b904cdc0c2e285d9195" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gnupg2/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-gnupg2-COPYING-227900176c400f3a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4bc05f7560e1e3ced08b71c93f10abe9e702c3ee" + }, + { + "algorithm": "SHA256", + "checksumValue": "bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gnutls/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-gnutls-COPYING-bcaf00ba173110fe", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "algorithm": "SHA256", + "checksumValue": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gnutls/COPYING.LESSER", + "SPDXID": "SPDXRef-File-...share-licenses-gnutls-COPYING.LESSER-d68d8112761d584e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gnutls/LICENSE", + "SPDXID": "SPDXRef-File-usr-share-licenses-gnutls-LICENSE-d0738c4e72c4921b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1f511bc8132f3904e090af21d25ef3453314b910" + }, + { + "algorithm": "SHA256", + "checksumValue": "3e043d77917e48e262301b8f880812fcd82236482630a421d555a38804eee643" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gobject-introspection/COPYING", + "SPDXID": "SPDXRef-File-...licenses-gobject-introspection-COPYING-21aedef33c6a13c9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "80fe7119545c554233bbac373a7d8b0104e45cd1" + }, + { + "algorithm": "SHA256", + "checksumValue": "1b3275b028bcaa77e4580a302ae80473abb97139b84a0e48618be34cd65f8aaa" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gobject-introspection/COPYING.GPL", + "SPDXID": "SPDXRef-File-...gobject-introspection-COPYING.GPL-a9674222eadcd7f2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dfac199a7539a404407098a2541b9482279f690d" + }, + { + "algorithm": "SHA256", + "checksumValue": "32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gobject-introspection/COPYING.LGPL", + "SPDXID": "SPDXRef-File-...gobject-introspection-COPYING.LGPL-c5fd943acd121228", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bf50bac24e7ec325dbb09c6b6c4dcc88a7d79e8f" + }, + { + "algorithm": "SHA256", + "checksumValue": "d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gpgme/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-gpgme-COPYING-c80a36e5dd926d46", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dfac199a7539a404407098a2541b9482279f690d" + }, + { + "algorithm": "SHA256", + "checksumValue": "32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gpgme/COPYING.LESSER", + "SPDXID": "SPDXRef-File-...share-licenses-gpgme-COPYING.LESSER-d615f7deb40d8890", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0bf81afbc585fd8fa3a9267d33498831f5a5c9c2" + }, + { + "algorithm": "SHA256", + "checksumValue": "ca0061fc1381a3ab242310e4b3f56389f28e3d460eb2fd822ed7a21c6f030532" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/gpgme/LICENSES", + "SPDXID": "SPDXRef-File-usr-share-licenses-gpgme-LICENSES-87ae451c23a5ef8a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7f6d7039cb982a2acec77a9d337942283a3875a0" + }, + { + "algorithm": "SHA256", + "checksumValue": "950fbc07a2b8e34514936ad591544e6857b8e68079c92b78b5f8e997f415208a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/grep/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-grep-COPYING-6dba54af8c7facae", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "algorithm": "SHA256", + "checksumValue": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/json-c/AUTHORS", + "SPDXID": "SPDXRef-File-usr-share-licenses-json-c-AUTHORS-867f228cd495980e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "939188993bbdabcd7bcdabedd1728ae6c474cffd" + }, + { + "algorithm": "SHA256", + "checksumValue": "d9efaaada6d8c2d533cfabaf29bcf27dd987a53166b7e1d447cb2656f47b49ea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/json-c/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-json-c-COPYING-8a3cb5a87d8b3cc3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0cd23537e3c32497c7b87157b36f9d2eb5fca64b" + }, + { + "algorithm": "SHA256", + "checksumValue": "74c1e6ca5eba76b54d0ad00d4815c8315c1b3bc45ff99de61d103dc92486284c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/json-glib/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-json-glib-COPYING-d6e3aa97877dce2f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e60c2e780886f95df9c9ee36992b8edabec00bcc" + }, + { + "algorithm": "SHA256", + "checksumValue": "a190dc9c8043755d90f8b0a75fa66b9e42d4af4c980bf5ddc633f0124db3cee7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/keyutils-libs/LICENCE.LGPL", + "SPDXID": "SPDXRef-File-...licenses-keyutils-libs-LICENCE.LGPL-58e69df7e0409835", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1c39e1d1004475e1237555e21dc8e0a3b70d3ff1" + }, + { + "algorithm": "SHA256", + "checksumValue": "0d15593e3a8ad90917f8509b5ac1e4b5e5d196434a68029aa9dc0858a4a4c521" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/krb5-libs/LICENSE", + "SPDXID": "SPDXRef-File-usr-share-licenses-krb5-libs-LICENSE-f11be3044d82d8b0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "63254f2d180b67ee59eeaf23bbe986c939888482" + }, + { + "algorithm": "SHA256", + "checksumValue": "0d5373486138cb176c063db98274b4c4ab6ef3518c4191360736384b780306c2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libarchive/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libarchive-COPYING-43476dfef7297d78", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "90ba482db24552fe26fffe459bbc350224a79b3a" + }, + { + "algorithm": "SHA256", + "checksumValue": "b2cdf763345de2de34cebf54394df3c61a105c3b71288603c251f2fa638200ba" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libassuan/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libassuan-COPYING-97780ed7a4226be7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "842745cb706f8f2126506f544492f7a80dbe29b3" + }, + { + "algorithm": "SHA256", + "checksumValue": "fc82ca8b6fdb18d4e3e85cfd8ab58d1bcd3f1b29abe782895abd91d64763f8e7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libassuan/COPYING.LIB", + "SPDXID": "SPDXRef-File-...share-licenses-libassuan-COPYING.LIB-177ad30b4dd8175d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9a1929f4700d2407c70b507b3b2aaf6226a9543c" + }, + { + "algorithm": "SHA256", + "checksumValue": "a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libcap-ng/COPYING.LIB", + "SPDXID": "SPDXRef-File-...share-licenses-libcap-ng-COPYING.LIB-98fcd3e601d40fd1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3ac522f07da0f346b37b29cd73a60f79e992ffba" + }, + { + "algorithm": "SHA256", + "checksumValue": "f18a0811fa0e220ccbc42f661545e77f0388631e209585ed582a1c693029c6aa" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libcap/License", + "SPDXID": "SPDXRef-File-usr-share-licenses-libcap-License-1cb31a5be70c0358", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1f65128ca2bb6715d81ca6c60f997c997d0ac69e" + }, + { + "algorithm": "SHA256", + "checksumValue": "088cabde4662b4121258d298b0b2967bc1abffa134457ed9bc4a359685ab92bc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libcom_err/NOTICE", + "SPDXID": "SPDXRef-File-usr-share-licenses-libcom-err-NOTICE-96396d4d262bdabc", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e7b0a43ab2f7a589ca3bf497fe86e52b15502355" + }, + { + "algorithm": "SHA256", + "checksumValue": "5da5ef153e559c1d990d4c3eedbedd4442db892d37eae1f35fff069de8ec9020" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libcurl-minimal/COPYING", + "SPDXID": "SPDXRef-File-...share-licenses-libcurl-minimal-COPYING-b0fa0980073d1886", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "73bcd04aed1c45b611fd34aaa29e72069a49049b" + }, + { + "algorithm": "SHA256", + "checksumValue": "6fd1a1c008b5ef4c4741dd188c3f8af6944c14c25afa881eb064f98fb98358e7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libdnf/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libdnf-COPYING-b8f10c1a6f677c7e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libevent/LICENSE", + "SPDXID": "SPDXRef-File-usr-share-licenses-libevent-LICENSE-9b1fc29507f6153b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0f375374b877550ade2e001905a1f9c9b7128714" + }, + { + "algorithm": "SHA256", + "checksumValue": "ff02effc9b331edcdac387d198691bfa3e575e7d244ad10cb826aa51ef085670" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libffi/LICENSE", + "SPDXID": "SPDXRef-File-usr-share-licenses-libffi-LICENSE-1961bfa9d1198d5b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bda021b14478d294f531de3766f201960a0bf274" + }, + { + "algorithm": "SHA256", + "checksumValue": "a61d06e8f7be57928e71e800eb9273b05cb8868c484108afe41e4305bb320dde" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libgcc/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libgcc-COPYING-ce9138e160be5543", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "68c94ffc34f8ad2d7bfae3f5a6b996409211c1b1" + }, + { + "algorithm": "SHA256", + "checksumValue": "231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libgcc/COPYING.LIB", + "SPDXID": "SPDXRef-File-usr-share-licenses-libgcc-COPYING.LIB-b82a899b41957e3f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "597bf5f9c0904bd6c48ac3a3527685818d11246d" + }, + { + "algorithm": "SHA256", + "checksumValue": "32434afcc8666ba060e111d715bfdb6c2d5dd8a35fa4d3ab8ad67d8f850d2f2b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libgcc/COPYING.RUNTIME", + "SPDXID": "SPDXRef-File-...share-licenses-libgcc-COPYING.RUNTIME-f374ebc3b3ace9d7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c0ad296b24f96e7c77ce564cad2fa1a4f76024d8" + }, + { + "algorithm": "SHA256", + "checksumValue": "9d6b43ce4d8de0c878bf16b54d8e7a10d9bd42b75178153e3af6a815bdc90f74" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libgcc/COPYING3", + "SPDXID": "SPDXRef-File-usr-share-licenses-libgcc-COPYING3-d57ed1f4490e2301", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libgcc/COPYING3.LIB", + "SPDXID": "SPDXRef-File-usr-share-licenses-libgcc-COPYING3.LIB-220d69e3f8293bbd", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e7d563f52bf5295e6dba1d67ac23e9f6a160fab9" + }, + { + "algorithm": "SHA256", + "checksumValue": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libgcrypt/COPYING.LIB", + "SPDXID": "SPDXRef-File-...share-licenses-libgcrypt-COPYING.LIB-afa1339ce3d11f25", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0bf81afbc585fd8fa3a9267d33498831f5a5c9c2" + }, + { + "algorithm": "SHA256", + "checksumValue": "ca0061fc1381a3ab242310e4b3f56389f28e3d460eb2fd822ed7a21c6f030532" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libgpg-error/COPYING", + "SPDXID": "SPDXRef-File-...share-licenses-libgpg-error-COPYING-cc8e1d8350367ddf", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "68c94ffc34f8ad2d7bfae3f5a6b996409211c1b1" + }, + { + "algorithm": "SHA256", + "checksumValue": "231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libgpg-error/COPYING.LIB", + "SPDXID": "SPDXRef-File-...licenses-libgpg-error-COPYING.LIB-14d8cebc04906f0a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9a1929f4700d2407c70b507b3b2aaf6226a9543c" + }, + { + "algorithm": "SHA256", + "checksumValue": "a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libidn2/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libidn2-COPYING-b8438551fa0dad99", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f134eeebdc065e961a7935729cd6fd8fee3a50f2" + }, + { + "algorithm": "SHA256", + "checksumValue": "73483f797a83373fca1b968c11785b98c4fc4803cdc7d3210811ca8b075d6d76" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libidn2/COPYING.LESSERv3", + "SPDXID": "SPDXRef-File-...licenses-libidn2-COPYING.LESSERv3-8394e4bdb23fc3ec", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f45ee1c765646813b442ca58de72e20a64a7ddba" + }, + { + "algorithm": "SHA256", + "checksumValue": "da7eabb7bafdf7d3ae5e9f223aa5bdc1eece45ac569dc21b3b037520b4464768" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libidn2/COPYING.unicode", + "SPDXID": "SPDXRef-File-...share-licenses-libidn2-COPYING.unicode-9216d49d4ce2eff9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "33ad3570b2dc646e18e97171233bfceda6f7f088" + }, + { + "algorithm": "SHA256", + "checksumValue": "01d621eef165cf4d3d3dbb737aa0699178d94c6f18cf87e9dde6db3ca7790f46" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libidn2/COPYINGv2", + "SPDXID": "SPDXRef-File-usr-share-licenses-libidn2-COPYINGv2-1d089c70e8b5b492", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libksba/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libksba-COPYING-ab7413a242ae644a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "767d6751e4be6cc860d77a9a8229faae2f25b8cf" + }, + { + "algorithm": "SHA256", + "checksumValue": "6197b98c6bf69838c624809c509d84333de1bc847155168c0e84527446a27076" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libksba/COPYING.GPLv2", + "SPDXID": "SPDXRef-File-...share-licenses-libksba-COPYING.GPLv2-025702a1e5b63e69", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libksba/COPYING.GPLv3", + "SPDXID": "SPDXRef-File-...share-licenses-libksba-COPYING.GPLv3-50368cb4892a7855", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e31db874e5b375f0592b02e3e450c9e94086e661" + }, + { + "algorithm": "SHA256", + "checksumValue": "0abbff814cd00e2b0b6d08395af2b419c1a92026c4b4adacbb65ccda45fa58cf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libksba/COPYING.LGPLv3", + "SPDXID": "SPDXRef-File-...share-licenses-libksba-COPYING.LGPLv3-1e41d52c1fd496c7", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f45ee1c765646813b442ca58de72e20a64a7ddba" + }, + { + "algorithm": "SHA256", + "checksumValue": "da7eabb7bafdf7d3ae5e9f223aa5bdc1eece45ac569dc21b3b037520b4464768" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libmodulemd/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libmodulemd-COPYING-df99bd0ce5d10c31", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "df8b6951986b90ed530a771fd3419725f7eaa4fb" + }, + { + "algorithm": "SHA256", + "checksumValue": "40afccd95484d483800c17dd18a734518ba36e832841579a1f21dc94fb73bbdf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libmount/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libmount-COPYING-b5f96c6e00d259b3", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "66319e97eda8747087e9c5292f31c8bc5153c3c8" + }, + { + "algorithm": "SHA256", + "checksumValue": "5f12c2408a84be40fbff8ad7e281aa4e884fb92ee3f9a61aedf886a9503d3500" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libmount/COPYING.LGPL-2.1-or-later", + "SPDXID": "SPDXRef-File-...libmount-COPYING.LGPL-2.1-or-later-ebf52dcf4e87c111", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libnghttp2/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libnghttp2-COPYING-1848dc41d7411a55", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7f6f3c0c08925232459e499d66231cb5da01d811" + }, + { + "algorithm": "SHA256", + "checksumValue": "6b94f3abc1aabd0c72a7c7d92a77f79dda7c8a0cb3df839a97890b4116a2de2a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libpeas/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libpeas-COPYING-8238f8f0844d48b1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3704f4680301a60004b20f94e0b5b8c7ff1484a9" + }, + { + "algorithm": "SHA256", + "checksumValue": "592987e8510228d546540b84a22444bde98e48d03078d3b2eefcd889bec5ce8c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/librepo/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-librepo-COPYING-bc06f97c1cdad90e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/librhsm/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-librhsm-COPYING-4fa97c5130dd81dc", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libselinux/LICENSE", + "SPDXID": "SPDXRef-File-usr-share-licenses-libselinux-LICENSE-f41eeeb12e786c07", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16900937e2ec3e0e96dee637f81ad8ef9265605f" + }, + { + "algorithm": "SHA256", + "checksumValue": "86657b4c0fe868d7cbd977cb04c63b6c667e08fa51595a7bc846ad4bed8fc364" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libsemanage/LICENSE", + "SPDXID": "SPDXRef-File-usr-share-licenses-libsemanage-LICENSE-ba5945950e24531a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "545f380fb332eb41236596500913ff8d582e3ead" + }, + { + "algorithm": "SHA256", + "checksumValue": "6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libsepol/LICENSE", + "SPDXID": "SPDXRef-File-usr-share-licenses-libsepol-LICENSE-de37ebc778a4b974", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "545f380fb332eb41236596500913ff8d582e3ead" + }, + { + "algorithm": "SHA256", + "checksumValue": "6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libsigsegv/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libsigsegv-COPYING-8c8375028cffb497", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c481619eb74665fe9da7bef63c644e302c904459" + }, + { + "algorithm": "SHA256", + "checksumValue": "8f2983e9a940367f48999881c14775db725ee643bce1e2f1ba195eb629a33cde" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libsmartcols/COPYING", + "SPDXID": "SPDXRef-File-...share-licenses-libsmartcols-COPYING-3c0ea2891a5411af", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "93e45afdb0d7c3fdd6dfcc951b8a3421660f2811" + }, + { + "algorithm": "SHA256", + "checksumValue": "f03b01c1251bc3bfee959aea99ed7906a0b08a2ff132d55a1ece18ee573a52a1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libsmartcols/COPYING.LGPL-2.1-or-later", + "SPDXID": "SPDXRef-File-...libsmartcols-COPYING.LGPL-2.1-or-later-1bc7f120ce61e78d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libsolv/LICENSE.BSD", + "SPDXID": "SPDXRef-File-usr-share-licenses-libsolv-LICENSE.BSD-49c83cbafb892a3c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b965854f0ddcbff41631dee1f018ba72e2f248ff" + }, + { + "algorithm": "SHA256", + "checksumValue": "57f15acfb29fbef7749779e096a5885c60b716633e34484a21bb717554c0198f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libtasn1/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libtasn1-COPYING-88e2e21ed60c85a1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libtasn1/COPYING.LESSER", + "SPDXID": "SPDXRef-File-...share-licenses-libtasn1-COPYING.LESSER-14d6b8c8ff89b95e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libtasn1/LICENSE", + "SPDXID": "SPDXRef-File-usr-share-licenses-libtasn1-LICENSE-d00550d0a2acf914", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "42d6b117e9e1eee10eb77f99b640d1667417b19e" + }, + { + "algorithm": "SHA256", + "checksumValue": "7446831f659f7ebfd8d497acc7f05dfa8e31c6cb6ba1b45df33d4895ab80f5a6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libtool-ltdl/COPYING.LIB", + "SPDXID": "SPDXRef-File-...licenses-libtool-ltdl-COPYING.LIB-02b5faaa0d20cf40", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/licenses/libunistring/COPYING", + "SPDXID": "SPDXRef-File-...share-licenses-libunistring-COPYING-d43cff324ed877ee", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libunistring/COPYING.LIB", + "SPDXID": "SPDXRef-File-...licenses-libunistring-COPYING.LIB-bf3b33b89a3fbb84", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e7d563f52bf5295e6dba1d67ac23e9f6a160fab9" + }, + { + "algorithm": "SHA256", + "checksumValue": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libusbx/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libusbx-COPYING-fd14e35ef9e39d9a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "caeb68c46fa36651acf592771d09de7937926bb3" + }, + { + "algorithm": "SHA256", + "checksumValue": "5df07007198989c622f5d41de8d703e7bef3d0e79d62e24332ee739a452af62a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libuuid/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libuuid-COPYING-d57093f10f5ee2d8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0f9bab778ad683b9046a4c2a69e12fcc1e0144e1" + }, + { + "algorithm": "SHA256", + "checksumValue": "5068749ee9c2f2c545af4a4de9fde3c39dc8d90af47cc0b3a42700116f9b7e71" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libuuid/COPYING.BSD-3-Clause", + "SPDXID": "SPDXRef-File-...licenses-libuuid-COPYING.BSD-3-Clause-5788a17f6149e070", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e5c9f3867b9251dcd2d97a4d1dffaa38afe6625d" + }, + { + "algorithm": "SHA256", + "checksumValue": "9b718a9460fed5952466421235bc79eb49d4e9eacc920d7a9dd6285ab8fd6c6d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libverto/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libverto-COPYING-6bd46b35ec7e0e19", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4178c9d72828ce9f35fa1e7e6756d66ced8caef3" + }, + { + "algorithm": "SHA256", + "checksumValue": "ee2f49235ed5947ace182dcb3aba92655aeafab4f3a33c98a9c6d75a6a238480" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libxcrypt/AUTHORS", + "SPDXID": "SPDXRef-File-usr-share-licenses-libxcrypt-AUTHORS-0b17479f01b63ffd", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a8337508003a9e67120868b03893f75b57287d35" + }, + { + "algorithm": "SHA256", + "checksumValue": "6d1e45c055b6d9e9bf4e9521419eb3dee4ca42a02dd4d824beaaad476dacfdca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libxcrypt/COPYING.LIB", + "SPDXID": "SPDXRef-File-...share-licenses-libxcrypt-COPYING.LIB-1f2e76756034330a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libxcrypt/LICENSING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libxcrypt-LICENSING-64898a35c1ce7274", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0ad959fc0079aa1dd3ec87113680c7fce48f19f9" + }, + { + "algorithm": "SHA256", + "checksumValue": "f8198fcc4f002bf54512bac2e68e1e3f04af7d105f4f4f98d7d22cb110e04715" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libxml2/Copyright", + "SPDXID": "SPDXRef-File-usr-share-licenses-libxml2-Copyright-a568d61394aed97b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3c21506a45e8d0171fc92fd4ff6903c13adde660" + }, + { + "algorithm": "SHA256", + "checksumValue": "c5c63674f8a83c4d2e385d96d1c670a03cb871ba2927755467017317878574bd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libyaml/License", + "SPDXID": "SPDXRef-File-usr-share-licenses-libyaml-License-05062048799b19bf", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e99e74d048726c39136dc992f1fb5998972e3b4e" + }, + { + "algorithm": "SHA256", + "checksumValue": "c40112449f254b9753045925248313e9270efa36d226b22d82d4cc6c43c57f29" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/libzstd/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-libzstd-COPYING-4ddb6a5846d7bb35", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1d8c93712cbc9117a9e55a7ff86cebd066c8bfd8" + }, + { + "algorithm": "SHA256", + "checksumValue": "f9c375a1be4a41f7b70301dd83c91cb89e41567478859b77eef375a52d782505" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/licenses/libzstd/LICENSE", + "SPDXID": "SPDXRef-File-usr-share-licenses-libzstd-LICENSE-69c16800ed95c329", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d5e630eee1d3500039f2e16bed21d0f0cd580994" + }, + { + "algorithm": "SHA256", + "checksumValue": "7055266497633c9025b777c78eb7235af13922117480ed5c674677adc381c9d8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/licenses/microdnf/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-microdnf-COPYING-282764f7cd534318", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/mpfr/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-mpfr-COPYING-929c01b4e14e02b9", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "algorithm": "SHA256", + "checksumValue": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/mpfr/COPYING.LESSER", + "SPDXID": "SPDXRef-File-usr-share-licenses-mpfr-COPYING.LESSER-3159c5c8e6dbee23", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a8a12e6867d7ee39c21d9b11a984066099b6fb6b" + }, + { + "algorithm": "SHA256", + "checksumValue": "e3a994d82e644b03a792a930f574002658412f62407f5fee083f2555c5f23118" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/ncurses-base/COPYING", + "SPDXID": "SPDXRef-File-...share-licenses-ncurses-base-COPYING-5b03fcebec1ce207", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6fa46ec6c9af4633d29bdc2bf91e56c93c6431e3" + }, + { + "algorithm": "SHA256", + "checksumValue": "87a4c4442337b8968ef956031c406b74f9cb7149b7ba87311bdaba534816201c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/nettle/COPYING.LESSERv3", + "SPDXID": "SPDXRef-File-...share-licenses-nettle-COPYING.LESSERv3-4614cea04c46ab52", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e7d563f52bf5295e6dba1d67ac23e9f6a160fab9" + }, + { + "algorithm": "SHA256", + "checksumValue": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/licenses/nettle/COPYINGv2", + "SPDXID": "SPDXRef-File-usr-share-licenses-nettle-COPYINGv2-72c25efc2e6e63cc", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/licenses/npth/COPYING.LIB", + "SPDXID": "SPDXRef-File-usr-share-licenses-npth-COPYING.LIB-ee2836613968619b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2c378b484c6da96db8f05f9bd795fcf5ddad0205" + }, + { + "algorithm": "SHA256", + "checksumValue": "ce64d5f7b49ea6d80fdb6d4cdee6839d1a94274f7493dc797c3b55b65ec8e9ed" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/openldap/COPYRIGHT", + "SPDXID": "SPDXRef-File-usr-share-licenses-openldap-COPYRIGHT-f31ba919b023de20", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c233045b5d94079ca390f8c0119c09f17953b673" + }, + { + "algorithm": "SHA256", + "checksumValue": "128ecc86259c874aee293aa67409932d7eeb38f3fad07805c8f275c3a5af5c08" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/licenses/openldap/LICENSE", + "SPDXID": "SPDXRef-File-usr-share-licenses-openldap-LICENSE-a3d4d44688c63b2c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bc06cbdf781c87d2df2fe385214f936d010dd2a2" + }, + { + "algorithm": "SHA256", + "checksumValue": "310fe25c858a9515fc8c8d7d1f24a67c9496f84a91e0a0e41ea9975b1371e569" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/licenses/openssl-libs/LICENSE.txt", + "SPDXID": "SPDXRef-File-...licenses-openssl-libs-LICENSE.txt-8e5de5fe02f24a18", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c5c8a68f4b80929b3e66f054f37bb9e16078847f" + }, + { + "algorithm": "SHA256", + "checksumValue": "7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/licenses/openssl/LICENSE.txt", + "SPDXID": "SPDXRef-File-usr-share-licenses-openssl-LICENSE.txt-799e684ab92fe053", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c5c8a68f4b80929b3e66f054f37bb9e16078847f" + }, + { + "algorithm": "SHA256", + "checksumValue": "7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/licenses/p11-kit/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-p11-kit-COPYING-99f0b08099ad078a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6745330da3e7bde244b20b96a42eae659644e731" + }, + { + "algorithm": "SHA256", + "checksumValue": "2e1ba993904df807a10c3eda1e5c272338edc35674b679773a8b3ad460731054" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/pcre/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-pcre-COPYING-86721dcc9a419b3e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "495a1e12b07adcc0ff0eb6fad218539bb9fc805d" + }, + { + "algorithm": "SHA256", + "checksumValue": "17abe1dbb92b21ab173cf9757dd57b0b15cd8d863b2ccdef635fdbef03077fb0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/pcre/LICENCE", + "SPDXID": "SPDXRef-File-usr-share-licenses-pcre-LICENCE-a0aff6935cc99500", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "11ff082389982b8168263850db69199065f2028d" + }, + { + "algorithm": "SHA256", + "checksumValue": "0dd9c13864dbb9ee4d77a1557e96be29b2d719fb6584192ee36611aae264c4a3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/pcre2-syntax/COPYING", + "SPDXID": "SPDXRef-File-...share-licenses-pcre2-syntax-COPYING-058a5272ca28051a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "13294eaa0d7dc726a2fa73eef7a4a140cd9630f4" + }, + { + "algorithm": "SHA256", + "checksumValue": "99272c55f3dcfa07a8a7e15a5c1a33096e4727de74241d65fa049fccfdd59507" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/pcre2-syntax/LICENCE", + "SPDXID": "SPDXRef-File-...share-licenses-pcre2-syntax-LICENCE-95b49113891e48c8", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1e8d975c810890664d6ed3700fa41e135563bda6" + }, + { + "algorithm": "SHA256", + "checksumValue": "87d884eceb7fc54611470ce9f74280d28612b0c877adfc767e9676892a638987" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/popt/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-popt-COPYING-f36b0135a6b24d42", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "61bb7a8ea669080cfc9e7dbf37079eae70b535fb" + }, + { + "algorithm": "SHA256", + "checksumValue": "518d4f2a05064cb9a8ec0ea02e86408af4feed6916f78ef42171465db8b383c5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/readline/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-readline-COPYING-877484d5d72064a0", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/readline/USAGE", + "SPDXID": "SPDXRef-File-usr-share-licenses-readline-USAGE-5a61db40e1e1ecca", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "246e63b4576f6b9d3d78dcc61552641fe6316cc4" + }, + { + "algorithm": "SHA256", + "checksumValue": "0759c74d61889b687f33cb03899630d8ecc09c5ebe7cedd2dd2e17eeef193f93" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/rpm/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-rpm-COPYING-78dfd94ad0b5da76", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "588760a9f446cebfc4b61485cd09cd768908337f" + }, + { + "algorithm": "SHA256", + "checksumValue": "171d94d9f1641316bff7f157a903237dc69cdb5fca405fed8c832c76ed8370f9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/sed/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-sed-COPYING-9d448763622f504d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0dd432edfab90223f22e49c02e2124f87d6f0a56" + }, + { + "algorithm": "SHA256", + "checksumValue": "e79e9c8a0c85d735ff98185918ec94ed7d175efc377012787aebcf3b80f0d90b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/setup/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-setup-COPYING-5b9e86a686ed2319", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "205c331ae337b00f56204126f4e3195adba32c7b" + }, + { + "algorithm": "SHA256", + "checksumValue": "628095e1ef656bbe9034cf5bfa3c220880a16cd0ceea25b17cd2198ea3503e03" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/shadow-utils/gpl-2.0.txt", + "SPDXID": "SPDXRef-File-...licenses-shadow-utils-gpl-2.0.txt-8dd999a0604f6b53", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/licenses/shadow-utils/shadow-bsd.txt", + "SPDXID": "SPDXRef-File-...licenses-shadow-utils-shadow-bsd.txt-99084efb9a55b6ee", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fdca9412e2b33de67f5052f0a9bb184813495222" + }, + { + "algorithm": "SHA256", + "checksumValue": "f062266d929e3157924e7a48dd77d8852b246d911ae382b1c06a0b35a724ac3b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/licenses/systemd/LICENSE.LGPL2.1", + "SPDXID": "SPDXRef-File-...share-licenses-systemd-LICENSE.LGPL2.1-f94fae61ddaf4f6c", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/tzdata/LICENSE", + "SPDXID": "SPDXRef-File-usr-share-licenses-tzdata-LICENSE-4000effc7cb0f74d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7067a61d3f4dae438636a8b29e41948fccb16a26" + }, + { + "algorithm": "SHA256", + "checksumValue": "0613408568889f5739e5ae252b722a2659c02002839ad970a63dc5e9174b27cf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/licenses/xz-libs/COPYING", + "SPDXID": "SPDXRef-File-usr-share-licenses-xz-libs-COPYING-d1548084e38b4f04", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "66933e63e70616b43f1dc60340491f8e050eedfd" + }, + { + "algorithm": "SHA256", + "checksumValue": "bcb02973ef6e87ea73d331b3a80df7748407f17efdb784b61b47e0e610d3bb5c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/licenses/zlib/README", + "SPDXID": "SPDXRef-File-usr-share-licenses-zlib-README-c41400570a0ae433", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e1e1b075ae4ad6d628468e7dd40d9ec512ff9d10" + }, + { + "algorithm": "SHA256", + "checksumValue": "7960b6b1cc63e619abb77acaea5427159605afee8c8b362664f4effc7d7f7d15" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/locale/locale.alias", + "SPDXID": "SPDXRef-File-usr-share-locale-locale.alias-0162f52421956672", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c2d67b029449db667d732e86d319d4c4f3c9965c" + }, + { + "algorithm": "SHA256", + "checksumValue": "68020a80eea5366fbe60c2e812ebdebf4875a1b85a3f2f9dd4413306e41c796f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/capsh.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-capsh.1.gz-55feb480571762d8", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "be4654878c111e82681300b57130b73eab70078e" + }, + { + "algorithm": "SHA256", + "checksumValue": "3e489de2e396b085e2ee341e1f1ba702fab493e6c5706520c6629fcd2fd7beff" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/chage.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-chage.1.gz-de4502809ef1a91e", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c7ca80a98b3554c7095e1e6554a1773d51cadda8" + }, + { + "algorithm": "SHA256", + "checksumValue": "4779a5bd67b642e9820fef0afdb9d68a0215b5c1c124238a1676d28b5ad7b0f4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/curl.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-curl.1.gz-3c8b941fb8090d67", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "71eefda37d1f578599d7bd4d152e56d37945812c" + }, + { + "algorithm": "SHA256", + "checksumValue": "971a5b31c031a179ab49867163ff11628f08ba8c6f6d3c412029d6c36e9a22a8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/find.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-find.1.gz-edd5a8e8d4e5104f", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "193068ccb7833985b5d2088bb0bf4727561e83a2" + }, + { + "algorithm": "SHA256", + "checksumValue": "88483971a99b29e2bce2d0ea0ffa4d479faed6300f346e6f464c792fe7b7fe91" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/gapplication.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-gapplication.1.gz-9177b59dbe124c50", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "86a8d7d1da683711a57a2aef892dd5ba5e79b1b2" + }, + { + "algorithm": "SHA256", + "checksumValue": "0441a51f97dfcc2b7c116496c773440cddc47313c8f74f58b14519dbb3746321" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/gdbus.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-gdbus.1.gz-77cbc96976386886", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "99eed25719c0a5fcf89868c745cc86df28a14a68" + }, + { + "algorithm": "SHA256", + "checksumValue": "d68dfa1b41025de6dba8c6487bffefc75c8db056f0a2985ca8d4dc66559e374c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/gio-querymodules.1.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-gio-querymodules.1.gz-552d2c53a768d981", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4632fa55571e87179e30ecc242951f1d48aa2d7c" + }, + { + "algorithm": "SHA256", + "checksumValue": "fdf8e8e6db4513926f93afe56d6b840f9d44fa61b7013d31fb4fee8601ed33f9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/gio.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-gio.1.gz-47c400f5c24f856f", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bf5d168b07c5a0ea2f68408502aaa871e50c9128" + }, + { + "algorithm": "SHA256", + "checksumValue": "64f71d89f071221fdee2d4da39cb1a25a2d71289b3329bb11be00f01735897ab" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/glib-compile-schemas.1.gz", + "SPDXID": "SPDXRef-File-...man-man1-glib-compile-schemas.1.gz-887e3b3e646d1504", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9d6c74c94217a0513d268377e7830820068b906d" + }, + { + "algorithm": "SHA256", + "checksumValue": "7679553a5f28ac225617a53d42299a1857f0c44b065058f8cad05c668f333aa5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/gpasswd.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-gpasswd.1.gz-c71bfad7a3472fb5", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d3413f8edca34927b6c1e2f635d33c163cb43287" + }, + { + "algorithm": "SHA256", + "checksumValue": "c6cf714bd64d1569f6bc56b5eada580a84197e91b326bf6f8369c07a27ec0fba" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/gsettings.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-gsettings.1.gz-d74bc027ece3129e", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fe36c7cceece19be55c3f81c3d9446e69dac34d8" + }, + { + "algorithm": "SHA256", + "checksumValue": "884e964ba1b1e5b415339a7b9cea0557191cb78cdb5a0f1e443f40ddf2785db7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/newgidmap.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-newgidmap.1.gz-593678eff8e8e760", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "67ae7a562d9d0c6d531efab47d6a26153d10ea2c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8c80ee485dab2f8052b2749cf94bfc32231b66adbb8ead5c44384227533cdfd3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/newgrp.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-newgrp.1.gz-ce4cf1b303e1f5e7", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8e2e3d47af9c42fef42403df3e3534abce3c04c6" + }, + { + "algorithm": "SHA256", + "checksumValue": "500956b7fd739d4fcea7ba1c53ccf0a9e8f4cdf6d1828dec923690aaaaf3ec7c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/newuidmap.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-newuidmap.1.gz-eaaa7709f2e3bb87", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0c6beef93283d92c42db50e7dec3df853675237e" + }, + { + "algorithm": "SHA256", + "checksumValue": "ed8f0354f4a5b18a8a604877b87ce79eb006eb699a337ca64dcb7ab62593d91a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-asn1parse.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-asn1parse.1ossl.gz-e35276299485df38", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c88fc35c94a015ae2b9d7a1155c06d241f44cd5f" + }, + { + "algorithm": "SHA256", + "checksumValue": "a0ce52a56454788bb16f91438d1da5930a12cfb05f0d98ec8a478b1fd46f97f1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-ca.1ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-openssl-ca.1ossl.gz-17109a9d9fd0da32", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "67671f00e140aa5185abb041bb363a6365ad5d55" + }, + { + "algorithm": "SHA256", + "checksumValue": "ba2ec3503896097f38b550a5ba98d2f24de17c37ac37f07530f0c735892867fc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-ciphers.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-ciphers.1ossl.gz-9fa5deb8729f3821", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e2a3c64789ea92faf3cf6f9a5655b02de1045a51" + }, + { + "algorithm": "SHA256", + "checksumValue": "decbce1c3f5f5c92b1bb549e0b98d55becc3045e6feef229de85d06e670a6745" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-cmds.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-cmds.1ossl.gz-0908fd4fd5f4a818", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "58ddcab222d812e22b2a49a639933e8e61a1e91a" + }, + { + "algorithm": "SHA256", + "checksumValue": "13f16cfcc1bfaa56786364f493f0714698268d989c8fdf7fd95f29ad184b495b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-cmp.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-cmp.1ossl.gz-db2112de23468a3d", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d482c8bd6c7f483d2771340b5fea548767e680d5" + }, + { + "algorithm": "SHA256", + "checksumValue": "2f8ca4481eb39bc817ad6b4bf36bf24363cffaee2c1c8321d4d57ba9c6e7458f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-cms.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-cms.1ossl.gz-de726e601e08077c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f263df19782bc6dbf574d8dd1543117e5f10226c" + }, + { + "algorithm": "SHA256", + "checksumValue": "4194e79cbeb99d9fceb15e3de46cef1528ccae1df8f7862b55d6f089246f6c9c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-crl.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-crl.1ossl.gz-32b179d3dd5804a6", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5b7cc1ceeac5b12f8830d9d267673b9dd89df0bc" + }, + { + "algorithm": "SHA256", + "checksumValue": "fdd71e29cf0152ac836b6756758431043734ada293fdfdc804fa52cc0fa8e3aa" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-crl2pkcs7.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-crl2pkcs7.1ossl.gz-b0c8815f33b14bc9", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3821060aa4fb1516e3a0c113a1c3acae94a08cf7" + }, + { + "algorithm": "SHA256", + "checksumValue": "a4dbb658690bb84737bc4a92fb21509b4c57430b41edc8eed8d92e6c1fcf97c5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-dgst.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-dgst.1ossl.gz-67c6af8d96a64031", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bbb5b6cdc32ed4eb3a775af01a2f3e1d4f450ae5" + }, + { + "algorithm": "SHA256", + "checksumValue": "8dd74cd63a0c5884fc0ec7736640833ec9d5db7a02f563ba3bf581647c93fe3d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-dhparam.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-dhparam.1ossl.gz-0e7e8dc5e9378ef8", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8d109cec2d9b5d2e8bb0f6a25466e2cd3c7cb918" + }, + { + "algorithm": "SHA256", + "checksumValue": "81e04af17f3ae310ca7af40e0ffe07d6d7eb89c7314242048a3c835adfff8970" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-dsa.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-dsa.1ossl.gz-ce4f9f095c302b35", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0853efffb03801ee93ace200b95cf3a4823aaa40" + }, + { + "algorithm": "SHA256", + "checksumValue": "7bb37e19c8a14f910e178e995d649ca298b34ae7b4fbcf60be5c0d9f68dbc75f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-dsaparam.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-dsaparam.1ossl.gz-9317b3bdb7a401ee", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f75dbfb51ba69ce0efca7b1c5a2a6c074447b97f" + }, + { + "algorithm": "SHA256", + "checksumValue": "06ddd4843711d7017c3f0ed234fc746f187c68546b03d1c056806512e2865046" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-ec.1ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-openssl-ec.1ossl.gz-530981cb7fd39695", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "75a87f58b6d78a33a5a916239be9b2dfa3eb688e" + }, + { + "algorithm": "SHA256", + "checksumValue": "f0af081ed85d16c96bda05cad016339c55e3493fc23bb2b913070e9a7cf29f57" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-ecparam.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-ecparam.1ossl.gz-862b82be72f04846", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "26513f87858f4e0d4993a4f8f6474619cbfe7ce8" + }, + { + "algorithm": "SHA256", + "checksumValue": "5d365cdcb2c292a88817920f5d74ef84952a431916b4fa1c21f9144971996d50" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-enc.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-enc.1ossl.gz-7dc068014a9b892c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3cbe42cee5d6b4f0a2b7a90939de19a8eed8eb08" + }, + { + "algorithm": "SHA256", + "checksumValue": "b28610d86402ade133bb158254e18ef53a2fc16fb91fb88af3f811d8f48c5965" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-engine.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-engine.1ossl.gz-d0e810fad76c8bcc", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "219c0c6ee382583ffafab259704cddff315e7710" + }, + { + "algorithm": "SHA256", + "checksumValue": "28d2b002772754cafc485a4abd007b026237ed83943eabaa7214204ba635511a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-errstr.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-errstr.1ossl.gz-4d3db18e5ba09e94", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2554b45b877bc713ab6b645df75472b3e67666e7" + }, + { + "algorithm": "SHA256", + "checksumValue": "fd5de1e719e6a5c1f0a842fb9e2b54da97052ac5a7a4ae04cb1cdea8dc26ed63" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-fipsinstall.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-fipsinstall.1ossl.gz-fcbe3b9c6ec15ddf", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "168d9ac18e0defaf7298e031a752072b6e744ab5" + }, + { + "algorithm": "SHA256", + "checksumValue": "b0b014056355dc74fbc32293e78117e9dda84fdd2cdbedeb0cb0b852954791c1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-format-options.1ossl.gz", + "SPDXID": "SPDXRef-File-...man1-openssl-format-options.1ossl.gz-dbad20590b337b0b", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "88c4f2438f0ad077ad2ff0dfc6590851ed4b03d7" + }, + { + "algorithm": "SHA256", + "checksumValue": "0e7a10d5666f6f422a880740aae6ead06949daa307f09f69ef45914240c29e5f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-gendsa.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-gendsa.1ossl.gz-f4ae5a8c6162ab46", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5beab3ec0c2de69cd7e0bd86ae26d20c361b587b" + }, + { + "algorithm": "SHA256", + "checksumValue": "7dde50ca4c466ed84c8c49bfdeed956a1cca12a5b4b43febfff6d183abd7e902" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-genpkey.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-genpkey.1ossl.gz-575440ca93aa9cf3", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9c030ddc0d0d3c285eac6cb9a44aacfbda1a7efb" + }, + { + "algorithm": "SHA256", + "checksumValue": "07647ebe6696c6683eac90b54f7594b9867ba1e2051387ef0f9a7d9dc3413c84" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-genrsa.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-genrsa.1ossl.gz-0f3d7c8384d26afc", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "22dcca9afce1ab1c0bfe6fb4cbca094fb0172a9b" + }, + { + "algorithm": "SHA256", + "checksumValue": "c5307f47abdfae08b700c74c51fa2fc019e26525ec51fd272f4692fe25e636db" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-info.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-info.1ossl.gz-a5e8bff5370b1e19", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a66c69eeeda660c008c7fa3610eb6cc120a75d4" + }, + { + "algorithm": "SHA256", + "checksumValue": "5e6fabb6c0b47b22c56df6561b6630d9f8d2b5c25ad3c8258a91166869cedbc2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-kdf.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-kdf.1ossl.gz-238f5a7f2c70ae74", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "be1b7bc8795ce331762c2b42c10126d23ad580a8" + }, + { + "algorithm": "SHA256", + "checksumValue": "86a04ed1bea44a9bd91fe29fe9d8bbf95562d1ad77ed7d1477d4e4cfa9bd4338" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-list.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-list.1ossl.gz-d40c4d74d5d2e19e", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "32464787a84a286c6b0f7972c670122e3d6504e8" + }, + { + "algorithm": "SHA256", + "checksumValue": "1a8253f01fec01da21ef4b6cb8b5883b9813d460f4d3e116f71af4c67a804c7f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-mac.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-mac.1ossl.gz-aa1ee177b72ce245", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f054e07a540e842d759f9fd7d56eda1a546f37f0" + }, + { + "algorithm": "SHA256", + "checksumValue": "fd4a4af26c70e9bc7fc0adc2f6deb8b7e6a125dad0707161b3fad2fa7988061f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-namedisplay-options.1ossl.gz", + "SPDXID": "SPDXRef-File-...openssl-namedisplay-options.1ossl.gz-4d84e8f5b61a4032", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9301e165587f72a2ec2307caf320a02e4bacdff9" + }, + { + "algorithm": "SHA256", + "checksumValue": "85daeaf62c824aeffa192e7692c2da898f7aaab20a2be1cc2ddf405b016df1a5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-nseq.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-nseq.1ossl.gz-840907f3de9baefd", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a026ea19b0ad70edc825292707c17a4f38d55dd8" + }, + { + "algorithm": "SHA256", + "checksumValue": "36ea2ef3b47fe1ce058c5a7a5614ef38f14916be27ce1e34d994da0c0d0e8b25" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-ocsp.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-ocsp.1ossl.gz-a261c7dda099b902", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cce2418d506ada9187c3df95c034862a1f39739c" + }, + { + "algorithm": "SHA256", + "checksumValue": "1fefc553c8bee4da5510e37d74bbd5443574c86f1adfe26521c0d27c91411501" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-passphrase-options.1ossl.gz", + "SPDXID": "SPDXRef-File-...openssl-passphrase-options.1ossl.gz-2e29e91c30514a79", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1e4a399f0c9d2e2de4963ab19e6f9441757aec0d" + }, + { + "algorithm": "SHA256", + "checksumValue": "1215642ca56ea98fb3554110717940611d283a35330c8e49ff62be79c2985817" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-passwd.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-passwd.1ossl.gz-345b04093df8b158", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7536520404317d122eba91e2eef6c8b437a596a3" + }, + { + "algorithm": "SHA256", + "checksumValue": "61d6c8029652cf292f9accc9ac5d7e4f9cce3837a9511bdbeae34f51fa546b1c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-pkcs12.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-pkcs12.1ossl.gz-d3c869f45dc75e7e", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f3f9b1ddff115fc3527474e4ceca8a55e6cba07f" + }, + { + "algorithm": "SHA256", + "checksumValue": "49c779c26e8d7517dfa1b81fc1b10fd3fbbe4ae27aa59d9bdd1c3e0440e405d3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-pkcs7.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-pkcs7.1ossl.gz-1df1410d70a4f922", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "779dc185dad1c7bdb4e48da67f8ce308d3da9945" + }, + { + "algorithm": "SHA256", + "checksumValue": "50d47c97bc0bf527c3ddec527652f2eb5bf8349290d405a9986e095726c97eb8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-pkcs8.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-pkcs8.1ossl.gz-cb358798958b3813", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2a5104e7295e91289063215b2e2fd6d6ddbb81c6" + }, + { + "algorithm": "SHA256", + "checksumValue": "2a52af3f158efa66f17fd476964df90b15d54e629e9653c5a6bc5b16b216803a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-pkey.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-pkey.1ossl.gz-098a7230ad91992c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f4de95666cefd9d3683241f98cce456948c06615" + }, + { + "algorithm": "SHA256", + "checksumValue": "347c59ed82070116d3b03ba3046652e1a3c2b50e2ff7d49f84d750f77071f220" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-pkeyparam.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-pkeyparam.1ossl.gz-ec9aa26d671d3eac", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c503231a2808ed2e11be48249201d65e53f02cc5" + }, + { + "algorithm": "SHA256", + "checksumValue": "6d7165ea0da2945dd3f41666a8e10c61ba702d7f327aa505c6a66ee71b402741" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-pkeyutl.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-pkeyutl.1ossl.gz-fba93cbf0804cffd", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "df249e3564dd66b76c09772514f5539aa6c6acb7" + }, + { + "algorithm": "SHA256", + "checksumValue": "8f2b44c96ccbb55fcaa2cf701583c2597e6985ca6c87f8a1d2bbec28761b2dac" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-prime.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-prime.1ossl.gz-ac719cc39b9f9075", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "104cf97f9284065cb8a06f5d10c14219a8f11e7f" + }, + { + "algorithm": "SHA256", + "checksumValue": "0e88b29c9fa4fb46f94d9785eb7d70dd6bff2454f731507ce5cce1add8aabe31" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-rand.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-rand.1ossl.gz-8fecaeade48e90c2", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dd3fb909fe1504de0dd5298ef729b9b6bb149402" + }, + { + "algorithm": "SHA256", + "checksumValue": "144b244ca66e06d4289caa9a303a3e2c1416170752cb86b26fd62aa0918687ac" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-rehash.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-rehash.1ossl.gz-22ee4bba12ea0d5a", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8b1c328e0112ddfbf823359002f7ff595aa355b5" + }, + { + "algorithm": "SHA256", + "checksumValue": "79ee52d8d208a25b2e6dfe0ed187a9f0426a3b30eb889db486f946583a43307b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-req.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-req.1ossl.gz-1d83425a6d3a43ed", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f9462a3eddb4d1de57aad3fff524b842568cde80" + }, + { + "algorithm": "SHA256", + "checksumValue": "fd9dce94f8ce2ba477b45017159c9a011451f6f6a2b7d3df91b7baf126f5b12d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-rsa.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-rsa.1ossl.gz-93532361ae12ed8f", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6c70d16149accfe1976dc178245784d5d388c24b" + }, + { + "algorithm": "SHA256", + "checksumValue": "73a6f08cf45c8d6774dcc875a93ba1f080787ef38f8069453722b6375fc3a588" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-rsautl.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-rsautl.1ossl.gz-614a1b6a37fae2ab", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1e24f59fa06c0e0ae3feab64d0da9581975ae866" + }, + { + "algorithm": "SHA256", + "checksumValue": "94c3519d73257b23bb2ceb5f9db07a7dd1116607c3fd2e9c29239ea3c3c100b8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-s_client.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-s-client.1ossl.gz-2302c94d9b695ace", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "576367ee00cce206c1be3b97fb236dc191779fe9" + }, + { + "algorithm": "SHA256", + "checksumValue": "4cc184b090c5e3af8ca56a7e07bc6ab4cf3c9cabf41e2dafa39c1decc73518cf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-s_server.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-s-server.1ossl.gz-273a9dd2b508fd4e", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bd7808a078c42694962c6f9860526139b4d8a67a" + }, + { + "algorithm": "SHA256", + "checksumValue": "b1ca021f127e7a0524de68efea2eb44d812eda8b0409ec626c15d65a600462ed" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-s_time.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-s-time.1ossl.gz-aa543e4068d97fd5", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6bfbd2403324aa1b5a924e7bf2c4ec19d76095f1" + }, + { + "algorithm": "SHA256", + "checksumValue": "41f43614f21ef62aded42c8d9770bcb165b18f476a165517ebc2c109c9f2a72e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-sess_id.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-sess-id.1ossl.gz-27d2730b405f40c1", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5199987422c5d63075a40227ac96e3153df535c3" + }, + { + "algorithm": "SHA256", + "checksumValue": "7df302ef19413c9ff1c598ae1fb5257f4a1a1325ca77237f2d2ad54ad7add7ea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-skeyutl.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-skeyutl.1ossl.gz-868a400a31e858b9", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "664d087339c39729e41447b85a0b65d31219e581" + }, + { + "algorithm": "SHA256", + "checksumValue": "365383a274ab6e42dbb3231ee21037e61899411df15839210f276741300a2444" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-smime.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-smime.1ossl.gz-ae24ee67d5c58772", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9c3543c1dc9aced9797c6850d3d49705f2a69d5d" + }, + { + "algorithm": "SHA256", + "checksumValue": "5155022d88a491a02922a8d482dc86663be3a1d33a25566609c11ead5edc6f67" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-speed.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-speed.1ossl.gz-26de3af2b0c9031f", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a4bada45063b857f1debeb27fbfc4193dc10de31" + }, + { + "algorithm": "SHA256", + "checksumValue": "6366b32f05ec4bb47f148dbf727aa350bf65a935fe88d6a02eb21ecbfce412e5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-spkac.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-spkac.1ossl.gz-01930f5f73b7f35d", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4fd0793a7f076b552767d97a825926903216cb62" + }, + { + "algorithm": "SHA256", + "checksumValue": "d7b36531335a31df1bc55ad230536ac6e725f883a9e5f0d251a78098dc326e8b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-srp.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-srp.1ossl.gz-90a4241bf68fbfff", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9124282c89a1ff08d9a0fc9a9d0d9741029f789b" + }, + { + "algorithm": "SHA256", + "checksumValue": "2876181cac05b7dd7f1e87ecbc0fb6a1eba864302f71358921931d50687f77c0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-storeutl.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-storeutl.1ossl.gz-13b677168cd419ca", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "13779c1e47434affcaf712eb3d73f817d8bdf53d" + }, + { + "algorithm": "SHA256", + "checksumValue": "cc06c20175fbe82118bce61d10b8cfe3bd50b227f8f63343bd9c0bbf1a162fc3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-ts.1ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-openssl-ts.1ossl.gz-d07aedc7eebcf38f", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "37e32fa0604b36f450019486ec868213ce60f5c0" + }, + { + "algorithm": "SHA256", + "checksumValue": "b6adb937bdb7edac7bc24fc250f4ad1530b4e42f86d27715e0f8c5687de9a3d3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-verification-options.1ossl.gz", + "SPDXID": "SPDXRef-File-...openssl-verification-options.1ossl.gz-f0d5b9184199c52b", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "76b93dfe74688a0d2f9a8958c0c1e860ca941312" + }, + { + "algorithm": "SHA256", + "checksumValue": "b649be7a88f76256a0c77f7cec4547fb3fdaeab205232e89ab379c39ddc7fc59" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-verify.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-verify.1ossl.gz-6003ee08f870b8e0", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e0aec26ce1f0d1736554857736883d93ed202bb5" + }, + { + "algorithm": "SHA256", + "checksumValue": "65c5178be1d6a4b480d07f1685eb89bf86210de69466e47718bf9f394ada57c9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-version.1ossl.gz", + "SPDXID": "SPDXRef-File-...man-man1-openssl-version.1ossl.gz-b3711aa9269af576", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "284b9eddd20e5b356eee6834744a873f92ff8053" + }, + { + "algorithm": "SHA256", + "checksumValue": "802b7ad6000cdc7aa8d023b2787bb9ab589a1e9fad7d306d45041d4983e1265e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl-x509.1ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man1-openssl-x509.1ossl.gz-6708b04c922a30f8", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "87a7d509b68607d09cc6968ca8f866dacbe2218d" + }, + { + "algorithm": "SHA256", + "checksumValue": "6c5646bc4c3ac256d99e8bf91f45691c175c8cd073d802aa2d4d18fc49209f4a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/openssl.1ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-openssl.1ossl.gz-32e3efd142dc1df3", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f6ddafce6759aec22a8534db17ebde52a750e854" + }, + { + "algorithm": "SHA256", + "checksumValue": "a6c0a4615b2e1095feae2e550939d82c5dcb3ba9f06238861b9937c457649e9c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/sg.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-sg.1.gz-f7f5f5ee42ed5718", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5835a5762c8641941b1c406b1a8d9ae1d5ab47ca" + }, + { + "algorithm": "SHA256", + "checksumValue": "10d68d5a468d038ef51a2adc17dde913d9c8cf2d0aecbc4d400ce0e8266bc31f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/xargs.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-xargs.1.gz-de5571141680d5bc", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e9515a84d2597b37e2c8d71284f7d18d938f52bb" + }, + { + "algorithm": "SHA256", + "checksumValue": "ac4fe03dc5178928008219ed89abde58da1f6fdeb5c458b8fc32eaff969b5077" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/xmlcatalog.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-xmlcatalog.1.gz-e57ad82a664df51c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8c01dfa8b1134587e2271aa566ff0335f666d571" + }, + { + "algorithm": "SHA256", + "checksumValue": "f37b82271f7f80e11f65c99ed88e5ff50297567dfcf5ddb65ddcaadcb53cca1a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man1/xmllint.1.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man1-xmllint.1.gz-d63ae4c3c914d90e", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e6464c6c3043dca2c03c756e6d279f3cdb4dfc5d" + }, + { + "algorithm": "SHA256", + "checksumValue": "f5ac9d9ca2c53d99fe5e9f42c9958fd50857464c030f886ba0355685f37a1b95" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man3/libxml.3.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man3-libxml.3.gz-f3ff4aa1233cced7", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6db919c78636c43c6b1c1e471cd1522a2e5d5299" + }, + { + "algorithm": "SHA256", + "checksumValue": "05fb55e53f1c4006b2c7819b4aa82a72366e8721066e26db7f172834e370633d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man3/shadow.3.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man3-shadow.3.gz-627e139f8f6ad642", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "343c34ef915d1c4376b45298bfbb28ee173cbabf" + }, + { + "algorithm": "SHA256", + "checksumValue": "30c26db9f71ce1252c3e63e6d67edd054fb1412c9576e7547cc064f9d5d118ec" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/.k5identity.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-.k5identity.5.gz-55ae2bfbc993fb90", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "af8e3d2df83360abb0f0dcbf6202c04fbd11ac85" + }, + { + "algorithm": "SHA256", + "checksumValue": "38df17b9e89d0628fcb53e9f1685ebfee9696029f48d16af80f712d9769c55d9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/.k5login.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-.k5login.5.gz-6ee3a0391f2a137d", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "17019305776f366c5c4ee613161406bf226d7937" + }, + { + "algorithm": "SHA256", + "checksumValue": "0a3338871b1c4f66d601587582d58e46eb5ce5d00fa47496547744e687f35584" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/cpio.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-cpio.5.gz-93c93a8b98729a8e", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "af04a986cf7f8af76d8e1260553c81cf4398657c" + }, + { + "algorithm": "SHA256", + "checksumValue": "f177a7abcd66002543952ebb68b4140ba7663a45e5fd293f3961a5a65d74153a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/dnf.conf.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-dnf.conf.5.gz-0df328b7f8c16083", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c9494c055236656a73f895bcec48c98233bb115d" + }, + { + "algorithm": "SHA256", + "checksumValue": "4b518d1ac8609edf2ffbb30155d1c453179e276698749e50f662c233ca7dd883" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/fips_config.5ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man5-fips-config.5ossl.gz-87fed008d823de82", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5c74d16556ceac8a49a076042e7f93bc62eed9c2" + }, + { + "algorithm": "SHA256", + "checksumValue": "15a810d87d38173692c0e9878afed1ff4e4eb6e2ac8b3d12409560a4ae0f3f1a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/gshadow.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-gshadow.5.gz-7780f82722a193f9", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3c13cabce6bb6e85c566ff91c6aa5e77532b9378" + }, + { + "algorithm": "SHA256", + "checksumValue": "4ecc289c15bc66b7b2e940c378ea42888296906e134bbb30e489db606f569f81" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/k5identity.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-k5identity.5.gz-396f3170300f5eac", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0248168eb0588c1754f712bd1dbb64ab9e5673f1" + }, + { + "algorithm": "SHA256", + "checksumValue": "a11b4eefceb2e5ebb980ab9bf27003a4a14a3198d3886b2f733ba26e581948a0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/k5login.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-k5login.5.gz-7dc959edf743cd9a", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9de6cad471d2dc213d4d0cab9800bac8f3959d89" + }, + { + "algorithm": "SHA256", + "checksumValue": "10837088cbd4c58ce91dcbef16ba755e71bfc6df7f2d97323f0b93e9afe048b1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/krb5.conf.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-krb5.conf.5.gz-0c15dc319b7ac053", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "39300ac31a966bcbe57d9645fd10c2fd390fb92f" + }, + { + "algorithm": "SHA256", + "checksumValue": "1321aa05e7688ea76ce979cdead0f02a6a1d332f24c9a7df0f53bee30c675aa2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/ldap.conf.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-ldap.conf.5.gz-c9e25f63de34d365", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "da9eb0cfc63959cca3c30f49e918f7df2d265356" + }, + { + "algorithm": "SHA256", + "checksumValue": "6a4798b91dac99b776f00a21cf1c88ca5c81b30944a4978505824770c927c50f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/ldif.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-ldif.5.gz-331465f839b11ac2", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0ec348b6b97c4f354fc8ef8cb6a6c1fe3b0ce914" + }, + { + "algorithm": "SHA256", + "checksumValue": "19d7126dab4ec06a2fe5d8a8e40f9a50fbf07d5aafe716b99f099901b82fe04c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/libaudit.conf.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-libaudit.conf.5.gz-7b984e33ee9bdc53", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "790e37e89749e20bfc337b02b7f036c914fd9f6a" + }, + { + "algorithm": "SHA256", + "checksumValue": "b45065b6598339d91e74ded8b66e39b0452d379b26935948b3c8faa085817b23" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/login.defs.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-login.defs.5.gz-24816b3267972eed", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5f3f541e0b136533807731e3feb6e67636a752fc" + }, + { + "algorithm": "SHA256", + "checksumValue": "7097c6bf418935b73098fe95e4887d3300029e71d63850b81055be5eedb167a2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/mtree.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-mtree.5.gz-31b68411d055e59a", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2b9d61d8f4fd927e9d31b1ec1c7b2be7495b9b39" + }, + { + "algorithm": "SHA256", + "checksumValue": "c05389faebf77678f2127fdab130a7f6770038a1fe412e4a4bdee4694a7a9320" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/openssl.cnf.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-openssl.cnf.5.gz-7682f6723e342eb9", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "614b0fbdfe2eeaa44c539aae86bd1514666f6469" + }, + { + "algorithm": "SHA256", + "checksumValue": "d80417a1e70f6dd7f75bb236c2791b8d51689af0579c96374c659edd31e33ccf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/semanage.conf.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-semanage.conf.5.gz-cc59bee454cfe52c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bc7bf48d2eabe81f79f0c22dd9003c0dc7addd8a" + }, + { + "algorithm": "SHA256", + "checksumValue": "4dc05ad657fe57eccd803bbb48cfb8f8709c580b7516b335765eae58f2b46c36" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/shadow.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-shadow.5.gz-4ca44dad5b6c5e5e", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "385b0f62a09dff9e41b56047b847a918194ed99e" + }, + { + "algorithm": "SHA256", + "checksumValue": "17ff57d3aa76ee64c3fbbb7b02ad93b86bf385662f5a73feddb48f4377af2a31" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/subgid.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-subgid.5.gz-5b7163d7c563855f", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "521ec36e85817a50f0e0ba706842d064337ae288" + }, + { + "algorithm": "SHA256", + "checksumValue": "48f8de23a71fefc8105be9a088f933fc7474ea7e9e5c0e41d93d84c32b279f4b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/subuid.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-subuid.5.gz-00e8e8122abacd21", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5467b39164543d43e9518fb79b45dffb54c23022" + }, + { + "algorithm": "SHA256", + "checksumValue": "962b2b540d0f847ef919ebf26cc2f88f8ef5f52621281837b775be6a08eb7b1e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/tar.5.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man5-tar.5.gz-6cc990701a0483cf", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4cc826fddc32373ff2baca75047bdb542541f0e4" + }, + { + "algorithm": "SHA256", + "checksumValue": "3ab252b6067ddacc4a57d2dcd5bcde3223a3af3c324b2a87fe0bcd7364ff6c70" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man5/x509v3_config.5ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man5-x509v3-config.5ossl.gz-5e292b3a78fa663e", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "821498609fb78465682e6db725f295fbf91bac5d" + }, + { + "algorithm": "SHA256", + "checksumValue": "c7a73764eb27b51ff855e31ffda6a5e5aafc611b73320e49f1a70a7da2c2186b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-ASYM-CIPHER-RSA.7ossl.gz-0a62741227568113", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0f7dc1b9a494817dc399a5389828321b91ec5f01" + }, + { + "algorithm": "SHA256", + "checksumValue": "9adb66a06899ddd4211ecbe7d75260c88949eaf35095416aa288cd4cd7173f3e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-ASYM-CIPHER-SM2.7ossl.gz-614b857c27a1c5f8", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "aabab7951cad3af0a032064c0c6fe40ca3d83bbc" + }, + { + "algorithm": "SHA256", + "checksumValue": "678519b9df1ac01a19a7e6581d663f1455e65f90b68376fcbebe346bfd29c323" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_CIPHER-AES.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-CIPHER-AES.7ossl.gz-04a987f5b10a610c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8d36b84133fced3f8e82ff58530561b0baada424" + }, + { + "algorithm": "SHA256", + "checksumValue": "6f821d9bc04c2757f4891deead2c80de75b67742c880a3af4cd9c4f88a62fb4b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_CIPHER-ARIA.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-CIPHER-ARIA.7ossl.gz-ceb0217c8a12470b", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "831ee499156129f73caca7809d10ccae98561388" + }, + { + "algorithm": "SHA256", + "checksumValue": "3f6fc3b6e06f7c200eb9317d1f1407d2ee436253ae2ef528ed0fd5769b2d284a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-CIPHER-BLOWFISH.7ossl.gz-975fffbcfac782eb", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4c908f3c32e9a32d3fc8a281660280ad47439f70" + }, + { + "algorithm": "SHA256", + "checksumValue": "1c4aae9fa2168d02e5d90df893d68ef952c0e82ad870ce05575d435a26b916d7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-CIPHER-CAMELLIA.7ossl.gz-cec6961786f8edc3", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1fe7b56d528443a42bf21f62eeb37c1121bcb3f6" + }, + { + "algorithm": "SHA256", + "checksumValue": "f17c13a80923d19bedc06495a8ef59d8f10d344397546a43fe2169dd69c871b4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_CIPHER-CAST.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-CIPHER-CAST.7ossl.gz-368098ac9821757c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d51ca198f2237a8bbd58702c1d3c8eb180baa27d" + }, + { + "algorithm": "SHA256", + "checksumValue": "03e245655f99153556b77fa9bd2df96c72b9dab778df5cb46d8694a8938b5544" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_CIPHER-CHACHA.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-CIPHER-CHACHA.7ossl.gz-1530f883db4b364b", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e0b72160bf72aaf23b1853ef3780bf2ed10e2484" + }, + { + "algorithm": "SHA256", + "checksumValue": "cff71dd921119b1342e447655c464655137e5a42ebef9c10538e98e76ed5cf12" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_CIPHER-DES.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-CIPHER-DES.7ossl.gz-080a70f9a4603dbc", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4e2349f0b6c8650cccfb3f2e3694b5bca8c7c366" + }, + { + "algorithm": "SHA256", + "checksumValue": "e0be8aa305dd7e8fccb93290303cd6d3b7ea3183b8027211d160267d1b744401" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_CIPHER-IDEA.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-CIPHER-IDEA.7ossl.gz-fab0ad695fe86de7", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "344cc99e06268bff0b20eb77ce8df5eecbe68b83" + }, + { + "algorithm": "SHA256", + "checksumValue": "5c46103011da292b4a6e34c6bef0a22568a23a962b173c4b3e6e039971d8db6c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_CIPHER-NULL.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-CIPHER-NULL.7ossl.gz-589755c709a5e68e", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c38da2b7bef8f3b3c904ff09bbaf335782bb81c1" + }, + { + "algorithm": "SHA256", + "checksumValue": "44b36b5606ea1c14e71f9b33cfdab4879d4f164b55b1a966ad70166441af670b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_CIPHER-RC2.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-CIPHER-RC2.7ossl.gz-64135b28c46f9bb3", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8caf1fcaadd779811e3b65b264bf4a0ea3e7e216" + }, + { + "algorithm": "SHA256", + "checksumValue": "7dd4485467748b7af90c78d59180b7c7acc03f115932d1bec93b4c9f387ba136" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_CIPHER-RC4.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-CIPHER-RC4.7ossl.gz-b5478fdde922a6c2", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ae716176fa98716681db459dfc46e2b9e2331784" + }, + { + "algorithm": "SHA256", + "checksumValue": "660051e40ee4c8985b0505c2f3073369a88bd634034ea36062f0a4575b6551b1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_CIPHER-RC5.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-CIPHER-RC5.7ossl.gz-d2e151662e06a92f", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6dd04108eae292923d0e4ae4b1b4f5566aed1ab0" + }, + { + "algorithm": "SHA256", + "checksumValue": "2cafd301ce673d38122d8ddd8775e76542a1b779183d67ff9c87ffeb7acb3cce" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_CIPHER-SEED.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-CIPHER-SEED.7ossl.gz-467837e1f76df428", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b17ce47eac0619c1480f9dce641de82bea26ed1f" + }, + { + "algorithm": "SHA256", + "checksumValue": "c8c8c516d120379f5df27486fb040e03995d2581315ee9399d1e5d1070210b7d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_CIPHER-SM4.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-CIPHER-SM4.7ossl.gz-5e55681099c9ac55", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f93bd12665f7d9ee3904002acc0d067713ac9e5a" + }, + { + "algorithm": "SHA256", + "checksumValue": "b44a653ae2e95be0dd0815eb7a9a4d2b245ecea96864ae621227214bace31f89" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-ARGON2.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-KDF-ARGON2.7ossl.gz-4f6c8c0223470a84", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "23adb59156e3cf96ecfc38f0d6a2b788d41dd228" + }, + { + "algorithm": "SHA256", + "checksumValue": "a31936a669a89e4666142441799ac4cbb9c486e24e03e090e82c8ae2800bb225" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-HKDF.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-KDF-HKDF.7ossl.gz-3a7fc15fcc4dadfa", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "eaa0a00f06981a1c5af94c07689f3414d7d9b2e7" + }, + { + "algorithm": "SHA256", + "checksumValue": "6feade2f08a1729ee453218a840aba964ca0b8c057ebf3f6049d81a591c4553b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-HMAC-DRBG.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-KDF-HMAC-DRBG.7ossl.gz-8b74dbb9b76ffae7", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b50417a28c5aebba1f0b1ec4a2910d21e970c2cd" + }, + { + "algorithm": "SHA256", + "checksumValue": "220c8b5e07859cc46dcf348356ff2ac8bff3cbd913510f9d828587179fd76830" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-KB.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-EVP-KDF-KB.7ossl.gz-2867a7f559c350c2", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "973eae331e1c1566fe580501dbaa886d63ddee3d" + }, + { + "algorithm": "SHA256", + "checksumValue": "76932a79463d97d55da1dfa1d3dd8c4ef9b3604ea7c2a88e287edcf689a4bed3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-KRB5KDF.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-KDF-KRB5KDF.7ossl.gz-a0b6c5155090d47d", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d7d00cc25665dbd5416d7102440ff196ace251ca" + }, + { + "algorithm": "SHA256", + "checksumValue": "c29d3a76446f8e45ed16ebe710105603a744aea7044cda78a63711dd4186302c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-PBKDF1.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-KDF-PBKDF1.7ossl.gz-2ccf1330944b3911", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "55328f9e02b6f7e3f4eceea1cc9c1757ddf98d41" + }, + { + "algorithm": "SHA256", + "checksumValue": "63801430e465921063d23c381a4464468788b25c71cbce83f42729b4e819c7d1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-PBKDF2.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-KDF-PBKDF2.7ossl.gz-f2ed5774c659335b", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7348c092015b14c156c47f217d4601661611730c" + }, + { + "algorithm": "SHA256", + "checksumValue": "7eba1878f7907f682e8c788f94ff2367f5f1b33b95732e9af5ab690a5ee7b66d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-PKCS12KDF.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-KDF-PKCS12KDF.7ossl.gz-525dee4e979d11a3", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c8fb69ee0a83d875bc8696fb94961e212ddc6745" + }, + { + "algorithm": "SHA256", + "checksumValue": "cee684f8a03551be0e8feecea5cab5864df87249ea8c934e16360dbaa7b1f95a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-PVKKDF.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-KDF-PVKKDF.7ossl.gz-8b2a0b87a4276bd3", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d5fda3931d55c1b1adacd947c73610605f4f5232" + }, + { + "algorithm": "SHA256", + "checksumValue": "a67ead799c7250a2b7a6beb2991087069f10d6fe412e959b5616e4f43ce7a7a1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-SCRYPT.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-KDF-SCRYPT.7ossl.gz-fa7659be1bbaac1c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "703ae78626c835cba80279f0574760795e25338b" + }, + { + "algorithm": "SHA256", + "checksumValue": "befaced50aaa9046b50a854aeba5e360a158d436f31192c582cfbc56cb0a8092" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-SS.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-EVP-KDF-SS.7ossl.gz-d2f4648fd31ce066", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cde9e9dd7ae8cdb433a091c00eff8dbdd3981de7" + }, + { + "algorithm": "SHA256", + "checksumValue": "6d2079f83ea2444b9c51a838a6c7d2360d4f7f4b3f6bedd98d170b9b2317a90d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-SSHKDF.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-KDF-SSHKDF.7ossl.gz-552f5139f3e4f68d", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "da28b4ee98e7e5af20bbd899b3f9ec3f47d2ad4f" + }, + { + "algorithm": "SHA256", + "checksumValue": "addc220d360ab59a647cd93a24645eb911eb98907e96dfbe8eea36ee3305a06f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-TLS13_KDF.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-KDF-TLS13-KDF.7ossl.gz-459e9f148272cee8", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b4309b59701493419e52c473c30405a83be9f2d1" + }, + { + "algorithm": "SHA256", + "checksumValue": "b01bc5ff37d1b6f9e8242a21211b49169e8913c8f695be1a4a47e37f8e5f993d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-TLS1_PRF.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-KDF-TLS1-PRF.7ossl.gz-757c5e7433c8bba4", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "641e78e20054210c91c7699287cad38a145c9991" + }, + { + "algorithm": "SHA256", + "checksumValue": "2e96af999fdf51a20d7b9e8edb3ce29068dea80780598c35053c3c862c0c78cb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-X942-ASN1.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-KDF-X942-ASN1.7ossl.gz-03b262d8fe93a385", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7ca9ad40e111c2dc59393d757f5a803a00010b12" + }, + { + "algorithm": "SHA256", + "checksumValue": "1935b45f189c789f26081199a8d53e9a95d031c16cc124ae292560ed39106fe8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-X942-CONCAT.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-KDF-X942-CONCAT.7ossl.gz-7972d18b8c491ea5", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2a0f216ba4a5346f8e88bd6ba371cb81324ea1c9" + }, + { + "algorithm": "SHA256", + "checksumValue": "36d5129a6881951f1946ea58e6db3d5a274a0df7ad7035ed725400b8d22e4f10" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KDF-X963.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-KDF-X963.7ossl.gz-5debda3dd8c43da2", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e55f6ba90ce631943b2c5a3b4a5d9dee2c0403ee" + }, + { + "algorithm": "SHA256", + "checksumValue": "ba4ffacc7f9b15f91ee6d5261a0a25c2928e0f229e8eb518523c28964b359cbf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KEM-EC.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-EVP-KEM-EC.7ossl.gz-eaf10019bfa53e6c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "04a40cee62fa558a80464e313f36363cf31cfefd" + }, + { + "algorithm": "SHA256", + "checksumValue": "e61ac1db45e16725c0d74be6fd4a0ab6f6e93ee9a747f0365776c1a754bce567" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KEM-ML-KEM.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-KEM-ML-KEM.7ossl.gz-dde1ad43ffe850f7", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7bb4d9b935f3cef0615fb2c39c82c2349d874913" + }, + { + "algorithm": "SHA256", + "checksumValue": "2ba7c1295bd15944469f28a33760bede10cf4e125ea0af8221846a1ef05f2f5a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KEM-RSA.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-KEM-RSA.7ossl.gz-4b71fd7f4dd7c76a", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "765c553b6092aec68a9898ce9efa59cf8a4b06c3" + }, + { + "algorithm": "SHA256", + "checksumValue": "e9e3831822de6d7c96c73632073d7d1d8a05f87c5d2fdf6c3a6af472522d41fa" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KEM-X25519.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-KEM-X25519.7ossl.gz-116612c7f9a4276c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f646ac6fcecb435642e93af63e3febe199b3a5a8" + }, + { + "algorithm": "SHA256", + "checksumValue": "2ed8fbe186d68899ef9f41b9ade76661ece11ba48a4f2b48631a8cd63ca90563" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KEYEXCH-DH.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-KEYEXCH-DH.7ossl.gz-ad000ecdfa943769", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "03062847148f6283aacd3dd6684b89aeb40dc0fe" + }, + { + "algorithm": "SHA256", + "checksumValue": "f36a5b1e05fad760f8e239f70bf6a677699574257816ad2b56136bb919d4fe48" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KEYEXCH-ECDH.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-KEYEXCH-ECDH.7ossl.gz-534f9530f3e7d4ef", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9a19020f05014ee5103f0d6d7177107c5034a512" + }, + { + "algorithm": "SHA256", + "checksumValue": "1f30ae0ee56e852c82586f6aa624a67dae144bfe291f6413caf4c9191a1da510" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_KEYEXCH-X25519.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-KEYEXCH-X25519.7ossl.gz-579c5e1799c04e87", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4fe3dd0c4ea6b8ffac75655029af108537631892" + }, + { + "algorithm": "SHA256", + "checksumValue": "9a6b8e0fae2f3239a3b2bf49df6aa1353ca1184e754cd3d18a63c1158e6c671e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MAC-BLAKE2.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-MAC-BLAKE2.7ossl.gz-d94a24d38f12eab7", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b1d411e74e4a630bb9e746d52b83d5f3f1a7ccfc" + }, + { + "algorithm": "SHA256", + "checksumValue": "94b0f6ae9b71afc540c7908c257996e58db2dba9da300ff73d2f8f36b8b08dc4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MAC-CMAC.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-MAC-CMAC.7ossl.gz-21b9bf623e477c9b", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "232d6656dbb0cf7b43d65a5cb7f5ef139baab6d5" + }, + { + "algorithm": "SHA256", + "checksumValue": "482488d48d3f2c917be66ac7285c95f68dad873324e4c63585e9eb09999fb97c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MAC-GMAC.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-MAC-GMAC.7ossl.gz-6670e4a5d0e8f7b4", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3d0d5416e9d4932a7dd5f4c5b430119c7fdac7fd" + }, + { + "algorithm": "SHA256", + "checksumValue": "64d6e1ae2b9a05e07b5cd532b3732c9ba66f5fe02eddbd7c0978f12777bf77e6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MAC-HMAC.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-MAC-HMAC.7ossl.gz-512d053c17d87ee2", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6358b37f296787897e06dd6e8a38004d97b85971" + }, + { + "algorithm": "SHA256", + "checksumValue": "39ef21f034a42744a8a99e300c6e1fe899a5aaea863d9acac97dcb81a7e10c3e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MAC-KMAC.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-MAC-KMAC.7ossl.gz-e0ddeaa423d94e65", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3ddbf486b09284ae822eb94a5c9cde1ef5a9af14" + }, + { + "algorithm": "SHA256", + "checksumValue": "7a3b285ed2fa6600aba01173112dab6619edeb4018de57afaa8858884159debf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MAC-Poly1305.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-MAC-Poly1305.7ossl.gz-c9b816255fc03fd3", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3709ffbc903e8d89da3febd7c4ca1946f0c23dc8" + }, + { + "algorithm": "SHA256", + "checksumValue": "815903fe49540243343dc4dae324c98cf191354ab1f41e589f13250831af2591" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MAC-Siphash.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-MAC-Siphash.7ossl.gz-12fb8dcbf17e12f9", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d525dd2742f0addb73460995619b1c90a4f890e1" + }, + { + "algorithm": "SHA256", + "checksumValue": "22a7bae909eb8c5ee692ce145a614cd24149c4e5f7f18a9442d31455e7dfc4ea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-BLAKE2.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-MD-BLAKE2.7ossl.gz-33151bcb993bbe1b", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f547a35083a6bdea4fbe5b672dc6d441efaae6bb" + }, + { + "algorithm": "SHA256", + "checksumValue": "5a4f65756cb704d395f250b280f1917aa8670dba484472381885628ee65bba0b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-KECCAK.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-MD-KECCAK.7ossl.gz-2492038fe7738f6b", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2a75c6c66442b6e0b113429e45569c9c40a7627c" + }, + { + "algorithm": "SHA256", + "checksumValue": "67c856a70f86af1ac78280cb6cf7b2a54af2a0c8cf84cb3403c7a055ec2645df" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-MD2.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-EVP-MD-MD2.7ossl.gz-362858c8cee5ee21", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a6f0bc4856a3619970ad0089b12fb195f7e3e7b2" + }, + { + "algorithm": "SHA256", + "checksumValue": "c47ca5f289ee3976ca6da76384bc1c78fc431bdfa0372ec8cebfe92807e33c75" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-MD4.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-EVP-MD-MD4.7ossl.gz-557a753af79601d4", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "90b75ed246c9cb80d60f617c8580d6874577a63d" + }, + { + "algorithm": "SHA256", + "checksumValue": "40b5e13d50905d7c9acd7e9d36d2789812b90d2871eadd3d110dfd53de079e64" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-MD5-SHA1.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-MD-MD5-SHA1.7ossl.gz-3b4405ce04b1600e", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0bcfc887e34ecd5373c578c819b79a919c36a72e" + }, + { + "algorithm": "SHA256", + "checksumValue": "54f85786ad5135b0a1e495934b8dea95148fcd33fe3d573d2fbbb5c537b5d662" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-MD5.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-EVP-MD-MD5.7ossl.gz-d51833fa2e124644", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "20e67e7f68c8171931a5729d813e9c2ab88a1db8" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a2eba35eb1a35bf521ced91fea40a074d810a096d2e1d6735e96d60b0af382e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-MDC2.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-MD-MDC2.7ossl.gz-91df02eaeecd459d", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "25cb56e667cb00fa5814a1b20a61d6aab99cfb4c" + }, + { + "algorithm": "SHA256", + "checksumValue": "e972ba9f44b5e47d6e879239dd51ab7fb9452eb4cacb950e5c2c821398f6d6fa" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-NULL.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-MD-NULL.7ossl.gz-34502f16226e82d3", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2df9b22472ba46882dc4d82d129cca8214f51487" + }, + { + "algorithm": "SHA256", + "checksumValue": "6b888d8866df01c656bf5b6f801d930bd8f6fcfd3bf335f04c3e29ecf874d754" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-RIPEMD160.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-MD-RIPEMD160.7ossl.gz-e9514150e59eddd1", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "501c0a33acb85d62945f26454253befac74b12f7" + }, + { + "algorithm": "SHA256", + "checksumValue": "e5dddbee5c549b16fe6c74dccaa11f5187d4914dc50d66414cbb997794540a17" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-SHA1.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-MD-SHA1.7ossl.gz-e6158bdeccf8b95c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fa6ee113c99d2dcae37160792c3a6f6dc5ee7b58" + }, + { + "algorithm": "SHA256", + "checksumValue": "f9a8b8034ad4ec80c5d888eee2c0e41b9bad8b164bead41a5149766e814c1353" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-SHA2.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-MD-SHA2.7ossl.gz-380f15a0186b69d1", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b8a29484b63bc8d0ac452cddddaa05e946d8aaf6" + }, + { + "algorithm": "SHA256", + "checksumValue": "58a2105a502493d7d5ec13e49d4318848f0e55ebe33aa219287fe33872c722f9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-SHA3.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-MD-SHA3.7ossl.gz-1223afc00cf0844c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4b80b438ae6fdd26f01e65e626cd8be1ced1e602" + }, + { + "algorithm": "SHA256", + "checksumValue": "3057ff8d3c1aa31b87065feff4d52e5113c9495b1f9d7e1682a04ec763036cbb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-SHAKE.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-MD-SHAKE.7ossl.gz-0b11dc6ec27fcb50", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cce7913ddd497e5bc4a177cdcf9bbad7f62225c1" + }, + { + "algorithm": "SHA256", + "checksumValue": "13db6eeb0883668e0df6a97fecc195999b1dc201e45ab074b921cb64609c1a2a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-SM3.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-EVP-MD-SM3.7ossl.gz-40e6051abeb3f042", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7f7f980654419e0455be32dc715952b183bbb412" + }, + { + "algorithm": "SHA256", + "checksumValue": "73c375e85808bad375e6270767eeeafbe53c3eb8f73c48ca678fb8b457e0e88a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-WHIRLPOOL.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-MD-WHIRLPOOL.7ossl.gz-ac57a7fab3558da3", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c08b7b4f28447c07bad9c4e088e1fb73cca1572f" + }, + { + "algorithm": "SHA256", + "checksumValue": "25f5026878d44caccf615b259eecf2041d805858cae483a7f81fd9005a870a8f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_MD-common.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-MD-common.7ossl.gz-eb4659e903b52f95", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6c14eeef33779a4ec1f47f703e42b440d163ea25" + }, + { + "algorithm": "SHA256", + "checksumValue": "9018eee6bf69fada25a66de5333c28d19136b8dc1dc3e9427bf347ecc9bf5c57" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_PKEY-DH.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-PKEY-DH.7ossl.gz-05269894336f94f1", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d7edaa83549df5ae3b9a6f7264b36855d11dd76a" + }, + { + "algorithm": "SHA256", + "checksumValue": "eb0d58b8983f36dee2eadfbde585e9c96da892e5c0716028f03d45bc0c1ee338" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_PKEY-DSA.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-PKEY-DSA.7ossl.gz-3717e7a528f67db3", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "247f40abbd4331e5b95efa57949e680960b0befe" + }, + { + "algorithm": "SHA256", + "checksumValue": "40205f1717dbe4478e7c1f916f93c4fc0760fa295b1c580364adf5c38c1e06cd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_PKEY-EC.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-PKEY-EC.7ossl.gz-4c7ea6934cd41c12", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "600d4bd1d42ac4a8b4f9baa161eb936dd823b8a4" + }, + { + "algorithm": "SHA256", + "checksumValue": "b4115aa6c5d2c232c7f8b506e6636b58a1f1f0688d1c4651f49b82f25129b7cb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_PKEY-FFC.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-PKEY-FFC.7ossl.gz-91f91d555a9103a8", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "56b0f6536793be5ee2e94de6608f1ca37441e43d" + }, + { + "algorithm": "SHA256", + "checksumValue": "ff6f56ab05f2549d8be2b60e51c640f3ef6d9115787dab3fde63023875ded470" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_PKEY-HMAC.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-PKEY-HMAC.7ossl.gz-0a2c3c47f7545b9e", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c5ac211bd688e67efb816151d1dcbad4ffabbc20" + }, + { + "algorithm": "SHA256", + "checksumValue": "37a85ff053b85cb11ca6375ae0b39dc0746dd42820d0362c0ebb7886d21983a9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_PKEY-ML-DSA.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-PKEY-ML-DSA.7ossl.gz-164f352d72d01539", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "76bb28f59894425a66199e8e557b9258e271f287" + }, + { + "algorithm": "SHA256", + "checksumValue": "799556567884a8916eb610bc13080b3a5e400db5194966913580bf85b175c686" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_PKEY-ML-KEM.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-PKEY-ML-KEM.7ossl.gz-a1e614a5bfcbaf8b", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5f295b63affe266f764c8fbcc1357df777dadec3" + }, + { + "algorithm": "SHA256", + "checksumValue": "15c97da5cd2ee75fa69e576ab4c6da28dd2e64bf7247bae23ab5b539c735464d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_PKEY-RSA.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-PKEY-RSA.7ossl.gz-8f48b348d58b0ba4", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c3ff788711667cd488e005c3adf9e247ee162caf" + }, + { + "algorithm": "SHA256", + "checksumValue": "7f6dde005bd8676338aa6993e687fd734a328a64ba87abc8a86ac17985a3e39e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_PKEY-SLH-DSA.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-PKEY-SLH-DSA.7ossl.gz-4e88db845a1d6c20", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "20676370d78badbeabe221dd7c2964b40d2e5d78" + }, + { + "algorithm": "SHA256", + "checksumValue": "41ab32541a8ba6a0eb4438a8c2a333c5d3635ab1d1c50eb9e992c8c7890f8cbb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_PKEY-SM2.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-EVP-PKEY-SM2.7ossl.gz-f8db2e7291900711", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a418d5c2ac6f5baaae5c3bfa82c22a0eb8749d72" + }, + { + "algorithm": "SHA256", + "checksumValue": "18683281bde52c6383972d29f2f9f41b7e51c111faf1decf164583a91ced9cde" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_PKEY-X25519.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-PKEY-X25519.7ossl.gz-5e03800152dd27d6", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f14ab18f1f33df038eabb0d574e3904e25df426" + }, + { + "algorithm": "SHA256", + "checksumValue": "c44e89ca5e665bf45ce7ca95ab2a7b82890d1264ec9437bd14c55beb1db2a422" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_RAND-CRNG-TEST.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-RAND-CRNG-TEST.7ossl.gz-cd89c7149d5b8519", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "35f867faf0236d2449fb991008cc14a1a887c626" + }, + { + "algorithm": "SHA256", + "checksumValue": "cc5263874eacc2f69afab4e742df56787ed0bbe6ad70cdca61189d642f7fb0b6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_RAND-CTR-DRBG.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-RAND-CTR-DRBG.7ossl.gz-34df9b20f6f66964", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a9feb30594129b4df7b544dd618eaf69fda4b3c5" + }, + { + "algorithm": "SHA256", + "checksumValue": "d5dcc7c74787dabc25cb173014befed9ea57f0a88dc501979f5b7b950d49765b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_RAND-HASH-DRBG.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-RAND-HASH-DRBG.7ossl.gz-f4cfffc2116f7bfe", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8f048c3aca7b684516bd5949931f05470cb7a3c9" + }, + { + "algorithm": "SHA256", + "checksumValue": "0259fbf7534f2ea1a218bce2a22f6bd36844472d2d005996096034d319158896" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-RAND-HMAC-DRBG.7ossl.gz-469a3d0c003455eb", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "690a826e166e6c824074301810fd9c7fff1ee695" + }, + { + "algorithm": "SHA256", + "checksumValue": "5e9e3f48db77000183bb65d84f4ec7bbfbf5bce78704645496ea64ecb3d5766e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_RAND-JITTER.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-RAND-JITTER.7ossl.gz-effd69c97c9344b7", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "245353702e6bb45523fc4fa40ecc2fc22f587dd2" + }, + { + "algorithm": "SHA256", + "checksumValue": "2d564e37e863790cc9458e1648c85b8378d6e0a9ad93d710d3f0a49c3ea0edd9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_RAND-SEED-SRC.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-RAND-SEED-SRC.7ossl.gz-dda5f2f598756220", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0e07d9573660c92e80068caad010292df0829c2d" + }, + { + "algorithm": "SHA256", + "checksumValue": "78ed0e17531af03d68d54e7788ecb5b2cfe3e484d66113faa2132228716daf82" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_RAND-TEST-RAND.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-RAND-TEST-RAND.7ossl.gz-c358961d83fa600f", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d131282cda3340b32b97334ea367def51f1c2eac" + }, + { + "algorithm": "SHA256", + "checksumValue": "6365df34ca70b738dbc19bac83a265955c0ec8bbfca32d3d036460e548d148de" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_RAND.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-EVP-RAND.7ossl.gz-fe9eae88652d3c8c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b021089b83b345c2a1bb39f01f1b3938a5833932" + }, + { + "algorithm": "SHA256", + "checksumValue": "1150df4ca1c2206ca30b5a4a28e1150b07badecb6d4819d6a1f3ce3366201d2f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_SIGNATURE-DSA.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-SIGNATURE-DSA.7ossl.gz-0b3ada17b5808025", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0acfe8936332565aa2718be92b1b82deef1e40de" + }, + { + "algorithm": "SHA256", + "checksumValue": "fe879790d45d1bf76d440079aa73c36d0727ad1c302b1012d4d4f1ed01b9b291" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-SIGNATURE-ECDSA.7ossl.gz-22a3961e6fdd8f2e", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b85de04be695db96e289bd65f90605a38b140db2" + }, + { + "algorithm": "SHA256", + "checksumValue": "aa23c62df9303e39d1276a8489dcd99f1890f044bb42a33f0b03ca7088cf236c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_SIGNATURE-ED25519.7ossl.gz", + "SPDXID": "SPDXRef-File-...man7-EVP-SIGNATURE-ED25519.7ossl.gz-7e6f15db1d2d3469", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "48ece9fdb5e703d59f54926f02151da34968b331" + }, + { + "algorithm": "SHA256", + "checksumValue": "6b47aa8bf2955db526004dd8eeb512563061cb4b9d518c540171089b2915786b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_SIGNATURE-HMAC.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-SIGNATURE-HMAC.7ossl.gz-c5d017216849682d", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "576c5656a043c2ec5a1e9a58981cb11dc3509cf4" + }, + { + "algorithm": "SHA256", + "checksumValue": "95e2223f981cd7365f5cdd5459faef4d661f0f9497a9ec5f0d6c1dcdc9682b8a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-SIGNATURE-ML-DSA.7ossl.gz-b03e6f64daabd092", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "86f36327b128520d75b2e55c79a4f121dccc7d85" + }, + { + "algorithm": "SHA256", + "checksumValue": "5a04a083fff068a1a54a3a2bb2810943f82dd5c7aa2cb4ca1eb7884349e3cfbe" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_SIGNATURE-RSA.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-EVP-SIGNATURE-RSA.7ossl.gz-3978c1ded75360d2", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "053d6582112fb6a7db07987c813737ab8b07c9ac" + }, + { + "algorithm": "SHA256", + "checksumValue": "e7c24c0f8f7593c8c0f2d85b60cd0cdf33e78f9e6ba6414a53df06ae4eb16277" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ossl.gz", + "SPDXID": "SPDXRef-File-...man7-EVP-SIGNATURE-SLH-DSA.7ossl.gz-77c3c07010d12669", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c463632046cdb268451bf49b3e2baed504da26f4" + }, + { + "algorithm": "SHA256", + "checksumValue": "efa7726fe98300fc2b5eba273b626d7e36cd30a688eac5fc4833e94705a0c93b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/OSSL_PROVIDER-FIPS.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-OSSL-PROVIDER-FIPS.7ossl.gz-e851d200f2c305dd", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "67a795209a5159334401304c0aa8ee90ed11a5f8" + }, + { + "algorithm": "SHA256", + "checksumValue": "5e1fee30b775716756f7f35ef3fa8ea2ce9181b7bd09638c2457b40961d3cbfb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/OSSL_PROVIDER-base.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-OSSL-PROVIDER-base.7ossl.gz-08389c7ca7020248", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "51c822dbc7f5d7e3e24021ac54a26a466bb1fc5e" + }, + { + "algorithm": "SHA256", + "checksumValue": "75ce22e58e16f3676d8048d80988c9e04164280940c134a22406c196cb8397f5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/OSSL_PROVIDER-default.7ossl.gz", + "SPDXID": "SPDXRef-File-...man7-OSSL-PROVIDER-default.7ossl.gz-dcfede4baf820cb0", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3e712c877b809c2b7ea08e8d20ebadcc86a350cf" + }, + { + "algorithm": "SHA256", + "checksumValue": "5634d71e60866269838a5d76079d2b334e70bd5d7fd46b99291dea8b6ba2d1ca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/OSSL_PROVIDER-legacy.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-OSSL-PROVIDER-legacy.7ossl.gz-953494b038436cb6", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c8742ee755b5cdef416fa41177137859947ba5d5" + }, + { + "algorithm": "SHA256", + "checksumValue": "06c925a915991c880ed7a7a02237c15e9f836155a5d31d52ebbd04a15822da08" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/OSSL_PROVIDER-null.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-OSSL-PROVIDER-null.7ossl.gz-8824c210f678a8fb", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0809fff2a8ddc81188175c8d877471835e1299dd" + }, + { + "algorithm": "SHA256", + "checksumValue": "6f1eb27a9bda8f1c2995c6d049cb351536931594c6bf1e0630b09e14332963ee" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/OSSL_STORE-winstore.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-OSSL-STORE-winstore.7ossl.gz-c302d53de8a0a610", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bc55b8b0392553cc5ada762f492b72c630de7327" + }, + { + "algorithm": "SHA256", + "checksumValue": "13b5944e85181062fd4a534b0d7f36f81d338f0eaf86745616178e608547fca9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/RAND.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-RAND.7ossl.gz-b4eb6556380b1ece", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "29c49852d32bef1a68842bb89a7d2eeaebc35d0c" + }, + { + "algorithm": "SHA256", + "checksumValue": "9a7b237d5484cd1511f2eaf54f3b86b1038fad924d179a0261bffd2c336d0291" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/RSA-PSS.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-RSA-PSS.7ossl.gz-8f3b76c59363aa11", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5da2bf95c85997466406a6f771e66c8a114c8216" + }, + { + "algorithm": "SHA256", + "checksumValue": "ee7e644c043ce90a627f9674b744d88a1adfc1f3881d07e09d4c2b498dc3050a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/X25519.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-X25519.7ossl.gz-40616822d43702fa", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9738a115ce54e0bd2f570df81191abd91326ec53" + }, + { + "algorithm": "SHA256", + "checksumValue": "6a35d5639f030ce4a971216a70e04b265c1e9766032a2045876bbc680470c841" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/bio.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-bio.7ossl.gz-9850eedf46693151", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c1523f3a9accf1e225f3794375d56ebcd77d1dac" + }, + { + "algorithm": "SHA256", + "checksumValue": "2256cd5b5747dfd314c8ef649d77d7f0c687536f19aec0f9011dee25ec1c064c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/crypto-policies.7.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-crypto-policies.7.gz-e805870ce82f9ddf", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9092074e065d28c81e81f837863f0139267a2b04" + }, + { + "algorithm": "SHA256", + "checksumValue": "b7798e9f31248342b6a56b6a9555a65fd61f5180808fb98ad26a63b6fa49b8dd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ct.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-ct.7ossl.gz-ac109f4be4188339", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a9d10e3e13b0f80c8edbab5b8e906cc548a982cd" + }, + { + "algorithm": "SHA256", + "checksumValue": "11d22a2651b8066d55c4097519b8fa31ffc85e8a560c9dbbf7c888544153da1d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/des_modes.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-des-modes.7ossl.gz-a3f6b17683961d43", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9581228b6faa042cc2f9dbe96119ce035c771f9a" + }, + { + "algorithm": "SHA256", + "checksumValue": "7d9153f3059a6980686573193bff3d6261ca162190b27d6af5b947d76398671f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/evp.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-evp.7ossl.gz-6c8868eb7d22aacf", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e4e477582992ca7b05e085b2b187feffe1e987dc" + }, + { + "algorithm": "SHA256", + "checksumValue": "0a76b75e6e34ae1195b5983fdc5a91a37037450b62a5433cb059ccf3ecd43bdd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/fips_module.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-fips-module.7ossl.gz-ad74469e5bea331e", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "94e69b35050c41b5263e99b4ee903d90dff37fbe" + }, + { + "algorithm": "SHA256", + "checksumValue": "020fab93e995d03b95189a11d40e81a4422d295db9c3396083f4e95861e436ae" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/kerberos.7.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-kerberos.7.gz-6dd72dec86149806", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b4a71a4ce27c9392e96f4195573ed7499fe68f46" + }, + { + "algorithm": "SHA256", + "checksumValue": "06b401f61c72c02d37d8584572696df5fe8891686727f40d2636ca5f44435bc6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/life_cycle-cipher.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-life-cycle-cipher.7ossl.gz-a16275234016a655", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "70893e5bab72c671f02d2ee3334f8044cd2ac6d6" + }, + { + "algorithm": "SHA256", + "checksumValue": "c13bcd281901af42ebe19fa5ddbea78185d0efb5c73628d25cc0fa03f95444a9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/life_cycle-digest.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-life-cycle-digest.7ossl.gz-f7389995945cefc5", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "aa15f4b83e9439f572a0e3c8267a04f97eda3b7b" + }, + { + "algorithm": "SHA256", + "checksumValue": "f735bc4ffb52b870581bbfa5813b14ac278694c19611e65d21ef7390759af50d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/life_cycle-kdf.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-life-cycle-kdf.7ossl.gz-7075d77f48f819db", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "408469cf7bdf2b6ab284c649cec92cf007e6fc1f" + }, + { + "algorithm": "SHA256", + "checksumValue": "f59a36ed427968aecedb7d0325b2b0753cb90793d6c36f6286fd471479cb9a40" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/life_cycle-mac.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-life-cycle-mac.7ossl.gz-9198d6c05a6327fb", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ed0509a593721be29dbc2cd6e0a794f2772def87" + }, + { + "algorithm": "SHA256", + "checksumValue": "fb65415767b528fd9707e5048e7e3349e66058e8cd511b8d7934fe44b1fd4743" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/life_cycle-pkey.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-life-cycle-pkey.7ossl.gz-127b13d2bc472163", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bd2575ad5fe2b10be688ddd51267c48da7ecc3ce" + }, + { + "algorithm": "SHA256", + "checksumValue": "5b489671bbd1fe2aece3a1eb7a7a830188db05d0d1cd0d465a9d1444b6202e07" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/life_cycle-rand.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-life-cycle-rand.7ossl.gz-8e00f1b19b53f224", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "af469a4b0cb6490c6a5fe5816e04417b6983223f" + }, + { + "algorithm": "SHA256", + "checksumValue": "4ddff0ef7c386842680f163aa46afc4ee4b1cc628534835341a0a4457b060252" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/openssl-core.h.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-openssl-core.h.7ossl.gz-9405b70229ad2c0a", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "734863517602e4c431c5de0476edf41b37734b51" + }, + { + "algorithm": "SHA256", + "checksumValue": "a0ca28b82dd85492206f6e397c01b6bcc186b0b626db4b98efe95c47221d2bef" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/openssl-core_dispatch.h.7ossl.gz", + "SPDXID": "SPDXRef-File-...man7-openssl-core-dispatch.h.7ossl.gz-50eb8ce87c65d0b9", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c1c76d96a6aeeb191690466f8c5a7bd55c12b404" + }, + { + "algorithm": "SHA256", + "checksumValue": "1db039e4c77f5f1737481298a6ad81f50fed41b7b69e1c3cb1b1a82aad51de0e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/openssl-core_names.h.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-openssl-core-names.h.7ossl.gz-e7ef7561df01cdbd", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5d6a893f1ba6093434235d4f769c993bf2e8b64e" + }, + { + "algorithm": "SHA256", + "checksumValue": "7cac2f3cc5a889d0c368abac794c451a27a0c90efe8a85e940e9ea46c64ab4a7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/openssl-env.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-openssl-env.7ossl.gz-93aca83efcab4231", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "76d23fd440a1a4156084bc648c518056de658166" + }, + { + "algorithm": "SHA256", + "checksumValue": "15e2f195fcc9a9da18e513f6e414147f4bf0dc9b27b61de13fdc62315d7e9c96" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/openssl-glossary.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-openssl-glossary.7ossl.gz-9318266d310bb3cb", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "52e6dcaee085dae678d41a589157b7460d14f700" + }, + { + "algorithm": "SHA256", + "checksumValue": "5a56b5edd88416097bce26a92f31448e28e08e3e23a3e1d3f80bd8e1cffbba61" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/openssl-qlog.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-openssl-qlog.7ossl.gz-9c4dff099946523a", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5e93c37f505bc84caef3a863c9b302df8aacd4a9" + }, + { + "algorithm": "SHA256", + "checksumValue": "1de6e247881905868cda2bee686da11e2fe0c67375c2670a7412eb9e852fd8b0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/openssl-quic-concurrency.7ossl.gz", + "SPDXID": "SPDXRef-File-...man7-openssl-quic-concurrency.7ossl.gz-1cf26eb3e5d7d8f4", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b107a17baef168902f1281ef988b9427e9271f02" + }, + { + "algorithm": "SHA256", + "checksumValue": "54d7d935831ed4f1f8dcb8b50ac4fadb458492c16cb9209978c001a19a1d5501" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/openssl-quic.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-openssl-quic.7ossl.gz-e79d0b5e8522462e", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "30b9d2cc50e8f3b61c2ce9fd38d1e48ac6287a3e" + }, + { + "algorithm": "SHA256", + "checksumValue": "86ac52650a21a5ed93c2075c744171fb448ac4aadab51298dc38d1157a613971" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/openssl-threads.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-openssl-threads.7ossl.gz-2f61072da3b72ad2", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2f88d7d36f7b6f89d48ee0b3dd058480ea4a4a9f" + }, + { + "algorithm": "SHA256", + "checksumValue": "ad0782bc2b97d5eb164307e8c278f7d5064f4bd30a4b182803dc619bb509565e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/openssl_user_macros.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-openssl-user-macros.7ossl.gz-45bce5e300fd4ccf", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c6acb125ed1d512523040c28f6cf2b8810891de4" + }, + { + "algorithm": "SHA256", + "checksumValue": "98b6f19211cf4ec8e937bd3e84e795fcb0c82f23141d3abc5f3d6e30ebf63f30" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl-guide-introduction.7ossl.gz", + "SPDXID": "SPDXRef-File-...man7-ossl-guide-introduction.7ossl.gz-34f86a316b899160", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f7bcdeb3e454a6ad13893ebd17352071b752f8a4" + }, + { + "algorithm": "SHA256", + "checksumValue": "58b9b4fd3306f54579797fe9b3404b49a501bc985076d1bf57b11dce9e487973" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl-guide-libcrypto-introduction.7ossl.gz", + "SPDXID": "SPDXRef-File-...ossl-guide-libcrypto-introduction.7ossl.gz-9472f49a2146cbf3", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a1ef6b3d821dd73082b65a843f8c7f3ae0e0333f" + }, + { + "algorithm": "SHA256", + "checksumValue": "c02386a18012d0dd8ebd6eed739e25516fedd000532f843fd24d6326120e8e2c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl-guide-libraries-introduction.7ossl.gz", + "SPDXID": "SPDXRef-File-...ossl-guide-libraries-introduction.7ossl.gz-a90401c687aafd46", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8274bc10267b68ea0362006359dd37a1486c8797" + }, + { + "algorithm": "SHA256", + "checksumValue": "11895eb4691400975a03ef5b2828a233a418cdd17675d27e8dcf65993d9614b0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl-guide-libssl-introduction.7ossl.gz", + "SPDXID": "SPDXRef-File-...ossl-guide-libssl-introduction.7ossl.gz-38c9e9de9ef8b1bf", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "deab25bc149dbc97b0e1a49cb29c7c6eb2af5e46" + }, + { + "algorithm": "SHA256", + "checksumValue": "71f8479fa3655690a01218f3b68e5311a55749a14f339566d0b7d91d8068b53b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl-guide-migration.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-ossl-guide-migration.7ossl.gz-b8889875fe5d8ccc", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e045b3d467d7fa6758770a091b4525dab98d0d3b" + }, + { + "algorithm": "SHA256", + "checksumValue": "1a77c395329528a07988f504fc59ce0e0799d2f0469cd941d8a7e35b48b81a6c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl-guide-quic-client-block.7ossl.gz", + "SPDXID": "SPDXRef-File-...ossl-guide-quic-client-block.7ossl.gz-28dfcfd179be0b78", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "490635fd5c0392732b2247928b5f0b3a8169bd2f" + }, + { + "algorithm": "SHA256", + "checksumValue": "4763b0fd4136950e01479bbe8760ebf00c2b96e95e788ea91224bd3db7c136f7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl-guide-quic-client-non-block.7ossl.gz", + "SPDXID": "SPDXRef-File-...ossl-guide-quic-client-non-block.7ossl.gz-45807708e472faea", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8f6f67c3133af8a0a251c9940683d85aabc8893c" + }, + { + "algorithm": "SHA256", + "checksumValue": "af5a966bbf726386772879b40bdf11a3be4ce5b28d65ee37f1af800b1e73d2f2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl-guide-quic-introduction.7ossl.gz", + "SPDXID": "SPDXRef-File-...ossl-guide-quic-introduction.7ossl.gz-460d5c116f6223dd", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "920622e5cb29ad036559668d9fd403008ec85b1d" + }, + { + "algorithm": "SHA256", + "checksumValue": "2b7874c08565763002478362fe83955be43155ab0d8ce31ce4a5b86a06b01789" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl-guide-quic-multi-stream.7ossl.gz", + "SPDXID": "SPDXRef-File-...ossl-guide-quic-multi-stream.7ossl.gz-ddd66b78c7891cd8", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9327ca8a5364b603a3afde411d4ead6cc2489171" + }, + { + "algorithm": "SHA256", + "checksumValue": "e6bf5243f928ac1e5024380ebeea8a3dd6ef9570ee88595cac42889efe78ea72" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl-guide-quic-server-block.7ossl.gz", + "SPDXID": "SPDXRef-File-...ossl-guide-quic-server-block.7ossl.gz-3dfdfeadef568451", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fa62ed5cc5069839268b39b4e7ff4266dc41b9a3" + }, + { + "algorithm": "SHA256", + "checksumValue": "44e1b008149d71f66e129c0ab092bafebdaf4ac444558bac3d2f2132965a3769" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl-guide-quic-server-non-block.7ossl.gz", + "SPDXID": "SPDXRef-File-...ossl-guide-quic-server-non-block.7ossl.gz-fa9a2006ebdb8c1b", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a724051b9bcd56ff95fd8dae07b6e9e7c4332e0b" + }, + { + "algorithm": "SHA256", + "checksumValue": "5134015cfcc302ad4b548be43fce0c07947401535e638b973b38f15d405f3ab2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl-guide-tls-client-block.7ossl.gz", + "SPDXID": "SPDXRef-File-...ossl-guide-tls-client-block.7ossl.gz-00e72aac91d28573", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fe783dde1f04fcd631024c52777e90e4a13871ac" + }, + { + "algorithm": "SHA256", + "checksumValue": "c6a2090730762fac75b257a545fa3dced6e75be8303269ac0696ce58a883f47d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl-guide-tls-client-non-block.7ossl.gz", + "SPDXID": "SPDXRef-File-...ossl-guide-tls-client-non-block.7ossl.gz-0d6444570e9a4441", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "308da4f7d747dd91fb91be866b0506d4aa4615bb" + }, + { + "algorithm": "SHA256", + "checksumValue": "28410b61c2b970d20bc764f5abeae9a37d1eb8f2c1a7d46eb857ce278abcc7e0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl-guide-tls-introduction.7ossl.gz", + "SPDXID": "SPDXRef-File-...ossl-guide-tls-introduction.7ossl.gz-30ba784dfcde4319", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "66ca0b0e1eb4c83d78783dbb88530205d7bfc30d" + }, + { + "algorithm": "SHA256", + "checksumValue": "6bb4d4c2d4dc5d52b9754a262d2872be9b11156391431c238b510de7e797be62" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl-guide-tls-server-block.7ossl.gz", + "SPDXID": "SPDXRef-File-...ossl-guide-tls-server-block.7ossl.gz-70a4e9c2614d0bc8", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "43ad31ae3b8a992032815515fe5ddf75eb359cf5" + }, + { + "algorithm": "SHA256", + "checksumValue": "7807df01a66dc902145ef198014df925c21a6a39b7d773f0739f7f6a4174bb05" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl_store-file.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-ossl-store-file.7ossl.gz-98d38560381f1526", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "103ac6fc1d5fd58bb4b381a41eae522898f0d329" + }, + { + "algorithm": "SHA256", + "checksumValue": "7b6f1097befa944653d94d5e56310eb54ff1aca43587b2234ae406a49469137a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/ossl_store.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-ossl-store.7ossl.gz-1ba2765c720edf90", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ce9d916acd000440edced818f653ea92d1332f62" + }, + { + "algorithm": "SHA256", + "checksumValue": "f31e0262ac1704c7fe3ba04f0afde26bdf7184abe396946374d9f08e8664cd81" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/passphrase-encoding.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-passphrase-encoding.7ossl.gz-1fc819056b194ba1", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "40f293dbdcdb287c235c05caec5aa3cf5bb538a8" + }, + { + "algorithm": "SHA256", + "checksumValue": "4e62afbc88c4a4def0aebfd7ee39019f8138fa07ebe823b0fe416151d55f22b9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/property.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-property.7ossl.gz-4c23c7378d159b46", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "aadbc0acc9aee369e63077355d5dec4fcfd9d142" + }, + { + "algorithm": "SHA256", + "checksumValue": "271dcb89afc8604fa7bc07d54e802718889b30dd9d7ae7453693489add058c8c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-asym_cipher.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-provider-asym-cipher.7ossl.gz-7f4b6e2448ed3140", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d6539c607153083d988e98d2b8b007f1c4653c7c" + }, + { + "algorithm": "SHA256", + "checksumValue": "e84fed2c876fb58311e6222289b5dc3d48b984c96f6a06979af8f13689ad1b8f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-base.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-provider-base.7ossl.gz-3ad33f14bbbecc4f", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6b7abd391ffcb2e8177e794d7f0b6f4984c2c77a" + }, + { + "algorithm": "SHA256", + "checksumValue": "6d81d8a87df7066c1708d2949785beae4c0413675895ee9dcc57ed354b1c27c4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-cipher.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-provider-cipher.7ossl.gz-bb179cb5784643e0", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "28b4a633e66dec774e0f8e3399d50378b9de5554" + }, + { + "algorithm": "SHA256", + "checksumValue": "ecb6f6166b1b89149185c868145530830864b5a4895ff60effc25c9d553ea183" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-decoder.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-provider-decoder.7ossl.gz-95755bdbf4c35b87", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "91a0f2587ee512857e8f46ad1dd0244937886ca7" + }, + { + "algorithm": "SHA256", + "checksumValue": "948ae40cb4108897e0e6a318d0093ef6131ba2c14dbcae54b64d87ff88509cee" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-digest.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-provider-digest.7ossl.gz-35251537084ad631", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dea983f70e57712848006b172d874429c465d3c9" + }, + { + "algorithm": "SHA256", + "checksumValue": "f749d6c6f93e362523ffd44025ec2210abbdfde3aba18777c7b704c6f6682df9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-encoder.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-provider-encoder.7ossl.gz-35e43fc4d5dfd95a", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2b02c3f5f28f8a3f67b22ddc87d7535bd1e0214b" + }, + { + "algorithm": "SHA256", + "checksumValue": "4a05eed4b3ff9cd8a1d209f417d60db1f1ec1cd6ae404d4b72b741cca8465036" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-kdf.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-provider-kdf.7ossl.gz-3b7481d6c56feb94", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "aed5bb3c0154796048825dc43648b0bd2527b3ef" + }, + { + "algorithm": "SHA256", + "checksumValue": "897d92ab8281d249cd641efa69c308844ba027f636dfae1e53954ed64c44bd15" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-kem.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-provider-kem.7ossl.gz-18ede0deb982b800", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5a12d1a9dc6291510e1cbd9c611a8504e9e83490" + }, + { + "algorithm": "SHA256", + "checksumValue": "b12b54cf732e7c0cd687ae71052b9f9174da0508f504e6fc8d994a3a5b29577c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-keyexch.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-provider-keyexch.7ossl.gz-d99e42a25be30c76", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "10e25eb58a272682017167ececd786c1dff7aa94" + }, + { + "algorithm": "SHA256", + "checksumValue": "af8d7802d1f7ab5ac8f9f427e19603274138a346e77d993bbca771ddf83e14dc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-keymgmt.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-provider-keymgmt.7ossl.gz-d9f36e6fed776f19", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "94918a793e449274ec2a23ff241dd20426bc5248" + }, + { + "algorithm": "SHA256", + "checksumValue": "07180dc901461cc192ba2850e63cf745b166d35c3b081f2d262d5414098c461d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-mac.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-provider-mac.7ossl.gz-3af3c17164dced1d", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1042a1af952ca945bf2079b2c61d84535683e5c9" + }, + { + "algorithm": "SHA256", + "checksumValue": "df27f247c67cc68bc59a824696bf3ebe29d67178f8d25239846d1d5d4fe526da" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-object.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-provider-object.7ossl.gz-ad7650e90c02e7ae", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2548ecff1ae1bf7cca830a08cb7bc2f231b07d06" + }, + { + "algorithm": "SHA256", + "checksumValue": "1c24a0f260f4c76386cf6f9526ad2a16713ea61830a5ee1efbd96afc28d0129e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-rand.7ossl.gz", + "SPDXID": "SPDXRef-File-...share-man-man7-provider-rand.7ossl.gz-64f306c08f107916", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cb184c2a5334e15890ad365c7cccb8a8445d0169" + }, + { + "algorithm": "SHA256", + "checksumValue": "fc8dc315b18912235b729b50877149c6c9d13caa8e7fc5ef03aad52e1f736085" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-signature.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-provider-signature.7ossl.gz-2e6e0bd2077d78e3", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "715e7f9c33b59fc00c6d6124c671e7941c876ad0" + }, + { + "algorithm": "SHA256", + "checksumValue": "91a46ad91428eb1b168c4930e43beaed4018ffa81f6c3a47933355c75d33d945" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-skeymgmt.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-provider-skeymgmt.7ossl.gz-807793bc82961c26", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1747905ee5f313c2e5b223bdd7b3e0aaf81b8a3f" + }, + { + "algorithm": "SHA256", + "checksumValue": "74ad115441e7b953dd94f2da033f77857770397b4c5da64b4ec74ee96e790108" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider-storemgmt.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-provider-storemgmt.7ossl.gz-04979271e7e61cf1", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7b31524aa1649d055ec98908b22d5b8e104684d1" + }, + { + "algorithm": "SHA256", + "checksumValue": "6a4a17abd97359423c43b8f6477e5d796625306c29515af42bee32fb21590282" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/provider.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-provider.7ossl.gz-afa96907b0c15332", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "506fcc2fbd3d1d6420703b727deb2b46374db304" + }, + { + "algorithm": "SHA256", + "checksumValue": "c2fdede907af8ea7f09fea83a579d523b19a4cf75acb6ba0fe3b3588aa7b8131" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/proxy-certificates.7ossl.gz", + "SPDXID": "SPDXRef-File-...man-man7-proxy-certificates.7ossl.gz-d9428be1cfec208f", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b48e136e84af7b2258a6f518629f50043cd6533c" + }, + { + "algorithm": "SHA256", + "checksumValue": "d0b141855efc0cd70db908af40ca55b3e6c71919d8807c918196fb5ef27502a1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man7/x509.7ossl.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man7-x509.7ossl.gz-8cb4be846bdf4a6b", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a173922261cc5bbd3279368a724499167db4ad8d" + }, + { + "algorithm": "SHA256", + "checksumValue": "21773cae697cf5d36cb055b634850dab6bc9afb274a21f6d8d36d6e79df866a6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/alternatives.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-alternatives.8.gz-f7da459eec88b367", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "818233332f9b07a1351710ff6ee9a1d520a803db" + }, + { + "algorithm": "SHA256", + "checksumValue": "486f5011e513cfe9f2aa0fc837f38927c8c2af7b1a54e0d919d43645e552d829" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/ca-legacy.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-ca-legacy.8.gz-979f7169936e88d6", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5201c006b12e6327ffdbd3e66074debfb320e0c7" + }, + { + "algorithm": "SHA256", + "checksumValue": "25cfe6db0a9f9ab8f0476903cef280c5a073f099519ae4ddd0a073eefa53cd17" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/chgpasswd.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-chgpasswd.8.gz-8c6e70c8073dd743", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "136c56a24d755ca13c5b978c71e7fc28b98bfed4" + }, + { + "algorithm": "SHA256", + "checksumValue": "a6e0963808914bbdd01576f37d8fbc0a56a389360f9cb7528b606b93ad65b0fe" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/chpasswd.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-chpasswd.8.gz-04f2af066de0b149", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0780c29d9da452188982c3c69df39e6d153bc3c6" + }, + { + "algorithm": "SHA256", + "checksumValue": "e99b4d1203743bf05eb9616888310c0c5a01b0c4eb5bf75e119c206e44b6c33a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/getcap.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-getcap.8.gz-508f3556caa1e8ec", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e89253471e0e928279ce7cb0722a13f078189e52" + }, + { + "algorithm": "SHA256", + "checksumValue": "8504a853a37e47cd61a3f0dca3eb3c10a64df63c7f185bcc98b9fd3f34a26b38" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/getpcaps.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-getpcaps.8.gz-ae8e6fdb3bff5894", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "977480bfc147a0fc6aea7dd0c04ceabb41be7307" + }, + { + "algorithm": "SHA256", + "checksumValue": "cb777f28334500ac5b37bdfb0325b2bbe12c1f08953686c9a94eaa6366dbfb02" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/groupadd.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-groupadd.8.gz-c8eef5d64160aec3", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d0b763acf648a0dbbda72be270755fe05ca70733" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ea1978377b2a22456443edcf6889cb8a74b65026bafd417df8da981e5a1d9d0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/groupdel.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-groupdel.8.gz-9339aac8feecce6d", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "619452d0cf3bd7f40c72e80eaacb4dc039f32c5f" + }, + { + "algorithm": "SHA256", + "checksumValue": "b90f55b4f492761d2ecdadfe518c1d30080af13b7ee53a8d77c51976530db624" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/groupmems.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-groupmems.8.gz-7fecc962fc876f80", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "078bd8cff1a8a484b6c174293a5af7eb8db9fbd0" + }, + { + "algorithm": "SHA256", + "checksumValue": "3155aaa0d9c29b2449222888e74ac34b1684d3537d89973b9ad9958a2f09615a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/groupmod.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-groupmod.8.gz-aaf3bf68249c31a2", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "be810cba867f850445b74f256e774c5dbf784cc8" + }, + { + "algorithm": "SHA256", + "checksumValue": "dbaa039b771872344ae1576c813109c3bbf5cd09d5fd1cdd4aa031379e308eed" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/grpck.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-grpck.8.gz-f6867945d3c955d1", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "40ce8cc87b86f961d0a4024aace6f97317aea84b" + }, + { + "algorithm": "SHA256", + "checksumValue": "4f9d17ad9c8aeaa651ded8f6457a71192c07ece9091899ab7fe9002e92202698" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/grpconv.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-grpconv.8.gz-c95c777efd3b33f0", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d189fb1bf8491582d6e8372db76c20a98b53aeec" + }, + { + "algorithm": "SHA256", + "checksumValue": "1de2873f0b66dd4bfc3d78fa621727e9b01a1304dd2f627f8ef92e454c06fdf0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/grpunconv.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-grpunconv.8.gz-e7c59d719c145ebe", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d189fb1bf8491582d6e8372db76c20a98b53aeec" + }, + { + "algorithm": "SHA256", + "checksumValue": "1de2873f0b66dd4bfc3d78fa621727e9b01a1304dd2f627f8ef92e454c06fdf0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/lastlog.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-lastlog.8.gz-bf13bb4fc87a4e51", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0122c24d33c3f1f5921cafee5c565d2f66dde371" + }, + { + "algorithm": "SHA256", + "checksumValue": "1b68dd77880e9772b3fa4c0ff0547a91d24a07c8ac220897fc608342526d6342" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/libnss_myhostname.so.2.8.gz", + "SPDXID": "SPDXRef-File-...man-man8-libnss-myhostname.so.2.8.gz-32ecdc00bc8f1320", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c32a3c7e2dec394629f98e8ba10f8c0cdafacc12" + }, + { + "algorithm": "SHA256", + "checksumValue": "b2f995e61359cb0efbfb6b3356f29136fd7e1c15ee1c3d3909ac0cc9e92826d5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/libnss_resolve.so.2.8.gz", + "SPDXID": "SPDXRef-File-...man-man8-libnss-resolve.so.2.8.gz-8913e02f37ae1f62", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e9dad32e403cd4c43b4345b93e6d45c640374312" + }, + { + "algorithm": "SHA256", + "checksumValue": "a68b9870d5051a5c63125019047f4ab0c9ffe0b94e3fb829d6df75a572ba87d0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/libnss_systemd.so.2.8.gz", + "SPDXID": "SPDXRef-File-...man-man8-libnss-systemd.so.2.8.gz-c941dd2fee8bc9dc", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1d362af7faf3ec53d5a2133f21ea739acc60ce29" + }, + { + "algorithm": "SHA256", + "checksumValue": "3b085ed21510b7f307f8af04e73d95c854d12d6c51749a801ab6bdbd6d679213" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/newusers.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-newusers.8.gz-3a93c2921610e609", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e9b810435a301aa1ffc3bc18261734b7f2cb3b86" + }, + { + "algorithm": "SHA256", + "checksumValue": "cb947b80687c563cfb42f114b44bda8a112aabd076b7417dcd1c424ab7da6e0f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/pwck.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-pwck.8.gz-d666a7310157583d", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cb7de92f791a4c3e215abf5b3f661bb678804da5" + }, + { + "algorithm": "SHA256", + "checksumValue": "8d6053d9eda3b481bafeba7c65336af76445c5a0ede868be34c7049d0df9d354" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/pwconv.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-pwconv.8.gz-cdbe43f9ded41de2", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5f6e3000b970ff90ca84a6a1491205b7e0a0a152" + }, + { + "algorithm": "SHA256", + "checksumValue": "836530469af58342f13c40249a226ca018ed0fed400f9336cc0a4a4fb4864821" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/pwunconv.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-pwunconv.8.gz-1fac9ba21322fcea", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d189fb1bf8491582d6e8372db76c20a98b53aeec" + }, + { + "algorithm": "SHA256", + "checksumValue": "1de2873f0b66dd4bfc3d78fa621727e9b01a1304dd2f627f8ef92e454c06fdf0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/rpm-misc.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-rpm-misc.8.gz-34bd4326f0fa931f", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e8b146df669f0070864ac3f445ff3b8fe1bca8eb" + }, + { + "algorithm": "SHA256", + "checksumValue": "a8c647b82726c4c7f7c5bb89f7b16a8c638e575c51b912adcf9d29fa5e5d12ca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/rpm-plugins.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-rpm-plugins.8.gz-ea9a00cfc2cc63bf", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6931194c9791b7a445ea7037b47f9eb7680a9edb" + }, + { + "algorithm": "SHA256", + "checksumValue": "e4877aa3aa292ca6c369b372bd65b08385ef1a8f98d328a643a5e743a0634395" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/rpm.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-rpm.8.gz-b0fc8d476106d1c3", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9957f080b5e278d1b2195ed0cf7bf1625dea04d5" + }, + { + "algorithm": "SHA256", + "checksumValue": "c177bafab7ba5a754b7aef7e901e23bb70fb21a265f5b0554bedd41d44746899" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/rpm2archive.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-rpm2archive.8.gz-a0780dbff54c9fb1", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "911d5924e3eb690f626f11c90a6be5a7c1f44194" + }, + { + "algorithm": "SHA256", + "checksumValue": "1fa08dc7c7f37f287e802fb28759b33c7175440051582fe86be9b95995651584" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/rpm2cpio.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-rpm2cpio.8.gz-aba75d947d4bd17c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "675c49d1a25af76dd3ce472523ba0249a10149c2" + }, + { + "algorithm": "SHA256", + "checksumValue": "f3853aef7abafb2a402738fbc85ad008c2cb7c467f909522013abfba00de97b4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/rpmdb.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-rpmdb.8.gz-aff45e84ed41704c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "00d72f6bb991a17086ef1c53b78b6b57866a5c23" + }, + { + "algorithm": "SHA256", + "checksumValue": "e4e15b316d7d83b2cb18b59426b532ed1cdb3da8d546475b154f53b5abe96e61" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/rpmkeys.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-rpmkeys.8.gz-97eb1dd3d3eee063", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9326a64f1444320749a28a8f4c9681eff7d3f4f5" + }, + { + "algorithm": "SHA256", + "checksumValue": "1ff622afaae4ec05292f0284c991fc4f3cbaf295200372c410a89cad3c6dd404" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/setcap.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-setcap.8.gz-d8bdde81208a0a93", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16024ae1cbcfa2e29a87c946685914c0b5b5cbbf" + }, + { + "algorithm": "SHA256", + "checksumValue": "c0e7af5d94de223a697069acd7013f4a456cd51f0139c63d3300b2071ab77fca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/update-ca-trust.8.gz", + "SPDXID": "SPDXRef-File-...share-man-man8-update-ca-trust.8.gz-b63a0a7b01d148eb", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ed5fa2893af5184ed19ffc6d53c64aad689ef742" + }, + { + "algorithm": "SHA256", + "checksumValue": "9dcfcf93ce9ced75a8851784380629b539f5ff1db97ec2bd65409f3232ca692a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/useradd.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-useradd.8.gz-7f383931a464767c", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b75ae8de1ad3e162fdce683b1893a5ad13b9f3c0" + }, + { + "algorithm": "SHA256", + "checksumValue": "a35494b203a2ead241817fd820a8ec268d9a8cfefa003024087c98106826c202" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/userdel.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-userdel.8.gz-5bfd1be1aabee033", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c1e904ff64e50009a8bf518024235b2751c4d968" + }, + { + "algorithm": "SHA256", + "checksumValue": "144ef60d536a87f9b80e3c97e64f4326129e46f14b26fa4e98be9f9ba9da2972" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/usermod.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-usermod.8.gz-03871e262f623541", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5eacb2fcb99da51b839441c17febace553c65800" + }, + { + "algorithm": "SHA256", + "checksumValue": "980486b182a2d5510cbe6abeb17e3978f93bd6fa706c66346e04bbecbdfb019c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/vigr.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-vigr.8.gz-20916f2b078a8aad", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4df34d59dfeb44f70569075cf7829708e09c8aaa" + }, + { + "algorithm": "SHA256", + "checksumValue": "d7e13de50506fd087784c5e0c52eb496c3daae11deae8e684eabf69b45ddb3db" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/man8/vipw.8.gz", + "SPDXID": "SPDXRef-File-usr-share-man-man8-vipw.8.gz-fbfd1d356eb4ddb3", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3373698a38f25bcb090465170c325c9641738dae" + }, + { + "algorithm": "SHA256", + "checksumValue": "23b1f5cf9b7e925790e9a1b0826e55aef807db34463c247f44eeb07316818f85" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/man/ru/man5/semanage.conf.5.gz", + "SPDXID": "SPDXRef-File-...share-man-ru-man5-semanage.conf.5.gz-aa7a3466a80a0996", + "fileTypes": [ + "APPLICATION", + "ARCHIVE" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8fe7766ec7a6e24aa691396a976309d150acff2f" + }, + { + "algorithm": "SHA256", + "checksumValue": "3e66d6385e45e9085de1095632a5facf1004ce796b50e9f011d1ed2c80c946fd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/metainfo/org.fedoraproject.LangPack-Core-Font-en.metainfo.xml", + "SPDXID": "SPDXRef-File-...org.fedoraproject.LangPack-Core-Font-en.metainfo.xml-e98ab666782456f4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6494351e87c01b3e4409e333e7c8e87b5f950732" + }, + { + "algorithm": "SHA256", + "checksumValue": "be64c7e7cca4e95d49d067a22b0bc30622349d798696271a15759b7008f08fde" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/metainfo/org.fedoraproject.LangPack-Core-en.metainfo.xml", + "SPDXID": "SPDXRef-File-...org.fedoraproject.LangPack-Core-en.metainfo.xml-c3b61ebf351721f4", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bbbd19e285d8d567a19b58c9267ed68f04abf5d0" + }, + { + "algorithm": "SHA256", + "checksumValue": "d0ba061c715c73b91d2be66ab40adfab510ed4e69cf5d40970733e211de38ce6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/metainfo/org.fedoraproject.LangPack-en.metainfo.xml", + "SPDXID": "SPDXRef-File-...org.fedoraproject.LangPack-en.metainfo.xml-66e657ce713db75b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3898c0c6353d8d4871e89dbb04f05e5bdb11fa4c" + }, + { + "algorithm": "SHA256", + "checksumValue": "3d8d5f74443d23b5a2d5f36ffa1937389d8960cdc748a1a1a88d061fd0e6e13b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/metainfo/org.fedoraproject.dejavu-sans-fonts.metainfo.xml", + "SPDXID": "SPDXRef-File-...org.fedoraproject.dejavu-sans-fonts.metainfo.xml-be8b1ad0cdc10508", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "43b7e5d1ba4b65989a5bfbaed80e762da82b7883" + }, + { + "algorithm": "SHA256", + "checksumValue": "32c72364ee554c4809cb06a4e4550d8cb5670b50648f0f3981a94dbfbb79efce" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/misc/magic", + "SPDXID": "SPDXRef-File-usr-share-misc-magic-42849d310597b27b", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0c15e6f907cc38c8aeaabc907639717d9ab2caaf" + }, + { + "algorithm": "SHA256", + "checksumValue": "61779c6b6e4d51b0d16cc256bac9eb5b2f19bdf06b718e95778509c92b7b569d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/misc/magic.mgc", + "SPDXID": "SPDXRef-File-usr-share-misc-magic.mgc-b8d036a3b338b686", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "251b1c0acb6ee1b8025186460dacfc73f9be8e7a" + }, + { + "algorithm": "SHA256", + "checksumValue": "56fece27ef5fb57bbec05f9b0964ad3af68723e85d4271cf4dc7b489038b6b2a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/p11-kit/modules/p11-kit-trust.module", + "SPDXID": "SPDXRef-File-...p11-kit-modules-p11-kit-trust.module-e99e8977d610e2df", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4e42aebedeb09380a0dee0d9520dfe5a1f3f1e44" + }, + { + "algorithm": "SHA256", + "checksumValue": "c9bcaa8b0366e2bef1e89fb6af4f084932d53c76da846100824015f89ff75b31" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt", + "SPDXID": "SPDXRef-File-...ca-bundle.legacy.default.crt-68b4d5db7e9b5c5e", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt", + "SPDXID": "SPDXRef-File-...ca-bundle.legacy.disable.crt-3759503d470d31ea", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/pki/ca-trust-source/README", + "SPDXID": "SPDXRef-File-usr-share-pki-ca-trust-source-README-385bef3e509708fa", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a11ae92b056325ef0add4b4726c997780295f3f2" + }, + { + "algorithm": "SHA256", + "checksumValue": "0d2e90b6cf575678cd9d4f409d92258ef0d676995d4d733acdb2425309a38ff8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit", + "SPDXID": "SPDXRef-File-...ca-bundle.trust.p11-kit-c045464a7d75f70d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5a7a2e7e5803a37883cd65038d9f014be82db3c6" + }, + { + "algorithm": "SHA256", + "checksumValue": "02ad6e337e41b5e7bea51e6def6d97f608d244d4ec134856fe0324a375af6b59" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/rootfiles/.bash_logout", + "SPDXID": "SPDXRef-File-usr-share-rootfiles-.bash-logout-b70ce668c38e8866", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "66296908ae73bd0b72b71fb15b413e9c7b81c69d" + }, + { + "algorithm": "SHA256", + "checksumValue": "2584c4ba8b0d2a52d94023f420b7e356a1b1a3f2291ad5eba06683d58c48570d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/rootfiles/.bash_profile", + "SPDXID": "SPDXRef-File-usr-share-rootfiles-.bash-profile-88819ffead5dde14", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3dd5fa8ddb34c23b4c2bac9754004e2a3aa01605" + }, + { + "algorithm": "SHA256", + "checksumValue": "28bc81aadfd6e6639675760dc11dddd4ed1fcbd08f423224a93c09802552b87e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/rootfiles/.bashrc", + "SPDXID": "SPDXRef-File-usr-share-rootfiles-.bashrc-684ba92e32e6b8db", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "11ca3585a568f82dad333b5ac15937c738d4e864" + }, + { + "algorithm": "SHA256", + "checksumValue": "7e5d5df65ced1e47aee7b016d405ace4298fd9134d6caef45e1c835078c79aec" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/rootfiles/.cshrc", + "SPDXID": "SPDXRef-File-usr-share-rootfiles-.cshrc-1cf7480adb1b706a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ea145e5186958c0c70514ab1eab4ce9cc9f71073" + }, + { + "algorithm": "SHA256", + "checksumValue": "4e9418cde048f912e4aadb76ba55045b5d9af0e0565f7091bfc752154451eca9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/rootfiles/.tcshrc", + "SPDXID": "SPDXRef-File-usr-share-rootfiles-.tcshrc-d81651ac3ba0104d", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2c691d1108be15163e3211776730031b40641d96" + }, + { + "algorithm": "SHA256", + "checksumValue": "1bb91935e2cee1d5d2ab7e8d92125acbfac12d9bf3f1c7922aa4ce77ae7ea131" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/tabset/std", + "SPDXID": "SPDXRef-File-usr-share-tabset-std-b41a49b6e27da37f", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0969b2c95d9430c81b0d4b05d81146a6cced5f31" + }, + { + "algorithm": "SHA256", + "checksumValue": "fbadb5f608b355fe481c0c7d9c6265b2372bfa35250662f81f68d46540080770" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/tabset/stdcrt", + "SPDXID": "SPDXRef-File-usr-share-tabset-stdcrt-e4b58777688d3db6", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e1fae2fc4bba672fc26554780be21d74106a064b" + }, + { + "algorithm": "SHA256", + "checksumValue": "cf6c37b18ceea7c306f7e3a5e604a03b0dfb9c22ec99163e4b52f885ce063145" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/tabset/vt100", + "SPDXID": "SPDXRef-File-usr-share-tabset-vt100-2d4b5bcf32f6cbc2", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b84fb01263cd003588e9a164e80bd0b8ea2e56b5" + }, + { + "algorithm": "SHA256", + "checksumValue": "075251754239d9973945d82b95c18cd90997acd2017393e70c8832e9297de056" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/tabset/vt300", + "SPDXID": "SPDXRef-File-usr-share-tabset-vt300-5517326a8e488359", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5246984995036718d05516acefc59c8bbd17b3ce" + }, + { + "algorithm": "SHA256", + "checksumValue": "61f8388cad6a381feb819bc6a8d299d06a853d15e1f4bfdfd6b6f40069ad4956" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/A/Apple_Terminal", + "SPDXID": "SPDXRef-File-usr-share-terminfo-A-Apple-Terminal-49fb4120d637fe1a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "961c492dc1577bd974ffea27a95c9829d5c1a586" + }, + { + "algorithm": "SHA256", + "checksumValue": "e0c164ffe1cd8dbbb8162f5f0925424c401fd2871c8e4556f6a67b2f95a1ac7c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/E/Eterm", + "SPDXID": "SPDXRef-File-usr-share-terminfo-E-Eterm-c159e8b0661e7d06", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "426a08e18cefeab7cb48760f7403433553cc7960" + }, + { + "algorithm": "SHA256", + "checksumValue": "9c6c23dd46de071e5f5ee24cb2144f82e46365c9011bd8574bf210f0c8245043" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/E/Eterm-256color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-E-Eterm-256color-0e34fb41de1b62b1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a3dedac4ce00ae3b8a14f771d212116b8a6d212f" + }, + { + "algorithm": "SHA256", + "checksumValue": "6954921767095f6869584f352abe93a025c0a7b8babe3b100082f622e9f2e7c7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/E/Eterm-88color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-E-Eterm-88color-f0ecee1a41d9766c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c1183fafbe090fac812f9167a8a6ce8f361388c9" + }, + { + "algorithm": "SHA256", + "checksumValue": "7c9db2ec3a75e199ea30cb5daf86fcc90c9a96a1ae30e941556b4b55bb8cc71c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/a/alacritty", + "SPDXID": "SPDXRef-File-usr-share-terminfo-a-alacritty-739c4c996183e33c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4814150f074b4f43052f1f51cbb088c6646ffac8" + }, + { + "algorithm": "SHA256", + "checksumValue": "d92bacc079ad7110ea07f405850bc5cb07e33a7b721bb609065e10a1b465d4c9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/a/ansi", + "SPDXID": "SPDXRef-File-usr-share-terminfo-a-ansi-9ce0eef993dd6662", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b5211ae4c20d69e9913b175c3645c5ce97837ce3" + }, + { + "algorithm": "SHA256", + "checksumValue": "93ec8cb9beb0c898ebc7dda0f670de31addb605be9005735228680d592cff657" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/a/ansi80x25", + "SPDXID": "SPDXRef-File-usr-share-terminfo-a-ansi80x25-0c3e4cf799fcc30f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b9fe14cf5f090381ae40637d02c3734b28fdd3ff" + }, + { + "algorithm": "SHA256", + "checksumValue": "acd69b88fbc9045037b562dd67c876e88cc5d2616af20b9ca6c41d33ee335606" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/a/aterm", + "SPDXID": "SPDXRef-File-usr-share-terminfo-a-aterm-11b19e39d79597cb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fb7c8aebe3d8e6842067fb9615710603e28231fb" + }, + { + "algorithm": "SHA256", + "checksumValue": "ec91b6e46b961cf52e1138691886a2de4ba2807eedd3502e5f11da197bc7cf9e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/b/bterm", + "SPDXID": "SPDXRef-File-usr-share-terminfo-b-bterm-6d9636fb6e232098", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "367f109e38c891cfc1b00849a5fa25dd44e36352" + }, + { + "algorithm": "SHA256", + "checksumValue": "b5166019760429c4d6150180f1c2dd81136488e21c36b564e605c9dc7366f1db" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/c/cygwin", + "SPDXID": "SPDXRef-File-usr-share-terminfo-c-cygwin-1d1a43393b1232b9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "76d9469b0fc8838dacfd5d3922bfc95a06a6ba1c" + }, + { + "algorithm": "SHA256", + "checksumValue": "3e04bfdcc0764f4e28655701864845752cd3f77d0c52390637ebe588f91665cf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/d/dumb", + "SPDXID": "SPDXRef-File-usr-share-terminfo-d-dumb-09084d46a70bf81b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "df4b4d8fa4137e85510ddb04c84cc7b0bfc518f6" + }, + { + "algorithm": "SHA256", + "checksumValue": "123c85a2812a517d967db5f31660db0e6aded4a0b95ed943c5ab435368e7a25c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/e/eterm", + "SPDXID": "SPDXRef-File-usr-share-terminfo-e-eterm-3ca2d9bbc94af0e3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a63bbca4434711cfa92bc50ee48ccaaff42ef178" + }, + { + "algorithm": "SHA256", + "checksumValue": "c79a54efd731abe696b0373d814c9a67839eb74229cb0f63ec436b43871b8a2a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/e/eterm-color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-e-eterm-color-1897f00c748327d1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "306abed9b67901c310e15aa32627bf31b8384b5a" + }, + { + "algorithm": "SHA256", + "checksumValue": "718af703c538849e5b13ca124dc0416a60e05f1eed5208f6d72836c51c108f31" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/g/gnome", + "SPDXID": "SPDXRef-File-usr-share-terminfo-g-gnome-2d6b3c65dcb51837", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ed1d9b1864a262c2b9d5346943bd5e1169c58006" + }, + { + "algorithm": "SHA256", + "checksumValue": "9054b3a9afffd27c0fb4748f1181703168c8f0d0ce4dd0fa83af850a8672c2ab" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/g/gnome-256color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-g-gnome-256color-117bddb3be9fc6c4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ed4c79cb7ead3eab7e776529d1d3336df1bfc926" + }, + { + "algorithm": "SHA256", + "checksumValue": "7c411676c7c6aa80510f711598786df0ef9ad986bbe9496b71d41da73734dab4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/h/hurd", + "SPDXID": "SPDXRef-File-usr-share-terminfo-h-hurd-a563a8a6f4101d54", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "015da86ead4aed847658dfc1b2a583349d5e6632" + }, + { + "algorithm": "SHA256", + "checksumValue": "10aecfba156ec90c243267284da1f9d43b8e68813e58690c5870ae8d2a5ac9e9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/j/jfbterm", + "SPDXID": "SPDXRef-File-usr-share-terminfo-j-jfbterm-9e7a24f8b9f9a4a0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3525047500b2283571e883985f716c42c356450a" + }, + { + "algorithm": "SHA256", + "checksumValue": "4598cafe3bdb6a266fbe58846482e57cece634382a0b002f95780a72df37c86e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/k/kitty", + "SPDXID": "SPDXRef-File-usr-share-terminfo-k-kitty-87088da3c73ee47a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "81c84132b8a775fa53aa1ce16ab69778009b61cb" + }, + { + "algorithm": "SHA256", + "checksumValue": "bccaa15c12d7fcf33aea0d7205588141d32c63834fca2d87e25fa07e57927f00" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/k/konsole", + "SPDXID": "SPDXRef-File-usr-share-terminfo-k-konsole-ee7f726c682ba5b0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "af0724ef2ff3ed16f4ed6d83da22fecca584dd52" + }, + { + "algorithm": "SHA256", + "checksumValue": "f0300abc7f4b5f3ddb541c68c563171b4de742c9f1be1e0e06979ad50493b08e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/k/konsole-256color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-k-konsole-256color-96c8175a8f36d182", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "52334c5cd1f77103d7078b126553d00cebc26b7d" + }, + { + "algorithm": "SHA256", + "checksumValue": "ffccaf526a120f9c52c7fbff5ac0c60a1ec1d803c562a3bb62c5ecb3ff41adae" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/l/linux", + "SPDXID": "SPDXRef-File-usr-share-terminfo-l-linux-b77f01b69f16a601", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e2ab37cc907ba18540050f28ed8b2819665ea708" + }, + { + "algorithm": "SHA256", + "checksumValue": "3eacc0f9dcd8aac29a7935eb1f78be5c51b24a5dd38065789bb326015c9a9836" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/m/mach", + "SPDXID": "SPDXRef-File-usr-share-terminfo-m-mach-5c91ea5dfc763123", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2164ebc6389b2eb81f855aff81dd512a9c0ef589" + }, + { + "algorithm": "SHA256", + "checksumValue": "ecd31c58040e5908eb434514e67620b2e4be538655126f427155760b273c7e9b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/m/mach-bold", + "SPDXID": "SPDXRef-File-usr-share-terminfo-m-mach-bold-f34d0eb0a29edab3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b31e68274d7e658c3d20302c10f3a8dee2d45a6a" + }, + { + "algorithm": "SHA256", + "checksumValue": "4e4400e3ad4df2dbbf90920860c540cd72552ca71a24b556a0b6ba62fa091b84" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/m/mach-color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-m-mach-color-5b678d76cc0043bf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "519df843a8d27ca36bb1703c3edc893135793dd1" + }, + { + "algorithm": "SHA256", + "checksumValue": "5caa825bd606e26c8b6c55a3206eccfea525e788f74da5e7cb48cc713db52239" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/m/mach-gnu", + "SPDXID": "SPDXRef-File-usr-share-terminfo-m-mach-gnu-a968fc110e78a7e9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bf9269b2a7a463c68e2ba9200b28ae3115f6b362" + }, + { + "algorithm": "SHA256", + "checksumValue": "99372cd399478be723230692595362004df345dee6c4145e4d109113a2357717" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/m/mach-gnu-color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-m-mach-gnu-color-84b5e513d406987a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4466e8a9353f3400cfba527abcf0d26c28f364c2" + }, + { + "algorithm": "SHA256", + "checksumValue": "e1c62541670d0e10fe46daabce8ce95d9fd77115a68106e5eb2c2a7647e40a13" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/m/mlterm", + "SPDXID": "SPDXRef-File-usr-share-terminfo-m-mlterm-2f07e6cfdae0c898", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "855ae490a8e1a2e788d973c57bd0bb81b547b2c3" + }, + { + "algorithm": "SHA256", + "checksumValue": "1334887ef2b3ca487e445ed9a0b03b3ec6750ed1617d8cad6416045a69d32cdf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/m/mrxvt", + "SPDXID": "SPDXRef-File-usr-share-terminfo-m-mrxvt-4c763e54c767a733", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ee1c75869778dca9cc90ebf7ca6f7f5ca619a973" + }, + { + "algorithm": "SHA256", + "checksumValue": "28e3b5820b9762eadf7201f9877f8e010fdeaf74a60ed12e94d3f39c24cc8d3f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/n/nxterm", + "SPDXID": "SPDXRef-File-usr-share-terminfo-n-nxterm-a4671eb99dd9ce2d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4ed36bad309da59504a894aafbb0bd2fab0e6819" + }, + { + "algorithm": "SHA256", + "checksumValue": "f74fe619914bfe650f6071bbbaf242c439de8a2f0ecefe9e80870216dfb844b4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/p/pcansi", + "SPDXID": "SPDXRef-File-usr-share-terminfo-p-pcansi-49ce661ec5b0e144", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6867ac96a0cfed1d9df1e9a64f122c75cac71a99" + }, + { + "algorithm": "SHA256", + "checksumValue": "ecda9662049c96ee0a574f40cfb8950b0198b508b5b72a3de05774eb3cb3f34e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/p/putty", + "SPDXID": "SPDXRef-File-usr-share-terminfo-p-putty-9927684daea6e98f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7f0059c55c612f78d56c2326c7ebd7f40c94fd16" + }, + { + "algorithm": "SHA256", + "checksumValue": "61c517a78fe0e43e1dc0c46211e2c21caff28dde5faec6dcac1854f406a8f198" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/p/putty-256color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-p-putty-256color-bb7b9486d2967e4f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "160d4ab98b0b21aec25b853141c516e947accd5c" + }, + { + "algorithm": "SHA256", + "checksumValue": "f300b4599e56d79862ae9b2564b9a1c6b80b1e97377caff9cf5c0d3c321da1cf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/r/rxvt", + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-478f145eadc35c6e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7ebae08a244978e66725578525b77e4c6681f9a5" + }, + { + "algorithm": "SHA256", + "checksumValue": "fd66cf403b6a6dc0a9fb1644f5e90a6c045e121a2039086bc105995dee951cca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/r/rxvt-16color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-16color-9343d5cbf9e585e5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2031924bda14f0353b35c855bd0cd8e859c23d83" + }, + { + "algorithm": "SHA256", + "checksumValue": "6ab73ad1b0b5fc6e7d8bba94dd640dd1ac0af130977ec0343722f844b1dc731f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/r/rxvt-256color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-256color-ba04e1a02ccf0e79", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "984f719ef802db986328ab24f87cd9c7f98bd67f" + }, + { + "algorithm": "SHA256", + "checksumValue": "04d0d3eff9bad452bb14b3758c4550d2541804c47418dd8962738c8b0af56900" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/r/rxvt-88color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-88color-a5abdb1170ef5088", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1ceb9fdec92ed9a93e788606f7a30bf5c7517502" + }, + { + "algorithm": "SHA256", + "checksumValue": "970530f4391f38cdd940ba3260e3be762b0106ce9e6566e44bce78eb83ebf667" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/r/rxvt-basic", + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-basic-b4b0af52e0102e33", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9f0dd8d350f267d421e4ceb42ed496bd100b6ac2" + }, + { + "algorithm": "SHA256", + "checksumValue": "8d7df7d5b30ab517c857ec8dd8bc19353536e19a8b4dab9b32dab7515ccc67fc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/r/rxvt-color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-color-523c6606f11f2b6b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b0f9c33dffa72b5870816350bf9138b204b08b24" + }, + { + "algorithm": "SHA256", + "checksumValue": "dba804770a9c6832dd1ac4f2fd209f8053aa5d01a89f60b9e2428c59e3500fc0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/r/rxvt-cygwin", + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-cygwin-64f587ed99b945e5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3ee54f150e0f558069507db5d5faf9f6746acdc1" + }, + { + "algorithm": "SHA256", + "checksumValue": "524b0193a04a4f2d50d19846e47a36aac33161331e929820a5b229c73d0db700" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/r/rxvt-cygwin-native", + "SPDXID": "SPDXRef-File-...share-terminfo-r-rxvt-cygwin-native-088ade83e6eebed3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "69ab48190b1e8f39d0a43301e4e9fa5adb09ce92" + }, + { + "algorithm": "SHA256", + "checksumValue": "bc25e9fefa0e94ecc6892a987c7e8ed4331475e35049a134e5e3903d681a0b52" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/r/rxvt-unicode", + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-unicode-ca75d7cf751c3a9b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bb79402a4c07ef2bc1862da01aa85ff1c54712b8" + }, + { + "algorithm": "SHA256", + "checksumValue": "063264a85fd735a13028390c8d43cf38b5214417c6e48908eabb85bcdb9b7495" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/r/rxvt-unicode-256color", + "SPDXID": "SPDXRef-File-...share-terminfo-r-rxvt-unicode-256color-be6d66b461c658b9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "53502733cd0469b40a4ae1e071096650cdc17798" + }, + { + "algorithm": "SHA256", + "checksumValue": "d713e450e914420493252afbde977cd3165ea649dfe5c33b0f518ec83b1afba1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/r/rxvt-xpm", + "SPDXID": "SPDXRef-File-usr-share-terminfo-r-rxvt-xpm-ba2b8aeeed756e4b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "54b5114a07a2196a308d285dae8f955e3e2b7237" + }, + { + "algorithm": "SHA256", + "checksumValue": "331dd75bad5d1a9dffd4fd1ad254edfca32780ace51a22b1d8d657aebf03663f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen-bf552973196385fd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ae72fc57a69459885628f96cf46b8a8c55b293fb" + }, + { + "algorithm": "SHA256", + "checksumValue": "8c9f1ec5d39d497e23943171bbba511c07192392a673ec642b0f805e1496c242" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen-16color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen-16color-2671778ef1b1ae46", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9bc9e2b411bbca518178fafcfaaedf038843ee1a" + }, + { + "algorithm": "SHA256", + "checksumValue": "04e2d2a20905a85daf8c652e6cb359a4c43c0df0da42079fa250a40860b501bb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen-256color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen-256color-f03e4607a68f7fff", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "df1d3a56010c9996a514c40e3b9f834a8c629bc2" + }, + { + "algorithm": "SHA256", + "checksumValue": "cbac29ca9641403d7c2e377f4c54c52f24e811f98d47c71b599707e00ad91f0c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.Eterm", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.Eterm-c70fed58b78ebdab", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0651e42e81446e751ad964a5e48554c5f924240f" + }, + { + "algorithm": "SHA256", + "checksumValue": "0cdc69a1a9d76f90782c9033fdaca7867d761dde7ae2cbd1277d8b1a2e84a859" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.gnome", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.gnome-96eaafd3944dde48", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fae5fa662a2775c936f772b9043f07c92c25bffd" + }, + { + "algorithm": "SHA256", + "checksumValue": "a3eaa12685b0c5dc1c1fd813d9413b35ee0559658b738a7518d5ef82048fdd90" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.konsole", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.konsole-de1aaed71982acfe", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5eabf0951c6b1664387c338048ef54d20f34c0c0" + }, + { + "algorithm": "SHA256", + "checksumValue": "3589347d84695a08fa10f5468540eace3b8d5efe0473cfad05823fb42a7f4200" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.konsole-256color", + "SPDXID": "SPDXRef-File-...terminfo-s-screen.konsole-256color-fc223aa7c8c6f6f1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f2186907191b3dee1e646177d88fa0f842c34e7a" + }, + { + "algorithm": "SHA256", + "checksumValue": "a6a490ec343cba7c36539dadfa3662f014c19b567bdf0bdd49524757ea5555e3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.linux", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.linux-1b17f7a3b989d675", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a94bcc700376d0092ab7da25b91b69e92a59a19" + }, + { + "algorithm": "SHA256", + "checksumValue": "f4cd95e072ac92d217e69b93d9da8209d6532bd67428b5f90395a02ba686d26b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.mlterm", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.mlterm-878ad561b086b8ad", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b0a2ed8af7d1f34d5ddc1dd44df404c32633052b" + }, + { + "algorithm": "SHA256", + "checksumValue": "f127db567ddf4fa0dc0aaf3d15dec44e876efb748ac6db252e2e9c716c925746" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.mlterm-256color", + "SPDXID": "SPDXRef-File-...terminfo-s-screen.mlterm-256color-62b0b802c45d2d9e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2f568837a14e73410a9608ff1654e66ba844c722" + }, + { + "algorithm": "SHA256", + "checksumValue": "82996e7e225aafe638618c97025a9c7452ae8d1f29d5e677d1bccde3571b3956" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.mrxvt", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.mrxvt-d58e250ca45ee93a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0bd36300776980e25e41c18b000ef99dd9a959ab" + }, + { + "algorithm": "SHA256", + "checksumValue": "8f9718e189abece10bf6d2371ed0fdfb9cd2b62485edcddfcde5e40c6905bb1e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.putty", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.putty-bf768e51b1b0694d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "86263e54dd2fa24639462c60226bc384ba3a8db6" + }, + { + "algorithm": "SHA256", + "checksumValue": "79112ae95d9610b54e5f6e756cfc0dd95e8f126ac8f2b924df9818158c934b72" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.putty-256color", + "SPDXID": "SPDXRef-File-...share-terminfo-s-screen.putty-256color-63723b0f4336e0db", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d4aab7ad9f0f234b16fa304b455a007bfb2de490" + }, + { + "algorithm": "SHA256", + "checksumValue": "1c06f6fa536cb53c00337c19062698ac20c1ec07bb7925a9cf4fe5f833554dff" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.rxvt", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.rxvt-c458e6458e9b08ba", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7208e1cb51192309e5b46b7a546e6437a8a7993e" + }, + { + "algorithm": "SHA256", + "checksumValue": "8983e116d7c302b9764918d14a3a1f48efc0475da61bc1d9d094cfc111d470fd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.teraterm", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.teraterm-469423e151105775", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0db862fbc9c8b47cf70a4c53d93f77a67ea1ff45" + }, + { + "algorithm": "SHA256", + "checksumValue": "e4167086215b313305bc5b19412c50ccc1bf794079b5ff459517a47574f625aa" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.vte", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.vte-70069cacf08e5836", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "82766b952dc629bd9e667462383a3b2e0de7a30e" + }, + { + "algorithm": "SHA256", + "checksumValue": "a8304c19e96ef295020a0aad7f50e3fca43d1687ec4f1e238cbf2ac641b4a9b9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.vte-256color", + "SPDXID": "SPDXRef-File-...share-terminfo-s-screen.vte-256color-97be65b698050a66", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8154ab1ea7f3dd2fa3a9274eb9beb43c502a4cfa" + }, + { + "algorithm": "SHA256", + "checksumValue": "eb2a1590196eb9238e5d89b6c4e0fec0a4fe8cb4e45747a781fb7c84b35a8002" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.xterm-256color", + "SPDXID": "SPDXRef-File-...share-terminfo-s-screen.xterm-256color-b1a9a334edfc782d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c8ca10f4e38b4bde0a6e374710e1787da44fd579" + }, + { + "algorithm": "SHA256", + "checksumValue": "41464ca875edb94074f7f757d03c337daf45c3ef98258c6ab5113352b45c9599" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.xterm-new", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.xterm-new-e58f4643f64e0965", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d16c714355802ee18656cc6bf46128231a123148" + }, + { + "algorithm": "SHA256", + "checksumValue": "50f7c84aeed647a706370427fb6833f9b069455f0479c5bceee310b1a603c1c3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/screen.xterm-r6", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-screen.xterm-r6-efa0d7dce3147d57", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "51d961daa0f5ed51638197accab163e57ce8e0d5" + }, + { + "algorithm": "SHA256", + "checksumValue": "d7b2d447bde520f07fb34eafaa5a52475c6a573cd25ffece947538111a082697" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/st", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-st-f40c1864762c12c0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "008c71d39a6f89a8deaa05e846fd40a4e14f167a" + }, + { + "algorithm": "SHA256", + "checksumValue": "04ec866bf3b2f7747f021870d7f3cfcc32b2c00933ed56da5f2c53276f98cc6d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/st-16color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-st-16color-b6c79f65123c68c7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ae1db2c4f699b91c38021d80791cfbd3d5f7aedf" + }, + { + "algorithm": "SHA256", + "checksumValue": "9233dae204dcccbe231489b90e5a73b6960237cbdc66e5095a796687bbc98cad" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/st-256color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-st-256color-f1092c0f72a807b1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7ba52b715ca27d2b1cf7cdd36d9a1d4c489bb3e5" + }, + { + "algorithm": "SHA256", + "checksumValue": "1a0830080f6101ea005cad2f2dc14d7be90d6dd31bd2ef978717908b1f248732" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/s/sun", + "SPDXID": "SPDXRef-File-usr-share-terminfo-s-sun-01d4f5973d1c627a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "faf6b1b33d6c3a6aae31f7b657810b6171d91a8d" + }, + { + "algorithm": "SHA256", + "checksumValue": "02e392161cb23f49a8fb1ba2f1a6583e013c0c26672f58c5eaca828db3b19914" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/t/teraterm", + "SPDXID": "SPDXRef-File-usr-share-terminfo-t-teraterm-326ff4dc26b7e7f3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6f5a518f864e1b517b340db118202293d573aded" + }, + { + "algorithm": "SHA256", + "checksumValue": "4e45171106372b30d13e11934d5cd217aef45dfc0f2c065b4b0b1f7d9d2cbf9e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/t/teraterm2.3", + "SPDXID": "SPDXRef-File-usr-share-terminfo-t-teraterm2.3-b8e23a2c85c074aa", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "722dd14fea3e528e555dd324b2549ce7ccc2e0e0" + }, + { + "algorithm": "SHA256", + "checksumValue": "6598b360cd87b5c3e3f99a5b0b4d462c59e754bad79968febc84c77b7acc3bdc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/t/tmux", + "SPDXID": "SPDXRef-File-usr-share-terminfo-t-tmux-3c671293eaa35b7d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5dce89f95ed8f1253a105a887b54bf09822a91b8" + }, + { + "algorithm": "SHA256", + "checksumValue": "dfca8c55e27b29092119c636df3f294f91899c773cd88fd045211f33e4374b4e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/t/tmux-256color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-t-tmux-256color-66aaab4ba24bc5b4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "602bb3f1c90195fdcecd0a1df7c01ba600633255" + }, + { + "algorithm": "SHA256", + "checksumValue": "0be91123144f84d33761a08e98ae0bef4fbf25ab73dac895d20f5baefa1e5f69" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/t/tmux-direct", + "SPDXID": "SPDXRef-File-usr-share-terminfo-t-tmux-direct-0e50753a88851779", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "48a350b75f941a5c2d6cba8df1eb108b0502a5f6" + }, + { + "algorithm": "SHA256", + "checksumValue": "a60c23f2642905644aba59b21d70a0d86ac8b3efb66a500e316dee0c77dfd01a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/v/vs100", + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vs100-c3c8cf0a40b73304", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bfa87e9290d04805f82626a2d0371697d7f6f7e4" + }, + { + "algorithm": "SHA256", + "checksumValue": "2b1249158a7053eee58242625f79b29f35da721cbcf695a327521cfed3bec117" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/v/vt100", + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vt100-fc15b1cbbbc8b700", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "604682c15cc708fbd02fecf33d0d23bed5e735e6" + }, + { + "algorithm": "SHA256", + "checksumValue": "44fe1bfcc36f3a7669a387b623a44c360f9e150868f9924920182b44bcbbdba6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/v/vt100-nav", + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vt100-nav-22d92096b251462b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5a64f0f0ecbbb4db08aacb7f21041293b58a95ec" + }, + { + "algorithm": "SHA256", + "checksumValue": "e509a4ee7373ff884ef9b5b293fdffa88182711d6b0448fe99d2cbeb1939114a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/v/vt102", + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vt102-a00981ff8a31aa27", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0647b65463bb39b373e3fa4019249f2b2f84991b" + }, + { + "algorithm": "SHA256", + "checksumValue": "60e451f57c0308b79004ebc6189b49417b4ac11d783154072cae803a11af7d3f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/v/vt200", + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vt200-07b4d533d94c80f2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ed09f848574a9e8f0d82951ab0ae4c8674d757bc" + }, + { + "algorithm": "SHA256", + "checksumValue": "9454527a74b80c5d3f8489137b9cf0cbb38c6d2a700c0ac5894164409e10f3ec" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/v/vt52", + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vt52-243f7f524d627de6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3c42c0190e2097c89d02a33c3aae1baf365d35af" + }, + { + "algorithm": "SHA256", + "checksumValue": "e18f7a08c5e49f850f5673c1a393da8fce302dcbb960c546bb341ae858c953c9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/v/vte", + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vte-358e676f3ce16efa", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "594d35295bd9d090172a081cd1c46a0ff7154e7c" + }, + { + "algorithm": "SHA256", + "checksumValue": "a59d832325bcaf79ee1e96dbabc05f82d576a3817e6295d151e8796a342ceb35" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/v/vte-256color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vte-256color-8290f04afbda7365", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "09fdc1b67a1a8bbfbdd70a9d3d83c0eb31d83fd5" + }, + { + "algorithm": "SHA256", + "checksumValue": "332a40dd7766bd6368ce500ecdff89b8ffec1022bd3d3e11e87ae4d68c95ff7d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/v/vwmterm", + "SPDXID": "SPDXRef-File-usr-share-terminfo-v-vwmterm-c8cc24147a716899", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c4732fbcd7e0406e8b72c0bb122e01654f6b495d" + }, + { + "algorithm": "SHA256", + "checksumValue": "eae3fe39004992478d09bdb5063c6609f8c6f5119053de8fca645002b993b535" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/w/wsvt25", + "SPDXID": "SPDXRef-File-usr-share-terminfo-w-wsvt25-aa00d5296f618d6a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6e544110ee387257fad3048674d0b6cb5e81291c" + }, + { + "algorithm": "SHA256", + "checksumValue": "28d3410e6b83a3b78a41f108098ac8772a3af3ee2b627b9f9bb4b19b363a5be3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/w/wsvt25m", + "SPDXID": "SPDXRef-File-usr-share-terminfo-w-wsvt25m-968fd195a4554675", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "74ef27fc6d81c6a43dd40f231777c0ffb485a559" + }, + { + "algorithm": "SHA256", + "checksumValue": "18c85db3b0ef0ab15b7eb8dc4ac6ea14a37d851628220c8bb61e2edfa4f81683" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xfce", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xfce-b2c06c93987dc6df", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2295d08f2831f0e3323b9061ee797c134a14a8df" + }, + { + "algorithm": "SHA256", + "checksumValue": "390a5f18914c8c867a62637326b7a0f00ec72c746fe282efe55fa36746241c84" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-5dadf1adff8ce7ae", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b3f26dd67868d19acca1e04c76e5c9796f1cf0cd" + }, + { + "algorithm": "SHA256", + "checksumValue": "e423b4b00aa50e3161ae0b0fca7c6019389a837bcdc29075dd40452aaff21579" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-1002", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-1002-37b118056dc26790", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "17b4daee1d21145996d794280cf2fd2f7d8457eb" + }, + { + "algorithm": "SHA256", + "checksumValue": "6daca159799eeebe2100543a42e2931777a978e59fb2bcc17d1693c146c5670f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-1003", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-1003-5d67ea35ce22f6ae", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e6755e1610ad2ed419843459399707d9d88fc542" + }, + { + "algorithm": "SHA256", + "checksumValue": "35fa2e56262f3e1c790fc56846544b5385fc608a357989ef656b86c4f18aa042" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-1005", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-1005-be7456704d957929", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b6f6f128e4445ee37802db3190b26b9e90b2b5a7" + }, + { + "algorithm": "SHA256", + "checksumValue": "eff2d7f9eeaa5c20b0fabae9ce1a4637a15f2a1c3f732cf5f95fa98d19fd793b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-1006", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-1006-5bc14091563d357b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a052414b7718bded5e515d573065f42aa3bffdd2" + }, + { + "algorithm": "SHA256", + "checksumValue": "57afd1b3d2629e6ac46123b3eeb12b80e8b5aff415a9f18613f86d2871336e31" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-16color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-16color-022bdd650baaeff4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b502cd6300c553fb7be991b779c8e2ec587be2df" + }, + { + "algorithm": "SHA256", + "checksumValue": "262a09a0f9ea8f8ea53ef151ed0283e25544897a1dea89307ffd5e5c863570a7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-256color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-256color-3a06aa97b9d3c315", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "70cda1040ca4254d8e41dda619ce653dee06b976" + }, + { + "algorithm": "SHA256", + "checksumValue": "680743a3e8a460e35683ba59e97b3579f6e25d5a104507040d256e703575de9b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-88color", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-88color-ae45f54c300bb636", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b12ea7da1cec1b83fad202e27d2a415e09cbe30a" + }, + { + "algorithm": "SHA256", + "checksumValue": "e096ba9743b994565fc98ce40ff37cc8a7fd30d0a48e83f58bf5fb3a6e8cde8d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-8bit", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-8bit-0cb46cc286b242d6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6147b83c6a0616522ae0833646887b6b5e5565f0" + }, + { + "algorithm": "SHA256", + "checksumValue": "999ec07a74a5587da0966f9a361e587143aeab35212cbab6ad4a03451ef797d1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-basic", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-basic-3a3dd63fc31cf9f0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a84a45e8d4f34c78094475d4a0a4d489a4a158fd" + }, + { + "algorithm": "SHA256", + "checksumValue": "5d54cb15056ae0a673ef75dcce8cc6966dbe74579808ea81180e84965871dca0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-bold", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-bold-358a54515c04e917", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4e889ac2d471114952b37ddcf1b6fc82321f58dc" + }, + { + "algorithm": "SHA256", + "checksumValue": "4296a878469b6bc5bab5acbce875e43bc501ab57a62d8d29cd34a424ba1e9de4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-direct", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-direct-f3f45085dd41c8af", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "21c521345e063c5ecfb8f7e99f8b15abdd984f34" + }, + { + "algorithm": "SHA256", + "checksumValue": "63a281b88bfa1d525432c712c68887f2b6a321bcf5c1600451d116f5f89babcf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-direct16", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-direct16-9243f8be77ca5508", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "28be03201ca765e264dc9fdf630cbc44c8b45ff4" + }, + { + "algorithm": "SHA256", + "checksumValue": "767604eb2e2a242db60555bb2e4f801a045a3b03ec02f6aa318c321f7d29110d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-direct2", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-direct2-0d62abe9ceec72d8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "06b536b9aa86e862e87fcd7d7d380980e8600198" + }, + { + "algorithm": "SHA256", + "checksumValue": "420b7a15d5023a4030742ccd48639de223cfbaeb675d4af7fc5882e822dfded8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-direct256", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-direct256-9ba2547f37f694f8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "37a4f04ab6ea0726ef48eb063ae89b2f93d3276a" + }, + { + "algorithm": "SHA256", + "checksumValue": "b80042a930fd54d642f2f4d194894c2b4344acaba4eb6032f30acb5d8b2d0a0c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-hp", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-hp-10b15c7300d1de17", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "abc01a5137972b9587e7819f08ac6021a230f283" + }, + { + "algorithm": "SHA256", + "checksumValue": "f11650d98fd186dbeb717ec72a72c9a450a42ee0387d20f5408f75364f04c62b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-mono", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-mono-770bb10fedc6e4ed", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "554f1f8aa440753daaae49b149a49b3e4c4cf848" + }, + { + "algorithm": "SHA256", + "checksumValue": "3024be4c36be53d6468fa1e48a0f584a410a17e26c3c6e7826c815b4ef56c595" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-new", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-new-27fa8cd5292f5759", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "edaa0aad5eca10b8a97413b2a559ecf62b0dd10d" + }, + { + "algorithm": "SHA256", + "checksumValue": "7ba565ab3d4132d6cb3ee77d4f3a82f74755294b40f155f5fb0f96138dd77e7d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-nic", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-nic-fff2cc852438009f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3717b448255e585338148342a97da63d29efc697" + }, + { + "algorithm": "SHA256", + "checksumValue": "d1ac522553500494c979be8912645b1b6036fb3803898e19d86b032f82ec98bc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-noapp", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-noapp-b9c6ec960b364afe", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fb1a830b20924764a0c66470ec96c0ade2214386" + }, + { + "algorithm": "SHA256", + "checksumValue": "e4e0c9f4c27f51504e5eb67aa1ce121c663a759b1e2102338c20ecf6259794d7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-old", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-old-aeb11193f8402ce7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "34923577f4a51dbe7a79d1d6274d10e207d28eb7" + }, + { + "algorithm": "SHA256", + "checksumValue": "927b8821c947b96b020ca7341dffb57bdfa2986fcaecd5fdbf2ca2369eacc285" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-pcolor", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-pcolor-262bec80ab3b6fc9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "956b61f6a02ee955b5795e0f35937ef81bb4474e" + }, + { + "algorithm": "SHA256", + "checksumValue": "1fc3a8c307a46818870ad4313246f62c439ca3ef704a947c09471e8cf335e2fe" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-r5", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-r5-8e1d542f8169b000", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a4283a7cf44e9e4a4a9e5ac166328ba8d6ddf632" + }, + { + "algorithm": "SHA256", + "checksumValue": "82098ec067be6189e91e8264278bb85fe3b7bfdeaa3754be301313be140522ca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-r6", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-r6-9a82f7c0ce9888c0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "97bfc10103a98e54eb646a2e9b39d9e23a983336" + }, + { + "algorithm": "SHA256", + "checksumValue": "ee12fe6d2d8e1d0b83d1042fe8a38f1aed6fd73e2c7316e6db5ec5b061b09ef8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-sco", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-sco-d00ddd9f869070e6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "afd94d9cec40a7e571619d06e4cf41854b2c6a19" + }, + { + "algorithm": "SHA256", + "checksumValue": "da57c8f3d66ce45f68d8c28dd360201c6e6918bb5da6947a80949129f5a93940" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-sun", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-sun-9ae4907d5846a39c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0d4572d62c0d6a276e28f1466f77034913b8fa7d" + }, + { + "algorithm": "SHA256", + "checksumValue": "12a8b1c0907e5a1cd1aa1b8c8815dc85477c7f953113d127a2dfca5eaf04c90d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-utf8", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-utf8-9ed2eb25fdb82770", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1faca6458b3a792e647147459a9149fd3c2fb7a8" + }, + { + "algorithm": "SHA256", + "checksumValue": "f00daefe425aeec94b657249dd6575b48a58b1a3db5feca318003799e9eac188" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-vt220", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-vt220-10e3777ce389b734", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "732f3cba430675fad0760c774b9124c474f27572" + }, + { + "algorithm": "SHA256", + "checksumValue": "84a21605f8740519373ad315139195949c76cf63abd5a00f4315545c6b7f44be" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-vt52", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-vt52-68e1197e7698a852", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "afd9b9c4a321327e4acbed97153bef23dfdf31b3" + }, + { + "algorithm": "SHA256", + "checksumValue": "b3113c9b349f1fa3ab9d141a67742a14edde60e06a98c6c9adf4aaaf15afbb65" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-x10mouse", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-x10mouse-48281070c504d26d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a84c286d399ddf22d3bc43d17124f3d9fbe20b8" + }, + { + "algorithm": "SHA256", + "checksumValue": "781b3399f614a9a456f266132e6da69a48a8974a2fef418ee0e546a001edc889" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-x11hilite", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-x11hilite-36256cdb62622e80", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4659d0b5482fb2ae09ef31f59727954a53c84130" + }, + { + "algorithm": "SHA256", + "checksumValue": "bc1edd65d8437128d901c1e4534872b9a5cdfc0b1e959c7f90191f20d0b10037" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-x11mouse", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-x11mouse-e8c64ca72ddad3e6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6b284ea695088d038e3727f6fca922d5d515ef7d" + }, + { + "algorithm": "SHA256", + "checksumValue": "9b8944e971bc60997823a6660c79de5fd47f259ebd427b971353f53ff2083ca7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-xf86-v32", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v32-40c55a7db4a229cd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "19840e58a41b5f289c78073fe5eb0e83d0b002c4" + }, + { + "algorithm": "SHA256", + "checksumValue": "bf8cbc70b73992ca93b22f411bae2f71d613a69a9f0b59f0f9c2d5be12f982d8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-xf86-v33", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v33-c35dd89b3eb05a79", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b458625d264a9717e805f17e5415ad9554221e05" + }, + { + "algorithm": "SHA256", + "checksumValue": "d4127e626af189a2d56cc45e1c60e4e6ac32b4d55b9c417129bcc8369c347515" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-xf86-v333", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v333-85c3ed778f0ddb90", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "93e84400f5ff9008cd64565d35630e3a121448fe" + }, + { + "algorithm": "SHA256", + "checksumValue": "24a1f8a18d96d544cef7c4427bee3f4b73fe12156e902ea214cf49d6807b3bb5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-xf86-v40", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v40-5170d1225175e819", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dfaacdc92a4bc1c13fddcc7279c9ac5f15233d27" + }, + { + "algorithm": "SHA256", + "checksumValue": "7da82a4679f772e87f3ca2b93740ee0d0e20f61a263bbfea31199566eab29536" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-xf86-v43", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v43-0403744b03ece668", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dd74540822b3982624d3f21fd53c37381c21240d" + }, + { + "algorithm": "SHA256", + "checksumValue": "0507f61ded223aa930b87d22255974423d73fdd860ea588d4fd0b895e5d9d2ea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-xf86-v44", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v44-4745f6daad934514", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e17794a406f5afd3082a5a6d0218baae9531fe0b" + }, + { + "algorithm": "SHA256", + "checksumValue": "1111271420d735b74ecb175e9fcb79847e6c0e298c3abfb2224747502a854adf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-xfree86", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xfree86-b93e2d2cfb64bc9b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "735e300eaa0b79dcb0f6683e9861565fd3f884da" + }, + { + "algorithm": "SHA256", + "checksumValue": "0827497deddd4ec9e9515dd9530e6b0bf92762553d1c4eedbca3459c1931775e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/terminfo/x/xterm-xi", + "SPDXID": "SPDXRef-File-usr-share-terminfo-x-xterm-xi-e218da38269c139b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8fdba88c3930d0828f84c09ed998fbc431c0aa49" + }, + { + "algorithm": "SHA256", + "checksumValue": "d89c9fe77fa62d5df516089d11422ede4b78c167cf061e17a183b663f022c051" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Abidjan", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Abidjan-318d6eab1c4b4756", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5cc9b028b5bd2222200e20091a18868ea62c4f18" + }, + { + "algorithm": "SHA256", + "checksumValue": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Addis_Ababa", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Addis-Ababa-c9f88fd6c52d991f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "289d1fb5a419107bc1d23a84a9e06ad3f9ee8403" + }, + { + "algorithm": "SHA256", + "checksumValue": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Algiers", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Algiers-4f0e212bbcaed305", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "edb95d3dc9238b5545f4f1d85d8bc879cdacdec8" + }, + { + "algorithm": "SHA256", + "checksumValue": "bda1698cd542c0e6e76dfbbcdab390cdd26f37a9d5826a57a50d5aab37f3b2a6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Bangui", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Bangui-ef4b2ad66ec4cf22", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "30ba925b4670235915dddfa1dd824dd9d7295eac" + }, + { + "algorithm": "SHA256", + "checksumValue": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Bissau", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Bissau-322000192658f13d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "adca16c6998258a9ccabcc8d4bcfe883a8d848f5" + }, + { + "algorithm": "SHA256", + "checksumValue": "223bb10cfe846620c716f97f6c74ba34deec751c4b297965a28042f36f69a1a9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Blantyre", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Blantyre-f27d0499d3b1c954", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b0ff96d087e4c86adb55b851c0d3800dfbb05e9a" + }, + { + "algorithm": "SHA256", + "checksumValue": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Cairo", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Cairo-eef0a08628daad13", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "428e1f5f708eb4c131f29185bd602223027b3eac" + }, + { + "algorithm": "SHA256", + "checksumValue": "2dfb7e1822d085a4899bd56a526b041681c84b55617daee91499fd1990a989fb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Casablanca", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Casablanca-796657e2d7cc9dcf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a90bf261426bdb4544c441d1312c1866b056583" + }, + { + "algorithm": "SHA256", + "checksumValue": "5f06da20694355706642644e3ffce81779e17cf37e302f7b6c5ef83390bb1723" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Ceuta", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Ceuta-24d0eefe07c685d5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "029ce64badb36722c9e2191f3ce858c514aabbc1" + }, + { + "algorithm": "SHA256", + "checksumValue": "0b0fb6fe714319b37c5aa22c56971abb2668a165fc8f72a6c763e70b47c7badf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/El_Aaiun", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-El-Aaiun-9e8d2102ea28598a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "562677dcaa1d34a7bd9744b5d3fc024d78ce7329" + }, + { + "algorithm": "SHA256", + "checksumValue": "d47aadca5f9d163223d71c75fc5689fbf418968a805441f9681fecd816c9f0e8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Johannesburg", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Johannesburg-566978418a8582b5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "65c0d4ab314cb72b8d8c768e3d0c3218848b61f1" + }, + { + "algorithm": "SHA256", + "checksumValue": "6c1bcc752668e77585a308ae8543bd0bccd8e813865626e809bf94f3fe3d977e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Juba", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Juba-6191b262893eb64a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "48173811f532aabc17b3798c40fad46a3df0e543" + }, + { + "algorithm": "SHA256", + "checksumValue": "5159c8a843c9c072d3302fabe6a6501cdbfda29a1856c29dabeb5aff95d4c3f4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Khartoum", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Khartoum-c2a8edf6c75a67a6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7cde30d5acfd99119ef22162c1f8bcafb86eaf03" + }, + { + "algorithm": "SHA256", + "checksumValue": "318583a09dc070222d65d029a1e3a0b565830f1aaec13a27e6fe533863fbd3ea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Monrovia", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Monrovia-78f5d71f306ef4ce", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "81b045ed68f73a8806c5f2104b573b0479c19bd0" + }, + { + "algorithm": "SHA256", + "checksumValue": "f95b095b9714e0a76f7e061a415bf895cbb399a28854531de369cee915ce05d5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Ndjamena", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Ndjamena-86d26aeda90b4234", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "035072509f30da9a5a27b48910ae180f9c6b4b15" + }, + { + "algorithm": "SHA256", + "checksumValue": "f13dc0d199bd1a3d01be6eab77cf2ddc60172a229d1947c7948a98964608d0a3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Sao_Tome", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Sao-Tome-1ac51dcf88d495c2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7d2cac076d99bc5e38ba27b67113317ad496d3b1" + }, + { + "algorithm": "SHA256", + "checksumValue": "31d8f1a50dbaf2ecc9ed9c7566ba0552d454c2ab09e85ff263701857d157c352" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Tripoli", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Tripoli-e187e467e11bb275", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fabf4010ab003c26947df60b5e359781670caa70" + }, + { + "algorithm": "SHA256", + "checksumValue": "5b5769b460fbd13ee9a46a28d1f733150783888a749ee96d2cd3d5eba3300767" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Tunis", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Tunis-9a76fb50afdcaa0e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c44e2d3c1e351f1004ab69ea559feb8ccdd65f64" + }, + { + "algorithm": "SHA256", + "checksumValue": "38554c10ce1e613d84cf46deba1114093488a5c165756c6c576b84a1364850d2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Africa/Windhoek", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Africa-Windhoek-722217af7e61be0e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "650da30ebf5b460404c98be416f9580d9795dffb" + }, + { + "algorithm": "SHA256", + "checksumValue": "639c868f5284fdf750a11e21b9aa6a972cb48596c8afbc8f949d8efeb6128d1c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Adak", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Adak-ea0f3b8bf78643a2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "be58a7c839146fa675eeb6dad748c08d0647542c" + }, + { + "algorithm": "SHA256", + "checksumValue": "201d4387025000a6e13c9f631cb7fccd6e4369dec7224052f9d86feb81353a53" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Anchorage", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Anchorage-4f7ebf154c9dee62", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "275760f2eb22160c578089566f68042a5f4d2f57" + }, + { + "algorithm": "SHA256", + "checksumValue": "a190353523d2d8159dca66299c21c53bc0656154be965e4a2e0d84cfd09b113b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Anguilla", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Anguilla-c3b81e97789af4f1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fcf8be5296496a5dd3a7a97ed331b0bb5c861450" + }, + { + "algorithm": "SHA256", + "checksumValue": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Araguaina", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Araguaina-536a0170a2e837ec", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "86307f5f8222c3ae21815c2844f6fca38f94b55d" + }, + { + "algorithm": "SHA256", + "checksumValue": "929a628b2b6649079eb1f97234660cdebf0d5549750be820bb4f2cf7f4edf9ca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "SPDXID": "SPDXRef-File-...America-Argentina-Buenos-Aires-15aec7429804cc49", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6e7ba0a5dcf870abab721a47adbbc8f93af1db56" + }, + { + "algorithm": "SHA256", + "checksumValue": "9ed9ff1851da75bac527866e854ea1daecdb170983c92f665d5e52dbca64185f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Argentina/Catamarca", + "SPDXID": "SPDXRef-File-...zoneinfo-America-Argentina-Catamarca-ba53573b9cfd0fcb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ac9a4e79fe5a861447c23d68cccb35762d5f3aa4" + }, + { + "algorithm": "SHA256", + "checksumValue": "7621f57fdea46db63eee0258427482347b379fd7701c9a94852746371d4bec8d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Argentina/Cordoba", + "SPDXID": "SPDXRef-File-...zoneinfo-America-Argentina-Cordoba-d34abf13f23fa547", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "04f2815d23c3c63ac6bd204a2935f18366c8d182" + }, + { + "algorithm": "SHA256", + "checksumValue": "d57a883fc428d9b3d1efdd3d86b008faa02db726e6c045b89acec58d903961fc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Argentina/Jujuy", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Argentina-Jujuy-8ea257eac59089ca", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "12099cd844cb19e4842eca3457c937dd9580b0fd" + }, + { + "algorithm": "SHA256", + "checksumValue": "e474744e564589fc09e672d39a0ef25978024f1f664616a17ece3f5aaef4c0e6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Argentina/La_Rioja", + "SPDXID": "SPDXRef-File-...zoneinfo-America-Argentina-La-Rioja-ca71f5553b5d6b00", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a2c4c6ee89eacd8b99867fddcd8db684e15f8ee9" + }, + { + "algorithm": "SHA256", + "checksumValue": "65ffc4dda905135614b7d319e31c5b4673aba766c7d43f818ec73448b15f4725" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Argentina/Mendoza", + "SPDXID": "SPDXRef-File-...zoneinfo-America-Argentina-Mendoza-cd9b726fe5f144e5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e321681c40214a181d2c4ec2015f740507811fbe" + }, + { + "algorithm": "SHA256", + "checksumValue": "e43262618790a5c2c147f228209b64e3722cc0978661ac31e46ca4b33b89f8dc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "SPDXID": "SPDXRef-File-...America-Argentina-Rio-Gallegos-e3f08a267b684227", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a508a0daafb22185e4f39d040b2f15053bc2b2a5" + }, + { + "algorithm": "SHA256", + "checksumValue": "4fded6003c2f6ba25bc480af88d414b7fee2c3d73e9e5a08e10242b1c10d49c9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Argentina/Salta", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Argentina-Salta-8bdfa32e69de48fa", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ba6390b0c61d1c92c30692a309b9cfd3c54f9a41" + }, + { + "algorithm": "SHA256", + "checksumValue": "013c34b91eaccd628fb3a8f3767eab7af4bb5310970f6e8e44aea3966b232f5f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Argentina/San_Juan", + "SPDXID": "SPDXRef-File-...zoneinfo-America-Argentina-San-Juan-7a903f7a2c9d5ba9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2ef1b1742c1daf27a441e1dd81f3ee2e21cbab6f" + }, + { + "algorithm": "SHA256", + "checksumValue": "aa55baf776b44e7a1fcbe45d71506e598dc3bd34c6c56c1c61d294dd8f7ca57f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Argentina/San_Luis", + "SPDXID": "SPDXRef-File-...zoneinfo-America-Argentina-San-Luis-79a942968674b495", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c6469d1173cff2a995e00bef9764294185d65af6" + }, + { + "algorithm": "SHA256", + "checksumValue": "59875cae8e7e15ef8de8b910b0ac31ff5b55a339a7069e7c0ced7e049b36b2ea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Argentina/Tucuman", + "SPDXID": "SPDXRef-File-...zoneinfo-America-Argentina-Tucuman-43dbbaa7ed552857", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9bbe6f5300224148f2451195f471e7f310cd2bde" + }, + { + "algorithm": "SHA256", + "checksumValue": "c2c8e0d5ae4033574fda08ebd75da4defb79e2dadc38e33f4ad17be31cef0497" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Argentina/Ushuaia", + "SPDXID": "SPDXRef-File-...zoneinfo-America-Argentina-Ushuaia-38d0fbbdf89964cf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0d6b6844b13bf120a80b7e72147ca94a111ae39e" + }, + { + "algorithm": "SHA256", + "checksumValue": "f79e3c56fabf929c3f357e6ceb9bd8b886eabf0195f8f071ab099cadf94b2345" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Asuncion", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Asuncion-7f9562764d10c0b9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e91a29807bc92d61324d265ab40c3fa651e66cb7" + }, + { + "algorithm": "SHA256", + "checksumValue": "a9e3a3a4b284bb3ed45dabfb7b1df7e14c482e835c7b5856ab6cdfbf1ef4c709" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Atikokan", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Atikokan-2112b844bdb7263e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a94fbc2d567e41723f03629b6c9a864260108a17" + }, + { + "algorithm": "SHA256", + "checksumValue": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Bahia", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Bahia-bbc47973b9d50f9f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f6df0a2d176d0df66fae90bc35a9f8f1ee9b249b" + }, + { + "algorithm": "SHA256", + "checksumValue": "7262e448003320d9736065c1a800c4537b8f800f52e67b7ea75015dd9cbce956" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Bahia_Banderas", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Bahia-Banderas-72bbfbf43a13bdfd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "33e0f3d5c7eace9077bacfa4f2b6e1e4b374fdb5" + }, + { + "algorithm": "SHA256", + "checksumValue": "32fad7189e4bcda1ce7a0b89ab1b33c63c4c85569f1956e4fa88d711ceff6042" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Barbados", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Barbados-b3ff2a61ff5b4796", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5904a49c6c0ce8f10178fe13174ed9c964a8312a" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a66be42bae16b3bb841fbeed99d3e7ba13e193898927b8906ee9cdb2546f4b1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Belem", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Belem-3bc3cdb4c0d18237", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b29f1ee834833e89c06ef39b80b8f8c0b49ad31d" + }, + { + "algorithm": "SHA256", + "checksumValue": "ff6e7c85064b0845c15fcc512f2412c3e004fa38839a3570257df698de545049" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Belize", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Belize-ca05fe3e6305beea", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4728ee967fe9745f4b614e5b511da1c08bd3689c" + }, + { + "algorithm": "SHA256", + "checksumValue": "a647cb63629f3dc85b7896b5a56717996030a7866546fc562d57b35e7adb930b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Boa_Vista", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Boa-Vista-7cb88702cda86e95", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a32d00603897fd4d970a675e5c01656f8652f598" + }, + { + "algorithm": "SHA256", + "checksumValue": "5785553a4ac5515d6a51f569f44f7be0838916603943142b72d6ad4c111bfa1b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Bogota", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Bogota-7b2ab2deee4bf264", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1e810e3d76edd6adf16384b7e49d2236b9c57ee1" + }, + { + "algorithm": "SHA256", + "checksumValue": "afe3b7e1d826b7507bc08da3c5c7e5d2b0ae33dfb0d7f66a8c63708c98700e24" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Boise", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Boise-f6f403ed0f9f3203", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e0608b89be80aaa6660eee5964203ad760b0659a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ec742c34f262521790805cf99152ef4e77f9c615c061a78036a0ec9312b3d95b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Cambridge_Bay", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Cambridge-Bay-fba6ced282174415", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dcfc3c07c7366b75916af1dccd366fd1077e5b18" + }, + { + "algorithm": "SHA256", + "checksumValue": "ff8c51957dd6755a4472aa13ea6c83ecd7930979e7f4e624fe21f4d3a6f050ba" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Campo_Grande", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Campo-Grande-da56e399ea6614c0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9a7b1e23290eeb4394e91e0ef4adc00b9ba4def5" + }, + { + "algorithm": "SHA256", + "checksumValue": "e41044351dfff20269e05fd48f6451927bd173824958d44f9d953d13bb5bf102" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Cancun", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Cancun-cfcf3b57eca8267c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cf74e0c9c8ba2365819123eaddd6817606064eaf" + }, + { + "algorithm": "SHA256", + "checksumValue": "11d574370d968cced59e3147a2ae63b126cbbae13b78fd4e13be2eb44c96246e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Caracas", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Caracas-9f0583310b4acb5b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3914e45c3922bc30b89498066fb637cc04886462" + }, + { + "algorithm": "SHA256", + "checksumValue": "d8da705cf12d42423cd96099b905875dfeba54200371ac0ca5f84a4ecb80d31e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Cayenne", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Cayenne-fedcac4633f1430a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f888b09b894c79fa691466a4f4eaaa83da367e0" + }, + { + "algorithm": "SHA256", + "checksumValue": "6ad55b5b90a1262290feafb7905b3e0cb4d365af69b64887926265ab8017a18e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Chicago", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Chicago-dd83a8010444a199", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a037f985f6fa0b392c95c7afb247f16a3925a7e" + }, + { + "algorithm": "SHA256", + "checksumValue": "feba326ebe88eac20017a718748c46c68469a1e7f5e7716dcb8f1d43a6e6f686" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Chihuahua", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Chihuahua-532e2f858590f4ad", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e0c67cc4ed5fe366fb39d9e55b02082254606e47" + }, + { + "algorithm": "SHA256", + "checksumValue": "dcd8336de760f00cc0ab1b1b4121b48d5471f8bc58970d62de4c7e63397ed887" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Ciudad_Juarez", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Ciudad-Juarez-6cad865e5e3d3d96", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fe11c20a18788db4260afcaa5d952c219f4777d2" + }, + { + "algorithm": "SHA256", + "checksumValue": "8abe1bdbb0e216b84bd07e1f650f769c46be041a0f7cb588cf7a61537ef77601" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Costa_Rica", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Costa-Rica-b2853301acd2fdab", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2d1fd66de0198ddfcc1958fbaaaaba9cdb7b1d8f" + }, + { + "algorithm": "SHA256", + "checksumValue": "ef8ad86ba96b80893296cf4f907a3c482625f683aa8ae1b94bb31676725e94fe" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Coyhaique", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Coyhaique-c38520c3d5cfe803", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0922bbda5c964aac267330bedf39deae6d2e0636" + }, + { + "algorithm": "SHA256", + "checksumValue": "1c54d0a27e44241baf597e2406334a6d29124ccc3a7edce42e070bab4f77c027" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Creston", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Creston-7d23b4abca3bf0cf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a3f54df3a017c38626f04bd9576a0a11663303fd" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a5973d2c62e2cbf2520f2b44e4a2ee9d2f455c93f0f45bfdeb4533af1584664" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Cuiaba", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Cuiaba-93e44073edf8bfa8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1a6b69bdf16991900ae16a00deb7ffbf722d5486" + }, + { + "algorithm": "SHA256", + "checksumValue": "33416c47c4fdb388c54aecc3f108baa6ab5be917f6353cf254728666b9f9ea7e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Danmarkshavn", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Danmarkshavn-be96d0167c0ac1f9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3bfae70ff7ffa8b928ba4bf0bcb5452d09ec0407" + }, + { + "algorithm": "SHA256", + "checksumValue": "6116407d40a856d68bd4bf8c60c60c1f5c3239a5509df528fe0167bcc5d2bb3c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Dawson", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Dawson-4b434e46d7216259", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dc241cb66d50821505cc7708d43ee9b1e77a36dc" + }, + { + "algorithm": "SHA256", + "checksumValue": "ac01e1cae32eca37ff7b20364811bbe8c4417ff7e3ff18b9140ba2595420261c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Dawson_Creek", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Dawson-Creek-ec55daf0b0767148", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dd98b887a02f1ae2785d5d6fe7d77e91ec5aae83" + }, + { + "algorithm": "SHA256", + "checksumValue": "6895c2c8fe23de0804e3018237e2eb4bd8690ffe73587cd04de4802935843d43" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Denver", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Denver-f130723512533721", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "faa7d6cf4178d032d8ba8a4d77eac0fd47f8a718" + }, + { + "algorithm": "SHA256", + "checksumValue": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Detroit", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Detroit-ffd04305e07a420d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6597537b399eab91a66e32bb4edae466de96a146" + }, + { + "algorithm": "SHA256", + "checksumValue": "85e733f32a98d828f907ad46de02d9740559bd180af65d0ff7473f80dfae0f98" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Edmonton", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Edmonton-c6e59beebb7b1c28", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f441f7a62122e43a963260550efb1a1ff3100c2" + }, + { + "algorithm": "SHA256", + "checksumValue": "f939087dcdd096f6827f4a7c08e678dd8d47441025fa7011522f8975778ad6f1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Eirunepe", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Eirunepe-a4f511e1a2654e3c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "45e5dd1baab63d6970c0424cd8ae77bfadfdfd61" + }, + { + "algorithm": "SHA256", + "checksumValue": "a52f741d9cd1c07e137fcba098a1df8a9857ef308fa99921ff408d6fe7c43003" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/El_Salvador", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-El-Salvador-66332fc00e499578", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "45b4b952081502968b04b36e7cae24b987e9f532" + }, + { + "algorithm": "SHA256", + "checksumValue": "82f18df0b923fac1a6dbfaecf0e52300c7f5a0cb4aa765deb3a51f593d16aa05" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Ensenada", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Ensenada-f9a9c4bb9f9dbc98", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6ad63533ea183b2895759a9702ea96f0fff98759" + }, + { + "algorithm": "SHA256", + "checksumValue": "8c2e7b321726e6345912da396796bdb3672bfc4bd1a91c65ee58b38e004d4ca5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Fort_Nelson", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Fort-Nelson-9e8e0dcd6461e814", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a453ec818cd948cc2492666443d4e39637ed7040" + }, + { + "algorithm": "SHA256", + "checksumValue": "7ab7ce0ebdc3ad2a73eb990074eed3b367466d9c6f75d10fea0c78057df2d89d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Fort_Wayne", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Fort-Wayne-f17c51d39cbe85b7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ad1a26bddb9304a620b2c6f7ec9f3a5226622906" + }, + { + "algorithm": "SHA256", + "checksumValue": "90d2b2f4a8fd202b226187c209b020833300edec5ff86a463ccc685e8707532c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Fortaleza", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Fortaleza-55db14dcae4a215e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "aa8e9c8cd8301dd0a61085ada31923f7e1ccc983" + }, + { + "algorithm": "SHA256", + "checksumValue": "9884ee32b44b4535b2a22174e0ecbf519f20c59a1f4e95c36e533cb7b721ed28" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Glace_Bay", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Glace-Bay-6396e1bb85ca2420", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "40ba9843662a853c1d3643395db1a75c1164951f" + }, + { + "algorithm": "SHA256", + "checksumValue": "1bc0c62c609aa47fda60217f3a168be50a277fb14e02000fc1e94ee61b425817" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Godthab", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Godthab-e26f98fd4ad10e74", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4ff7ac72af2c09efd8e1779e5fba28288439df41" + }, + { + "algorithm": "SHA256", + "checksumValue": "d10822ffacf8c01b25cee6d99f0f862eea713a894818a9f1a3b63353519c4202" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Goose_Bay", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Goose-Bay-a82580e6f79f5ff5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "21d4df7695accb7b5164e41e28452f9655cd91a0" + }, + { + "algorithm": "SHA256", + "checksumValue": "26068bb9e8214af5f683bdb914e7c882982fb2ac591b29163a1019586a506516" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Grand_Turk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Grand-Turk-598379db727de0c1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "48735366abbf3760087cd1533f24415136763745" + }, + { + "algorithm": "SHA256", + "checksumValue": "e1838510f2bad017a5dbf7c2b18eaf499c5470c24a8e22adc8e7ff4349211305" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Guatemala", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Guatemala-be051504c746aade", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e0d50c845873aa466c9a2b020326d57af4d39b3d" + }, + { + "algorithm": "SHA256", + "checksumValue": "76e81480277a418e76c87907b943f88d15b3a39c78dfd2108a06980af105e3a4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Guayaquil", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Guayaquil-f63f6f85c3f220a3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8415ce0daac4cfe819154671e05b4185b9c08970" + }, + { + "algorithm": "SHA256", + "checksumValue": "3db705e1bbc6026f9a17076d18fa2d272de46f8370a325b0c60c0bf7c05e5160" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Guyana", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Guyana-15e0b2f49afa5fb8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d48d26f50f53db2dd9ddcbb6acb5723cb49e81b2" + }, + { + "algorithm": "SHA256", + "checksumValue": "89c1eed182c2261c24f43e3b7f85420478277b1eb21ab638245b6391f308783b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Halifax", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Halifax-79b1a23ae343c28d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "93568fd7e148b3f61fca5f36f8ae0a5b3b107fe3" + }, + { + "algorithm": "SHA256", + "checksumValue": "4d9a667393f05a82df4df42843f6f7535ec113689529278d911d07a3c99b4e7f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Havana", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Havana-e4917ad7e3741dd9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "51c1a7a700e4028481e506e58faf22f9677c5e29" + }, + { + "algorithm": "SHA256", + "checksumValue": "1d441e02e281b04908e522d98eaca75c808e51539a8e42b3287e6bf8ebf939d7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Hermosillo", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Hermosillo-ea46ed9196f3d64d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e055ab758b61beef7d8a4ee5a6b38d789c5f6b2c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8b160a7acb4b992ee05a86e4f4aaba16d2d9a35caa6d601cb6b1542a5bb372dc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Indiana/Knox", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Indiana-Knox-097d210877f6bbc8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "41fdfe70a9789d427dc4be468f559a97ee9fcf54" + }, + { + "algorithm": "SHA256", + "checksumValue": "0acbd9e412b0daa55abf7c7f17c094f6d68974393b8d7e3509fb2a9acea35d5f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Indiana/Marengo", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Indiana-Marengo-f6e3d69d53a65a0e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0530ef4b3396d7031cc5e4ff82dc42c10f2f89a1" + }, + { + "algorithm": "SHA256", + "checksumValue": "7f7b50fa580c49403b9ef9fae295e12ad24bee65b319a8e809e81ae4c10949b2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Indiana/Petersburg", + "SPDXID": "SPDXRef-File-...zoneinfo-America-Indiana-Petersburg-00a4fc892c991cfb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "570cef94f900163bce34b3f85b9ea5b36df92146" + }, + { + "algorithm": "SHA256", + "checksumValue": "03cf0e1ee334460de230b1e32a05eafddda36427554b2b5442cfbd5b429c1724" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Indiana/Tell_City", + "SPDXID": "SPDXRef-File-...zoneinfo-America-Indiana-Tell-City-66e3e42e88e3467b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "20594c1309a07d4691ff9af0a77782b5e2d95c61" + }, + { + "algorithm": "SHA256", + "checksumValue": "e1d5aa02bf58d815df2f8a40424fbcd5cde01a5d9c35d1d7383effc09861867f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Indiana/Vevay", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Indiana-Vevay-b1c6be64f1598066", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3959be4d9e86c9c1a7f8febc46554584b2a7ceff" + }, + { + "algorithm": "SHA256", + "checksumValue": "1fb551d86fbfb03fc2e519b83f78358910b515608f8389b43060f73f53cbcec9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Indiana/Vincennes", + "SPDXID": "SPDXRef-File-...zoneinfo-America-Indiana-Vincennes-f5a1cbbac5704326", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f9a3d65b42b008c5a85c73934fcf94eaeac4b931" + }, + { + "algorithm": "SHA256", + "checksumValue": "eb6980c53ec03c509aa3281f96713374ea5ef9fb96d7239b23a9ba11451c4bb0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Indiana/Winamac", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Indiana-Winamac-a8c22c4c598830b6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5d169fbd02f628dd6fdafbbab7a7e4a6da54fd21" + }, + { + "algorithm": "SHA256", + "checksumValue": "69918cda347c087f411d252aed7ca08b078377a768ad72cf5e0db8e97b1b47ab" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Inuvik", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Inuvik-f232ff6f62af2a7b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1291de8f6d914ee264f0b27a55278ff12a00ad7a" + }, + { + "algorithm": "SHA256", + "checksumValue": "e89fa66a90e7ae4f40d4bb6cc28137e2da92cbfb9f79d70404dc62c64ac48c8a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Iqaluit", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Iqaluit-b5b43a537b956807", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "210193fdb9be1a88f5d245ddf3dce819469be233" + }, + { + "algorithm": "SHA256", + "checksumValue": "7de3a7c40374374afe335aa592b03824cc9ac28734b6a69ed2288108f0c0b389" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Jamaica", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Jamaica-0ee4e00c20eb77b0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "77453a2772c127d0b213f8580ff7890cbf7b4929" + }, + { + "algorithm": "SHA256", + "checksumValue": "c256a089e50f45fe7e6de89efa1ed0b0e35b3738c6b26f2f32cf2e7f6f29c36f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Juneau", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Juneau-790fa2b99a8abe0b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "740e88dcd737d076404c386330bd379d55ee8281" + }, + { + "algorithm": "SHA256", + "checksumValue": "93b8716f46864677e713e0c18b72e472303344fc807f4fc7c34bd515f8c679bd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Kentucky/Louisville", + "SPDXID": "SPDXRef-File-...zoneinfo-America-Kentucky-Louisville-cb8e9eb83e52c3ea", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a63a322042aab6a2583de2f636a5eb15f71eae33" + }, + { + "algorithm": "SHA256", + "checksumValue": "b4fd3bdb157f9ffbc8423c71709efb0067868fac8bd4a3e99f77f089db3d8355" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Kentucky/Monticello", + "SPDXID": "SPDXRef-File-...zoneinfo-America-Kentucky-Monticello-312cc6f73b42ebc3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ad63bf4d1228ab308b2ed6758c21fbebb56395db" + }, + { + "algorithm": "SHA256", + "checksumValue": "2ed7720a8f3906b5d0b3aae51fad589bef0aa961c7e8fc003a30f44318487733" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/La_Paz", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-La-Paz-26a99c7d4a95e43a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "631b8d0f538c7ec23d132fd7d72fb1ff64b938ae" + }, + { + "algorithm": "SHA256", + "checksumValue": "3c0185d9553f40ec36c53d42a9da763fc023f615cc55694207257b72f7c843f9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Lima", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Lima-76c0c45bbfc61e39", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "75864c99309070f61b033c039b7509c89da5ab08" + }, + { + "algorithm": "SHA256", + "checksumValue": "2470c283de6ec3a044bb86b819fca2926d6cf2b9bc02c60f1bc749c5040d645b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Los_Angeles", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Los-Angeles-64947a93aceb9392", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a4f1faebf0f0d032290ef87bb9973c2ff8f84074" + }, + { + "algorithm": "SHA256", + "checksumValue": "68977bb9ad6d186fefc6c7abd36010a66e30008dcb2d376087a41c49861e7268" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Maceio", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Maceio-17da2ac5fdcc25a6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c0295301332918d79abf0bb349cc1fee3b9f2db9" + }, + { + "algorithm": "SHA256", + "checksumValue": "a738cd82199e1e1bc5e1a237703ab61bfe6def505234621b4401793662720e6c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Managua", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Managua-8abee6515b5f03b5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "566a887308e8e16a9cebb62f3d4124b42c331674" + }, + { + "algorithm": "SHA256", + "checksumValue": "c41cc5d350079f61367c3f10772f831c57b7e94aa878da4a3df0a176e04a59d9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Manaus", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Manaus-b58b430e813e1e19", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a759afda024a0ba961569017b3003805849c6f61" + }, + { + "algorithm": "SHA256", + "checksumValue": "969e91964717250ee64ac2aa9c4802f2cbc956b143264ff5eb1c6f7e9352a4ae" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Martinique", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Martinique-cb5ca6e7813dea77", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "caf0e4c5fdae59d1b6c1278ad7ac84bf03bcb0a9" + }, + { + "algorithm": "SHA256", + "checksumValue": "7ccb3cd24394d9816f0b47fdcb67a37bdec9780b536016a65eb9e54ee9cd2f34" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Matamoros", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Matamoros-3994723bfb139261", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "638e4541bddbb0164c8d62590ff1bb97f88b822e" + }, + { + "algorithm": "SHA256", + "checksumValue": "7eaf8fa9d999ad0f7c52c1661c0f62be3059bf91840514ceb8b4390aee5a8d6f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Mazatlan", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Mazatlan-8d2a9e70b1763d0f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "44c28415e815f8e2b53604195f85da07b04d829d" + }, + { + "algorithm": "SHA256", + "checksumValue": "0561f636a54f0353ecc842cf37fd8117c2a596bb26424aa0d5eba3b10be79f1f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Menominee", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Menominee-b7ff261fe1222dc9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "88fd8d108c020a3294eae6c83ad187cf0b01a602" + }, + { + "algorithm": "SHA256", + "checksumValue": "02bbfd58b6df84d72946c5231c353be7b044770969d3c1addf4022c46de0674e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Merida", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Merida-3ad1c8c3c0c61955", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8e07f8356362c517ef41035a0394a59363cebfc0" + }, + { + "algorithm": "SHA256", + "checksumValue": "4953441c26b38e899fb67b8f5416b2148f84f884345a696e1df4e91cfd21dddd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Metlakatla", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Metlakatla-cec5d92d2742b191", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9f327158b98652913af4d66c5257cfc014340536" + }, + { + "algorithm": "SHA256", + "checksumValue": "b709a27864d563657e53c9c5c6abf1edab18bfc1958de59d2edace23b500a552" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Mexico_City", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Mexico-City-a59b7b888d5b4655", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f46bb76507fbd52204eef47c12c9320bd7945af7" + }, + { + "algorithm": "SHA256", + "checksumValue": "528836f85316cf6a35da347ab0af6f7a625a98b7a8e8e105310477b34c53c647" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Miquelon", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Miquelon-94d8f29154035f0e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1418becc2c2023ac3dba15d27e5fd6b6b3b6fd5a" + }, + { + "algorithm": "SHA256", + "checksumValue": "c1e3fb359fc8c508ace29266314768a6211b28e217c2457b2d3c6e9e0cdbf06d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Moncton", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Moncton-418571b0a4cdaf67", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c08e5d548c3bb971f1a1236c397ded4f7227d769" + }, + { + "algorithm": "SHA256", + "checksumValue": "5a6bfe6e4f5a28a7165b33a9735505bbaec739fc1a224d969a1dcb82a19cb72b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Monterrey", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Monterrey-3589032a6e7d507f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ceaf09cf6075be4ff98b5716e65d197c9f302864" + }, + { + "algorithm": "SHA256", + "checksumValue": "622c5311226e6dfe990545f2ea0df6840336811e065d73ea394e2dbf42f7906d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Montevideo", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Montevideo-043695b356310635", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "06e3ef1048ffd289a424fba8e053601b353cc2fa" + }, + { + "algorithm": "SHA256", + "checksumValue": "e237204de80ae57f05d32358ce4fb7a32499e14f57434f546d327f9a5bbc37bd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Montreal", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Montreal-92b007f40eddfeb5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a6d038ecff7126ee19ebb08a40d157c9a79964cd" + }, + { + "algorithm": "SHA256", + "checksumValue": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/New_York", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-New-York-d97d6872449d4e6a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bc9337182ee4bad790b527f56bd3d2130691d693" + }, + { + "algorithm": "SHA256", + "checksumValue": "e9ed07d7bee0c76a9d442d091ef1f01668fee7c4f26014c0a868b19fe6c18a95" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Nome", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Nome-3ee9e9bc94152cab", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1e6cf03e0c8fbb7a079090cf164e73291681bafc" + }, + { + "algorithm": "SHA256", + "checksumValue": "da2cccdfe3fe3ea27dcdae8c761cc57ccbcf14dabb1a29baf6d02f1303de636b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Noronha", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Noronha-831f0664c5476a76", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f0e29b45f9003c1ff8ed350b40b1369e8a569d0f" + }, + { + "algorithm": "SHA256", + "checksumValue": "dd1e252d5f238394a58e10b9395542939d58efb11f8e8eb309efa8a6983f145a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/North_Dakota/Beulah", + "SPDXID": "SPDXRef-File-...zoneinfo-America-North-Dakota-Beulah-8f7068be9c87455e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "99080962e50069d5e6a206bff8931a67b5afebe9" + }, + { + "algorithm": "SHA256", + "checksumValue": "aad81ba8dbbc3370241c5da7fbfa12a6cd69613e12c607256e490f29b5da047b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/North_Dakota/Center", + "SPDXID": "SPDXRef-File-...zoneinfo-America-North-Dakota-Center-7c03028642527858", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16ee5640265f404a2a64cbb48547b834b780cf71" + }, + { + "algorithm": "SHA256", + "checksumValue": "f5959b2bd60a92ab942f2054152dcbaff89dc5bb7b57bcb85b810ed0a9f6d2cc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/North_Dakota/New_Salem", + "SPDXID": "SPDXRef-File-...America-North-Dakota-New-Salem-2eb23f6b7c6b479e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6d1defaee32cee5fdaaa1405460d9ee4e4dceb55" + }, + { + "algorithm": "SHA256", + "checksumValue": "0c7fdbb107ee5272b6a1b75bd3a2a08ac3b85cbaa1b75d815ddae052c659bde8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Ojinaga", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Ojinaga-01ce09736956ec2d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "346cae590643f608e6c31870966e576f2c194936" + }, + { + "algorithm": "SHA256", + "checksumValue": "6f7f10ffb55d902673695c1bece5ee75d8a1240cd428f4d3a97726a419b59ed1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Paramaribo", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Paramaribo-7e585fce630f1e19", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "af2b3e2554003e56ec6e09f4ab2cc646cef58e06" + }, + { + "algorithm": "SHA256", + "checksumValue": "1e6e6d0f05269e84eb4d43c43b8580adf485ef8663cb0544a1ccb890be751730" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Port-au-Prince", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Port-au-Prince-9f28d3c8d4d5de91", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9901445a7bf4a993111d087ef812890dd44a67be" + }, + { + "algorithm": "SHA256", + "checksumValue": "d3d64025de083a23297dda54b85d54e3847f851b7a06fa409055ce9d83bdc8e3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Porto_Acre", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Porto-Acre-797ef78fce0668f0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "23649fa3b661b1a7b1332e38479d24bcdb4e902f" + }, + { + "algorithm": "SHA256", + "checksumValue": "d7ba27926f0ffd580c904ae32bdaebd2ac0d9e2eeaa7db6071467dde0de5b4eb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Porto_Velho", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Porto-Velho-593cb16b27097278", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d55253cee37291a6cf91e4bbccca6473cf6679aa" + }, + { + "algorithm": "SHA256", + "checksumValue": "6517f380612edba86797724fb6264b3921468ff58149b38a7622c2d712327397" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Punta_Arenas", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Punta-Arenas-013750e15c50f33e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5a64891fd90cbc2ba9e1d7dfe1689dee65affef3" + }, + { + "algorithm": "SHA256", + "checksumValue": "dfd2c88e86a8399349656b1820dfd061d842e1caea6c2e8b5abc683d6761f441" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Rainy_River", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Rainy-River-e9aee5bc271dcd1a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "684c62d80d16a9256c9123074466cc5d0288daea" + }, + { + "algorithm": "SHA256", + "checksumValue": "ecffbf610ae77857289fb40a4933a79221a3129a450e7dd9e3c309d6aabc541c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Rankin_Inlet", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Rankin-Inlet-ee5d12e425b2a4f6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f517c389db4ac89bc79cbf8ee5736f0cad7bc7b9" + }, + { + "algorithm": "SHA256", + "checksumValue": "9d782a8cbdced815747a6f9793ca9545165bfd7d324261c4eaf9924af23d2b37" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Recife", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Recife-29d9570982072ae4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6a681fe7cafc3cabe9a7ef75699e4e5fa7f6a81a" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a314dd99cd97b9a0161d97c020dd2c261a38f625e558617d95a3bebb836b3a2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Regina", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Regina-fd29287444e98f95", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ecd6b0c718b65c0c90e8097943a899c0b0cb60d8" + }, + { + "algorithm": "SHA256", + "checksumValue": "ca3a93d3ca476c80987bcdc7f099ad68306f085a91bfb4dfcdedd8f31b97ba4c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Resolute", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Resolute-6506494742ab1f9e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c01bda981211a1387a2c18d7a57165e72da83d95" + }, + { + "algorithm": "SHA256", + "checksumValue": "0a7314d9d048fbadefb7cf89d10d51a29c7ef1bf694422e386faf270c21e7468" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Santarem", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Santarem-db9ed6006ae2095f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f39fa90abacd688c7f6599bdbdd8c144a0b7c5b1" + }, + { + "algorithm": "SHA256", + "checksumValue": "1a5fe5237a4f679ed42185d6726693a45a960c0e6b7ba6c78759d6b3f674f8d7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Santiago", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Santiago-56f140668c930944", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6788d98647fb2019aa749acfb7236e77e84c4533" + }, + { + "algorithm": "SHA256", + "checksumValue": "ef9d2bf24112c65671eea391722ad6ae2cbf5f2f6ed5fcee8cc2c860780bfa01" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Santo_Domingo", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Santo-Domingo-06c8dae4fcda6094", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a135300f73df9c427db37aa9ba29e25f83463211" + }, + { + "algorithm": "SHA256", + "checksumValue": "0cab5a123f1f43ddb26c84d3594e019b5eb44bda732665156e36964677a7c54e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Sao_Paulo", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Sao-Paulo-23e1dd3ee39e9c2e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "96caf0f5c9ad021d2ca06e2b48ef7e3e52bff41d" + }, + { + "algorithm": "SHA256", + "checksumValue": "70edd519e90c19d49fd72e1ffd4824a433117acdbafa5d68194a038252225108" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Scoresbysund", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Scoresbysund-3b1a0b290e22f7ce", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7497b479af7c157e844a90ecbfc041db4f639f04" + }, + { + "algorithm": "SHA256", + "checksumValue": "75a39cf7fa0b8f250c4f8453d43588fbcc7d0e0ae58be81e2d45ce8891292c96" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Sitka", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Sitka-2214a1edfbca4d81", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7bb2fd466acd0399f44f56c2ed9a2a0353fb2f82" + }, + { + "algorithm": "SHA256", + "checksumValue": "6a24bb164dfb859a7367d56478941e17e06a4cb442d503930a03002704fc5310" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/St_Johns", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-St-Johns-6bd19075def974a6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4336075a81adbebeb26ca297ce309dc595b86463" + }, + { + "algorithm": "SHA256", + "checksumValue": "af5fb5eee2afdbb799dc9b15930fc32d941ba3ac2f8eeb95bbb0b6a43b263a02" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Swift_Current", + "SPDXID": "SPDXRef-File-...share-zoneinfo-America-Swift-Current-db3b41478abd19c9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e607b1ddf124e4061e437365e16404633bbdc4bd" + }, + { + "algorithm": "SHA256", + "checksumValue": "45128e17bbd90bc56f6310fc3cfe09d7f8543dac8a04fecbbbcd1abd191f3c36" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Tegucigalpa", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Tegucigalpa-4293d64c3fcafdb2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fe5537f0f326f4513aaf98ba68268b0798e72e0b" + }, + { + "algorithm": "SHA256", + "checksumValue": "1333b3ee7b5396b78cabaf4967609c01bf0fb3df15f5b50c378f34b693c8cb0e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Thule", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Thule-181ac7465d94e356", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c4e304073f4f90890439ca6205d60e20d2495f16" + }, + { + "algorithm": "SHA256", + "checksumValue": "f31b8f45a654f1180ee440aa1581d89a71e2a1cf35b0139a8a5915bbc634da2f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Vancouver", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Vancouver-1dafda874efa42e4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b42a450523068cc1434b8774082525d8dc2a8e4f" + }, + { + "algorithm": "SHA256", + "checksumValue": "b249ca1f48d23d66a6f831df337e6a5ecf0d6a6edde5316591423d4a0c6bcb28" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Whitehorse", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Whitehorse-5895d89acd4e3705", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4a8f00d33b5ca551a16cedc68cc8528fb4c111d8" + }, + { + "algorithm": "SHA256", + "checksumValue": "4eb47a3c29d81be9920a504ca21aa53fcaa76215cc52cc9d23e2feaae5c5c723" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/America/Yakutat", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-America-Yakutat-be5bb17b40fd50c2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f115ac1b5b64b28cad149f1cdf10fb0649fe5c48" + }, + { + "algorithm": "SHA256", + "checksumValue": "b45c2729bbf0872ca7e0b353027e727bf2560ddc6309eacd0edee83b05303b63" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Antarctica/Casey", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Casey-8f71ccf80b2ad19b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "da1d193862e1725420329b257e1b856b13dcdc7a" + }, + { + "algorithm": "SHA256", + "checksumValue": "f8c45f27605f5b7f12c009a914042a53ad991ac268056fc49b61a093d620be52" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Antarctica/Davis", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Davis-0212eb2afb4e13a0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "87abeedc268901cc371d93faf9b775634a6c401b" + }, + { + "algorithm": "SHA256", + "checksumValue": "e8fa24c8e69a212453375dec8acb8681db79bc6e40d98a8da282697cb4dbe524" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Antarctica/DumontDUrville", + "SPDXID": "SPDXRef-File-...zoneinfo-Antarctica-DumontDUrville-dfee78d6cc699226", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "65f9954328a5fda173ff0ce420428d024a7d32c3" + }, + { + "algorithm": "SHA256", + "checksumValue": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Antarctica/Macquarie", + "SPDXID": "SPDXRef-File-...share-zoneinfo-Antarctica-Macquarie-b0ce1cac5c29fc5c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "99cbdcf1d9afe0907b96f0ca06636bde4e5383c3" + }, + { + "algorithm": "SHA256", + "checksumValue": "89eed195a53c4474e8ad5563f8c5fc4ad28cab1fe85dfe141f63d4aa9cdcc1ed" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Antarctica/Mawson", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Mawson-b22d792fc4fc1316", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cb34c38a02c76beb5b321971d94869451a5ceab1" + }, + { + "algorithm": "SHA256", + "checksumValue": "f535b583fcf4b64e447de07b2baf55268f1a80eefe2bd67159b8aa34a9d464d1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Antarctica/McMurdo", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Antarctica-McMurdo-24faa7550e718ffd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "78d4d3a481c49ab7ff31722bced30e1c31e8bc98" + }, + { + "algorithm": "SHA256", + "checksumValue": "8000e3a323e8fd0212414e9426b020707a771c368ca0e151747f9ddb7b814b27" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Antarctica/Palmer", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Palmer-0277a7b6c13e0e18", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "12519921ed4c4f6684c5069a251141378f7134a4" + }, + { + "algorithm": "SHA256", + "checksumValue": "0d6fc35c1c97839327319fb0d5b35dbbc6f494a3980ff120acf45de44732126e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Antarctica/Rothera", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Rothera-13197f3fca74319d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "05bc718d8f51e2dc23989d149b8dc7529a87bf1b" + }, + { + "algorithm": "SHA256", + "checksumValue": "4102359b520de3fd9ee816f4cfeace61a3b0c69e178cc24338a33d4850d43ca8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Antarctica/Syowa", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Syowa-afd4814904e23921", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bde5a629fdb78b40544b8018b2578f0b085045cc" + }, + { + "algorithm": "SHA256", + "checksumValue": "aeaf4a3e3f25d050679ca9fddd690c780d489e036d4f3939fe8578b04661738c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Antarctica/Troll", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Troll-b79fe7da5b4023c6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0f3bab6c4d956dd8e8bb969e354e1a211980e244" + }, + { + "algorithm": "SHA256", + "checksumValue": "df3ae1f8ffe3302b2cf461b01c9247932a5967276ae26920a3f4c3a9cb67ddce" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Antarctica/Vostok", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Vostok-932e0a15f794d6ea", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cab2a7ae9eb3304377d15b3761e4beca547fb07e" + }, + { + "algorithm": "SHA256", + "checksumValue": "fd919da6bacf97141ca6169c92cf789f6a6e5a7c816564b5a9f17b329124355d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Arctic/Longyearbyen", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Arctic-Longyearbyen-734f0946a03d7707", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "918341ad71f9d3acd28997326e42d5b00fba41e0" + }, + { + "algorithm": "SHA256", + "checksumValue": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Almaty", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Almaty-8521e77186536070", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4b4d8aabb1fd81e39b5b8fd2d3506875966a3c34" + }, + { + "algorithm": "SHA256", + "checksumValue": "0027ca41ce1a18262ee881b9daf8d4c0493240ccc468da435d757868d118c81e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Amman", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Amman-3c1113be1893fc56", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fdffb8cdba7aaf42ba9f8e1f1d9093c21ed77027" + }, + { + "algorithm": "SHA256", + "checksumValue": "5fd1b785b66b85d591515bc49aaf85e05e94a1c4156698f0a2b6c17eee93d9f6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Anadyr", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Anadyr-85439c400bbc86d5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5e18546688a8d72426a93024673be6a7b890ca49" + }, + { + "algorithm": "SHA256", + "checksumValue": "8430d3972e397a3a1554ff40974ed398aa5300234625a20f95c5cb45bb06ff88" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Aqtau", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Aqtau-05134288540b9a17", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b5c1626f08af9ec32dadbbfcdb69f5a2a83445cb" + }, + { + "algorithm": "SHA256", + "checksumValue": "0397b164ddb9e896a01494dc6ac81d0ab43c8223aa6761053115580564daa990" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Aqtobe", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Aqtobe-1977e82ca78998ff", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "67f145b5d2958ced37d7c63144ca314cc3a5619c" + }, + { + "algorithm": "SHA256", + "checksumValue": "2d0ecfe4b1047bb8db59b8eabf398cefd734a3a01d65e084c504be7ce5a9f32c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Ashgabat", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Ashgabat-cabaebda56dc9639", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f077f5395b29d53b145792d5e2e309a99c4a7092" + }, + { + "algorithm": "SHA256", + "checksumValue": "2f80d85769995b272c61e1c8ca95f33ba64d637b43f308e0c5f3d1d993d6dba7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Atyrau", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Atyrau-6ba30209572ae26e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "879556e7e91d36d29c7921b7693b3aafa95ce9bf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dee128f3d391c8326a43f4ed6907487fd50f681f16a88450562d2079e63d8151" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Baghdad", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Baghdad-32fa3bb6af7e7c21", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "10843b2e6588534f57e4c05255923c461fcaf40d" + }, + { + "algorithm": "SHA256", + "checksumValue": "9503125273ae8a36dca13682a8c3676219ef2ad4b62153ff917140cde3d53435" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Bahrain", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Bahrain-6df9f4201e1bd0e4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "918dda414e2e89ca2b735946a84d94c42a24f452" + }, + { + "algorithm": "SHA256", + "checksumValue": "574ac525d2c722b4e82795a5dbc573568c3009566863c65949e369fbb90ebe36" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Baku", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Baku-7c204caa0f4f162d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8409d8a1289864bf61dd17a80524eb6aa36e9be8" + }, + { + "algorithm": "SHA256", + "checksumValue": "be11e796268e751c8db9d974b0524574bca7120d0773423e22264d7db0de09b3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Bangkok", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Bangkok-e7bbcf8faecb67e1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5c81d559f702a0239d5bf025c97e70b2c577682e" + }, + { + "algorithm": "SHA256", + "checksumValue": "798ab4be1f3d3758f4ebd511a10bed06ed277446a5e853ebb5b17c58228aa43c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Barnaul", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Barnaul-17d210f51ceceff4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1391b2598eff6e35378e261f36dd2f57b3e491bf" + }, + { + "algorithm": "SHA256", + "checksumValue": "d9cd42abc5d89418326d140c3fcc343427fb91a2c3acf66d1a7e0ce622596c9a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Beirut", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Beirut-1184d1f54fa15648", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fba8b66863fcd6bcabec3a13467e0b3450650ad5" + }, + { + "algorithm": "SHA256", + "checksumValue": "fd9ff664083f88bf6f539d490c1f02074e2e5c10eb7f590b222b3e2675da4b6a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Bishkek", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Bishkek-ddf4a0d970493a4c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d6c73a90b411c39d97ccda0ad8a57f252456881c" + }, + { + "algorithm": "SHA256", + "checksumValue": "768ff8922d49bd22aea54aef973f634641eca4385dbe4d43d88901c85b248c93" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Brunei", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Brunei-c8ee22b893a72c95", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "951d0ec46419658895f8005b2583badeff166bdb" + }, + { + "algorithm": "SHA256", + "checksumValue": "2ac02d4346a8708368ce2c705bb0a4a2b63ed4f4cb96c8fb5149d01903046134" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Calcutta", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Calcutta-b5e862a573d7ed9f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "856df72f3f593ff1e183505d743bf65e40a30aca" + }, + { + "algorithm": "SHA256", + "checksumValue": "e90c341036cb7203200e293cb3b513267e104a39a594f35e195254e6bc0a17cf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Chita", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Chita-f3cd5fc16ded8e9f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4a265169da96777e85b65b87ed5a3d64d801e791" + }, + { + "algorithm": "SHA256", + "checksumValue": "e0808e7005401169cff9c75ffd826ed7f90262760f1b6fef61f49bb8d23e5702" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Choibalsan", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Choibalsan-6a58270c4e19e86c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "90cad7fd7da7d6546622901db622595f1880f593" + }, + { + "algorithm": "SHA256", + "checksumValue": "bb2412cc8065d1fd935c7ae6526dd53ecd42f6ba34d77858980971eb25238776" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Chongqing", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Chongqing-5f259ebabd9e8726", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "79360e38e040eaa15b6e880296c1d1531f537b6f" + }, + { + "algorithm": "SHA256", + "checksumValue": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Colombo", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Colombo-ee9fd2a420997207", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0fe53f0c887f168201f4c4767068dadb1a698581" + }, + { + "algorithm": "SHA256", + "checksumValue": "1c679af63b30208833ee4db42d3cdb2ad43252e9faec83f91efb19ae60096496" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Dacca", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Dacca-d4e57dbd2e2c4a50", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5779829aea6d010cea872e6c2b6f1ac661d825e3" + }, + { + "algorithm": "SHA256", + "checksumValue": "dcae6594685ca4275930c709ba8988095bfb9599434695383d46f90ed171f25e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Damascus", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Damascus-86808dddd6ed4312", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "716b40d34b96db89c27eeb936693481abad8288b" + }, + { + "algorithm": "SHA256", + "checksumValue": "fb90ce2ad6329e7b146189c13108a7dd7b2d850f58e651bebdd9e20fde6d2037" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Dili", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Dili-0373ef1d181d86a6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f71f19932f5f7e625447e241be76b34dd2e75115" + }, + { + "algorithm": "SHA256", + "checksumValue": "9d4384e3039ac9fc4b4d9c3becc8aa43802f9ccecd8e0b20bbb82fb1ba227f61" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Dubai", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Dubai-cbb0ce76dec7a451", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "612f06ce47e5c3acb96b2b6eb8075d89ece41f90" + }, + { + "algorithm": "SHA256", + "checksumValue": "fa06b49b7b9af58ea4496444cf6fd576d715024abcdd6ad6defc63048ed6346b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Dushanbe", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Dushanbe-7206f4575066d8b5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1694cb3276a637899c86f26176b2b1f862d47eda" + }, + { + "algorithm": "SHA256", + "checksumValue": "15493d4edfc68a67d1ba57166a612fb8ebc0ec5439d987d9a90db0f3ca8cc7a3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Famagusta", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Famagusta-75275687a666710d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d7f718a82b28e4fedb4e6501fc94ca2a6ec758c8" + }, + { + "algorithm": "SHA256", + "checksumValue": "085adcca077cb9d7b9c7a384b5f33f0f0d0a607a31a4f3f3ab8e8aa075718e37" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Gaza", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Gaza-abb8a442c65a8e3d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "169848cd25c3fe443c5d0bdd5c96d68a949cfe78" + }, + { + "algorithm": "SHA256", + "checksumValue": "b7463171440be7754d2a729b2a28e7d0e13f31aaf21329e89da6ec7be893b73b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Hebron", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Hebron-c7583b1a24cdbb05", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "201832bdac94204b130b3d01a26f608357e8da26" + }, + { + "algorithm": "SHA256", + "checksumValue": "e98d144872b1fb1a02c42aff5a90ae337a253f5bd41a7ceb7271a2c9015ca9d4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Ho-Chi-Minh-bab9e9f85c79c245", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a96c3b96b551d852706b95e0bb739f8e62aee915" + }, + { + "algorithm": "SHA256", + "checksumValue": "e23774e40786df8d8cc1ef0fb6a6a72ba32c94d9cb7765fb06ed4dfd8c96065e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Hong_Kong", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Hong-Kong-ff72e7d686c2154d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0c3205dd5ec08d17c2161af789df8d05b1bda1b6" + }, + { + "algorithm": "SHA256", + "checksumValue": "6a5fcee243e5ab92698242d88c4699ceb7208a22ee97d342d11e41ebd2555a17" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Hovd", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Hovd-bb847c5ee50cdda3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5f8950afc6522a8c920cbeb079ac39ca26d52e38" + }, + { + "algorithm": "SHA256", + "checksumValue": "2549cea2cecf3538b65512b10fa5e7695477369ba1b17fcf8b5f2b23355ed71c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Irkutsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Irkutsk-b32984eb37225c93", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f82e877820027d4c48be625842047a6cfe008234" + }, + { + "algorithm": "SHA256", + "checksumValue": "894259095063a5f078acd2893abea0d33519b5c718624fc6934c13925c7c623d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Istanbul", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Istanbul-698282e99a14057e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "df6cbece3d9afb3aedb44e131b6e68a6cf74ca8e" + }, + { + "algorithm": "SHA256", + "checksumValue": "d92d00fdfed5c6fc84ac930c08fa8adf7002840dbd21590caf5a3e4a932d3319" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Jakarta", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Jakarta-c66466b6e18873a5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "be35b8895cd70cc9c5744d30260e82f0421a9337" + }, + { + "algorithm": "SHA256", + "checksumValue": "4ef13306f4b37f314274eb0c019d10811f79240e717f790064e361cb98045d11" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Jayapura", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Jayapura-3ebb04112fa6864c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "70cd707f6e144cf0cb40af01a70b9c4739208e48" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a1cd477e2fc1d456a1be35ad743323c4f986308d5163fb17abaa34cde04259b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Jerusalem", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Jerusalem-77dec77de21ce078", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "89e42d27cfb78255ae18ee02f5a4c8e3ba57dde0" + }, + { + "algorithm": "SHA256", + "checksumValue": "254b964265b94e16b4a498f0eb543968dec25f4cf80fba29b3d38e4a775ae837" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Kabul", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Kabul-2f19b94e364a70a5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b2379e605267b8766f9e34d322a5e3a657df7113" + }, + { + "algorithm": "SHA256", + "checksumValue": "89a97b4afc1e1d34170e5efd3275e6e901ed8b0da2ed9b757b9bab2d753c4aaf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Kamchatka", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Kamchatka-af2692a760bcc3d7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9902b94b8a6fbc3d4533f43d9be5cdb6302693ce" + }, + { + "algorithm": "SHA256", + "checksumValue": "a4103445bca72932ac30299fda124c67f8605543de9a6b3e55c78c309ed00bae" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Karachi", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Karachi-56962c5b00032699", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a4c69f1551a0a9bdd8d1817c547bd18218b570a3" + }, + { + "algorithm": "SHA256", + "checksumValue": "881fa658c4d75327c1c00919773f3f526130d31b20c48b9bf8a348eda9338649" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Kashgar", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Kashgar-1e4ac086c3c7f220", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c4fba0cb8c5f2ef8232782883fca5e7af1b1fdb2" + }, + { + "algorithm": "SHA256", + "checksumValue": "0045c32793f140e85e3d9670d50665f7c9a80cd6be6d6dc8dd654d4191c13d80" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Kathmandu", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Kathmandu-2137faa0e906ad55", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "454f1d251f8a9cd2c1559897f6b38a53fdbfe249" + }, + { + "algorithm": "SHA256", + "checksumValue": "4d4796eeb0d289f3934ac371be8f628086197c621311951ffb4123825c910d6b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Khandyga", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Khandyga-3dd26d3784448dae", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7ddab9699af73544e5b52a7477e0c5532216c59a" + }, + { + "algorithm": "SHA256", + "checksumValue": "5d8cc4dadb04e526b2f698347070d090413d693bb2da988548b006c7f77e7663" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Krasnoyarsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Krasnoyarsk-f8e012ae6fbc2748", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ec3786f8744bad78bbfc370674ad33ccba5d4080" + }, + { + "algorithm": "SHA256", + "checksumValue": "9f3470e0f2360222bf19ef39e1bf14ed3483c342c6432ddc6b962e38e5365f02" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Kuala_Lumpur", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Kuala-Lumpur-7cd97aee09ee2a47", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "429a0689e9ed127265705febf2c9aa5f47ac3547" + }, + { + "algorithm": "SHA256", + "checksumValue": "739e349e40a3e820c222f70c4c9d55810b65987ffb14e494d08b145ed3445711" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Macao", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Macao-7d447b2ce9446c96", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bbd377edbc12abe7cd74edc80086dd21bb34a6ca" + }, + { + "algorithm": "SHA256", + "checksumValue": "32f02447246cac0dabd39d88b65c85e5b8761617918c8d233f0834b88887d989" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Magadan", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Magadan-3c1f0c7b44068f06", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "34134a81b737efcc82e3be92b2d222319b36f510" + }, + { + "algorithm": "SHA256", + "checksumValue": "72ac23290b7c4e5ce7335c360decc066ecf512378e7cbc4f792635f62f7391f4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Makassar", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Makassar-f1dd28afef6d6466", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2d411fa607c974fe3d77ee18612a21717d226b5e" + }, + { + "algorithm": "SHA256", + "checksumValue": "3a126d0aa493114faee67d28a4154ee41bbec10cdc60fcbd4bfe9a02125780ec" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Manila", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Manila-18a968f29e5740c6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d1cabdadc66cf3536c77a812baa074080b2140ca" + }, + { + "algorithm": "SHA256", + "checksumValue": "f314d21c542e615756dd385d36a896cd57ba16fef983fe6b4d061444bbf1ac9e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Nicosia", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Nicosia-99b2bdbf14ff57d8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "642099c037f5f40aa6152f7590e3cee90b7ae64a" + }, + { + "algorithm": "SHA256", + "checksumValue": "d149e6d08153ec7c86790ec5def4daffe9257f2b0282bba5a853ba043d699595" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Novokuznetsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Novokuznetsk-371e66a63ad5cb5d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "52b0a7aff4332d6481b146155abbe90912bc1aaf" + }, + { + "algorithm": "SHA256", + "checksumValue": "bd019ca8a766626583765ef740f65373269d9e8a5ed513c9e2806065e950bbdd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Novosibirsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Novosibirsk-b1a17607f30e3edf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "823fbd64d76bfdcb6e3b0206b731fe407a6a188d" + }, + { + "algorithm": "SHA256", + "checksumValue": "0292f7b36d075f6788027a34dc709ad915dd94ba2d55bf49be7665ed6d6c334d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Omsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Omsk-aa8af4fed1af33d2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cb67208994f35a825847c36964546c8b8d1ad243" + }, + { + "algorithm": "SHA256", + "checksumValue": "c316c47ac7deedd24e90d3df7ea4f04fac2e4d249333a13d7f4b85300cb33023" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Oral", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Oral-9621ef6c92b03c21", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "deec78c1cebcbd9efb7c57486ca0344e5f8f1fb3" + }, + { + "algorithm": "SHA256", + "checksumValue": "88c8ea0f82ef0e0cb1375e6fec2ab211d043c8115a3a50a1c17d701f3d898954" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Pontianak", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Pontianak-132a3666861a86da", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ce2c32e874ec64696f76be4439aad95cc7e3c4e7" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a7397c2e2ad8cabf5cff7a588f65222a8d2b7ac21b6ec613de1b56298d4fc14" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Pyongyang", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Pyongyang-398efbbacb77ff35", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "99b004e8e97b94265617932951e7227b635ced64" + }, + { + "algorithm": "SHA256", + "checksumValue": "ffe8371a70c0b5f0d7e17024b571fd8c5a2e2d40e63a8be78e839fbd1a540ec1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Qostanay", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Qostanay-a0e0fb0ab31ce0e1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f7e8708a8ae86992953f273773b65d1e36e4afe4" + }, + { + "algorithm": "SHA256", + "checksumValue": "f76633d7074fa667abc02f50d5685c95e2023102c3c1c68d8550ae36c09e77b5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Qyzylorda", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Qyzylorda-57ebb2104f6050b6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "001a7c9f9de8d7edab286c756c0d0c03e90fad88" + }, + { + "algorithm": "SHA256", + "checksumValue": "6a2491c70a146d0f930477f6c1cc9a3a141bf3a8f78d0a57c1c41a48f9c0b705" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Rangoon", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Rangoon-64ec135af71c4d24", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b800894b13386d65d24df73322e82ee622f843de" + }, + { + "algorithm": "SHA256", + "checksumValue": "647b97f97547afc746263acf439716edbf23414bf78a1c9df95ccde78e6694c0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Sakhalin", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Sakhalin-722044944ad58575", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ebaa95b0bf93239c1ccf8f96856b86dc58afe726" + }, + { + "algorithm": "SHA256", + "checksumValue": "f7901d3f03a049ed20f70771ebb90a2c36e3bd8dc5b697950680166c955ca34c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Samarkand", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Samarkand-9c5a7e6750b42fe2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7bbf5c916ddd50548e8e5ed0324c59dc1fe9a693" + }, + { + "algorithm": "SHA256", + "checksumValue": "0417ba1a0fca95242e4b9840cafbe165698295c2c96858e708d182dfdd471d03" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Seoul", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Seoul-27b7ebcc965ed969", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "53c1223d1f4dec149d0cadd6d488672619abf0d6" + }, + { + "algorithm": "SHA256", + "checksumValue": "2c8f4bb15dd77090b497e2a841ff3323ecbbae4f9dbb9edead2f8dd8fb5d8bb4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Srednekolymsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Srednekolymsk-8c8ab4bea52abb5b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e860fc369629019ed59b45f5fed235cc6ea8dfb2" + }, + { + "algorithm": "SHA256", + "checksumValue": "d039655bcab95605c4315e5cfe72c912566c3696aebcd84d00242972076a125d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Taipei", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Taipei-07dd2930e1b6b74f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "515e1ab82b216406f364cf666dae998e4b8dc6f8" + }, + { + "algorithm": "SHA256", + "checksumValue": "0cc990c0ea4faa5db9b9edcd7fcbc028a4f87a6d3a0f567dac76cb222b718b19" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Tashkent", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Tashkent-179ea1c3ef1bc59c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bbc8a292471ac05d8774b14bcb177ab7fd7f7398" + }, + { + "algorithm": "SHA256", + "checksumValue": "2d2fb24f1874bf5be626843d23a7d8f8811193bba43e6a2f571d94b7ff9bf888" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Tbilisi", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Tbilisi-2d4abebbc2b2bf97", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7cb93f7abf7171eb40186248ecc885b541836e74" + }, + { + "algorithm": "SHA256", + "checksumValue": "c3a50dc60ca7e015554c5e56900b71a3fbbb9e7218dba99a90a4399d18227ddb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Tehran", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Tehran-61c77f2293826510", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a7cb8bf300b3177e2506a838f7fd218880350e57" + }, + { + "algorithm": "SHA256", + "checksumValue": "a996eb28d87f8c73af608beada143b344fc2e9c297d84da7915d731ba97566b4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Thimbu", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Thimbu-9da0d06e1fcead8c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16dc4bbfe2b3668b9b737033f4ecb2a9c1ee7e6a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ba26bca2be5db4393155466b70bc248db4f3f42ed984bab44f88e513862fbaf4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Tokyo", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Tokyo-66ccf3fa33e02a87", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "41852e7fc829ff3ace521bc3ebc60b6e43b56da6" + }, + { + "algorithm": "SHA256", + "checksumValue": "a02b9e66044dc5c35c5f76467627fdcba4aee1cc958606b85c777095cad82ceb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Tomsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Tomsk-ecf9f03cf839599b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5e7464939be7db8572e95aea8381f94bca70f91d" + }, + { + "algorithm": "SHA256", + "checksumValue": "efb6207492f111344a8d08e76871dfe78c4102a372c130f0410999e6fe80ab6f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Ust-Nera", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Ust-Nera-45e7be0fc4d7ce7b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0040f6ac898a101ca796115d646c4825833c0290" + }, + { + "algorithm": "SHA256", + "checksumValue": "2406614403dd6ce2fd00bf961ce2fc6998f1759c4b9860cd046302c3d4cab51f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Vladivostok", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Vladivostok-e32f01816e708557", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7480790ddac173ba580e52d0f8754eeacbff02b6" + }, + { + "algorithm": "SHA256", + "checksumValue": "5a892182d8f69f0523f7dda1ed2c9f07f7d134700a7cf37386c7ffa19a629bc7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Yakutsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Yakutsk-b3b0e2f90433506e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "79d6a645076e873ce22c53a10b3de9e27df7b2fe" + }, + { + "algorithm": "SHA256", + "checksumValue": "455088979d84bccae9d911b6860d9c8c34abf5086cb1c6804fe355f35c70ef37" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Yekaterinburg", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Yekaterinburg-af2f85e92c305a99", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16f2954e67502e5e98391383ab4712700e456ee8" + }, + { + "algorithm": "SHA256", + "checksumValue": "37355cd8388f7b2c3415d307c123d0245f64dedbd676dac44d988de7ca72c4b9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Asia/Yerevan", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Asia-Yerevan-6da615580f542f67", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f10e1a31e38b267009bed042efd8a54c7b2043a2" + }, + { + "algorithm": "SHA256", + "checksumValue": "934587b56416fdc0428dc12ff273f4d5c54f79354395fd7c950d3fbba7229f5a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Atlantic/Azores", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Atlantic-Azores-1a84896fd2eb9d3e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "088e1a1365d0e0c8091f595e30e1791b5f468313" + }, + { + "algorithm": "SHA256", + "checksumValue": "5daae581a2cbfa4926b50ac964e31f453141d0d3803ca4a4eea06a993d53c76f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Atlantic/Bermuda", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Atlantic-Bermuda-20b7ddeebb4a8e6b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "44e7011574ab916094cc410221bcff4960831155" + }, + { + "algorithm": "SHA256", + "checksumValue": "2cd18a7ccb2762fc089a34f2cd7acb84c3871c3bbba88ebb45b60d2afbc8d792" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Atlantic/Canary", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Atlantic-Canary-b4f91d8034801ec4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "395c4e66b52d9181e31450d07b5365a10ec26aa3" + }, + { + "algorithm": "SHA256", + "checksumValue": "ca62bdb9faa986f3630cade1ce290de067e4711dd07820623cac9573a16395b0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Atlantic/Cape_Verde", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Atlantic-Cape-Verde-4f2072b67274b92c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "897189e0cda96bfb3248ee7f48706fe94d687fc1" + }, + { + "algorithm": "SHA256", + "checksumValue": "11242f13775e308fa5c7d986d3224b12c157e4a465fbb73a803e4eda1d199bd4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Atlantic/Faeroe", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Atlantic-Faeroe-0e1e1c595cca2f74", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dd6b1178a2066e496edfcd2426d44ea5dd23a3d8" + }, + { + "algorithm": "SHA256", + "checksumValue": "3626dd64f66d6a99d847f9b22199cc753692286b0e04682e8e3d3f4f636f033b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Atlantic/Madeira", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Atlantic-Madeira-9f207aa74c31f0b8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e8dce3b2d2a4db52d0b3d19afd01d5b5473cd179" + }, + { + "algorithm": "SHA256", + "checksumValue": "4cac333702082b0d818dede51b57dde86e68f3e2fcb6d897a20d5b844ecdcc46" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Atlantic/South_Georgia", + "SPDXID": "SPDXRef-File-...share-zoneinfo-Atlantic-South-Georgia-fb61b3c1d01776f4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b2acac8196001a9458b5e6c6921d781df3290d78" + }, + { + "algorithm": "SHA256", + "checksumValue": "419ef67d12a9e8a82fcbb0dfc871a1b753159f31a048fba32d07785cc8cdaeb7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Atlantic/Stanley", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Atlantic-Stanley-41c24463c1caeb9c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f612730123deabdd609145696adeea2ea26f499f" + }, + { + "algorithm": "SHA256", + "checksumValue": "7b128c2f0f8ff79db04b5153c558e7514d66903d8ebca503c2d0edf081a07fcc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Australia/ACT", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Australia-ACT-dd7c01fb057a54fc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ca9f55088c536a5cb6993b1a5fe361c0617bc4fd" + }, + { + "algorithm": "SHA256", + "checksumValue": "42c3857585b16db2f8ffd47ba19faa60f473340de8d4fe9320ea7be861605906" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Australia/Adelaide", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Australia-Adelaide-07a3a3a51a8e3f6c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "91e31f0fe53950a7e8ac0bd66964069d4d7dabe9" + }, + { + "algorithm": "SHA256", + "checksumValue": "95dd846f153be6856098f7bbd37cfe23a6aa2e0d0a9afeb665c086ce44f9476d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Australia/Brisbane", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Australia-Brisbane-3090009812f92579", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d1cae3c294b3bc9e1d4a1e1e5457f63abb6b554e" + }, + { + "algorithm": "SHA256", + "checksumValue": "796e90cf37b6b74faca5e2669afb7524ccdb91269d20a744f385c773b254b467" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Australia/Broken_Hill", + "SPDXID": "SPDXRef-File-...share-zoneinfo-Australia-Broken-Hill-4195cb7a999e6f5f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7f8d2d9322173a3390737371410592ecbcb9e858" + }, + { + "algorithm": "SHA256", + "checksumValue": "de4ff79634ef4b91927e8ed787ac3bd54811dda03060f06c9c227e9a51180aa4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Australia/Currie", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Australia-Currie-38955202e36be11d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "db8884f4beb55ae0c292403cdb8ffc47c18effcd" + }, + { + "algorithm": "SHA256", + "checksumValue": "18b412ce021fb16c4ebe628eae1a5fa1f5aa20d41fea1dfa358cb799caba81c8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Australia/Darwin", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Australia-Darwin-2262e80d8459d76e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fa21b92f3596419128a660acccf2f1cf6aa66ab0" + }, + { + "algorithm": "SHA256", + "checksumValue": "7e7d08661216f7c1409f32e283efc606d5b92c0e788da8dd79e533838b421afa" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Australia/Eucla", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Australia-Eucla-180c377ec849fba4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "abf9ae83cf5720d60dfc849f06ea666b6e6c1a0f" + }, + { + "algorithm": "SHA256", + "checksumValue": "2f112e156c8cb1efdc00b56d4560a47fab08204935de34382575bc9366a049df" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Australia/LHI", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Australia-LHI-dbc117de4035649c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2304257244b530bcd036aae724f99aff416198f8" + }, + { + "algorithm": "SHA256", + "checksumValue": "2ee7f42f1fe2247ba1de465de0bc518dfdfab4b179fb05b650531534a353ee08" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Australia/Lindeman", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Australia-Lindeman-ce26ee87860739cc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8ac554523fc5300e535323ce58e46f8adb72c2e5" + }, + { + "algorithm": "SHA256", + "checksumValue": "c4ce94771db6a0b3682d1d58ec64211ce628bfc9f0df140daa073f35543624ae" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Australia/Melbourne", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Australia-Melbourne-1514165139b117f0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d6f744692e6c8b73de1eef051814f00e0d159e6a" + }, + { + "algorithm": "SHA256", + "checksumValue": "96fc7f31072e9cc73abb6b2622b97c5f8dbb6cbb17be3920a4249d8d80933413" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Australia/Perth", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Australia-Perth-d21755e322b75c3f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bb00a26c7ab0df1054fa1c4a71f0bd836a9be5f8" + }, + { + "algorithm": "SHA256", + "checksumValue": "025d4339487853fa1f3144127959734b20f7c7b4948cff5d72149a0541a67968" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/CET", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-CET-781ba5c6912c8771", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d90f3247c4716c2e1068d5ad9c88ca2091bec4e8" + }, + { + "algorithm": "SHA256", + "checksumValue": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Chile/EasterIsland", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Chile-EasterIsland-62d6b89873f37a68", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "17b3f0bf160601c93bdda3e7a0b834ecc1e06f20" + }, + { + "algorithm": "SHA256", + "checksumValue": "64eefdb1ed60766dd954d0fdaf98b5162ad501313612ce55f61fdd506b0788d3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/EET", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-EET-5ed840c9cb2b6f34", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fd241e817c1f999471c30d301238211a16f95866" + }, + { + "algorithm": "SHA256", + "checksumValue": "5c363e14151d751c901cdf06c502d9e1ac23b8e956973954763bfb39d5c53730" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Eire", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Eire-ffd566d34fc1d2f9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dbd27ca1fc5b5d8b864c48e92bb42dc49a8f442b" + }, + { + "algorithm": "SHA256", + "checksumValue": "75b0b9a6bad4fb50a098ebfffb8afdf1f0ffe6a9908fdd3d108f7148b647c889" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-971b147bcac60dc4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2a8483df5c2809f1dfe0c595102c474874338379" + }, + { + "algorithm": "SHA256", + "checksumValue": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT+1", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-1-99ada4e07c31c653", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "694bd47ee2b5d93fd043dd144c5dce214e163dd8" + }, + { + "algorithm": "SHA256", + "checksumValue": "d50ce5d97f6b43f45711fd75c87d3dc10642affa61e947453fb134caef6cf884" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT+10", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-10-badb4b2cb912dd47", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "df25f8ee32cd9ac7f9d3fdafb6ccc897e0675a5c" + }, + { + "algorithm": "SHA256", + "checksumValue": "244432432425902d28e994dd7958d984220e87a70ae5317b1f4d0f925b3eb142" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT+11", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-11-ce9e052bb4f505ea", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "326fa090be74ccc8e561a72ff2833a9a80460977" + }, + { + "algorithm": "SHA256", + "checksumValue": "b56bdcbd830509a13ad27255bc3aeba2feecb49becd4a4183b2ae1977773714b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT+12", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-12-5871dfbf7874cae3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9813523e1f092d2f0c0cd3e5f13e2738a51cb350" + }, + { + "algorithm": "SHA256", + "checksumValue": "6fbd0712112babc2099aaf31edc399cb8791fffddfab9b871e98ef3c1107a8c0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT+2", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-2-b2e4e38ed8791f04", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e3c40ede5206526dd50a7f8d710afad3da46c12e" + }, + { + "algorithm": "SHA256", + "checksumValue": "4fa129e7386c94129b61a10215407a8142a1de24d93f23285b59238689f1ad4a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT+3", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-3-9583da24d1cf6bdb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8f68d2cb81ec1c386f80f820d6aaf54b7444f5cd" + }, + { + "algorithm": "SHA256", + "checksumValue": "406a18ac4d386d427e3b32f7eddb763194f917158d2e92433d55e025bb2d6190" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT+4", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-4-7e295ef0c947ca85", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "32cfcd637174d91744d7dff4744e199750faf9d1" + }, + { + "algorithm": "SHA256", + "checksumValue": "456ae43648bec15ed7f9ca1ed15bee7c17ba2eb595a643c98226b94106049c1a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT+5", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-5-38c93329f777744a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cef7ce7bf61e746cc1ae39bbab9112bf1dfdc455" + }, + { + "algorithm": "SHA256", + "checksumValue": "a1199e0b8d5d8185d3fb3cf264844a5cdf48bdd2f60dae674eec261b6fe9ac80" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT+6", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-6-4312a77b0dee8bd3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "750271da92432a39887c376cd346144d785d4445" + }, + { + "algorithm": "SHA256", + "checksumValue": "77a7409f089e8f2148da7ec0cc59455b4685013eb360d123048106d2ebb4b1b4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT+7", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-7-9168bad0b03ce195", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6ca6def25e8ec04a636003be3f3642e9b165b5f0" + }, + { + "algorithm": "SHA256", + "checksumValue": "4ea8d86f3774607a71d708ac160d3c275f704e983aced24b2e89e0658fe5a33b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT+8", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-8-59bc2fa9b50cd094", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5c83913964f148a5e9d5add7eb511586880f4373" + }, + { + "algorithm": "SHA256", + "checksumValue": "b61ffc6c832662044f09eb01adb981851af48d03bbc2177bd0b898f477f02729" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT+9", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-9-226ab5fdc7401d2f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fefc384f96a7e856e72e7d723eb2638cb3e7d469" + }, + { + "algorithm": "SHA256", + "checksumValue": "42ae44ea2512ec9309232993ed8a2a948f0cb6ab55cb49abf6deb3585b5673d6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT-1", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-1-36c654c8c660a279", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0ab7ceaed57872977f2162ead3e08b3a2984757c" + }, + { + "algorithm": "SHA256", + "checksumValue": "ef7175794f2e01018fde6728076abdf428df31a9c61479377de7e58e9f69602e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT-10", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-10-a0fa56c69164af96", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4081769004bdca6d05daa595d53c5e64e9da7dfd" + }, + { + "algorithm": "SHA256", + "checksumValue": "7ca5963702c13a9d4e90a8ed735c3d2c85c94759934c3f8976f61f951cb522b5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT-11", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-11-5786305fa98ec735", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "268a542f171d142870c273ea63d2b297e9132424" + }, + { + "algorithm": "SHA256", + "checksumValue": "0f64bbf67ea9b1af6df7fdaf8f9c08ac5a471f63892dc08a3fabedc3315920d6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT-12", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-12-645ebfede035aaea", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7a7f58e042a671281dbf35baa7db93fc4661a80b" + }, + { + "algorithm": "SHA256", + "checksumValue": "99ee15ea599623c812afc1fb378d56003d04c30d5a9e1fc4177e10afd5284a72" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT-13", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-13-4ae492f507985141", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9f692f0a177436496fa8381438ee7ed1f9ae3f1a" + }, + { + "algorithm": "SHA256", + "checksumValue": "c5b99b1b505003a0e5a5afe2530106c89c56e1adedea599ac1d3ca004f2f6d1f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT-14", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-14-28b506d95f98eff8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f073c38db02ac6096f4f32948eda1574a34d9d0b" + }, + { + "algorithm": "SHA256", + "checksumValue": "3e95e8444061d36a85a6fc55323da957d200cd242f044ed73ef9cdf6a499f8a7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT-2", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-2-4eb3fe00ba14e9c4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "44c80b54e02666339300ec84db1f6f5566b5ba92" + }, + { + "algorithm": "SHA256", + "checksumValue": "bdeea158b75eba22e1a9a81a58ba8c0fa1cdc9b4b57214708ee75f4d9d9b6011" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT-3", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-3-91327d43c35f78a6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3de0e41581d474c91db326d9e755fe1b11172983" + }, + { + "algorithm": "SHA256", + "checksumValue": "37bee320b6a7b8b0d590bb1dba35d94aef9db078b0379308a7087b7cc5227eca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT-4", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-4-049b90f71d2fe7e8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b81f76f5a16830f56841502d65c3d271a0d94ee4" + }, + { + "algorithm": "SHA256", + "checksumValue": "2d2928e5f547a8f979cdfc231aa91b31afce167beda53ea8ff8c58c4dcfd9f9a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT-5", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-5-90d2820f5da684dd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4978924cbee929c87b2726c9d9b4d2d5d7590da6" + }, + { + "algorithm": "SHA256", + "checksumValue": "b8b69247931bd7c1d14ec000e52bde63d3c027dedd3bc433216a8d5dedf065be" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT-6", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-6-fbb68aefc6ca041b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "773e9072d36b0f3dca58dc5de24b9947f3fefdeb" + }, + { + "algorithm": "SHA256", + "checksumValue": "25237e454029849e747e922fedc602eae9ebb6bcfd4b55a66bea620c79467bb7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT-7", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-7-8822a65fabe47778", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6c3c180b690aee6c0320e6703f2f781618c4221e" + }, + { + "algorithm": "SHA256", + "checksumValue": "bd500e17cc54f53f444a7c3af1cd12157a5cbe4a28a5a8b04d1d336de7c71d25" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT-8", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-8-51bd19b360dbd27e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "280e22a595351b1fa0fdc3b3a3deed4e4840e31a" + }, + { + "algorithm": "SHA256", + "checksumValue": "4bbc4541b14ca620d9cb8bf92f80fd7c2ae3448cf3a0b0b9a7c49edb7c62eeeb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/GMT-9", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-9-0bf6c8d5e79525f9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f62a1c06f8a901efa933208ae9501c9a2f78a269" + }, + { + "algorithm": "SHA256", + "checksumValue": "239bc736650af98ca0fd2d6c905378e15195cc1824b6316055088320a3b868c2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Etc/UCT", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Etc-UCT-3289702b1d71d398", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d0b8991654116e9395714102c41d858c1454b3bd" + }, + { + "algorithm": "SHA256", + "checksumValue": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Andorra", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Andorra-c1243c1120ba7c56", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4fbea0614a049786c42ba65ea8bea4b12a7a6ef3" + }, + { + "algorithm": "SHA256", + "checksumValue": "8130798c2426bc8c372498b5fef01c398ba1b733c147a457531f60555ea9eae8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Astrakhan", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Astrakhan-4ea56c2152db1aaf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6bdbac46bf6de697e0cb750be284973b05035877" + }, + { + "algorithm": "SHA256", + "checksumValue": "cb0b732fdd8a55fa326ce980844f5e1ea98c72f2599b96f48ece460dd5882444" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Belfast", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Belfast-006b1ef26c19fa86", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1beba7108ea93c7111dabc9d7f4e4bfdea383992" + }, + { + "algorithm": "SHA256", + "checksumValue": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Belgrade", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Belgrade-5c6bfcdbc4578b60", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "961a2223fd1573ab344930109fbd905336175c5f" + }, + { + "algorithm": "SHA256", + "checksumValue": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Bratislava", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Bratislava-dd8aa6a155f509af", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "396eb952fc9ee942964181ca4e5a2dcdb5e92901" + }, + { + "algorithm": "SHA256", + "checksumValue": "fadd1d112954ec192506fb9421d7a22a80764fe4ae7b2eb116290437fec33167" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Bucharest", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Bucharest-e1ede9996d1494c2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7176e5201942e3b2db81c853b0215abc86fd0ae7" + }, + { + "algorithm": "SHA256", + "checksumValue": "9df83af9b5360fa0cc1166fd10c2014799319cdb1b0d2c7450a7c71ff673a857" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Budapest", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Budapest-eba681381951981d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "91adb207dce9a1bfffd91c527c87591862b5befa" + }, + { + "algorithm": "SHA256", + "checksumValue": "94dc2ac5672206fc3d7a2f35550c082876c2fd90c98e980753a1c5838c025246" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Busingen", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Busingen-a0e66e6c4fdddb35", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "782d7d6812933a263ebfff012a0120d480071b1b" + }, + { + "algorithm": "SHA256", + "checksumValue": "2b9418ed48e3d9551c84a4786e185bd2181d009866c040fbd729170d038629ef" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Chisinau", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Chisinau-a040004dfdfc4b8f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3c7ec1a8e357d2bbaead94d299dbe16db67b43ba" + }, + { + "algorithm": "SHA256", + "checksumValue": "a7527faea144d77a4bf1ca4146b1057beb5e088f1fd1f28ae2e4d4cbfe1d885e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Gibraltar", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Gibraltar-67a4fe6b7b5e0b6a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "122f8383ab55c80eb33fe83cb2c8e870104260ee" + }, + { + "algorithm": "SHA256", + "checksumValue": "6bced6a5a065bf123880053d3a940e90df155096e2ad55987fe55f14b4c8a12e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Helsinki", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Helsinki-dda9eee877f7aecc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3f01ceaf46492fcbd8753bc6cff72ca73df6d1f1" + }, + { + "algorithm": "SHA256", + "checksumValue": "184901ecbb158667a0b7b62eb9685e083bc3182edbecdc3d6d3743192f6a9097" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Kaliningrad", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Kaliningrad-38303342a053167e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a02a78fd9fd74fa6cd9abe6546273519018d5030" + }, + { + "algorithm": "SHA256", + "checksumValue": "b3b19749ed58bcc72cec089484735303a2389c03909ff2a6cff66a2583be2cc3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Kiev", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Kiev-108c1e7b2a68808d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "946d9ae0ff7ee36e2d8809629da945ae868f4d65" + }, + { + "algorithm": "SHA256", + "checksumValue": "fb0ae91bd8cfb882853f5360055be7c6c3117fd2ff879cf727a4378e3d40c0d3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Kirov", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Kirov-23c601af39604c0a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "22357ac98d315c82d585badfb9afe934a709f107" + }, + { + "algorithm": "SHA256", + "checksumValue": "3fb4f665fe44a3aa382f80db83f05f8858d48138f47505e5af063e419d5e0559" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Lisbon", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Lisbon-e5b5caa8f8fc650a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b9298daf385db9e18080b3d9f46be2c944714ec1" + }, + { + "algorithm": "SHA256", + "checksumValue": "92b07cb24689226bf934308d1f1bd33c306aa4da610c52cd5bce25077960502c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Madrid", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Madrid-641ee0288cbb8df5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "373ee9e3d0ba9edf1ebd6497d5f1ffb50a62984f" + }, + { + "algorithm": "SHA256", + "checksumValue": "9a42d7d37ad6dedd2d9b328120f7bf9e852f6850c4af00baff964f659b161cea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Malta", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Malta-74fcc1b62422ba79", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "eede4ec7a48fc8ada059d1462e2c090eda8c6c91" + }, + { + "algorithm": "SHA256", + "checksumValue": "12129c6cf2f8efbeb9b56022439edcbac68ad9368842a64282d268119b3751dd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Minsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Minsk-05042171f6eec703", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e36f1daec8979122825de4903770b79e0eabcd88" + }, + { + "algorithm": "SHA256", + "checksumValue": "9a7f3acddacd5a92580df139d48cbd9f5f998b6a624f26fd10f692d80fae1894" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Monaco", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Monaco-1ac852847005acbb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f065dd54ad27c008caa5e96b7fec1e7859fcc003" + }, + { + "algorithm": "SHA256", + "checksumValue": "ab77a1488a2dd4667a4f23072236e0d2845fe208405eec1b4834985629ba7af8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Moscow", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Moscow-2fcff6eb734c19f3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d4d01723421789b2d2b54ffedee60283e94f5e65" + }, + { + "algorithm": "SHA256", + "checksumValue": "2a69287d1723e93f0f876f0f242866f09569d77b91bde7fa4d9d06b8fcd4883c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Riga", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Riga-70dad2ef15073618", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "799671bdcad326eb5707eb620342c69bac5e6580" + }, + { + "algorithm": "SHA256", + "checksumValue": "849dbfd26d6d696f48b80fa13323f99fe597ed83ab47485e2accc98609634569" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Rome", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Rome-ca432ae695acaa61", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2ef35f507ab176828a5c751f702144ede463e385" + }, + { + "algorithm": "SHA256", + "checksumValue": "d5ade82cc4a232949b87d43157c84b2c355b66a6ac87cf6250ed6ead80b5018f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Samara", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Samara-8a0f58a73f65f6b8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a8bab29224d52a19e5960c2c66557748fb55c4e5" + }, + { + "algorithm": "SHA256", + "checksumValue": "cf68a79ea499f3f964132f1c23217d24cfc57e73b6b1665aa9e16a3a1f290fb3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Saratov", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Saratov-2b2e27e3c71746d4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "916029e1ff74b86bd860098a43bacbac34677fb5" + }, + { + "algorithm": "SHA256", + "checksumValue": "04c7a3e3d1e5406db80960a1e5538436b0778cfb893d270fb3346d6fb32b2772" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Simferopol", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Simferopol-37dbd70f590af32f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f1773f7624c418081fb3ab76ac1a64ab60f2e9be" + }, + { + "algorithm": "SHA256", + "checksumValue": "b7397bc5d355499a6b342ba5e181392d2a6847d268ba398eabc55b6c1f301e27" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Sofia", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Sofia-201518c5bc694622", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "541f61fa9ef15b102f8661b684ad9976bd81b929" + }, + { + "algorithm": "SHA256", + "checksumValue": "84240a5df30dae7039c47370feecd38cacd5c38f81becab9a063b8c940afe6d6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Tallinn", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Tallinn-bc8d998b99a817ae", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dff1b1743ddf6474e691fae0a6dab8ee93d81789" + }, + { + "algorithm": "SHA256", + "checksumValue": "e1ae890b4688a4ccea215ecedf9ce81b42cb270910ab90285d9da2be489cebec" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Tirane", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Tirane-d056db3910810802", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3b9be3df7968b0c46feed0a46349324179daaa84" + }, + { + "algorithm": "SHA256", + "checksumValue": "ced959c824bd5825de556f2706e9f74f28b91d463412d15b8816c473582e72ec" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Ulyanovsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Ulyanovsk-2eb274251cae73a6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f5d943bf83a0dffa86018b8512df7179536fb4ae" + }, + { + "algorithm": "SHA256", + "checksumValue": "9c5b207154e64e2885cc7b722434673bedc7e064407c079c79be9bda31472d44" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Vienna", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Vienna-77b6dbb3b0b69bc1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1da9833989405bd5ff21d58013704f9f00cefd7b" + }, + { + "algorithm": "SHA256", + "checksumValue": "6662379000c4e9b9eb24471caa1ef75d7058dfa2f51b80e4a624d0226b4dad49" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Vilnius", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Vilnius-14a8522223084a28", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "88bfe2ba142bad0856984a813ac8b93939fd6b3e" + }, + { + "algorithm": "SHA256", + "checksumValue": "505cd15f7a2b09307c77d23397124fcb9794036a013ee0aed54265fb60fb0b75" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Volgograd", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Volgograd-09d951f943e65978", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a4deb32b25919c4fbeec94d043abbdcc27b45bd6" + }, + { + "algorithm": "SHA256", + "checksumValue": "46016fb7b9b367e4ed20a2fd0551e6a0d64b21e2c8ba20dd5de635d20dbfbe4b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Europe/Warsaw", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Europe-Warsaw-bd9dbbf07eac4f97", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "011e06118f3e209794b175332ffb109e2583e4f7" + }, + { + "algorithm": "SHA256", + "checksumValue": "4e22c33db79517472480b54491a49e0da299f3072d7490ce97f1c4fd6779acab" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Factory", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Factory-1146b88da7a69dde", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d970812ef3dca71b59cc3dab08ba3391d4dd1418" + }, + { + "algorithm": "SHA256", + "checksumValue": "6851652b1f771d7a09a05e124ae4e50fc719b4903e9dee682b301ae9e5f65789" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/HST", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-HST-b6f45f1dbbc5ee47", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5d5313bee3a467f7b5311b263c7d38b52f182164" + }, + { + "algorithm": "SHA256", + "checksumValue": "7f03d1bf5264e7ab023a2ef9b997ddfc8cb6936692407c770762b9c549523f33" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Indian/Chagos", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Indian-Chagos-6a7104b310debc0d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e56a740e0b4703426b63bf2ea71650a2ae0defda" + }, + { + "algorithm": "SHA256", + "checksumValue": "db7076ea9c302b48315bb4cfefa1a5b7263e454fe8e911864ab17dde917b4b51" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Indian/Kerguelen", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Indian-Kerguelen-e3cc6d32a56f65b7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a77b20e17ce1c1f9c4767d1ddf03a67b0312ce6c" + }, + { + "algorithm": "SHA256", + "checksumValue": "7544016eb9a8077a1d5ac32ddcad58527078e3b03a9e45b7691d5a1f374b17b3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Indian/Mauritius", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Indian-Mauritius-4156ca814b032d3f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1c264edb46f9058fb482a727ec95bb67807ec804" + }, + { + "algorithm": "SHA256", + "checksumValue": "93abd651571f537812d4ad767bf68cc3a05e49d32f74bc822510802fb083d20a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Kwajalein", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Kwajalein-48f50aeeac70e98a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6c90cce9681748e9c5c59ba8a9070c1425a71f79" + }, + { + "algorithm": "SHA256", + "checksumValue": "2f89c7deac6fe4404a551c58b7aedbf487d97c1ce0e4a264d7d8aeef1de804c9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/NZ-CHAT", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-NZ-CHAT-f62c57c5ad5fd2a6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cb54cbb65da9481265fbb1005f8860efa5170042" + }, + { + "algorithm": "SHA256", + "checksumValue": "96456a692175596a6ffc1d8afa4dae269dac7ad4552ba5db8ec437f200c65448" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Apia", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Apia-d1bfaa52e4bebb5c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "442116a1776e38b80a519df388e5e3e992081f74" + }, + { + "algorithm": "SHA256", + "checksumValue": "726e92e83d15747b1da8b264ba95091faa4bca76a8e50970a4c99123d9b9647e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Bougainville", + "SPDXID": "SPDXRef-File-...share-zoneinfo-Pacific-Bougainville-e9b0a023122242cd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4438f6699a844ec19aabc63f4ea9df91e1714ffb" + }, + { + "algorithm": "SHA256", + "checksumValue": "64a0dafd2ff68129663968b35750eac47df06c4e7cadf2b5bca64766aaebb632" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Efate", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Efate-5cddee3c98d816cc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dfcdfadd0146e60fdfa6c9a457f4fd94c062fb1a" + }, + { + "algorithm": "SHA256", + "checksumValue": "a46e0d31578cde10494d99d99aa78bab3dd0e680a08135b81cef91f457bddba0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Enderbury", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Enderbury-81b79f4927e50813", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ae7f372f20b1ed3a9bbc2eeabd3a67156f9e65f4" + }, + { + "algorithm": "SHA256", + "checksumValue": "52f13b7d5b79bc64bb968297d7489b84d8a596288dab0bd001757d3518588603" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Fakaofo", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Fakaofo-69d0293d392d7b80", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4ae0c959818fd9aad8518baa00dab9172c77f1d7" + }, + { + "algorithm": "SHA256", + "checksumValue": "828c3e4a0139af973c27f020e67bc9e5250f0e0eb21fca6d87f6be40b0dc3eff" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Fiji", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Fiji-b57a36a92b5eb980", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3c657bce2b4fd4ebd6fbf6e435eac77d0704d3a0" + }, + { + "algorithm": "SHA256", + "checksumValue": "c955305c2fc9c0bc9f929adf08d4e7580add30ba925c600e7a479ee37b191a23" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Funafuti", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Funafuti-aeb4b9efd34fc302", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cb335dbaaa6de98cf1f54d4a9e665c21e2cd4088" + }, + { + "algorithm": "SHA256", + "checksumValue": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Galapagos", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Galapagos-17dfdf30d4d5c5f2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e4dac5e58655145a568ed53ebe3c2acf5f4a3724" + }, + { + "algorithm": "SHA256", + "checksumValue": "31db650be7dfa7cade202cc3c6c43cb5632c4e4ab965c37e8f73b2ca18e8915f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Gambier", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Gambier-d7c5fd0bd56e8a21", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1fb4054e9a560e58b8e482bc29621d1e88201a75" + }, + { + "algorithm": "SHA256", + "checksumValue": "cfa79817cb2cccb8e47e9aa65a76c1040501fa26da4799e874a68061bbd739ed" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Guadalcanal", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Guadalcanal-d7982316838b14d5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5011d0291e183a54b67e5cffba2d54278478ebe5" + }, + { + "algorithm": "SHA256", + "checksumValue": "e865fe5e9c5c0b203ae2a50c77124c14cab8b0f93466385ec6a19baf2cdf8231" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Guam", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Guam-5d624fa9a429b1e6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e89887209cf2ea7f4223ca7298e9377b233eaba6" + }, + { + "algorithm": "SHA256", + "checksumValue": "131f739e67faacd7c6cdeea036964908caf54d3e2b925d929eb85e72b749b9f2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Kiritimati", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Kiritimati-80b12f5602f95d7f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "37395a0b6f3d7510d03c13e1a0a92b399f7b303c" + }, + { + "algorithm": "SHA256", + "checksumValue": "5474778aec22bf7b71eb95ad8ad5470a840483754977cd76559e5d8ee4b25317" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Kosrae", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Kosrae-17f16514685ef7f0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "59dabc00195b0e9a26c1304e866284e7c9963d09" + }, + { + "algorithm": "SHA256", + "checksumValue": "566e40288e8dbee612cf9f2cf3ddb658d2225a8a8f722c7624e24e8b1d669525" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Marquesas", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Marquesas-f08e65df79237a22", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "57ac5495306a7ca1ce93df12ef67956ed2d81c44" + }, + { + "algorithm": "SHA256", + "checksumValue": "bb3b2356896eb46457a7f1519ef5e85340290c46f865a628cffafad03ee3b9f8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Midway", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Midway-980393f7bdf1e927", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4c388c7f9a7700517fc6577943f3efe3bdddd3eb" + }, + { + "algorithm": "SHA256", + "checksumValue": "7c262b62985863aad47f13b0ef5db2e5cc917b5d38002de9a2ea83ddb0883458" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Nauru", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Nauru-551b0b4dd1919168", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "58548fa30aafa75c04f88b266404875a11a2c6f0" + }, + { + "algorithm": "SHA256", + "checksumValue": "a06c68718b2ab2c67f11e4077f77143f9720d2ab6acf1d41ce81235568c4ffb8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Niue", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Niue-7f11aa76fb1d8e80", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d65969431f77c6ed51c69499305c8bacad1e8ba6" + }, + { + "algorithm": "SHA256", + "checksumValue": "29cd01460b2eee0d904d1f5edfb0eea91a35b140960c5328c00438c0ee98350d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Norfolk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Norfolk-82bdd4a41a73e93f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0f70543c0407a341ec68b97c13354ad6bc5f5000" + }, + { + "algorithm": "SHA256", + "checksumValue": "09d11733d48a602f569fb68cc43dac5798bccc4f3c350a36e59fcbf3be09b612" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Noumea", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Noumea-863e3e46bb44ff41", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d8e75639c5dbd5aacc617f37e2d5003747a8a2e7" + }, + { + "algorithm": "SHA256", + "checksumValue": "1526a7a4038213b58741e8a8a78404aca57d642dd3ceed86c641fcfad217b076" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Palau", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Palau-bc7a57e20262ee4f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5d7598739759a6bc5a4907695beebb6c41a8d045" + }, + { + "algorithm": "SHA256", + "checksumValue": "0915bffcc7173e539ac68d92f641cc1da05d8efeeee7d65613062e242a27ce64" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Pitcairn", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Pitcairn-576fa0b745d60603", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e650a33fa02e1507b3b1720fa483a3a505784d67" + }, + { + "algorithm": "SHA256", + "checksumValue": "3bae4477514e085ff4ac48e960f02ab83c2d005de1c7224d8ae8e0a60655d247" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Rarotonga", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Rarotonga-ed3622667116df82", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dbdac5a429cf392f51c37a685c51690e4ff97263" + }, + { + "algorithm": "SHA256", + "checksumValue": "deeaf48e2050a94db457228c2376d27c0f8705a43e1e18c4953aac1d69359227" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Tahiti", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Tahiti-e2295f10ac3fcc40", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c38a00fdc386eabc2c267e49cf2b84f7f5b5e7ba" + }, + { + "algorithm": "SHA256", + "checksumValue": "f62a335d11580e104e2e28e60e4da6452e0c6fe2d7596d6eee7efdd2304d2b13" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/Pacific/Tongatapu", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-Pacific-Tongatapu-8bacd41007b5e109", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2948107fca9a51b432da408630a8507d5c6a1a59" + }, + { + "algorithm": "SHA256", + "checksumValue": "6f44db6da6015031243c8a5c4be12720a099e4a4a0d8734e188649f4f6bc4c42" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/iso3166.tab", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-iso3166.tab-798f2ecf54223fbe", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "658298663cd122665c3f4b2019be2663aab26185" + }, + { + "algorithm": "SHA256", + "checksumValue": "837c80785080c8433fd9d4ea87e78f161ac7a40389301c5153d4f90198baeb2a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/leap-seconds.list", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-leap-seconds.list-a9190084e3644c0e", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4948216423b85b93f9552524d99c528f5742202c" + }, + { + "algorithm": "SHA256", + "checksumValue": "f060924e3a76ee4e464f6664035b7beae834155dd93a81c50e922f94dfdb1d20" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/leapseconds", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-leapseconds-7481b9a678cfb593", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "83b99035e7a8067c846b48ac29c8319348800cc6" + }, + { + "algorithm": "SHA256", + "checksumValue": "5514348190a3ef9f0f65fee87fca59b4d6d9292702ae0e84960011159a7c2767" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Abidjan", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Africa-Abidjan-708dd170b218f2c7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5cc9b028b5bd2222200e20091a18868ea62c4f18" + }, + { + "algorithm": "SHA256", + "checksumValue": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Addis_Ababa", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Africa-Addis-Ababa-f2d63fcbed1ebf04", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "289d1fb5a419107bc1d23a84a9e06ad3f9ee8403" + }, + { + "algorithm": "SHA256", + "checksumValue": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Algiers", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Africa-Algiers-5eaa64d615bfbbf6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "edb95d3dc9238b5545f4f1d85d8bc879cdacdec8" + }, + { + "algorithm": "SHA256", + "checksumValue": "bda1698cd542c0e6e76dfbbcdab390cdd26f37a9d5826a57a50d5aab37f3b2a6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Bangui", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Africa-Bangui-b426a0890ba8c900", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "30ba925b4670235915dddfa1dd824dd9d7295eac" + }, + { + "algorithm": "SHA256", + "checksumValue": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Bissau", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Africa-Bissau-4054b00b1ba2fbcf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "adca16c6998258a9ccabcc8d4bcfe883a8d848f5" + }, + { + "algorithm": "SHA256", + "checksumValue": "223bb10cfe846620c716f97f6c74ba34deec751c4b297965a28042f36f69a1a9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Blantyre", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Africa-Blantyre-e9a7daefbb8b52fc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b0ff96d087e4c86adb55b851c0d3800dfbb05e9a" + }, + { + "algorithm": "SHA256", + "checksumValue": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Cairo", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Africa-Cairo-ae535b182d40b06e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "428e1f5f708eb4c131f29185bd602223027b3eac" + }, + { + "algorithm": "SHA256", + "checksumValue": "2dfb7e1822d085a4899bd56a526b041681c84b55617daee91499fd1990a989fb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Casablanca", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Africa-Casablanca-706b737aa97ab26b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a90bf261426bdb4544c441d1312c1866b056583" + }, + { + "algorithm": "SHA256", + "checksumValue": "5f06da20694355706642644e3ffce81779e17cf37e302f7b6c5ef83390bb1723" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Ceuta", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Africa-Ceuta-4c4c00f75a1b2521", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "029ce64badb36722c9e2191f3ce858c514aabbc1" + }, + { + "algorithm": "SHA256", + "checksumValue": "0b0fb6fe714319b37c5aa22c56971abb2668a165fc8f72a6c763e70b47c7badf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/El_Aaiun", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Africa-El-Aaiun-f4063f58b813e126", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "562677dcaa1d34a7bd9744b5d3fc024d78ce7329" + }, + { + "algorithm": "SHA256", + "checksumValue": "d47aadca5f9d163223d71c75fc5689fbf418968a805441f9681fecd816c9f0e8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Johannesburg", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Africa-Johannesburg-4cab43b7a6d64883", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "65c0d4ab314cb72b8d8c768e3d0c3218848b61f1" + }, + { + "algorithm": "SHA256", + "checksumValue": "6c1bcc752668e77585a308ae8543bd0bccd8e813865626e809bf94f3fe3d977e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Juba", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Africa-Juba-1da9452bc193c348", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "48173811f532aabc17b3798c40fad46a3df0e543" + }, + { + "algorithm": "SHA256", + "checksumValue": "5159c8a843c9c072d3302fabe6a6501cdbfda29a1856c29dabeb5aff95d4c3f4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Khartoum", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Africa-Khartoum-762dee584417a829", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7cde30d5acfd99119ef22162c1f8bcafb86eaf03" + }, + { + "algorithm": "SHA256", + "checksumValue": "318583a09dc070222d65d029a1e3a0b565830f1aaec13a27e6fe533863fbd3ea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Monrovia", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Africa-Monrovia-891be320c08c7dcc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "81b045ed68f73a8806c5f2104b573b0479c19bd0" + }, + { + "algorithm": "SHA256", + "checksumValue": "f95b095b9714e0a76f7e061a415bf895cbb399a28854531de369cee915ce05d5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Ndjamena", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Africa-Ndjamena-ce3dfe4995c8f24f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "035072509f30da9a5a27b48910ae180f9c6b4b15" + }, + { + "algorithm": "SHA256", + "checksumValue": "f13dc0d199bd1a3d01be6eab77cf2ddc60172a229d1947c7948a98964608d0a3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Sao_Tome", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Africa-Sao-Tome-7b0126f480a1d35a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7d2cac076d99bc5e38ba27b67113317ad496d3b1" + }, + { + "algorithm": "SHA256", + "checksumValue": "31d8f1a50dbaf2ecc9ed9c7566ba0552d454c2ab09e85ff263701857d157c352" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Tripoli", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Africa-Tripoli-67626b40a8ea206b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fabf4010ab003c26947df60b5e359781670caa70" + }, + { + "algorithm": "SHA256", + "checksumValue": "5b5769b460fbd13ee9a46a28d1f733150783888a749ee96d2cd3d5eba3300767" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Tunis", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Africa-Tunis-cf7f960b881084d1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c44e2d3c1e351f1004ab69ea559feb8ccdd65f64" + }, + { + "algorithm": "SHA256", + "checksumValue": "38554c10ce1e613d84cf46deba1114093488a5c165756c6c576b84a1364850d2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Africa/Windhoek", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Africa-Windhoek-4f17e9450cb616ff", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "650da30ebf5b460404c98be416f9580d9795dffb" + }, + { + "algorithm": "SHA256", + "checksumValue": "639c868f5284fdf750a11e21b9aa6a972cb48596c8afbc8f949d8efeb6128d1c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Adak", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-America-Adak-4e1ca7b19d9ea1e5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "be58a7c839146fa675eeb6dad748c08d0647542c" + }, + { + "algorithm": "SHA256", + "checksumValue": "201d4387025000a6e13c9f631cb7fccd6e4369dec7224052f9d86feb81353a53" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Anchorage", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Anchorage-7366e6a01808526e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "275760f2eb22160c578089566f68042a5f4d2f57" + }, + { + "algorithm": "SHA256", + "checksumValue": "a190353523d2d8159dca66299c21c53bc0656154be965e4a2e0d84cfd09b113b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Anguilla", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Anguilla-636826ee7c43e6fa", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fcf8be5296496a5dd3a7a97ed331b0bb5c861450" + }, + { + "algorithm": "SHA256", + "checksumValue": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Araguaina", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Araguaina-d3edd44f6865e2b6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "86307f5f8222c3ae21815c2844f6fca38f94b55d" + }, + { + "algorithm": "SHA256", + "checksumValue": "929a628b2b6649079eb1f97234660cdebf0d5549750be820bb4f2cf7f4edf9ca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Argentina/Buenos_Aires", + "SPDXID": "SPDXRef-File-...posix-America-Argentina-Buenos-Aires-028dadd23d403b43", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6e7ba0a5dcf870abab721a47adbbc8f93af1db56" + }, + { + "algorithm": "SHA256", + "checksumValue": "9ed9ff1851da75bac527866e854ea1daecdb170983c92f665d5e52dbca64185f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Argentina/Catamarca", + "SPDXID": "SPDXRef-File-...posix-America-Argentina-Catamarca-e5b54b73ef3461ad", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ac9a4e79fe5a861447c23d68cccb35762d5f3aa4" + }, + { + "algorithm": "SHA256", + "checksumValue": "7621f57fdea46db63eee0258427482347b379fd7701c9a94852746371d4bec8d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Argentina/Cordoba", + "SPDXID": "SPDXRef-File-...posix-America-Argentina-Cordoba-9447ec7fc9baea14", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "04f2815d23c3c63ac6bd204a2935f18366c8d182" + }, + { + "algorithm": "SHA256", + "checksumValue": "d57a883fc428d9b3d1efdd3d86b008faa02db726e6c045b89acec58d903961fc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Argentina/Jujuy", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Argentina-Jujuy-f79fda36a0e19923", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "12099cd844cb19e4842eca3457c937dd9580b0fd" + }, + { + "algorithm": "SHA256", + "checksumValue": "e474744e564589fc09e672d39a0ef25978024f1f664616a17ece3f5aaef4c0e6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Argentina/La_Rioja", + "SPDXID": "SPDXRef-File-...posix-America-Argentina-La-Rioja-6dc93bf4829cb8ce", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a2c4c6ee89eacd8b99867fddcd8db684e15f8ee9" + }, + { + "algorithm": "SHA256", + "checksumValue": "65ffc4dda905135614b7d319e31c5b4673aba766c7d43f818ec73448b15f4725" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Argentina/Mendoza", + "SPDXID": "SPDXRef-File-...posix-America-Argentina-Mendoza-e7a70bbb02e6931f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e321681c40214a181d2c4ec2015f740507811fbe" + }, + { + "algorithm": "SHA256", + "checksumValue": "e43262618790a5c2c147f228209b64e3722cc0978661ac31e46ca4b33b89f8dc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Argentina/Rio_Gallegos", + "SPDXID": "SPDXRef-File-...posix-America-Argentina-Rio-Gallegos-4a547b957bb16238", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a508a0daafb22185e4f39d040b2f15053bc2b2a5" + }, + { + "algorithm": "SHA256", + "checksumValue": "4fded6003c2f6ba25bc480af88d414b7fee2c3d73e9e5a08e10242b1c10d49c9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Argentina/Salta", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Argentina-Salta-5fec325ab2367c56", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ba6390b0c61d1c92c30692a309b9cfd3c54f9a41" + }, + { + "algorithm": "SHA256", + "checksumValue": "013c34b91eaccd628fb3a8f3767eab7af4bb5310970f6e8e44aea3966b232f5f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Argentina/San_Juan", + "SPDXID": "SPDXRef-File-...posix-America-Argentina-San-Juan-4983ebde4b36d4bd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2ef1b1742c1daf27a441e1dd81f3ee2e21cbab6f" + }, + { + "algorithm": "SHA256", + "checksumValue": "aa55baf776b44e7a1fcbe45d71506e598dc3bd34c6c56c1c61d294dd8f7ca57f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Argentina/San_Luis", + "SPDXID": "SPDXRef-File-...posix-America-Argentina-San-Luis-5ea9fa5ae87e7aed", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c6469d1173cff2a995e00bef9764294185d65af6" + }, + { + "algorithm": "SHA256", + "checksumValue": "59875cae8e7e15ef8de8b910b0ac31ff5b55a339a7069e7c0ced7e049b36b2ea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Argentina/Tucuman", + "SPDXID": "SPDXRef-File-...posix-America-Argentina-Tucuman-9b647f55ebb0b60b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9bbe6f5300224148f2451195f471e7f310cd2bde" + }, + { + "algorithm": "SHA256", + "checksumValue": "c2c8e0d5ae4033574fda08ebd75da4defb79e2dadc38e33f4ad17be31cef0497" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Argentina/Ushuaia", + "SPDXID": "SPDXRef-File-...posix-America-Argentina-Ushuaia-ad88d08f39df0077", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0d6b6844b13bf120a80b7e72147ca94a111ae39e" + }, + { + "algorithm": "SHA256", + "checksumValue": "f79e3c56fabf929c3f357e6ceb9bd8b886eabf0195f8f071ab099cadf94b2345" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Asuncion", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Asuncion-84989d803046a4cc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e91a29807bc92d61324d265ab40c3fa651e66cb7" + }, + { + "algorithm": "SHA256", + "checksumValue": "a9e3a3a4b284bb3ed45dabfb7b1df7e14c482e835c7b5856ab6cdfbf1ef4c709" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Atikokan", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Atikokan-c52ed71aa894aa39", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a94fbc2d567e41723f03629b6c9a864260108a17" + }, + { + "algorithm": "SHA256", + "checksumValue": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Bahia", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-America-Bahia-3b945d58d746a6b6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f6df0a2d176d0df66fae90bc35a9f8f1ee9b249b" + }, + { + "algorithm": "SHA256", + "checksumValue": "7262e448003320d9736065c1a800c4537b8f800f52e67b7ea75015dd9cbce956" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Bahia_Banderas", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Bahia-Banderas-d306fdcd238494dd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "33e0f3d5c7eace9077bacfa4f2b6e1e4b374fdb5" + }, + { + "algorithm": "SHA256", + "checksumValue": "32fad7189e4bcda1ce7a0b89ab1b33c63c4c85569f1956e4fa88d711ceff6042" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Barbados", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Barbados-27b60de34eee0b61", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5904a49c6c0ce8f10178fe13174ed9c964a8312a" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a66be42bae16b3bb841fbeed99d3e7ba13e193898927b8906ee9cdb2546f4b1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Belem", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-America-Belem-6fcc59ea1daed1c0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b29f1ee834833e89c06ef39b80b8f8c0b49ad31d" + }, + { + "algorithm": "SHA256", + "checksumValue": "ff6e7c85064b0845c15fcc512f2412c3e004fa38839a3570257df698de545049" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Belize", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Belize-35312210bdc0464f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4728ee967fe9745f4b614e5b511da1c08bd3689c" + }, + { + "algorithm": "SHA256", + "checksumValue": "a647cb63629f3dc85b7896b5a56717996030a7866546fc562d57b35e7adb930b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Boa_Vista", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Boa-Vista-3d034132e6079387", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a32d00603897fd4d970a675e5c01656f8652f598" + }, + { + "algorithm": "SHA256", + "checksumValue": "5785553a4ac5515d6a51f569f44f7be0838916603943142b72d6ad4c111bfa1b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Bogota", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Bogota-08c0d75a4724966d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1e810e3d76edd6adf16384b7e49d2236b9c57ee1" + }, + { + "algorithm": "SHA256", + "checksumValue": "afe3b7e1d826b7507bc08da3c5c7e5d2b0ae33dfb0d7f66a8c63708c98700e24" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Boise", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-America-Boise-800aa6d1893bdd9e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e0608b89be80aaa6660eee5964203ad760b0659a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ec742c34f262521790805cf99152ef4e77f9c615c061a78036a0ec9312b3d95b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Cambridge_Bay", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Cambridge-Bay-f895d61410f55511", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dcfc3c07c7366b75916af1dccd366fd1077e5b18" + }, + { + "algorithm": "SHA256", + "checksumValue": "ff8c51957dd6755a4472aa13ea6c83ecd7930979e7f4e624fe21f4d3a6f050ba" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Campo_Grande", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Campo-Grande-57174e40dd79a7b8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9a7b1e23290eeb4394e91e0ef4adc00b9ba4def5" + }, + { + "algorithm": "SHA256", + "checksumValue": "e41044351dfff20269e05fd48f6451927bd173824958d44f9d953d13bb5bf102" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Cancun", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Cancun-d60a955930ff4a3f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cf74e0c9c8ba2365819123eaddd6817606064eaf" + }, + { + "algorithm": "SHA256", + "checksumValue": "11d574370d968cced59e3147a2ae63b126cbbae13b78fd4e13be2eb44c96246e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Caracas", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Caracas-404e0f2c906fcf3e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3914e45c3922bc30b89498066fb637cc04886462" + }, + { + "algorithm": "SHA256", + "checksumValue": "d8da705cf12d42423cd96099b905875dfeba54200371ac0ca5f84a4ecb80d31e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Cayenne", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Cayenne-2390dfa51e4ff768", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f888b09b894c79fa691466a4f4eaaa83da367e0" + }, + { + "algorithm": "SHA256", + "checksumValue": "6ad55b5b90a1262290feafb7905b3e0cb4d365af69b64887926265ab8017a18e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Chicago", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Chicago-b91225324d6263a0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a037f985f6fa0b392c95c7afb247f16a3925a7e" + }, + { + "algorithm": "SHA256", + "checksumValue": "feba326ebe88eac20017a718748c46c68469a1e7f5e7716dcb8f1d43a6e6f686" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Chihuahua", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Chihuahua-f3e2614697a555d3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e0c67cc4ed5fe366fb39d9e55b02082254606e47" + }, + { + "algorithm": "SHA256", + "checksumValue": "dcd8336de760f00cc0ab1b1b4121b48d5471f8bc58970d62de4c7e63397ed887" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Ciudad_Juarez", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Ciudad-Juarez-b8afad39a9ebfd7c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fe11c20a18788db4260afcaa5d952c219f4777d2" + }, + { + "algorithm": "SHA256", + "checksumValue": "8abe1bdbb0e216b84bd07e1f650f769c46be041a0f7cb588cf7a61537ef77601" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Costa_Rica", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Costa-Rica-6ef6737447295ce7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2d1fd66de0198ddfcc1958fbaaaaba9cdb7b1d8f" + }, + { + "algorithm": "SHA256", + "checksumValue": "ef8ad86ba96b80893296cf4f907a3c482625f683aa8ae1b94bb31676725e94fe" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Coyhaique", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Coyhaique-807df220f5b72e03", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0922bbda5c964aac267330bedf39deae6d2e0636" + }, + { + "algorithm": "SHA256", + "checksumValue": "1c54d0a27e44241baf597e2406334a6d29124ccc3a7edce42e070bab4f77c027" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Creston", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Creston-10db08e203dc8002", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a3f54df3a017c38626f04bd9576a0a11663303fd" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a5973d2c62e2cbf2520f2b44e4a2ee9d2f455c93f0f45bfdeb4533af1584664" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Cuiaba", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Cuiaba-ba42caa71e93d958", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1a6b69bdf16991900ae16a00deb7ffbf722d5486" + }, + { + "algorithm": "SHA256", + "checksumValue": "33416c47c4fdb388c54aecc3f108baa6ab5be917f6353cf254728666b9f9ea7e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Danmarkshavn", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Danmarkshavn-8bed8fda8c543629", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3bfae70ff7ffa8b928ba4bf0bcb5452d09ec0407" + }, + { + "algorithm": "SHA256", + "checksumValue": "6116407d40a856d68bd4bf8c60c60c1f5c3239a5509df528fe0167bcc5d2bb3c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Dawson", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Dawson-0554a04109a113fa", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dc241cb66d50821505cc7708d43ee9b1e77a36dc" + }, + { + "algorithm": "SHA256", + "checksumValue": "ac01e1cae32eca37ff7b20364811bbe8c4417ff7e3ff18b9140ba2595420261c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Dawson_Creek", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Dawson-Creek-cd840c892dbec610", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dd98b887a02f1ae2785d5d6fe7d77e91ec5aae83" + }, + { + "algorithm": "SHA256", + "checksumValue": "6895c2c8fe23de0804e3018237e2eb4bd8690ffe73587cd04de4802935843d43" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Denver", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Denver-f3ee23e99741aee9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "faa7d6cf4178d032d8ba8a4d77eac0fd47f8a718" + }, + { + "algorithm": "SHA256", + "checksumValue": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Detroit", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Detroit-503e22ea1ae00bff", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6597537b399eab91a66e32bb4edae466de96a146" + }, + { + "algorithm": "SHA256", + "checksumValue": "85e733f32a98d828f907ad46de02d9740559bd180af65d0ff7473f80dfae0f98" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Edmonton", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Edmonton-84289022f58576ce", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f441f7a62122e43a963260550efb1a1ff3100c2" + }, + { + "algorithm": "SHA256", + "checksumValue": "f939087dcdd096f6827f4a7c08e678dd8d47441025fa7011522f8975778ad6f1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Eirunepe", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Eirunepe-bbd8826fbc7d4c0b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "45e5dd1baab63d6970c0424cd8ae77bfadfdfd61" + }, + { + "algorithm": "SHA256", + "checksumValue": "a52f741d9cd1c07e137fcba098a1df8a9857ef308fa99921ff408d6fe7c43003" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/El_Salvador", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-El-Salvador-5f2e5395ca7b421f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "45b4b952081502968b04b36e7cae24b987e9f532" + }, + { + "algorithm": "SHA256", + "checksumValue": "82f18df0b923fac1a6dbfaecf0e52300c7f5a0cb4aa765deb3a51f593d16aa05" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Ensenada", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Ensenada-96c7c4394fb89eb7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6ad63533ea183b2895759a9702ea96f0fff98759" + }, + { + "algorithm": "SHA256", + "checksumValue": "8c2e7b321726e6345912da396796bdb3672bfc4bd1a91c65ee58b38e004d4ca5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Fort_Nelson", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Fort-Nelson-ca000ca372e4d431", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a453ec818cd948cc2492666443d4e39637ed7040" + }, + { + "algorithm": "SHA256", + "checksumValue": "7ab7ce0ebdc3ad2a73eb990074eed3b367466d9c6f75d10fea0c78057df2d89d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Fort_Wayne", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Fort-Wayne-337818befc3ad70c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ad1a26bddb9304a620b2c6f7ec9f3a5226622906" + }, + { + "algorithm": "SHA256", + "checksumValue": "90d2b2f4a8fd202b226187c209b020833300edec5ff86a463ccc685e8707532c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Fortaleza", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Fortaleza-29bc63839999e78e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "aa8e9c8cd8301dd0a61085ada31923f7e1ccc983" + }, + { + "algorithm": "SHA256", + "checksumValue": "9884ee32b44b4535b2a22174e0ecbf519f20c59a1f4e95c36e533cb7b721ed28" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Glace_Bay", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Glace-Bay-e9f26b2889649ba5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "40ba9843662a853c1d3643395db1a75c1164951f" + }, + { + "algorithm": "SHA256", + "checksumValue": "1bc0c62c609aa47fda60217f3a168be50a277fb14e02000fc1e94ee61b425817" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Godthab", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Godthab-62a35e2874bfe2d7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4ff7ac72af2c09efd8e1779e5fba28288439df41" + }, + { + "algorithm": "SHA256", + "checksumValue": "d10822ffacf8c01b25cee6d99f0f862eea713a894818a9f1a3b63353519c4202" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Goose_Bay", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Goose-Bay-0e64f6f90d9e0545", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "21d4df7695accb7b5164e41e28452f9655cd91a0" + }, + { + "algorithm": "SHA256", + "checksumValue": "26068bb9e8214af5f683bdb914e7c882982fb2ac591b29163a1019586a506516" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Grand_Turk", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Grand-Turk-6c7dffa3a28243d1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "48735366abbf3760087cd1533f24415136763745" + }, + { + "algorithm": "SHA256", + "checksumValue": "e1838510f2bad017a5dbf7c2b18eaf499c5470c24a8e22adc8e7ff4349211305" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Guatemala", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Guatemala-783ef47a4b6cc7c7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e0d50c845873aa466c9a2b020326d57af4d39b3d" + }, + { + "algorithm": "SHA256", + "checksumValue": "76e81480277a418e76c87907b943f88d15b3a39c78dfd2108a06980af105e3a4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Guayaquil", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Guayaquil-ac44cca1e7a44914", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8415ce0daac4cfe819154671e05b4185b9c08970" + }, + { + "algorithm": "SHA256", + "checksumValue": "3db705e1bbc6026f9a17076d18fa2d272de46f8370a325b0c60c0bf7c05e5160" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Guyana", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Guyana-043fb5366c6c3f62", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d48d26f50f53db2dd9ddcbb6acb5723cb49e81b2" + }, + { + "algorithm": "SHA256", + "checksumValue": "89c1eed182c2261c24f43e3b7f85420478277b1eb21ab638245b6391f308783b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Halifax", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Halifax-259405cab0d1a560", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "93568fd7e148b3f61fca5f36f8ae0a5b3b107fe3" + }, + { + "algorithm": "SHA256", + "checksumValue": "4d9a667393f05a82df4df42843f6f7535ec113689529278d911d07a3c99b4e7f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Havana", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Havana-634e2721b391cd86", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "51c1a7a700e4028481e506e58faf22f9677c5e29" + }, + { + "algorithm": "SHA256", + "checksumValue": "1d441e02e281b04908e522d98eaca75c808e51539a8e42b3287e6bf8ebf939d7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Hermosillo", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Hermosillo-78ccdae019d28585", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e055ab758b61beef7d8a4ee5a6b38d789c5f6b2c" + }, + { + "algorithm": "SHA256", + "checksumValue": "8b160a7acb4b992ee05a86e4f4aaba16d2d9a35caa6d601cb6b1542a5bb372dc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Indiana/Knox", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Indiana-Knox-ff7c90f720c54752", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "41fdfe70a9789d427dc4be468f559a97ee9fcf54" + }, + { + "algorithm": "SHA256", + "checksumValue": "0acbd9e412b0daa55abf7c7f17c094f6d68974393b8d7e3509fb2a9acea35d5f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Indiana/Marengo", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Indiana-Marengo-4dde89b97050f0d3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0530ef4b3396d7031cc5e4ff82dc42c10f2f89a1" + }, + { + "algorithm": "SHA256", + "checksumValue": "7f7b50fa580c49403b9ef9fae295e12ad24bee65b319a8e809e81ae4c10949b2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Indiana/Petersburg", + "SPDXID": "SPDXRef-File-...posix-America-Indiana-Petersburg-551a77d088635f9b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "570cef94f900163bce34b3f85b9ea5b36df92146" + }, + { + "algorithm": "SHA256", + "checksumValue": "03cf0e1ee334460de230b1e32a05eafddda36427554b2b5442cfbd5b429c1724" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Indiana/Tell_City", + "SPDXID": "SPDXRef-File-...posix-America-Indiana-Tell-City-38c3fabbad78e2b0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "20594c1309a07d4691ff9af0a77782b5e2d95c61" + }, + { + "algorithm": "SHA256", + "checksumValue": "e1d5aa02bf58d815df2f8a40424fbcd5cde01a5d9c35d1d7383effc09861867f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Indiana/Vevay", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Indiana-Vevay-a1f9e28be9e1515a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3959be4d9e86c9c1a7f8febc46554584b2a7ceff" + }, + { + "algorithm": "SHA256", + "checksumValue": "1fb551d86fbfb03fc2e519b83f78358910b515608f8389b43060f73f53cbcec9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Indiana/Vincennes", + "SPDXID": "SPDXRef-File-...posix-America-Indiana-Vincennes-4bb7d8e23c355cf0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f9a3d65b42b008c5a85c73934fcf94eaeac4b931" + }, + { + "algorithm": "SHA256", + "checksumValue": "eb6980c53ec03c509aa3281f96713374ea5ef9fb96d7239b23a9ba11451c4bb0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Indiana/Winamac", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Indiana-Winamac-385ad24ba0f04bad", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5d169fbd02f628dd6fdafbbab7a7e4a6da54fd21" + }, + { + "algorithm": "SHA256", + "checksumValue": "69918cda347c087f411d252aed7ca08b078377a768ad72cf5e0db8e97b1b47ab" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Inuvik", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Inuvik-20811c14c8ff84dd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1291de8f6d914ee264f0b27a55278ff12a00ad7a" + }, + { + "algorithm": "SHA256", + "checksumValue": "e89fa66a90e7ae4f40d4bb6cc28137e2da92cbfb9f79d70404dc62c64ac48c8a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Iqaluit", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Iqaluit-51e5cd74bb2ff2b6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "210193fdb9be1a88f5d245ddf3dce819469be233" + }, + { + "algorithm": "SHA256", + "checksumValue": "7de3a7c40374374afe335aa592b03824cc9ac28734b6a69ed2288108f0c0b389" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Jamaica", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Jamaica-47eaba1f98f04820", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "77453a2772c127d0b213f8580ff7890cbf7b4929" + }, + { + "algorithm": "SHA256", + "checksumValue": "c256a089e50f45fe7e6de89efa1ed0b0e35b3738c6b26f2f32cf2e7f6f29c36f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Juneau", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Juneau-b0fa9cbd276df6bd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "740e88dcd737d076404c386330bd379d55ee8281" + }, + { + "algorithm": "SHA256", + "checksumValue": "93b8716f46864677e713e0c18b72e472303344fc807f4fc7c34bd515f8c679bd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Kentucky/Louisville", + "SPDXID": "SPDXRef-File-...posix-America-Kentucky-Louisville-5fb2236f15b7246f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a63a322042aab6a2583de2f636a5eb15f71eae33" + }, + { + "algorithm": "SHA256", + "checksumValue": "b4fd3bdb157f9ffbc8423c71709efb0067868fac8bd4a3e99f77f089db3d8355" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Kentucky/Monticello", + "SPDXID": "SPDXRef-File-...posix-America-Kentucky-Monticello-57338feedf76dae2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ad63bf4d1228ab308b2ed6758c21fbebb56395db" + }, + { + "algorithm": "SHA256", + "checksumValue": "2ed7720a8f3906b5d0b3aae51fad589bef0aa961c7e8fc003a30f44318487733" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/La_Paz", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-La-Paz-be1fb51e4d61dcd6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "631b8d0f538c7ec23d132fd7d72fb1ff64b938ae" + }, + { + "algorithm": "SHA256", + "checksumValue": "3c0185d9553f40ec36c53d42a9da763fc023f615cc55694207257b72f7c843f9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Lima", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-America-Lima-0aab09bf1271c5bd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "75864c99309070f61b033c039b7509c89da5ab08" + }, + { + "algorithm": "SHA256", + "checksumValue": "2470c283de6ec3a044bb86b819fca2926d6cf2b9bc02c60f1bc749c5040d645b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Los_Angeles", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Los-Angeles-31b6aed83a59a4d7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a4f1faebf0f0d032290ef87bb9973c2ff8f84074" + }, + { + "algorithm": "SHA256", + "checksumValue": "68977bb9ad6d186fefc6c7abd36010a66e30008dcb2d376087a41c49861e7268" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Maceio", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Maceio-f754203069453f64", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c0295301332918d79abf0bb349cc1fee3b9f2db9" + }, + { + "algorithm": "SHA256", + "checksumValue": "a738cd82199e1e1bc5e1a237703ab61bfe6def505234621b4401793662720e6c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Managua", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Managua-155deab0d1b75139", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "566a887308e8e16a9cebb62f3d4124b42c331674" + }, + { + "algorithm": "SHA256", + "checksumValue": "c41cc5d350079f61367c3f10772f831c57b7e94aa878da4a3df0a176e04a59d9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Manaus", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Manaus-7d5d839b76215ad9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a759afda024a0ba961569017b3003805849c6f61" + }, + { + "algorithm": "SHA256", + "checksumValue": "969e91964717250ee64ac2aa9c4802f2cbc956b143264ff5eb1c6f7e9352a4ae" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Martinique", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Martinique-16588574ba987865", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "caf0e4c5fdae59d1b6c1278ad7ac84bf03bcb0a9" + }, + { + "algorithm": "SHA256", + "checksumValue": "7ccb3cd24394d9816f0b47fdcb67a37bdec9780b536016a65eb9e54ee9cd2f34" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Matamoros", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Matamoros-b4ccccec0713b3e6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "638e4541bddbb0164c8d62590ff1bb97f88b822e" + }, + { + "algorithm": "SHA256", + "checksumValue": "7eaf8fa9d999ad0f7c52c1661c0f62be3059bf91840514ceb8b4390aee5a8d6f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Mazatlan", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Mazatlan-a94c967281cc09b1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "44c28415e815f8e2b53604195f85da07b04d829d" + }, + { + "algorithm": "SHA256", + "checksumValue": "0561f636a54f0353ecc842cf37fd8117c2a596bb26424aa0d5eba3b10be79f1f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Menominee", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Menominee-aa7c6fe4e206bc29", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "88fd8d108c020a3294eae6c83ad187cf0b01a602" + }, + { + "algorithm": "SHA256", + "checksumValue": "02bbfd58b6df84d72946c5231c353be7b044770969d3c1addf4022c46de0674e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Merida", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Merida-5815083ad3d1b4cd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8e07f8356362c517ef41035a0394a59363cebfc0" + }, + { + "algorithm": "SHA256", + "checksumValue": "4953441c26b38e899fb67b8f5416b2148f84f884345a696e1df4e91cfd21dddd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Metlakatla", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Metlakatla-b7f83def08194949", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9f327158b98652913af4d66c5257cfc014340536" + }, + { + "algorithm": "SHA256", + "checksumValue": "b709a27864d563657e53c9c5c6abf1edab18bfc1958de59d2edace23b500a552" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Mexico_City", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Mexico-City-fa1a0ca8233565f2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f46bb76507fbd52204eef47c12c9320bd7945af7" + }, + { + "algorithm": "SHA256", + "checksumValue": "528836f85316cf6a35da347ab0af6f7a625a98b7a8e8e105310477b34c53c647" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Miquelon", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Miquelon-bc4114dabf5c1926", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1418becc2c2023ac3dba15d27e5fd6b6b3b6fd5a" + }, + { + "algorithm": "SHA256", + "checksumValue": "c1e3fb359fc8c508ace29266314768a6211b28e217c2457b2d3c6e9e0cdbf06d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Moncton", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Moncton-2419686c77b5d0d7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c08e5d548c3bb971f1a1236c397ded4f7227d769" + }, + { + "algorithm": "SHA256", + "checksumValue": "5a6bfe6e4f5a28a7165b33a9735505bbaec739fc1a224d969a1dcb82a19cb72b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Monterrey", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Monterrey-f024214f6c82dc25", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ceaf09cf6075be4ff98b5716e65d197c9f302864" + }, + { + "algorithm": "SHA256", + "checksumValue": "622c5311226e6dfe990545f2ea0df6840336811e065d73ea394e2dbf42f7906d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Montevideo", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Montevideo-fc2d9d293f0e545b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "06e3ef1048ffd289a424fba8e053601b353cc2fa" + }, + { + "algorithm": "SHA256", + "checksumValue": "e237204de80ae57f05d32358ce4fb7a32499e14f57434f546d327f9a5bbc37bd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Montreal", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Montreal-8a8d315146c83b5b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a6d038ecff7126ee19ebb08a40d157c9a79964cd" + }, + { + "algorithm": "SHA256", + "checksumValue": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/New_York", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-New-York-949f877ffcc782bd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bc9337182ee4bad790b527f56bd3d2130691d693" + }, + { + "algorithm": "SHA256", + "checksumValue": "e9ed07d7bee0c76a9d442d091ef1f01668fee7c4f26014c0a868b19fe6c18a95" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Nome", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-America-Nome-b527118fa63d4dce", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1e6cf03e0c8fbb7a079090cf164e73291681bafc" + }, + { + "algorithm": "SHA256", + "checksumValue": "da2cccdfe3fe3ea27dcdae8c761cc57ccbcf14dabb1a29baf6d02f1303de636b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Noronha", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Noronha-d4d597f6762866c3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f0e29b45f9003c1ff8ed350b40b1369e8a569d0f" + }, + { + "algorithm": "SHA256", + "checksumValue": "dd1e252d5f238394a58e10b9395542939d58efb11f8e8eb309efa8a6983f145a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/North_Dakota/Beulah", + "SPDXID": "SPDXRef-File-...posix-America-North-Dakota-Beulah-b73e44fe1c60ab9b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "99080962e50069d5e6a206bff8931a67b5afebe9" + }, + { + "algorithm": "SHA256", + "checksumValue": "aad81ba8dbbc3370241c5da7fbfa12a6cd69613e12c607256e490f29b5da047b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/North_Dakota/Center", + "SPDXID": "SPDXRef-File-...posix-America-North-Dakota-Center-3a22b177ad565097", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16ee5640265f404a2a64cbb48547b834b780cf71" + }, + { + "algorithm": "SHA256", + "checksumValue": "f5959b2bd60a92ab942f2054152dcbaff89dc5bb7b57bcb85b810ed0a9f6d2cc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/North_Dakota/New_Salem", + "SPDXID": "SPDXRef-File-...posix-America-North-Dakota-New-Salem-48f69c3bd2c4dfe3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6d1defaee32cee5fdaaa1405460d9ee4e4dceb55" + }, + { + "algorithm": "SHA256", + "checksumValue": "0c7fdbb107ee5272b6a1b75bd3a2a08ac3b85cbaa1b75d815ddae052c659bde8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Ojinaga", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Ojinaga-2f7d8e71fee1aaef", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "346cae590643f608e6c31870966e576f2c194936" + }, + { + "algorithm": "SHA256", + "checksumValue": "6f7f10ffb55d902673695c1bece5ee75d8a1240cd428f4d3a97726a419b59ed1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Paramaribo", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Paramaribo-c8310a6caaf65f94", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "af2b3e2554003e56ec6e09f4ab2cc646cef58e06" + }, + { + "algorithm": "SHA256", + "checksumValue": "1e6e6d0f05269e84eb4d43c43b8580adf485ef8663cb0544a1ccb890be751730" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Port-au-Prince", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Port-au-Prince-e679befc0207bb79", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9901445a7bf4a993111d087ef812890dd44a67be" + }, + { + "algorithm": "SHA256", + "checksumValue": "d3d64025de083a23297dda54b85d54e3847f851b7a06fa409055ce9d83bdc8e3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Porto_Acre", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Porto-Acre-74a1c70f5b7de613", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "23649fa3b661b1a7b1332e38479d24bcdb4e902f" + }, + { + "algorithm": "SHA256", + "checksumValue": "d7ba27926f0ffd580c904ae32bdaebd2ac0d9e2eeaa7db6071467dde0de5b4eb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Porto_Velho", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Porto-Velho-07d76771e560a228", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d55253cee37291a6cf91e4bbccca6473cf6679aa" + }, + { + "algorithm": "SHA256", + "checksumValue": "6517f380612edba86797724fb6264b3921468ff58149b38a7622c2d712327397" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Punta_Arenas", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Punta-Arenas-611985209674e281", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5a64891fd90cbc2ba9e1d7dfe1689dee65affef3" + }, + { + "algorithm": "SHA256", + "checksumValue": "dfd2c88e86a8399349656b1820dfd061d842e1caea6c2e8b5abc683d6761f441" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Rainy_River", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Rainy-River-2b395eebcb4a67ff", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "684c62d80d16a9256c9123074466cc5d0288daea" + }, + { + "algorithm": "SHA256", + "checksumValue": "ecffbf610ae77857289fb40a4933a79221a3129a450e7dd9e3c309d6aabc541c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Rankin_Inlet", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Rankin-Inlet-ae752373b648ec23", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f517c389db4ac89bc79cbf8ee5736f0cad7bc7b9" + }, + { + "algorithm": "SHA256", + "checksumValue": "9d782a8cbdced815747a6f9793ca9545165bfd7d324261c4eaf9924af23d2b37" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Recife", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Recife-aea59607411935a9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6a681fe7cafc3cabe9a7ef75699e4e5fa7f6a81a" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a314dd99cd97b9a0161d97c020dd2c261a38f625e558617d95a3bebb836b3a2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Regina", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Regina-da2575a45478ba4c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ecd6b0c718b65c0c90e8097943a899c0b0cb60d8" + }, + { + "algorithm": "SHA256", + "checksumValue": "ca3a93d3ca476c80987bcdc7f099ad68306f085a91bfb4dfcdedd8f31b97ba4c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Resolute", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Resolute-f742ec86d0af67ef", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c01bda981211a1387a2c18d7a57165e72da83d95" + }, + { + "algorithm": "SHA256", + "checksumValue": "0a7314d9d048fbadefb7cf89d10d51a29c7ef1bf694422e386faf270c21e7468" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Santarem", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Santarem-0654d6e280f96ad4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f39fa90abacd688c7f6599bdbdd8c144a0b7c5b1" + }, + { + "algorithm": "SHA256", + "checksumValue": "1a5fe5237a4f679ed42185d6726693a45a960c0e6b7ba6c78759d6b3f674f8d7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Santiago", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Santiago-6f773f10edc48288", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6788d98647fb2019aa749acfb7236e77e84c4533" + }, + { + "algorithm": "SHA256", + "checksumValue": "ef9d2bf24112c65671eea391722ad6ae2cbf5f2f6ed5fcee8cc2c860780bfa01" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Santo_Domingo", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Santo-Domingo-451a2d4d79e5ff2f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a135300f73df9c427db37aa9ba29e25f83463211" + }, + { + "algorithm": "SHA256", + "checksumValue": "0cab5a123f1f43ddb26c84d3594e019b5eb44bda732665156e36964677a7c54e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Sao_Paulo", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Sao-Paulo-d1c1756746a5da30", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "96caf0f5c9ad021d2ca06e2b48ef7e3e52bff41d" + }, + { + "algorithm": "SHA256", + "checksumValue": "70edd519e90c19d49fd72e1ffd4824a433117acdbafa5d68194a038252225108" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Scoresbysund", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Scoresbysund-8a4a91898f4982f7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7497b479af7c157e844a90ecbfc041db4f639f04" + }, + { + "algorithm": "SHA256", + "checksumValue": "75a39cf7fa0b8f250c4f8453d43588fbcc7d0e0ae58be81e2d45ce8891292c96" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Sitka", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-America-Sitka-f07efa25045dc460", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7bb2fd466acd0399f44f56c2ed9a2a0353fb2f82" + }, + { + "algorithm": "SHA256", + "checksumValue": "6a24bb164dfb859a7367d56478941e17e06a4cb442d503930a03002704fc5310" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/St_Johns", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-St-Johns-bef62ea9048f0f45", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4336075a81adbebeb26ca297ce309dc595b86463" + }, + { + "algorithm": "SHA256", + "checksumValue": "af5fb5eee2afdbb799dc9b15930fc32d941ba3ac2f8eeb95bbb0b6a43b263a02" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Swift_Current", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Swift-Current-169a1f9cb1911cff", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e607b1ddf124e4061e437365e16404633bbdc4bd" + }, + { + "algorithm": "SHA256", + "checksumValue": "45128e17bbd90bc56f6310fc3cfe09d7f8543dac8a04fecbbbcd1abd191f3c36" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Tegucigalpa", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Tegucigalpa-dbf2cd9405019f59", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fe5537f0f326f4513aaf98ba68268b0798e72e0b" + }, + { + "algorithm": "SHA256", + "checksumValue": "1333b3ee7b5396b78cabaf4967609c01bf0fb3df15f5b50c378f34b693c8cb0e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Thule", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-America-Thule-4014146544af9f8f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c4e304073f4f90890439ca6205d60e20d2495f16" + }, + { + "algorithm": "SHA256", + "checksumValue": "f31b8f45a654f1180ee440aa1581d89a71e2a1cf35b0139a8a5915bbc634da2f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Vancouver", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Vancouver-322f6ad2ea49ba49", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b42a450523068cc1434b8774082525d8dc2a8e4f" + }, + { + "algorithm": "SHA256", + "checksumValue": "b249ca1f48d23d66a6f831df337e6a5ecf0d6a6edde5316591423d4a0c6bcb28" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Whitehorse", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-America-Whitehorse-fe7a4a0368fdcf2a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4a8f00d33b5ca551a16cedc68cc8528fb4c111d8" + }, + { + "algorithm": "SHA256", + "checksumValue": "4eb47a3c29d81be9920a504ca21aa53fcaa76215cc52cc9d23e2feaae5c5c723" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/America/Yakutat", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-America-Yakutat-b1bc1a2041ffcfa5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f115ac1b5b64b28cad149f1cdf10fb0649fe5c48" + }, + { + "algorithm": "SHA256", + "checksumValue": "b45c2729bbf0872ca7e0b353027e727bf2560ddc6309eacd0edee83b05303b63" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Antarctica/Casey", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Antarctica-Casey-4cd086e938b5d439", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "da1d193862e1725420329b257e1b856b13dcdc7a" + }, + { + "algorithm": "SHA256", + "checksumValue": "f8c45f27605f5b7f12c009a914042a53ad991ac268056fc49b61a093d620be52" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Antarctica/Davis", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Antarctica-Davis-99aca4dbfb4ccfdb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "87abeedc268901cc371d93faf9b775634a6c401b" + }, + { + "algorithm": "SHA256", + "checksumValue": "e8fa24c8e69a212453375dec8acb8681db79bc6e40d98a8da282697cb4dbe524" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Antarctica/DumontDUrville", + "SPDXID": "SPDXRef-File-...posix-Antarctica-DumontDUrville-5bbdcf82423f512e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "65f9954328a5fda173ff0ce420428d024a7d32c3" + }, + { + "algorithm": "SHA256", + "checksumValue": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Antarctica/Macquarie", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Antarctica-Macquarie-3e7aad594196cf97", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "99cbdcf1d9afe0907b96f0ca06636bde4e5383c3" + }, + { + "algorithm": "SHA256", + "checksumValue": "89eed195a53c4474e8ad5563f8c5fc4ad28cab1fe85dfe141f63d4aa9cdcc1ed" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Antarctica/Mawson", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Antarctica-Mawson-a183734120280e91", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cb34c38a02c76beb5b321971d94869451a5ceab1" + }, + { + "algorithm": "SHA256", + "checksumValue": "f535b583fcf4b64e447de07b2baf55268f1a80eefe2bd67159b8aa34a9d464d1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Antarctica/McMurdo", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Antarctica-McMurdo-5e7841414f3ab611", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "78d4d3a481c49ab7ff31722bced30e1c31e8bc98" + }, + { + "algorithm": "SHA256", + "checksumValue": "8000e3a323e8fd0212414e9426b020707a771c368ca0e151747f9ddb7b814b27" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Antarctica/Palmer", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Antarctica-Palmer-b0f960fcd690076b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "12519921ed4c4f6684c5069a251141378f7134a4" + }, + { + "algorithm": "SHA256", + "checksumValue": "0d6fc35c1c97839327319fb0d5b35dbbc6f494a3980ff120acf45de44732126e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Antarctica/Rothera", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Antarctica-Rothera-47389c1f2788315a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "05bc718d8f51e2dc23989d149b8dc7529a87bf1b" + }, + { + "algorithm": "SHA256", + "checksumValue": "4102359b520de3fd9ee816f4cfeace61a3b0c69e178cc24338a33d4850d43ca8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Antarctica/Syowa", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Antarctica-Syowa-6dd7c3f7988a57c3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bde5a629fdb78b40544b8018b2578f0b085045cc" + }, + { + "algorithm": "SHA256", + "checksumValue": "aeaf4a3e3f25d050679ca9fddd690c780d489e036d4f3939fe8578b04661738c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Antarctica/Troll", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Antarctica-Troll-016d8025fd9f110b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0f3bab6c4d956dd8e8bb969e354e1a211980e244" + }, + { + "algorithm": "SHA256", + "checksumValue": "df3ae1f8ffe3302b2cf461b01c9247932a5967276ae26920a3f4c3a9cb67ddce" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Antarctica/Vostok", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Antarctica-Vostok-12d1add738110cee", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cab2a7ae9eb3304377d15b3761e4beca547fb07e" + }, + { + "algorithm": "SHA256", + "checksumValue": "fd919da6bacf97141ca6169c92cf789f6a6e5a7c816564b5a9f17b329124355d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Arctic/Longyearbyen", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Arctic-Longyearbyen-909c114e91953fa5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "918341ad71f9d3acd28997326e42d5b00fba41e0" + }, + { + "algorithm": "SHA256", + "checksumValue": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Almaty", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Almaty-edd8438e8eab25c7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4b4d8aabb1fd81e39b5b8fd2d3506875966a3c34" + }, + { + "algorithm": "SHA256", + "checksumValue": "0027ca41ce1a18262ee881b9daf8d4c0493240ccc468da435d757868d118c81e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Amman", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Amman-9623aead673ec6f5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fdffb8cdba7aaf42ba9f8e1f1d9093c21ed77027" + }, + { + "algorithm": "SHA256", + "checksumValue": "5fd1b785b66b85d591515bc49aaf85e05e94a1c4156698f0a2b6c17eee93d9f6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Anadyr", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Anadyr-9188cae0e2d7e66c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5e18546688a8d72426a93024673be6a7b890ca49" + }, + { + "algorithm": "SHA256", + "checksumValue": "8430d3972e397a3a1554ff40974ed398aa5300234625a20f95c5cb45bb06ff88" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Aqtau", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Aqtau-9aed0a30b0b87a05", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b5c1626f08af9ec32dadbbfcdb69f5a2a83445cb" + }, + { + "algorithm": "SHA256", + "checksumValue": "0397b164ddb9e896a01494dc6ac81d0ab43c8223aa6761053115580564daa990" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Aqtobe", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Aqtobe-7bdec1c6f9ad7660", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "67f145b5d2958ced37d7c63144ca314cc3a5619c" + }, + { + "algorithm": "SHA256", + "checksumValue": "2d0ecfe4b1047bb8db59b8eabf398cefd734a3a01d65e084c504be7ce5a9f32c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Ashgabat", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Ashgabat-ec2603cc92b83da1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f077f5395b29d53b145792d5e2e309a99c4a7092" + }, + { + "algorithm": "SHA256", + "checksumValue": "2f80d85769995b272c61e1c8ca95f33ba64d637b43f308e0c5f3d1d993d6dba7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Atyrau", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Atyrau-9da9e525e01ac96a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "879556e7e91d36d29c7921b7693b3aafa95ce9bf" + }, + { + "algorithm": "SHA256", + "checksumValue": "dee128f3d391c8326a43f4ed6907487fd50f681f16a88450562d2079e63d8151" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Baghdad", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Baghdad-0e4d5e3dea1ba873", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "10843b2e6588534f57e4c05255923c461fcaf40d" + }, + { + "algorithm": "SHA256", + "checksumValue": "9503125273ae8a36dca13682a8c3676219ef2ad4b62153ff917140cde3d53435" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Bahrain", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Bahrain-41310208a3651bff", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "918dda414e2e89ca2b735946a84d94c42a24f452" + }, + { + "algorithm": "SHA256", + "checksumValue": "574ac525d2c722b4e82795a5dbc573568c3009566863c65949e369fbb90ebe36" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Baku", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Baku-e9d853b7613e991d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8409d8a1289864bf61dd17a80524eb6aa36e9be8" + }, + { + "algorithm": "SHA256", + "checksumValue": "be11e796268e751c8db9d974b0524574bca7120d0773423e22264d7db0de09b3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Bangkok", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Bangkok-8369533c70045307", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5c81d559f702a0239d5bf025c97e70b2c577682e" + }, + { + "algorithm": "SHA256", + "checksumValue": "798ab4be1f3d3758f4ebd511a10bed06ed277446a5e853ebb5b17c58228aa43c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Barnaul", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Barnaul-e17549bc40721333", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1391b2598eff6e35378e261f36dd2f57b3e491bf" + }, + { + "algorithm": "SHA256", + "checksumValue": "d9cd42abc5d89418326d140c3fcc343427fb91a2c3acf66d1a7e0ce622596c9a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Beirut", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Beirut-cd5cef0f0e983751", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fba8b66863fcd6bcabec3a13467e0b3450650ad5" + }, + { + "algorithm": "SHA256", + "checksumValue": "fd9ff664083f88bf6f539d490c1f02074e2e5c10eb7f590b222b3e2675da4b6a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Bishkek", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Bishkek-11b695663ecd0f36", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d6c73a90b411c39d97ccda0ad8a57f252456881c" + }, + { + "algorithm": "SHA256", + "checksumValue": "768ff8922d49bd22aea54aef973f634641eca4385dbe4d43d88901c85b248c93" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Brunei", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Brunei-20d6cf74fbe318d1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "951d0ec46419658895f8005b2583badeff166bdb" + }, + { + "algorithm": "SHA256", + "checksumValue": "2ac02d4346a8708368ce2c705bb0a4a2b63ed4f4cb96c8fb5149d01903046134" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Calcutta", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Calcutta-41e55d95d3e71834", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "856df72f3f593ff1e183505d743bf65e40a30aca" + }, + { + "algorithm": "SHA256", + "checksumValue": "e90c341036cb7203200e293cb3b513267e104a39a594f35e195254e6bc0a17cf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Chita", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Chita-0939219069390b95", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4a265169da96777e85b65b87ed5a3d64d801e791" + }, + { + "algorithm": "SHA256", + "checksumValue": "e0808e7005401169cff9c75ffd826ed7f90262760f1b6fef61f49bb8d23e5702" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Choibalsan", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Choibalsan-cff69e2dbc82f86c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "90cad7fd7da7d6546622901db622595f1880f593" + }, + { + "algorithm": "SHA256", + "checksumValue": "bb2412cc8065d1fd935c7ae6526dd53ecd42f6ba34d77858980971eb25238776" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Chongqing", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Chongqing-2a7a7d29536a09d1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "79360e38e040eaa15b6e880296c1d1531f537b6f" + }, + { + "algorithm": "SHA256", + "checksumValue": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Colombo", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Colombo-fba5531118eb4f00", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0fe53f0c887f168201f4c4767068dadb1a698581" + }, + { + "algorithm": "SHA256", + "checksumValue": "1c679af63b30208833ee4db42d3cdb2ad43252e9faec83f91efb19ae60096496" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Dacca", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Dacca-238cecb2a77ae8a6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5779829aea6d010cea872e6c2b6f1ac661d825e3" + }, + { + "algorithm": "SHA256", + "checksumValue": "dcae6594685ca4275930c709ba8988095bfb9599434695383d46f90ed171f25e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Damascus", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Damascus-ebdf0273c85b7f11", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "716b40d34b96db89c27eeb936693481abad8288b" + }, + { + "algorithm": "SHA256", + "checksumValue": "fb90ce2ad6329e7b146189c13108a7dd7b2d850f58e651bebdd9e20fde6d2037" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Dili", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Dili-3e09cd0ce754bdbf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f71f19932f5f7e625447e241be76b34dd2e75115" + }, + { + "algorithm": "SHA256", + "checksumValue": "9d4384e3039ac9fc4b4d9c3becc8aa43802f9ccecd8e0b20bbb82fb1ba227f61" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Dubai", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Dubai-83090e6d3da79b8e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "612f06ce47e5c3acb96b2b6eb8075d89ece41f90" + }, + { + "algorithm": "SHA256", + "checksumValue": "fa06b49b7b9af58ea4496444cf6fd576d715024abcdd6ad6defc63048ed6346b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Dushanbe", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Dushanbe-4cf67b5bdef43c1e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1694cb3276a637899c86f26176b2b1f862d47eda" + }, + { + "algorithm": "SHA256", + "checksumValue": "15493d4edfc68a67d1ba57166a612fb8ebc0ec5439d987d9a90db0f3ca8cc7a3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Famagusta", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Famagusta-7ae7878adef825f3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d7f718a82b28e4fedb4e6501fc94ca2a6ec758c8" + }, + { + "algorithm": "SHA256", + "checksumValue": "085adcca077cb9d7b9c7a384b5f33f0f0d0a607a31a4f3f3ab8e8aa075718e37" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Gaza", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Gaza-a07326b416b47314", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "169848cd25c3fe443c5d0bdd5c96d68a949cfe78" + }, + { + "algorithm": "SHA256", + "checksumValue": "b7463171440be7754d2a729b2a28e7d0e13f31aaf21329e89da6ec7be893b73b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Hebron", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Hebron-aaf8680b8bfcb498", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "201832bdac94204b130b3d01a26f608357e8da26" + }, + { + "algorithm": "SHA256", + "checksumValue": "e98d144872b1fb1a02c42aff5a90ae337a253f5bd41a7ceb7271a2c9015ca9d4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Ho_Chi_Minh", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Ho-Chi-Minh-54e7b7be1b3ae175", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a96c3b96b551d852706b95e0bb739f8e62aee915" + }, + { + "algorithm": "SHA256", + "checksumValue": "e23774e40786df8d8cc1ef0fb6a6a72ba32c94d9cb7765fb06ed4dfd8c96065e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Hong_Kong", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Hong-Kong-e930291958ab98ae", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0c3205dd5ec08d17c2161af789df8d05b1bda1b6" + }, + { + "algorithm": "SHA256", + "checksumValue": "6a5fcee243e5ab92698242d88c4699ceb7208a22ee97d342d11e41ebd2555a17" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Hovd", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Hovd-020b84622fb900db", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5f8950afc6522a8c920cbeb079ac39ca26d52e38" + }, + { + "algorithm": "SHA256", + "checksumValue": "2549cea2cecf3538b65512b10fa5e7695477369ba1b17fcf8b5f2b23355ed71c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Irkutsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Irkutsk-8048172bf741c0f9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f82e877820027d4c48be625842047a6cfe008234" + }, + { + "algorithm": "SHA256", + "checksumValue": "894259095063a5f078acd2893abea0d33519b5c718624fc6934c13925c7c623d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Istanbul", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Istanbul-0488de992cd66915", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "df6cbece3d9afb3aedb44e131b6e68a6cf74ca8e" + }, + { + "algorithm": "SHA256", + "checksumValue": "d92d00fdfed5c6fc84ac930c08fa8adf7002840dbd21590caf5a3e4a932d3319" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Jakarta", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Jakarta-41a5726c799af744", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "be35b8895cd70cc9c5744d30260e82f0421a9337" + }, + { + "algorithm": "SHA256", + "checksumValue": "4ef13306f4b37f314274eb0c019d10811f79240e717f790064e361cb98045d11" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Jayapura", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Jayapura-d033123020293d3c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "70cd707f6e144cf0cb40af01a70b9c4739208e48" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a1cd477e2fc1d456a1be35ad743323c4f986308d5163fb17abaa34cde04259b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Jerusalem", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Jerusalem-7375efccc3679997", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "89e42d27cfb78255ae18ee02f5a4c8e3ba57dde0" + }, + { + "algorithm": "SHA256", + "checksumValue": "254b964265b94e16b4a498f0eb543968dec25f4cf80fba29b3d38e4a775ae837" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Kabul", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Kabul-cb22050893636562", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b2379e605267b8766f9e34d322a5e3a657df7113" + }, + { + "algorithm": "SHA256", + "checksumValue": "89a97b4afc1e1d34170e5efd3275e6e901ed8b0da2ed9b757b9bab2d753c4aaf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Kamchatka", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Kamchatka-6df7fa08b1ea1e63", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9902b94b8a6fbc3d4533f43d9be5cdb6302693ce" + }, + { + "algorithm": "SHA256", + "checksumValue": "a4103445bca72932ac30299fda124c67f8605543de9a6b3e55c78c309ed00bae" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Karachi", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Karachi-403b6dd2aea67f45", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a4c69f1551a0a9bdd8d1817c547bd18218b570a3" + }, + { + "algorithm": "SHA256", + "checksumValue": "881fa658c4d75327c1c00919773f3f526130d31b20c48b9bf8a348eda9338649" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Kashgar", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Kashgar-2ba37f18f5bf7884", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c4fba0cb8c5f2ef8232782883fca5e7af1b1fdb2" + }, + { + "algorithm": "SHA256", + "checksumValue": "0045c32793f140e85e3d9670d50665f7c9a80cd6be6d6dc8dd654d4191c13d80" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Kathmandu", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Kathmandu-3eda3ebfd73285c0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "454f1d251f8a9cd2c1559897f6b38a53fdbfe249" + }, + { + "algorithm": "SHA256", + "checksumValue": "4d4796eeb0d289f3934ac371be8f628086197c621311951ffb4123825c910d6b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Khandyga", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Khandyga-f3259f345ccd3b65", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7ddab9699af73544e5b52a7477e0c5532216c59a" + }, + { + "algorithm": "SHA256", + "checksumValue": "5d8cc4dadb04e526b2f698347070d090413d693bb2da988548b006c7f77e7663" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Krasnoyarsk", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Krasnoyarsk-26f75c5ac6f16539", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ec3786f8744bad78bbfc370674ad33ccba5d4080" + }, + { + "algorithm": "SHA256", + "checksumValue": "9f3470e0f2360222bf19ef39e1bf14ed3483c342c6432ddc6b962e38e5365f02" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Kuala_Lumpur", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Kuala-Lumpur-1c5427fce54bfbeb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "429a0689e9ed127265705febf2c9aa5f47ac3547" + }, + { + "algorithm": "SHA256", + "checksumValue": "739e349e40a3e820c222f70c4c9d55810b65987ffb14e494d08b145ed3445711" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Macao", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Macao-1f5e8f8731296243", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bbd377edbc12abe7cd74edc80086dd21bb34a6ca" + }, + { + "algorithm": "SHA256", + "checksumValue": "32f02447246cac0dabd39d88b65c85e5b8761617918c8d233f0834b88887d989" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Magadan", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Magadan-834807d11e38bf7d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "34134a81b737efcc82e3be92b2d222319b36f510" + }, + { + "algorithm": "SHA256", + "checksumValue": "72ac23290b7c4e5ce7335c360decc066ecf512378e7cbc4f792635f62f7391f4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Makassar", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Makassar-f6488689362ca2d1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2d411fa607c974fe3d77ee18612a21717d226b5e" + }, + { + "algorithm": "SHA256", + "checksumValue": "3a126d0aa493114faee67d28a4154ee41bbec10cdc60fcbd4bfe9a02125780ec" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Manila", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Manila-c6d0dd5d4cf5c061", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d1cabdadc66cf3536c77a812baa074080b2140ca" + }, + { + "algorithm": "SHA256", + "checksumValue": "f314d21c542e615756dd385d36a896cd57ba16fef983fe6b4d061444bbf1ac9e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Nicosia", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Nicosia-366e61f85b8f86e1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "642099c037f5f40aa6152f7590e3cee90b7ae64a" + }, + { + "algorithm": "SHA256", + "checksumValue": "d149e6d08153ec7c86790ec5def4daffe9257f2b0282bba5a853ba043d699595" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Novokuznetsk", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Novokuznetsk-fc4b946bb5757bb5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "52b0a7aff4332d6481b146155abbe90912bc1aaf" + }, + { + "algorithm": "SHA256", + "checksumValue": "bd019ca8a766626583765ef740f65373269d9e8a5ed513c9e2806065e950bbdd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Novosibirsk", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Novosibirsk-0d8efe1900de9bc8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "823fbd64d76bfdcb6e3b0206b731fe407a6a188d" + }, + { + "algorithm": "SHA256", + "checksumValue": "0292f7b36d075f6788027a34dc709ad915dd94ba2d55bf49be7665ed6d6c334d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Omsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Omsk-823bd205cf39249a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cb67208994f35a825847c36964546c8b8d1ad243" + }, + { + "algorithm": "SHA256", + "checksumValue": "c316c47ac7deedd24e90d3df7ea4f04fac2e4d249333a13d7f4b85300cb33023" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Oral", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Oral-3df03911c231f0a6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "deec78c1cebcbd9efb7c57486ca0344e5f8f1fb3" + }, + { + "algorithm": "SHA256", + "checksumValue": "88c8ea0f82ef0e0cb1375e6fec2ab211d043c8115a3a50a1c17d701f3d898954" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Pontianak", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Pontianak-2b506f7f2e1c9f60", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ce2c32e874ec64696f76be4439aad95cc7e3c4e7" + }, + { + "algorithm": "SHA256", + "checksumValue": "8a7397c2e2ad8cabf5cff7a588f65222a8d2b7ac21b6ec613de1b56298d4fc14" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Pyongyang", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Pyongyang-ccc7cbc8cf1cb1bb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "99b004e8e97b94265617932951e7227b635ced64" + }, + { + "algorithm": "SHA256", + "checksumValue": "ffe8371a70c0b5f0d7e17024b571fd8c5a2e2d40e63a8be78e839fbd1a540ec1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Qostanay", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Qostanay-fe919bc0bce64ff9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f7e8708a8ae86992953f273773b65d1e36e4afe4" + }, + { + "algorithm": "SHA256", + "checksumValue": "f76633d7074fa667abc02f50d5685c95e2023102c3c1c68d8550ae36c09e77b5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Qyzylorda", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Qyzylorda-6b2728a383c7712f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "001a7c9f9de8d7edab286c756c0d0c03e90fad88" + }, + { + "algorithm": "SHA256", + "checksumValue": "6a2491c70a146d0f930477f6c1cc9a3a141bf3a8f78d0a57c1c41a48f9c0b705" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Rangoon", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Rangoon-926b2a78a71c5bdd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b800894b13386d65d24df73322e82ee622f843de" + }, + { + "algorithm": "SHA256", + "checksumValue": "647b97f97547afc746263acf439716edbf23414bf78a1c9df95ccde78e6694c0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Sakhalin", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Sakhalin-97f3937e1790735c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ebaa95b0bf93239c1ccf8f96856b86dc58afe726" + }, + { + "algorithm": "SHA256", + "checksumValue": "f7901d3f03a049ed20f70771ebb90a2c36e3bd8dc5b697950680166c955ca34c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Samarkand", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Samarkand-637c30cb07068c21", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7bbf5c916ddd50548e8e5ed0324c59dc1fe9a693" + }, + { + "algorithm": "SHA256", + "checksumValue": "0417ba1a0fca95242e4b9840cafbe165698295c2c96858e708d182dfdd471d03" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Seoul", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Seoul-84d8c27f9fc6385d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "53c1223d1f4dec149d0cadd6d488672619abf0d6" + }, + { + "algorithm": "SHA256", + "checksumValue": "2c8f4bb15dd77090b497e2a841ff3323ecbbae4f9dbb9edead2f8dd8fb5d8bb4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Srednekolymsk", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Asia-Srednekolymsk-0d9243f8d38fed47", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e860fc369629019ed59b45f5fed235cc6ea8dfb2" + }, + { + "algorithm": "SHA256", + "checksumValue": "d039655bcab95605c4315e5cfe72c912566c3696aebcd84d00242972076a125d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Taipei", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Taipei-01757da876968567", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "515e1ab82b216406f364cf666dae998e4b8dc6f8" + }, + { + "algorithm": "SHA256", + "checksumValue": "0cc990c0ea4faa5db9b9edcd7fcbc028a4f87a6d3a0f567dac76cb222b718b19" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Tashkent", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Tashkent-1c1c8c076ee8a8fd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bbc8a292471ac05d8774b14bcb177ab7fd7f7398" + }, + { + "algorithm": "SHA256", + "checksumValue": "2d2fb24f1874bf5be626843d23a7d8f8811193bba43e6a2f571d94b7ff9bf888" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Tbilisi", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Tbilisi-d2b2ca8e16fefbdf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7cb93f7abf7171eb40186248ecc885b541836e74" + }, + { + "algorithm": "SHA256", + "checksumValue": "c3a50dc60ca7e015554c5e56900b71a3fbbb9e7218dba99a90a4399d18227ddb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Tehran", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Tehran-02ad88301776db65", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a7cb8bf300b3177e2506a838f7fd218880350e57" + }, + { + "algorithm": "SHA256", + "checksumValue": "a996eb28d87f8c73af608beada143b344fc2e9c297d84da7915d731ba97566b4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Thimbu", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Thimbu-13240979e9b0a02b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16dc4bbfe2b3668b9b737033f4ecb2a9c1ee7e6a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ba26bca2be5db4393155466b70bc248db4f3f42ed984bab44f88e513862fbaf4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Tokyo", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Tokyo-2af6995ed37d66e2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "41852e7fc829ff3ace521bc3ebc60b6e43b56da6" + }, + { + "algorithm": "SHA256", + "checksumValue": "a02b9e66044dc5c35c5f76467627fdcba4aee1cc958606b85c777095cad82ceb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Tomsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Tomsk-fef4f22ce4e0a641", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5e7464939be7db8572e95aea8381f94bca70f91d" + }, + { + "algorithm": "SHA256", + "checksumValue": "efb6207492f111344a8d08e76871dfe78c4102a372c130f0410999e6fe80ab6f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Ust-Nera", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Ust-Nera-3d4aa454e7520182", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0040f6ac898a101ca796115d646c4825833c0290" + }, + { + "algorithm": "SHA256", + "checksumValue": "2406614403dd6ce2fd00bf961ce2fc6998f1759c4b9860cd046302c3d4cab51f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Vladivostok", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Asia-Vladivostok-4599e19ac72591d0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7480790ddac173ba580e52d0f8754eeacbff02b6" + }, + { + "algorithm": "SHA256", + "checksumValue": "5a892182d8f69f0523f7dda1ed2c9f07f7d134700a7cf37386c7ffa19a629bc7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Yakutsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Yakutsk-0486da6e1e56e929", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "79d6a645076e873ce22c53a10b3de9e27df7b2fe" + }, + { + "algorithm": "SHA256", + "checksumValue": "455088979d84bccae9d911b6860d9c8c34abf5086cb1c6804fe355f35c70ef37" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Yekaterinburg", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Asia-Yekaterinburg-7354ff083fb2caea", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16f2954e67502e5e98391383ab4712700e456ee8" + }, + { + "algorithm": "SHA256", + "checksumValue": "37355cd8388f7b2c3415d307c123d0245f64dedbd676dac44d988de7ca72c4b9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Asia/Yerevan", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Yerevan-6f27318e991b55ff", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f10e1a31e38b267009bed042efd8a54c7b2043a2" + }, + { + "algorithm": "SHA256", + "checksumValue": "934587b56416fdc0428dc12ff273f4d5c54f79354395fd7c950d3fbba7229f5a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Atlantic/Azores", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Atlantic-Azores-c3326ed61922a612", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "088e1a1365d0e0c8091f595e30e1791b5f468313" + }, + { + "algorithm": "SHA256", + "checksumValue": "5daae581a2cbfa4926b50ac964e31f453141d0d3803ca4a4eea06a993d53c76f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Atlantic/Bermuda", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Atlantic-Bermuda-340f6ac7059eaca6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "44e7011574ab916094cc410221bcff4960831155" + }, + { + "algorithm": "SHA256", + "checksumValue": "2cd18a7ccb2762fc089a34f2cd7acb84c3871c3bbba88ebb45b60d2afbc8d792" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Atlantic/Canary", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Atlantic-Canary-70ae1d36282a9c44", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "395c4e66b52d9181e31450d07b5365a10ec26aa3" + }, + { + "algorithm": "SHA256", + "checksumValue": "ca62bdb9faa986f3630cade1ce290de067e4711dd07820623cac9573a16395b0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Atlantic/Cape_Verde", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Atlantic-Cape-Verde-ac38ff5072279c22", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "897189e0cda96bfb3248ee7f48706fe94d687fc1" + }, + { + "algorithm": "SHA256", + "checksumValue": "11242f13775e308fa5c7d986d3224b12c157e4a465fbb73a803e4eda1d199bd4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Atlantic/Faeroe", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Atlantic-Faeroe-a80940ed5b5ba2cc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dd6b1178a2066e496edfcd2426d44ea5dd23a3d8" + }, + { + "algorithm": "SHA256", + "checksumValue": "3626dd64f66d6a99d847f9b22199cc753692286b0e04682e8e3d3f4f636f033b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Atlantic/Madeira", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Atlantic-Madeira-f477ad75112e2997", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e8dce3b2d2a4db52d0b3d19afd01d5b5473cd179" + }, + { + "algorithm": "SHA256", + "checksumValue": "4cac333702082b0d818dede51b57dde86e68f3e2fcb6d897a20d5b844ecdcc46" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Atlantic/South_Georgia", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Atlantic-South-Georgia-3b0bede735021781", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b2acac8196001a9458b5e6c6921d781df3290d78" + }, + { + "algorithm": "SHA256", + "checksumValue": "419ef67d12a9e8a82fcbb0dfc871a1b753159f31a048fba32d07785cc8cdaeb7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Atlantic/Stanley", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Atlantic-Stanley-9a10afe86413fe1b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f612730123deabdd609145696adeea2ea26f499f" + }, + { + "algorithm": "SHA256", + "checksumValue": "7b128c2f0f8ff79db04b5153c558e7514d66903d8ebca503c2d0edf081a07fcc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Australia/ACT", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Australia-ACT-47b76754d929de5f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ca9f55088c536a5cb6993b1a5fe361c0617bc4fd" + }, + { + "algorithm": "SHA256", + "checksumValue": "42c3857585b16db2f8ffd47ba19faa60f473340de8d4fe9320ea7be861605906" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Australia/Adelaide", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Australia-Adelaide-124bba0ca3ded7a4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "91e31f0fe53950a7e8ac0bd66964069d4d7dabe9" + }, + { + "algorithm": "SHA256", + "checksumValue": "95dd846f153be6856098f7bbd37cfe23a6aa2e0d0a9afeb665c086ce44f9476d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Australia/Brisbane", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Australia-Brisbane-61870667349de61b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d1cae3c294b3bc9e1d4a1e1e5457f63abb6b554e" + }, + { + "algorithm": "SHA256", + "checksumValue": "796e90cf37b6b74faca5e2669afb7524ccdb91269d20a744f385c773b254b467" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Australia/Broken_Hill", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Australia-Broken-Hill-ff3491878d8985ba", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7f8d2d9322173a3390737371410592ecbcb9e858" + }, + { + "algorithm": "SHA256", + "checksumValue": "de4ff79634ef4b91927e8ed787ac3bd54811dda03060f06c9c227e9a51180aa4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Australia/Currie", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Australia-Currie-b6b2b2ff2c14c4f7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "db8884f4beb55ae0c292403cdb8ffc47c18effcd" + }, + { + "algorithm": "SHA256", + "checksumValue": "18b412ce021fb16c4ebe628eae1a5fa1f5aa20d41fea1dfa358cb799caba81c8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Australia/Darwin", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Australia-Darwin-b941d058a9e60caf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fa21b92f3596419128a660acccf2f1cf6aa66ab0" + }, + { + "algorithm": "SHA256", + "checksumValue": "7e7d08661216f7c1409f32e283efc606d5b92c0e788da8dd79e533838b421afa" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Australia/Eucla", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Australia-Eucla-14653b642de8a981", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "abf9ae83cf5720d60dfc849f06ea666b6e6c1a0f" + }, + { + "algorithm": "SHA256", + "checksumValue": "2f112e156c8cb1efdc00b56d4560a47fab08204935de34382575bc9366a049df" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Australia/LHI", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Australia-LHI-e46d52a77ffd2012", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2304257244b530bcd036aae724f99aff416198f8" + }, + { + "algorithm": "SHA256", + "checksumValue": "2ee7f42f1fe2247ba1de465de0bc518dfdfab4b179fb05b650531534a353ee08" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Australia/Lindeman", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Australia-Lindeman-4e8cc4fdeeac808a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8ac554523fc5300e535323ce58e46f8adb72c2e5" + }, + { + "algorithm": "SHA256", + "checksumValue": "c4ce94771db6a0b3682d1d58ec64211ce628bfc9f0df140daa073f35543624ae" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Australia/Melbourne", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Australia-Melbourne-5a5b31c6ed441c58", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d6f744692e6c8b73de1eef051814f00e0d159e6a" + }, + { + "algorithm": "SHA256", + "checksumValue": "96fc7f31072e9cc73abb6b2622b97c5f8dbb6cbb17be3920a4249d8d80933413" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Australia/Perth", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Australia-Perth-4af1abc60ed4b3ae", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bb00a26c7ab0df1054fa1c4a71f0bd836a9be5f8" + }, + { + "algorithm": "SHA256", + "checksumValue": "025d4339487853fa1f3144127959734b20f7c7b4948cff5d72149a0541a67968" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/CET", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-CET-a7395e2e631fe286", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d90f3247c4716c2e1068d5ad9c88ca2091bec4e8" + }, + { + "algorithm": "SHA256", + "checksumValue": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Chile/EasterIsland", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Chile-EasterIsland-2b4e7cf7323c8867", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "17b3f0bf160601c93bdda3e7a0b834ecc1e06f20" + }, + { + "algorithm": "SHA256", + "checksumValue": "64eefdb1ed60766dd954d0fdaf98b5162ad501313612ce55f61fdd506b0788d3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/EET", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-EET-d67ac102d34d7339", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fd241e817c1f999471c30d301238211a16f95866" + }, + { + "algorithm": "SHA256", + "checksumValue": "5c363e14151d751c901cdf06c502d9e1ac23b8e956973954763bfb39d5c53730" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Eire", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Eire-3d800320aae0d855", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dbd27ca1fc5b5d8b864c48e92bb42dc49a8f442b" + }, + { + "algorithm": "SHA256", + "checksumValue": "75b0b9a6bad4fb50a098ebfffb8afdf1f0ffe6a9908fdd3d108f7148b647c889" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-df34fa3daf0ac99c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2a8483df5c2809f1dfe0c595102c474874338379" + }, + { + "algorithm": "SHA256", + "checksumValue": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT+1", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-1-b30ea32dd3503666", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "694bd47ee2b5d93fd043dd144c5dce214e163dd8" + }, + { + "algorithm": "SHA256", + "checksumValue": "d50ce5d97f6b43f45711fd75c87d3dc10642affa61e947453fb134caef6cf884" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT+10", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-10-e6730eb41efbdecf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "df25f8ee32cd9ac7f9d3fdafb6ccc897e0675a5c" + }, + { + "algorithm": "SHA256", + "checksumValue": "244432432425902d28e994dd7958d984220e87a70ae5317b1f4d0f925b3eb142" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT+11", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-11-adba9de770a57ed4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "326fa090be74ccc8e561a72ff2833a9a80460977" + }, + { + "algorithm": "SHA256", + "checksumValue": "b56bdcbd830509a13ad27255bc3aeba2feecb49becd4a4183b2ae1977773714b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT+12", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-12-5eaeeecf47e10af1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9813523e1f092d2f0c0cd3e5f13e2738a51cb350" + }, + { + "algorithm": "SHA256", + "checksumValue": "6fbd0712112babc2099aaf31edc399cb8791fffddfab9b871e98ef3c1107a8c0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT+2", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-2-085b8e3d17b13241", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e3c40ede5206526dd50a7f8d710afad3da46c12e" + }, + { + "algorithm": "SHA256", + "checksumValue": "4fa129e7386c94129b61a10215407a8142a1de24d93f23285b59238689f1ad4a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT+3", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-3-1118f4bdea71fa15", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8f68d2cb81ec1c386f80f820d6aaf54b7444f5cd" + }, + { + "algorithm": "SHA256", + "checksumValue": "406a18ac4d386d427e3b32f7eddb763194f917158d2e92433d55e025bb2d6190" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT+4", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-4-abd2c8452b9b1897", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "32cfcd637174d91744d7dff4744e199750faf9d1" + }, + { + "algorithm": "SHA256", + "checksumValue": "456ae43648bec15ed7f9ca1ed15bee7c17ba2eb595a643c98226b94106049c1a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT+5", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-5-3f71bb83b42bf7fe", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cef7ce7bf61e746cc1ae39bbab9112bf1dfdc455" + }, + { + "algorithm": "SHA256", + "checksumValue": "a1199e0b8d5d8185d3fb3cf264844a5cdf48bdd2f60dae674eec261b6fe9ac80" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT+6", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-6-98fb9bceea211a42", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "750271da92432a39887c376cd346144d785d4445" + }, + { + "algorithm": "SHA256", + "checksumValue": "77a7409f089e8f2148da7ec0cc59455b4685013eb360d123048106d2ebb4b1b4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT+7", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-7-2116c5a9302e3f0a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6ca6def25e8ec04a636003be3f3642e9b165b5f0" + }, + { + "algorithm": "SHA256", + "checksumValue": "4ea8d86f3774607a71d708ac160d3c275f704e983aced24b2e89e0658fe5a33b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT+8", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-8-c1c398fa2c623ea8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5c83913964f148a5e9d5add7eb511586880f4373" + }, + { + "algorithm": "SHA256", + "checksumValue": "b61ffc6c832662044f09eb01adb981851af48d03bbc2177bd0b898f477f02729" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT+9", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-9-3e587927663bf2d2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fefc384f96a7e856e72e7d723eb2638cb3e7d469" + }, + { + "algorithm": "SHA256", + "checksumValue": "42ae44ea2512ec9309232993ed8a2a948f0cb6ab55cb49abf6deb3585b5673d6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT-1", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-1-e75e96a04cbc7bad", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0ab7ceaed57872977f2162ead3e08b3a2984757c" + }, + { + "algorithm": "SHA256", + "checksumValue": "ef7175794f2e01018fde6728076abdf428df31a9c61479377de7e58e9f69602e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT-10", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-10-0b6064d0ab67205f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4081769004bdca6d05daa595d53c5e64e9da7dfd" + }, + { + "algorithm": "SHA256", + "checksumValue": "7ca5963702c13a9d4e90a8ed735c3d2c85c94759934c3f8976f61f951cb522b5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT-11", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-11-4f362059c2bd5a60", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "268a542f171d142870c273ea63d2b297e9132424" + }, + { + "algorithm": "SHA256", + "checksumValue": "0f64bbf67ea9b1af6df7fdaf8f9c08ac5a471f63892dc08a3fabedc3315920d6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT-12", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-12-ed031e2497e62995", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7a7f58e042a671281dbf35baa7db93fc4661a80b" + }, + { + "algorithm": "SHA256", + "checksumValue": "99ee15ea599623c812afc1fb378d56003d04c30d5a9e1fc4177e10afd5284a72" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT-13", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-13-5447e42cb615d2d3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9f692f0a177436496fa8381438ee7ed1f9ae3f1a" + }, + { + "algorithm": "SHA256", + "checksumValue": "c5b99b1b505003a0e5a5afe2530106c89c56e1adedea599ac1d3ca004f2f6d1f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT-14", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-14-4df260a5a6d61b81", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f073c38db02ac6096f4f32948eda1574a34d9d0b" + }, + { + "algorithm": "SHA256", + "checksumValue": "3e95e8444061d36a85a6fc55323da957d200cd242f044ed73ef9cdf6a499f8a7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT-2", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-2-0e3d7fa5ccaa00b8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "44c80b54e02666339300ec84db1f6f5566b5ba92" + }, + { + "algorithm": "SHA256", + "checksumValue": "bdeea158b75eba22e1a9a81a58ba8c0fa1cdc9b4b57214708ee75f4d9d9b6011" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT-3", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-3-4773fa53cdd52e44", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3de0e41581d474c91db326d9e755fe1b11172983" + }, + { + "algorithm": "SHA256", + "checksumValue": "37bee320b6a7b8b0d590bb1dba35d94aef9db078b0379308a7087b7cc5227eca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT-4", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-4-c89f38590453da25", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b81f76f5a16830f56841502d65c3d271a0d94ee4" + }, + { + "algorithm": "SHA256", + "checksumValue": "2d2928e5f547a8f979cdfc231aa91b31afce167beda53ea8ff8c58c4dcfd9f9a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT-5", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-5-e4a6f4a56ddcfb16", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4978924cbee929c87b2726c9d9b4d2d5d7590da6" + }, + { + "algorithm": "SHA256", + "checksumValue": "b8b69247931bd7c1d14ec000e52bde63d3c027dedd3bc433216a8d5dedf065be" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT-6", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-6-f1956bd1a3691380", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "773e9072d36b0f3dca58dc5de24b9947f3fefdeb" + }, + { + "algorithm": "SHA256", + "checksumValue": "25237e454029849e747e922fedc602eae9ebb6bcfd4b55a66bea620c79467bb7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT-7", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-7-21e63581b7b02e9f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6c3c180b690aee6c0320e6703f2f781618c4221e" + }, + { + "algorithm": "SHA256", + "checksumValue": "bd500e17cc54f53f444a7c3af1cd12157a5cbe4a28a5a8b04d1d336de7c71d25" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT-8", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-8-cbf72f5b9543b190", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "280e22a595351b1fa0fdc3b3a3deed4e4840e31a" + }, + { + "algorithm": "SHA256", + "checksumValue": "4bbc4541b14ca620d9cb8bf92f80fd7c2ae3448cf3a0b0b9a7c49edb7c62eeeb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/GMT-9", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-9-4cc17f4e31664845", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f62a1c06f8a901efa933208ae9501c9a2f78a269" + }, + { + "algorithm": "SHA256", + "checksumValue": "239bc736650af98ca0fd2d6c905378e15195cc1824b6316055088320a3b868c2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Etc/UCT", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-UCT-4834666be23b0336", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d0b8991654116e9395714102c41d858c1454b3bd" + }, + { + "algorithm": "SHA256", + "checksumValue": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Andorra", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Andorra-909799b37a21942e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4fbea0614a049786c42ba65ea8bea4b12a7a6ef3" + }, + { + "algorithm": "SHA256", + "checksumValue": "8130798c2426bc8c372498b5fef01c398ba1b733c147a457531f60555ea9eae8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Astrakhan", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Astrakhan-9afaa370e1493930", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6bdbac46bf6de697e0cb750be284973b05035877" + }, + { + "algorithm": "SHA256", + "checksumValue": "cb0b732fdd8a55fa326ce980844f5e1ea98c72f2599b96f48ece460dd5882444" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Belfast", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Belfast-5c421e73c56aad12", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1beba7108ea93c7111dabc9d7f4e4bfdea383992" + }, + { + "algorithm": "SHA256", + "checksumValue": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Belgrade", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Belgrade-51cdda05f997befc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "961a2223fd1573ab344930109fbd905336175c5f" + }, + { + "algorithm": "SHA256", + "checksumValue": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Bratislava", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Bratislava-7052a3c37eb89373", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "396eb952fc9ee942964181ca4e5a2dcdb5e92901" + }, + { + "algorithm": "SHA256", + "checksumValue": "fadd1d112954ec192506fb9421d7a22a80764fe4ae7b2eb116290437fec33167" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Bucharest", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Bucharest-1ecc2805c23bda81", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7176e5201942e3b2db81c853b0215abc86fd0ae7" + }, + { + "algorithm": "SHA256", + "checksumValue": "9df83af9b5360fa0cc1166fd10c2014799319cdb1b0d2c7450a7c71ff673a857" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Budapest", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Budapest-4e0f832ccffb5bf8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "91adb207dce9a1bfffd91c527c87591862b5befa" + }, + { + "algorithm": "SHA256", + "checksumValue": "94dc2ac5672206fc3d7a2f35550c082876c2fd90c98e980753a1c5838c025246" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Busingen", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Busingen-d527689295f8a310", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "782d7d6812933a263ebfff012a0120d480071b1b" + }, + { + "algorithm": "SHA256", + "checksumValue": "2b9418ed48e3d9551c84a4786e185bd2181d009866c040fbd729170d038629ef" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Chisinau", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Chisinau-463fd1185acb3ea7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3c7ec1a8e357d2bbaead94d299dbe16db67b43ba" + }, + { + "algorithm": "SHA256", + "checksumValue": "a7527faea144d77a4bf1ca4146b1057beb5e088f1fd1f28ae2e4d4cbfe1d885e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Gibraltar", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Gibraltar-e0ede8868e534771", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "122f8383ab55c80eb33fe83cb2c8e870104260ee" + }, + { + "algorithm": "SHA256", + "checksumValue": "6bced6a5a065bf123880053d3a940e90df155096e2ad55987fe55f14b4c8a12e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Helsinki", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Helsinki-0ba296fdbd0793ad", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3f01ceaf46492fcbd8753bc6cff72ca73df6d1f1" + }, + { + "algorithm": "SHA256", + "checksumValue": "184901ecbb158667a0b7b62eb9685e083bc3182edbecdc3d6d3743192f6a9097" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Kaliningrad", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Europe-Kaliningrad-d75f7a1687554234", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a02a78fd9fd74fa6cd9abe6546273519018d5030" + }, + { + "algorithm": "SHA256", + "checksumValue": "b3b19749ed58bcc72cec089484735303a2389c03909ff2a6cff66a2583be2cc3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Kiev", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Kiev-373ae748a8cbcd46", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "946d9ae0ff7ee36e2d8809629da945ae868f4d65" + }, + { + "algorithm": "SHA256", + "checksumValue": "fb0ae91bd8cfb882853f5360055be7c6c3117fd2ff879cf727a4378e3d40c0d3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Kirov", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Kirov-d705fc609541cf5f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "22357ac98d315c82d585badfb9afe934a709f107" + }, + { + "algorithm": "SHA256", + "checksumValue": "3fb4f665fe44a3aa382f80db83f05f8858d48138f47505e5af063e419d5e0559" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Lisbon", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Lisbon-ba21fd1aa2af3853", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b9298daf385db9e18080b3d9f46be2c944714ec1" + }, + { + "algorithm": "SHA256", + "checksumValue": "92b07cb24689226bf934308d1f1bd33c306aa4da610c52cd5bce25077960502c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Madrid", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Madrid-f2d3cfaacbb01880", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "373ee9e3d0ba9edf1ebd6497d5f1ffb50a62984f" + }, + { + "algorithm": "SHA256", + "checksumValue": "9a42d7d37ad6dedd2d9b328120f7bf9e852f6850c4af00baff964f659b161cea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Malta", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Malta-70b83a93e0a21641", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "eede4ec7a48fc8ada059d1462e2c090eda8c6c91" + }, + { + "algorithm": "SHA256", + "checksumValue": "12129c6cf2f8efbeb9b56022439edcbac68ad9368842a64282d268119b3751dd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Minsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Minsk-d93c522207cbf1bf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e36f1daec8979122825de4903770b79e0eabcd88" + }, + { + "algorithm": "SHA256", + "checksumValue": "9a7f3acddacd5a92580df139d48cbd9f5f998b6a624f26fd10f692d80fae1894" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Monaco", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Monaco-211f559c0f4bbf4a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f065dd54ad27c008caa5e96b7fec1e7859fcc003" + }, + { + "algorithm": "SHA256", + "checksumValue": "ab77a1488a2dd4667a4f23072236e0d2845fe208405eec1b4834985629ba7af8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Moscow", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Moscow-f78d3bb4be66b75b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d4d01723421789b2d2b54ffedee60283e94f5e65" + }, + { + "algorithm": "SHA256", + "checksumValue": "2a69287d1723e93f0f876f0f242866f09569d77b91bde7fa4d9d06b8fcd4883c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Riga", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Riga-fcef089df6ff596a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "799671bdcad326eb5707eb620342c69bac5e6580" + }, + { + "algorithm": "SHA256", + "checksumValue": "849dbfd26d6d696f48b80fa13323f99fe597ed83ab47485e2accc98609634569" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Rome", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Rome-194c99d5c6dfd860", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2ef35f507ab176828a5c751f702144ede463e385" + }, + { + "algorithm": "SHA256", + "checksumValue": "d5ade82cc4a232949b87d43157c84b2c355b66a6ac87cf6250ed6ead80b5018f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Samara", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Samara-fa730dd75d64d5a3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a8bab29224d52a19e5960c2c66557748fb55c4e5" + }, + { + "algorithm": "SHA256", + "checksumValue": "cf68a79ea499f3f964132f1c23217d24cfc57e73b6b1665aa9e16a3a1f290fb3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Saratov", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Saratov-48f8c2a987661df7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "916029e1ff74b86bd860098a43bacbac34677fb5" + }, + { + "algorithm": "SHA256", + "checksumValue": "04c7a3e3d1e5406db80960a1e5538436b0778cfb893d270fb3346d6fb32b2772" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Simferopol", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Simferopol-c817df2401644d95", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f1773f7624c418081fb3ab76ac1a64ab60f2e9be" + }, + { + "algorithm": "SHA256", + "checksumValue": "b7397bc5d355499a6b342ba5e181392d2a6847d268ba398eabc55b6c1f301e27" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Sofia", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Sofia-385f39c9f2fe1333", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "541f61fa9ef15b102f8661b684ad9976bd81b929" + }, + { + "algorithm": "SHA256", + "checksumValue": "84240a5df30dae7039c47370feecd38cacd5c38f81becab9a063b8c940afe6d6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Tallinn", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Tallinn-5fc0468959b8e2ca", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dff1b1743ddf6474e691fae0a6dab8ee93d81789" + }, + { + "algorithm": "SHA256", + "checksumValue": "e1ae890b4688a4ccea215ecedf9ce81b42cb270910ab90285d9da2be489cebec" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Tirane", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Tirane-514cb52107ce34ed", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3b9be3df7968b0c46feed0a46349324179daaa84" + }, + { + "algorithm": "SHA256", + "checksumValue": "ced959c824bd5825de556f2706e9f74f28b91d463412d15b8816c473582e72ec" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Ulyanovsk", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Ulyanovsk-a179fa54cf5c4c26", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f5d943bf83a0dffa86018b8512df7179536fb4ae" + }, + { + "algorithm": "SHA256", + "checksumValue": "9c5b207154e64e2885cc7b722434673bedc7e064407c079c79be9bda31472d44" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Vienna", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Vienna-ee42227bc84df0ea", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1da9833989405bd5ff21d58013704f9f00cefd7b" + }, + { + "algorithm": "SHA256", + "checksumValue": "6662379000c4e9b9eb24471caa1ef75d7058dfa2f51b80e4a624d0226b4dad49" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Vilnius", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Vilnius-2eac927b46cddaa0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "88bfe2ba142bad0856984a813ac8b93939fd6b3e" + }, + { + "algorithm": "SHA256", + "checksumValue": "505cd15f7a2b09307c77d23397124fcb9794036a013ee0aed54265fb60fb0b75" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Volgograd", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Europe-Volgograd-0011d80650bd57b7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a4deb32b25919c4fbeec94d043abbdcc27b45bd6" + }, + { + "algorithm": "SHA256", + "checksumValue": "46016fb7b9b367e4ed20a2fd0551e6a0d64b21e2c8ba20dd5de635d20dbfbe4b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Europe/Warsaw", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Warsaw-d5106c46a9567f39", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "011e06118f3e209794b175332ffb109e2583e4f7" + }, + { + "algorithm": "SHA256", + "checksumValue": "4e22c33db79517472480b54491a49e0da299f3072d7490ce97f1c4fd6779acab" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Factory", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Factory-066e06135920a3fe", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d970812ef3dca71b59cc3dab08ba3391d4dd1418" + }, + { + "algorithm": "SHA256", + "checksumValue": "6851652b1f771d7a09a05e124ae4e50fc719b4903e9dee682b301ae9e5f65789" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/HST", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-HST-fa4e8eab62182cad", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5d5313bee3a467f7b5311b263c7d38b52f182164" + }, + { + "algorithm": "SHA256", + "checksumValue": "7f03d1bf5264e7ab023a2ef9b997ddfc8cb6936692407c770762b9c549523f33" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Indian/Chagos", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Indian-Chagos-6d6688aea27fa8fa", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e56a740e0b4703426b63bf2ea71650a2ae0defda" + }, + { + "algorithm": "SHA256", + "checksumValue": "db7076ea9c302b48315bb4cfefa1a5b7263e454fe8e911864ab17dde917b4b51" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Indian/Kerguelen", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Indian-Kerguelen-4f21c2134ca3699d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a77b20e17ce1c1f9c4767d1ddf03a67b0312ce6c" + }, + { + "algorithm": "SHA256", + "checksumValue": "7544016eb9a8077a1d5ac32ddcad58527078e3b03a9e45b7691d5a1f374b17b3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Indian/Mauritius", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Indian-Mauritius-d1c10e34d3aafde3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1c264edb46f9058fb482a727ec95bb67807ec804" + }, + { + "algorithm": "SHA256", + "checksumValue": "93abd651571f537812d4ad767bf68cc3a05e49d32f74bc822510802fb083d20a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Kwajalein", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Kwajalein-dbdc3b07da2deabb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6c90cce9681748e9c5c59ba8a9070c1425a71f79" + }, + { + "algorithm": "SHA256", + "checksumValue": "2f89c7deac6fe4404a551c58b7aedbf487d97c1ce0e4a264d7d8aeef1de804c9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/NZ-CHAT", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-NZ-CHAT-94958ba44fa043aa", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cb54cbb65da9481265fbb1005f8860efa5170042" + }, + { + "algorithm": "SHA256", + "checksumValue": "96456a692175596a6ffc1d8afa4dae269dac7ad4552ba5db8ec437f200c65448" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Apia", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Pacific-Apia-ac704fff8d045cef", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "442116a1776e38b80a519df388e5e3e992081f74" + }, + { + "algorithm": "SHA256", + "checksumValue": "726e92e83d15747b1da8b264ba95091faa4bca76a8e50970a4c99123d9b9647e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Bougainville", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Pacific-Bougainville-c985cb2dc1a169bc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4438f6699a844ec19aabc63f4ea9df91e1714ffb" + }, + { + "algorithm": "SHA256", + "checksumValue": "64a0dafd2ff68129663968b35750eac47df06c4e7cadf2b5bca64766aaebb632" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Efate", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Pacific-Efate-2cf98fe7a8654079", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dfcdfadd0146e60fdfa6c9a457f4fd94c062fb1a" + }, + { + "algorithm": "SHA256", + "checksumValue": "a46e0d31578cde10494d99d99aa78bab3dd0e680a08135b81cef91f457bddba0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Enderbury", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Enderbury-f049ddb3599ce35d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ae7f372f20b1ed3a9bbc2eeabd3a67156f9e65f4" + }, + { + "algorithm": "SHA256", + "checksumValue": "52f13b7d5b79bc64bb968297d7489b84d8a596288dab0bd001757d3518588603" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Fakaofo", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Fakaofo-057a5f6ec928791d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4ae0c959818fd9aad8518baa00dab9172c77f1d7" + }, + { + "algorithm": "SHA256", + "checksumValue": "828c3e4a0139af973c27f020e67bc9e5250f0e0eb21fca6d87f6be40b0dc3eff" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Fiji", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Pacific-Fiji-c6de8cfabb0d2d20", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3c657bce2b4fd4ebd6fbf6e435eac77d0704d3a0" + }, + { + "algorithm": "SHA256", + "checksumValue": "c955305c2fc9c0bc9f929adf08d4e7580add30ba925c600e7a479ee37b191a23" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Funafuti", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Funafuti-6cec62463126b762", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cb335dbaaa6de98cf1f54d4a9e665c21e2cd4088" + }, + { + "algorithm": "SHA256", + "checksumValue": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Galapagos", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Galapagos-4205f8b4e25f7938", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e4dac5e58655145a568ed53ebe3c2acf5f4a3724" + }, + { + "algorithm": "SHA256", + "checksumValue": "31db650be7dfa7cade202cc3c6c43cb5632c4e4ab965c37e8f73b2ca18e8915f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Gambier", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Gambier-7daee65cf4a04418", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1fb4054e9a560e58b8e482bc29621d1e88201a75" + }, + { + "algorithm": "SHA256", + "checksumValue": "cfa79817cb2cccb8e47e9aa65a76c1040501fa26da4799e874a68061bbd739ed" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Guadalcanal", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Pacific-Guadalcanal-18dea002d13130a1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5011d0291e183a54b67e5cffba2d54278478ebe5" + }, + { + "algorithm": "SHA256", + "checksumValue": "e865fe5e9c5c0b203ae2a50c77124c14cab8b0f93466385ec6a19baf2cdf8231" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Guam", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Pacific-Guam-44028b6bb5dd7fc0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e89887209cf2ea7f4223ca7298e9377b233eaba6" + }, + { + "algorithm": "SHA256", + "checksumValue": "131f739e67faacd7c6cdeea036964908caf54d3e2b925d929eb85e72b749b9f2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Kiritimati", + "SPDXID": "SPDXRef-File-...zoneinfo-posix-Pacific-Kiritimati-90771ac81ab468b8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "37395a0b6f3d7510d03c13e1a0a92b399f7b303c" + }, + { + "algorithm": "SHA256", + "checksumValue": "5474778aec22bf7b71eb95ad8ad5470a840483754977cd76559e5d8ee4b25317" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Kosrae", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Kosrae-7ead89c2b331912b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "59dabc00195b0e9a26c1304e866284e7c9963d09" + }, + { + "algorithm": "SHA256", + "checksumValue": "566e40288e8dbee612cf9f2cf3ddb658d2225a8a8f722c7624e24e8b1d669525" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Marquesas", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Marquesas-2ee3a5a33392d02c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "57ac5495306a7ca1ce93df12ef67956ed2d81c44" + }, + { + "algorithm": "SHA256", + "checksumValue": "bb3b2356896eb46457a7f1519ef5e85340290c46f865a628cffafad03ee3b9f8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Midway", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Midway-21aebeff396d90d6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4c388c7f9a7700517fc6577943f3efe3bdddd3eb" + }, + { + "algorithm": "SHA256", + "checksumValue": "7c262b62985863aad47f13b0ef5db2e5cc917b5d38002de9a2ea83ddb0883458" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Nauru", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Pacific-Nauru-46d8ffd21be5a635", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "58548fa30aafa75c04f88b266404875a11a2c6f0" + }, + { + "algorithm": "SHA256", + "checksumValue": "a06c68718b2ab2c67f11e4077f77143f9720d2ab6acf1d41ce81235568c4ffb8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Niue", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Pacific-Niue-c276e24691787eff", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d65969431f77c6ed51c69499305c8bacad1e8ba6" + }, + { + "algorithm": "SHA256", + "checksumValue": "29cd01460b2eee0d904d1f5edfb0eea91a35b140960c5328c00438c0ee98350d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Norfolk", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Norfolk-72bd1bf6a1f8325a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0f70543c0407a341ec68b97c13354ad6bc5f5000" + }, + { + "algorithm": "SHA256", + "checksumValue": "09d11733d48a602f569fb68cc43dac5798bccc4f3c350a36e59fcbf3be09b612" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Noumea", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Noumea-ac44ce4edaa057c8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d8e75639c5dbd5aacc617f37e2d5003747a8a2e7" + }, + { + "algorithm": "SHA256", + "checksumValue": "1526a7a4038213b58741e8a8a78404aca57d642dd3ceed86c641fcfad217b076" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Palau", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-posix-Pacific-Palau-f889562e18d25a1a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5d7598739759a6bc5a4907695beebb6c41a8d045" + }, + { + "algorithm": "SHA256", + "checksumValue": "0915bffcc7173e539ac68d92f641cc1da05d8efeeee7d65613062e242a27ce64" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Pitcairn", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Pitcairn-26f1e9f423da2438", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e650a33fa02e1507b3b1720fa483a3a505784d67" + }, + { + "algorithm": "SHA256", + "checksumValue": "3bae4477514e085ff4ac48e960f02ab83c2d005de1c7224d8ae8e0a60655d247" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Rarotonga", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Rarotonga-5e58792604a2de92", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dbdac5a429cf392f51c37a685c51690e4ff97263" + }, + { + "algorithm": "SHA256", + "checksumValue": "deeaf48e2050a94db457228c2376d27c0f8705a43e1e18c4953aac1d69359227" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Tahiti", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Tahiti-2ba0227f0817622e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c38a00fdc386eabc2c267e49cf2b84f7f5b5e7ba" + }, + { + "algorithm": "SHA256", + "checksumValue": "f62a335d11580e104e2e28e60e4da6452e0c6fe2d7596d6eee7efdd2304d2b13" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/posix/Pacific/Tongatapu", + "SPDXID": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Tongatapu-86b1760d0094da18", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2948107fca9a51b432da408630a8507d5c6a1a59" + }, + { + "algorithm": "SHA256", + "checksumValue": "6f44db6da6015031243c8a5c4be12720a099e4a4a0d8734e188649f4f6bc4c42" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Abidjan", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Africa-Abidjan-1e12e2b7baffc502", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e7548658d1a556108a7d589d4a6b1f25f04f6b08" + }, + { + "algorithm": "SHA256", + "checksumValue": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Addis_Ababa", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Africa-Addis-Ababa-28a58a71753afd9d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "44b45d7471b73915facdce9fdc9970ce60b96931" + }, + { + "algorithm": "SHA256", + "checksumValue": "0452df41e535930e88a7c4783bd33c4284d5cae96daa6915fffb9a27ccf2f4d6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Algiers", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Africa-Algiers-0caf887c9a2180c1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bfc4f856b5cac64495446fac945078961f54dd49" + }, + { + "algorithm": "SHA256", + "checksumValue": "b82210ca1dcb1915525fe6ecb6447113998bb3848e6d9c6129908894b9cf69dd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Bangui", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Africa-Bangui-12ae5e9461e3b5ae", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e5d3299b0b6f60a64c4b4df90740be055967fc7d" + }, + { + "algorithm": "SHA256", + "checksumValue": "b498fd4a1c3b46c690f2b78e39afd2f8c31e4b1506115e12a82c89260dfce48e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Bissau", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Africa-Bissau-1ea40f38c3af340f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2943c4a3ec06a4966a3971b3bb8d815f46f64452" + }, + { + "algorithm": "SHA256", + "checksumValue": "69cb21ce2a4876370726a0d53384cb91070b3b5395957017eb8e3baf1545bf5a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Blantyre", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Africa-Blantyre-81ab02364bf1f697", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0500a5fe71a16431b84e65d0f5f99c77530f0d9d" + }, + { + "algorithm": "SHA256", + "checksumValue": "50e495f300ed648bcd599326561fa29edc695ba8cdb27469b2008460406e0aaa" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Cairo", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Africa-Cairo-8aca294312e655c7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3b3134acbe48516f6813276fa36d9236df991dfa" + }, + { + "algorithm": "SHA256", + "checksumValue": "0cf2295a003fcdf7e72d5254f968c7f9b9fee98fba0fca1aeef2630d898ac313" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Casablanca", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Africa-Casablanca-43ecffc436a18913", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9366ebbee7b43a448d279d54cc0085d26034d2da" + }, + { + "algorithm": "SHA256", + "checksumValue": "7308ffbd19caeb2e0236505cb098f2771a518d5f49dd7b5087bb67ad5716cc16" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Ceuta", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Africa-Ceuta-0515ffe984f626d8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cee9b26d6ed72dd814fab10daace29b72b351fd7" + }, + { + "algorithm": "SHA256", + "checksumValue": "c24c8fd8f15c5cfd8a0af1c6f82ddb123376866eb592ae8e2ae3b729d5ed1142" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/El_Aaiun", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Africa-El-Aaiun-27f5c384e6257312", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dd6645412fb1a7ee30a59c9eae83ac765e76fd0f" + }, + { + "algorithm": "SHA256", + "checksumValue": "4b87e565d279ef251825c24160a0e4975fb46c390838159e3d82246d5890eb08" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Johannesburg", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Africa-Johannesburg-eafe51e1e824cc94", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b20061340f101ac794048fa8766100a024975d9f" + }, + { + "algorithm": "SHA256", + "checksumValue": "23430ce1b491d37d0cf263434c913117b38588a7bcd3d19644733d94c24c3d80" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Juba", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Africa-Juba-b2cfd17a18d5a1bd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3ff4e966824737fa7aa81adf5f45666ef639b82a" + }, + { + "algorithm": "SHA256", + "checksumValue": "95f824cbcdef20db8f196141d752f3a745a67377d1c42d81c1b305a13dfbbf75" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Khartoum", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Africa-Khartoum-967e3a10ec37458f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2b7f24674b1ea7f9e36ec487ef3a6fb65ccd1f0b" + }, + { + "algorithm": "SHA256", + "checksumValue": "e2f1a0bfcda4b70b929a141d995899ea42b717ece0c3c5d2b30fa7eadee4185f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Monrovia", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Africa-Monrovia-3dc2ade608bb09da", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5197b4769725d1519361d251e989640fc15dd012" + }, + { + "algorithm": "SHA256", + "checksumValue": "23c47fbe43d31c1c2eab3fc40909480a9f797368d8fa8e429774e16f8202d33a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Ndjamena", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Africa-Ndjamena-673d21dbd2158552", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1466337323b061589dd7cc745374281199aaf05d" + }, + { + "algorithm": "SHA256", + "checksumValue": "72b90718f783f47d1194762dfdf1e9476f1272c92e3e674221605191ba9642ce" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Sao_Tome", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Africa-Sao-Tome-b97a7a2f3fbf4c36", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dc20e74114c7db3a25a850d085b51b29b0433a82" + }, + { + "algorithm": "SHA256", + "checksumValue": "eac39b97f89cb5c9a5a6e8188fcdc2254c5e470bdba79cfd7dcc430f86ab23e3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Tripoli", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Africa-Tripoli-63f5243af314e0b5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "82bc65e952b18495bfb2098430c0cbc2ddd97aac" + }, + { + "algorithm": "SHA256", + "checksumValue": "bb5d4058b24832f4d9d47f2464b01b458efabc17243252c13cb1f7732eab4d0e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Tunis", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Africa-Tunis-996f559bdbcdf702", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e6665aa405449ac0c941f56c0c9217d117314ca1" + }, + { + "algorithm": "SHA256", + "checksumValue": "5e2b3f9e67dba3db5f16186bb601bf9eddc930026bd9729a87de1e67b9215d7d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Africa/Windhoek", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Africa-Windhoek-3efdc5b032bda724", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ac60a291de8bb89d63a4e622da21b394f446cacb" + }, + { + "algorithm": "SHA256", + "checksumValue": "423d39a12510b844303818beaf7ca9bbab64f1d89bc74693dff4cc3538c7208a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Adak", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-America-Adak-644aa8c946738c20", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c921275cc32abe4f70a1ea81fd0d458801a5c744" + }, + { + "algorithm": "SHA256", + "checksumValue": "eda5938e2a7bcf04fe49e8f88a54725faa398319b93206dfaeb2d0915887d560" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Anchorage", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Anchorage-545524b58c8b745e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a73d9214b762c019f498661d08cacfddc44f6afc" + }, + { + "algorithm": "SHA256", + "checksumValue": "822caa627009cfbaec50af294a81c1e237ac690033f0f424468f1fa29ca60bf8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Anguilla", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Anguilla-5d7943c7e30119bb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3dcef79cf8beabaffc49ae9d4e988d96501e4b20" + }, + { + "algorithm": "SHA256", + "checksumValue": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Araguaina", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Araguaina-0d9f97c062a39e17", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bfdb939a148ce3f185acabd6c07f559662ae19e2" + }, + { + "algorithm": "SHA256", + "checksumValue": "48d382d8c4965a56dd7385bdf6b751c369359681530fdf04115ea1394b5bbee7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", + "SPDXID": "SPDXRef-File-...right-America-Argentina-Buenos-Aires-fba85d57dfe36e70", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "697701087c7ac1a4b746a296a2283dc3b5493a7d" + }, + { + "algorithm": "SHA256", + "checksumValue": "2e14211d1ef17ff25d3e08567e9e53ef9ef4d1f81db55396a8e5cdff73d6a9ef" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Argentina/Catamarca", + "SPDXID": "SPDXRef-File-...right-America-Argentina-Catamarca-a9fee61f29c681de", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9bbede667590f00caee022f7167f82dbc8db3cf7" + }, + { + "algorithm": "SHA256", + "checksumValue": "905ae931fb0eaada8c616b75e4df4d37499c4086cac66edd0ee9b16d0cbebbe5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Argentina/Cordoba", + "SPDXID": "SPDXRef-File-...right-America-Argentina-Cordoba-ee089b91a7005898", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0835c7d8517c8f6a686b7e3087a61f1d54f9a13b" + }, + { + "algorithm": "SHA256", + "checksumValue": "8484fedab6db3db014c76102c714037f36dbc2577448550f7ab0162ee918c3ca" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Argentina/Jujuy", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Argentina-Jujuy-4a3eda6da3ff252c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d875cc4a963602e78a4409759b0c5d3195785400" + }, + { + "algorithm": "SHA256", + "checksumValue": "33ca10a968a8b941e09fd3fe3af2ea04309c7fe62f46d3a38b592767ef73f681" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Argentina/La_Rioja", + "SPDXID": "SPDXRef-File-...right-America-Argentina-La-Rioja-9f31d5e035978451", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0cecc54e7f53eb376d2d8edb011ad46e858c3b78" + }, + { + "algorithm": "SHA256", + "checksumValue": "c874c359a6133f8d351124e131096e560c85745697b855a0dc7c39349a0f8816" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Argentina/Mendoza", + "SPDXID": "SPDXRef-File-...right-America-Argentina-Mendoza-749cbcc52c60375e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7c2cf695ed4e8c9c070d49b0e2866ec006d3abfe" + }, + { + "algorithm": "SHA256", + "checksumValue": "c8f0a41e270f3428b7266e7b5286811b0c5a649b7e54f91e3e31f254c59154bb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", + "SPDXID": "SPDXRef-File-...right-America-Argentina-Rio-Gallegos-82f885559c79e03e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a9adafc9a85f01105bf5052887ebeed030f5d9f8" + }, + { + "algorithm": "SHA256", + "checksumValue": "eff23fa4ef928a02ece1a45edda3c609d87b20e89739e6e6583d9a4270b53773" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Argentina/Salta", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Argentina-Salta-7775c68823622bef", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0f3c89361fb6564234176d775fcbdcaf7108158b" + }, + { + "algorithm": "SHA256", + "checksumValue": "4afc8318be82f56fbc93b31cfeb5d14be09bbe8a06c769184da425fa923025c9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Argentina/San_Juan", + "SPDXID": "SPDXRef-File-...right-America-Argentina-San-Juan-dc9f06d4ba7b9f7c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ce97e1aaa2abdca23a4dc4cdaa28cc454e286f13" + }, + { + "algorithm": "SHA256", + "checksumValue": "3bd8dea3ac42e9a2d1a0163bfe8f016fe2fc646a1ab6fc140a9f773bab427e46" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Argentina/San_Luis", + "SPDXID": "SPDXRef-File-...right-America-Argentina-San-Luis-79bced351aedbd0c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "937abcdeac1c95cbd38515b9119063150ede536c" + }, + { + "algorithm": "SHA256", + "checksumValue": "2de51d378aa922263bbc8f8dd76127d4ad696a6fd477d7951c6f0fa4cb3f919f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Argentina/Tucuman", + "SPDXID": "SPDXRef-File-...right-America-Argentina-Tucuman-c63555534c04dfd9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dee2141bb5a8bc7287a9d0467f341549aa8bcd3f" + }, + { + "algorithm": "SHA256", + "checksumValue": "f459b3b4bdbd76e51a8058fcee5e33edc125ad05a7aab1c942d00d0ba720d24c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Argentina/Ushuaia", + "SPDXID": "SPDXRef-File-...right-America-Argentina-Ushuaia-765160302ae1e137", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "68351592dc160973545d19bcba752dd9ec38285b" + }, + { + "algorithm": "SHA256", + "checksumValue": "0819bab11849a3ecc0c9bcea0859010c658df967ef0f223d2d6f9cfe2f9bc160" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Asuncion", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Asuncion-91904eed74ebab7c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "908416e61183e5a1131a46c66936100262634180" + }, + { + "algorithm": "SHA256", + "checksumValue": "2af7198626a523401b074059d12974998b644d8e1e5bebfd27e78bb4ac64e740" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Atikokan", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Atikokan-74c4ec0cba7629ee", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "77c866c688c3c37eb3272ae5270f7e60c2f03c5d" + }, + { + "algorithm": "SHA256", + "checksumValue": "52d82dae24e548fb8be6b53a7c8bf2f6a008600afb7c4616caf40f620f191174" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Bahia", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-America-Bahia-0ade089dd60c5f85", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a38a14db8a11570310d7c8a449caec651c63d4dc" + }, + { + "algorithm": "SHA256", + "checksumValue": "5e242c35d73d4f3bdabe156f23b114144f9cc359d3400ab7d7464b86b16d21c5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Bahia_Banderas", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Bahia-Banderas-6c1e03e0ff4c5fc4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2b6c1b1ef8512fa0c5692083e4940676163339ff" + }, + { + "algorithm": "SHA256", + "checksumValue": "3b928d2fea6733afd52890678319e08e13112bb79a96ece242ed0d3c96235ef9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Barbados", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Barbados-68dc887745847a95", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "76deee72250ee11d6cf49901ebac9fe5bd0257be" + }, + { + "algorithm": "SHA256", + "checksumValue": "978e1e4bb9e907b25efd9c990c7e2fa4cce322aa08063ebd73983187d7db033d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Belem", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-America-Belem-ccf81edcc32a4f29", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "584bcbc5b5a22a963ce7beeceb1d4f59238a113b" + }, + { + "algorithm": "SHA256", + "checksumValue": "30fedc0e5f3334ab4cbd939be48d7d8ef22d3d79927c136b88fd7bfee27601ab" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Belize", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Belize-6b00277688781bab", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2297abc95b74ebe5736627f3a3136ef00f5bd964" + }, + { + "algorithm": "SHA256", + "checksumValue": "7c378a7a12875e3dc0e8ec6232c6d057f7bf03335dcf9aa59afb4c3fcda21b26" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Boa_Vista", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Boa-Vista-d34cf2a21c861c20", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "06b9a02570482a74fb0e9941e94654a75ffa414d" + }, + { + "algorithm": "SHA256", + "checksumValue": "d727d0877afc200e80e9ce5c2e5b77bdb21b6f01a2b52854f392b5bf1c45f9ee" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Bogota", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Bogota-64fd9f51d9d2fe9a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "600f9b4e22da9f75a8cc72db02c9d5a8ef9765fd" + }, + { + "algorithm": "SHA256", + "checksumValue": "a7e9b73f5a0e6c85c3823c4da7336b0863ed53d62410c721e6cac0cdf5133991" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Boise", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-America-Boise-bbb1f2b3570b915e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7afeb0784832e7cac3aa7fdd3cb82c913e3a31f0" + }, + { + "algorithm": "SHA256", + "checksumValue": "dd82ebade8f4b3c53cb5eae589c1061aa473cdae1b9f39076569e168f349a618" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Cambridge_Bay", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Cambridge-Bay-c0252d612386b659", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "58e50b3cb9c3bc35ab3c63c41d21393d1ac29547" + }, + { + "algorithm": "SHA256", + "checksumValue": "43b852b08512ed5a2eed675bfd74dfd8be60427b531bcfe77a443d8ebf0a5583" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Campo_Grande", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Campo-Grande-cdb7c18c637626be", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5bbaa1ccd86d7ce5a8e88c6318cffff0074c9222" + }, + { + "algorithm": "SHA256", + "checksumValue": "de2c0178c7d83e45a841ad3747e791804738aae41ad147ce8a88c0aea562361a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Cancun", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Cancun-f385e92015c773bf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b9ff7c91a88e941b25ec9fc713f13a555d14042b" + }, + { + "algorithm": "SHA256", + "checksumValue": "20096d8861f681fbcc5f4347a53ad0f163a470edabcb25add585a2ab078e024f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Caracas", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Caracas-6db85fd6485015b1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f830943f35569a6c4caa9389aff6b432e23ba7e7" + }, + { + "algorithm": "SHA256", + "checksumValue": "d43948c2d59a0dec759017b9c336ea5b44f1d24c487ee0938fcca43e0328264f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Cayenne", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Cayenne-491311a52b2465d3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b51196e45252291d6a2c72fac46a8679728cdc08" + }, + { + "algorithm": "SHA256", + "checksumValue": "0409a1d87a48254170b4561e085e4c4b39af2f257bdf440f1664861972eed754" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Chicago", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Chicago-2a187ef845ab494a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0159261005c43775514868a401bef85696f021a5" + }, + { + "algorithm": "SHA256", + "checksumValue": "508cca4fb0cd8f8c0fa7cbcd2bef318dd1c13234733675f18c353e39190888f7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Chihuahua", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Chihuahua-ce9ff7ae1a540ba3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b46090c2ced7fff1031172e0d6edb3c402e9b44c" + }, + { + "algorithm": "SHA256", + "checksumValue": "4b7c51f5b3eb517fedaa16555abc06f2c9eef1bd74f13338dcfd1d2d813b1ad9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Ciudad_Juarez", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Ciudad-Juarez-acaf22218730a5df", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e1a620d5713bcfda1f83dde1d4a765086df2cfcc" + }, + { + "algorithm": "SHA256", + "checksumValue": "53a22d0f650666a63c4dea821d59578c6eaee0fff02e0e264eed8ac58d72defc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Costa_Rica", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Costa-Rica-a318b559e8ec5e01", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2d20e8fa36a69086733d1323fbee627c6a594195" + }, + { + "algorithm": "SHA256", + "checksumValue": "3b1c0b45d274ae11b0d6b804f36aa49130434f81e936b6d3221c344d432665c7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Coyhaique", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Coyhaique-8979cba7762ce8f1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "06dbe6b92e4e0c9b4d33b011b73c980a94a984a8" + }, + { + "algorithm": "SHA256", + "checksumValue": "5840f696649edae1ff3a58946e5a1cfe1b79cfc2d3999f2277c35724ef08b239" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Creston", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Creston-87a32bf8148754ae", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "472714da56acdc186179da8421a6b2b64bbc5cd5" + }, + { + "algorithm": "SHA256", + "checksumValue": "2c497e17c3ec106cd3b05bcc0fc89f225cac710c30874b2443ef5e9247f171cb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Cuiaba", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Cuiaba-a0f2d7770002fb9c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "38a3118cffe4ad6d6779dc4783345a6ee33138ac" + }, + { + "algorithm": "SHA256", + "checksumValue": "61f4864f28eab14abc8dfbd85af412514f117c9970c9351d14d6e8dade5f59ce" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Danmarkshavn", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Danmarkshavn-b57e758310e08e08", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fcd423f8c7dce5c588425ed82ca8b8167cfe68ce" + }, + { + "algorithm": "SHA256", + "checksumValue": "5a2614344b77a66b5cb9f736165ecbff65a459d5dc5c4fc2a6eb65cdb162a878" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Dawson", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Dawson-ef3d410ae8f703b8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2ea70cf070e6dd99b02ce8399109d036fc80d008" + }, + { + "algorithm": "SHA256", + "checksumValue": "3adb27eb1135311a63552717850232daadd5f47f6b10871fc42625a5c4b044e8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Dawson_Creek", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Dawson-Creek-5abb4c317c67493e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d1ba3f6b477ced812a1d1b6dbc4ba54ad54b877c" + }, + { + "algorithm": "SHA256", + "checksumValue": "caae6cca9f37e6f82a0d32eeb7a4f0b9cbad2b610647714e8fc3380e3f3fe5ea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Denver", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Denver-2e3d233ce4bf3668", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "652c1b3ce219d090bb9bd7df5e454ae2b869fd17" + }, + { + "algorithm": "SHA256", + "checksumValue": "009b1d983df4e7e214c72eb8b510fb1a7793c6f6765a14fb82d1a00ca1dacf4f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Detroit", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Detroit-e10bb262a37a0d1a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "38c72887d68bb438f0d62619369f608fde90ebde" + }, + { + "algorithm": "SHA256", + "checksumValue": "36ca32bc9140609c6ebabf35e479741fc2e98fed91eea751fe591e0a26689633" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Edmonton", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Edmonton-27e84291ee71ad39", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fe293bdc69734c07ce6253da5a2633ec653c641e" + }, + { + "algorithm": "SHA256", + "checksumValue": "afa6d497bc5818c957d3808fd514e1c9d8c3d5dc6d73eb827fd9887a706f0236" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Eirunepe", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Eirunepe-43c2072ca7c33906", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2da18cea3f9a57d84e370e59773935f0b2f6adfe" + }, + { + "algorithm": "SHA256", + "checksumValue": "245360c9d41ad26bcfa74c470afe94960a4ef9856ad135fb9409c632bf4110d4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/El_Salvador", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-El-Salvador-4032531ee2615597", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3e5c42f7a2f4ab21c4d6bc1d2a13a171eec08d55" + }, + { + "algorithm": "SHA256", + "checksumValue": "2340aa52619e7a57372cbe9ae51f7ebb1b9ce83aa63ca0fd7f62c070eec378ce" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Ensenada", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Ensenada-b47ee08b9c7d4905", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4e378e5b45ade3d44884b1be2689f652b0d5188f" + }, + { + "algorithm": "SHA256", + "checksumValue": "9b7623823f34274fcf498f5d4dcad2c1998f01a41cac6d1503df53fcd6b30e98" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Fort_Nelson", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Fort-Nelson-ce5074f2b7cd35e5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8aaeba56dd53d64512593248417dbf2e7bbb58f8" + }, + { + "algorithm": "SHA256", + "checksumValue": "90cdaf661b23c31d02c3117f15f784d862722edee856ef88d596770b56545e43" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Fort_Wayne", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Fort-Wayne-cd4926f945491db3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0dbe0809406c5c01c56598dd9a942d71938d2191" + }, + { + "algorithm": "SHA256", + "checksumValue": "95f90a543d0cbb550509c74f43492a26efc3160d4cecf10dc01e4412e0b77d32" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Fortaleza", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Fortaleza-25a4abe4eaf7d07e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cc66ef1c941c2a5972d28c40d444f30bd486ec99" + }, + { + "algorithm": "SHA256", + "checksumValue": "6fb50feee952dd0613a9c3ac25174d154287cd24dddeec0aac7ec1b088dd4e8d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Glace_Bay", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Glace-Bay-3e1cf308907ffd0d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a3b7b9a8876e86be894779811c0ad62e70fba77a" + }, + { + "algorithm": "SHA256", + "checksumValue": "8689c6d71429789da2e34330e7da391e0e7b814478e882870edd4d67a03d05d0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Godthab", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Godthab-2835b9af3f19e1d2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "76136c44d149fcbd5bbf67f79a0d33c36ccb874f" + }, + { + "algorithm": "SHA256", + "checksumValue": "b2268d9af4acbba78fbeb12253078472f1c32694c2b9c288c292bfc565559c7f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Goose_Bay", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Goose-Bay-f9fb5ff594c9fda7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ad81fab24be9adc389cf5d3d73962a0e3b99ac8e" + }, + { + "algorithm": "SHA256", + "checksumValue": "e7493665d2774ac378e7ddc0e229027e8682d78374fe2484459b57da6fa52d2b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Grand_Turk", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Grand-Turk-1f9eb38b4f39d50b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5e6ea65b02b0dc20c429171109e872062a3aada6" + }, + { + "algorithm": "SHA256", + "checksumValue": "39845b71ff73d93286d04e50434d2a604cdc546ed5976af2b991f16e88dd6866" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Guatemala", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Guatemala-f7a89b46185949c9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d25689c45457893cedaa5b6370c8382401e1049f" + }, + { + "algorithm": "SHA256", + "checksumValue": "bbe6000920225bd9f2dc14ae1f6a52e017e053764e651f8bc9b95c1bcf5a8f1a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Guayaquil", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Guayaquil-bd312d7e54bbf346", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f41324e19c60617f63c9a37f77e4de530de4ea20" + }, + { + "algorithm": "SHA256", + "checksumValue": "27667cee3f74c7cf1136efc77a5ab4efcda8bb441427250fb9a083bc7696c423" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Guyana", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Guyana-6c7ce05349566d0b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "593de97913b7cd7a2413a5cf2605a4644afe08d8" + }, + { + "algorithm": "SHA256", + "checksumValue": "6e579e187207c29c2900788fa37af2bdc3f30e55d386a37c02b7bdac3cacb19c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Halifax", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Halifax-a8012fc33e8f27f8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9d70b78f098b98ac64c205e2d7f02a519e9dbc33" + }, + { + "algorithm": "SHA256", + "checksumValue": "e3d54dd2fc3666188c6b90bfbcc18901b65c37f6c77e19a4839a1e72a33bf824" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Havana", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Havana-fd82b327989fca18", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "987225f29fb9969a25dd273a6fc2038a90c4ba42" + }, + { + "algorithm": "SHA256", + "checksumValue": "8028af31cdd0d78b7df66f5226e6bc41fd7ac6f565bb6223a3ad2e2dcdacfc28" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Hermosillo", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Hermosillo-831849ec1a38a628", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d2973f5f78cb43b9a7e9abac2d4cc63db40be64d" + }, + { + "algorithm": "SHA256", + "checksumValue": "c9570d55caed4ccd2bc1f01b2ccd8bea0c4874a5ebfa480b20291fee76176493" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Indiana/Knox", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Indiana-Knox-acdc2927b4f053b0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "41e5a20fd811e8ab112588ec78e30aefe2aa68f9" + }, + { + "algorithm": "SHA256", + "checksumValue": "b253321849d846469f82aaabc9024d51a5d9d9255e923dbdd9e87dbfe4417a0b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Indiana/Marengo", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Indiana-Marengo-8f79201038155384", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8fa595ebd0d9d8d26e498031ad840e1b216d94ec" + }, + { + "algorithm": "SHA256", + "checksumValue": "1614069da3538889f0a7e4f1bc7e4debfe09e7faa035858ae7367e6680a3c8e3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Indiana/Petersburg", + "SPDXID": "SPDXRef-File-...right-America-Indiana-Petersburg-179ff93f13c1cfb2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "21d8613f527ae64a2263dfd3ea36cfaed1e24770" + }, + { + "algorithm": "SHA256", + "checksumValue": "8d7aa8f6495d9216d239780c0690f7517bb0ba582cc555568c50cbfb628bf5d5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Indiana/Tell_City", + "SPDXID": "SPDXRef-File-...right-America-Indiana-Tell-City-3347c3874ec8f3f8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "37472457ca146eba959d24831544220823626cc7" + }, + { + "algorithm": "SHA256", + "checksumValue": "9dd5ecf8014dfbd548457fde23d6b11edba3a9e4e61409b34d840bcd7bfc6e53" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Indiana/Vevay", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Indiana-Vevay-af4a7dc03fc61093", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b5ceaa12f5e0a12fb18c7970f939d4eaf4999147" + }, + { + "algorithm": "SHA256", + "checksumValue": "4dd0b872317af6466735bd2957516de64ad3c9ffc32153f67314eeb73a8a1de3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Indiana/Vincennes", + "SPDXID": "SPDXRef-File-...right-America-Indiana-Vincennes-09ccf06d5abdc234", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "eaf4a307ff6fddf05b6464a962ce6a12a151c9d5" + }, + { + "algorithm": "SHA256", + "checksumValue": "7741c4fb0b37e5bf498cfdf3d86450732e5a048a591274a43dc93903d819fae8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Indiana/Winamac", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Indiana-Winamac-3b2083b83dd7a371", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7968813220b5afea6dab72d5c5e1692bff7be909" + }, + { + "algorithm": "SHA256", + "checksumValue": "d8cd67020740116a33c551b2c1d99f2a1134c344d99772753590d9aeb15bf7d9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Inuvik", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Inuvik-af64189d59f68a6c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ce0425c5991acb3975d5760cc3215acaf9ab5451" + }, + { + "algorithm": "SHA256", + "checksumValue": "1727c844eb1ae4ba69d85272788b825c53ea4dfad2bce3f0769da92834b84129" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Iqaluit", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Iqaluit-c6c2b5321e7e8d16", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "432aed15c0c1624b4e41f90a7c3513660768f658" + }, + { + "algorithm": "SHA256", + "checksumValue": "5599db0e4a8dff27506e5e116957712b4448075dc6f615286232559d3ce772b8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Jamaica", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Jamaica-fc2e43f73453940e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "673a476e6ef1a447b2a5e11f0677aff2bbcde6b7" + }, + { + "algorithm": "SHA256", + "checksumValue": "066c0660cb97453bf01c9107491f05eb45de90f34c9b001530a5af69b728b312" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Juneau", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Juneau-a7047fe6e2fe36b1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ea83593dc2454cf3390dac9673a959f0e75484ce" + }, + { + "algorithm": "SHA256", + "checksumValue": "90013fbad458645176b558a153cfa76886766a90f6bd5f9f13ad13611ac59115" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Kentucky/Louisville", + "SPDXID": "SPDXRef-File-...right-America-Kentucky-Louisville-801d2a76dc576570", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e2ac7afd5078586f930c5719cd4af5ba31e49fce" + }, + { + "algorithm": "SHA256", + "checksumValue": "7eacfbe7dc579d0b6419ff0ffbce9b492ed9ea146bea00062e2baed4c8007b44" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Kentucky/Monticello", + "SPDXID": "SPDXRef-File-...right-America-Kentucky-Monticello-c67e353ca5e7bbeb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5550d22dd61c2df81bb4b0f8859f7c14f839de69" + }, + { + "algorithm": "SHA256", + "checksumValue": "f00f8fe3447b51bd50317d7a042a5e549f486f027077a6c85a9b161f0baba943" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/La_Paz", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-La-Paz-d477339a413ab91d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7abe95660e0ae53088bcfaa9995efe2ddce17225" + }, + { + "algorithm": "SHA256", + "checksumValue": "218d77afcba8a419201babfa27d0cdd559a32954dee4600d593e8155dd30cdc6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Lima", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-America-Lima-d759c5b545415d1d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9b51698eea57efed5ac42c614e1a0d4c339af160" + }, + { + "algorithm": "SHA256", + "checksumValue": "61ae3c588fed2c476275e1fff7d4e45ef8541655540e1abe52066c9a97e83d53" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Los_Angeles", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Los-Angeles-1a08dc105bfa3288", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "41cf7ff3426c66723c909d9f5c24c477538c8c3f" + }, + { + "algorithm": "SHA256", + "checksumValue": "b40a39d8debb895ca0e5ef0cd6bc4521d867c3b45f404d1226a1cb1cda5eb922" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Maceio", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Maceio-43db8d93cbb13f3c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "28e5118b9b9d712031f8f15143e6def19bf0cda3" + }, + { + "algorithm": "SHA256", + "checksumValue": "64e2ac99140770e8a99706abaa8bbc04ed11e1c48fddefeb3252d66c192de87a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Managua", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Managua-af628877550cb038", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8907cb6a010110a224c29cae20e2cb22f22950d8" + }, + { + "algorithm": "SHA256", + "checksumValue": "498566bab900866aabc7d189349de4276e268d62ef51c07f192209246fc6c945" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Manaus", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Manaus-c9676d8f122f5c89", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "06c5d81e39e1b5d90ea834728a6b4c355ee4fe44" + }, + { + "algorithm": "SHA256", + "checksumValue": "f162c969260f6bfb6e26478b8750959119262a6aa36ae5878bae7500f0b145ff" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Martinique", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Martinique-3110956f3338d30e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "767c3b069b6881dc6c1dc7c65968b5acaa19dc5e" + }, + { + "algorithm": "SHA256", + "checksumValue": "a835d8b3c5e8e11e669ebb8bb256753516a3c593ae84618c37c77f81e737b1ea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Matamoros", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Matamoros-8750144d13781f83", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9ea5b306db64166aa7c592d3c5ff5d6ffb53c74b" + }, + { + "algorithm": "SHA256", + "checksumValue": "d898fcbdf925555508486e707010dfcb2e3866fa55d70274e83eff51f7b5c178" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Mazatlan", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Mazatlan-9d50067b8f8ca339", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "54e58fcebebb4202b740390e0b6f35b308e4076d" + }, + { + "algorithm": "SHA256", + "checksumValue": "50f02ec5dbf826efdb74219c2e548f72f8a693bd03ae8661fa65ce8c7574859c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Menominee", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Menominee-a09763c9eea2c126", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bdac4beec27e7ceaeb136994fe6ec54875c6730f" + }, + { + "algorithm": "SHA256", + "checksumValue": "0f5590586230464a1e9b1d5b9fcb4ebc71cf9edbf095b5fda3043579e331b42c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Merida", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Merida-b6d69186fa08c51a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a5bbff9178b835318c1b5427ea7cdd7e6427dd9f" + }, + { + "algorithm": "SHA256", + "checksumValue": "c50cba406c5824dfc5cbdd47b592ea54a78240eb86bcd96c95a351fdf90cb3cd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Metlakatla", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Metlakatla-7f2410592e4e0a98", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ff900f28ca3cda52767e3734481759c1504f745d" + }, + { + "algorithm": "SHA256", + "checksumValue": "a5d691ffae4be4257acb5583e9dd9f72d296514f14d906aea1ba69bd5754b22b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Mexico_City", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Mexico-City-9e4be64056e719aa", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5636591856979234e77bcf0b7c03fd956f6d8561" + }, + { + "algorithm": "SHA256", + "checksumValue": "38cf0b0b9baf9ddd8c236c22d47ce8c73766d2946586caca1a91530f7fed0182" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Miquelon", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Miquelon-1ee20c6134fae95f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fa6f7418d2b96e141c4797c8d6b4c0b92e37805b" + }, + { + "algorithm": "SHA256", + "checksumValue": "1d7cbad8c75bc9b6cc7db5d0c43a872066bf3fb6b623a20d53575c4757237949" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Moncton", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Moncton-185090340733aeea", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e01021897660839b22ca4cc8fc31d65f1f64756b" + }, + { + "algorithm": "SHA256", + "checksumValue": "e4e6c11b1dc04ac8e3148f38c4e3d205924a9a6d2d666cda0a7f9678f391cfbf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Monterrey", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Monterrey-bbd67870ff51785b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b2f72b9e5744d5ee790f331f6b3c2e7382f4c655" + }, + { + "algorithm": "SHA256", + "checksumValue": "2f853ca6bbd3d0b113a5128a025cfdd84d7b6318541208522c3372fc48495c76" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Montevideo", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Montevideo-efd33b0c03f7f2d1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "889f62f38b9bd34741de0dc09a48335bd1287a1f" + }, + { + "algorithm": "SHA256", + "checksumValue": "3321c222a35086ee3eabf562076e3c4cb0eaf800976b721e08c32b253b4d085f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Montreal", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Montreal-6106ccc4337dac51", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7be4ae7afcdac48c0853d5993a69014b12eaf0ba" + }, + { + "algorithm": "SHA256", + "checksumValue": "48d64bfabc72975ed46e01ed1a2420ebfbaa219c776afa5c9aefb369c707e39c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/New_York", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-New-York-ae8194cca135c514", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cdd3021d116fee74b8d201456a8c7ef744534a96" + }, + { + "algorithm": "SHA256", + "checksumValue": "f7f1a62c6b3c2ef445eb4f8e2d79480623b927eb218b5d56c32f4c0bb6747e02" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Nome", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-America-Nome-59b4af6842b248c3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "46f8a75493b35b02424350d56a23577c8f252bb9" + }, + { + "algorithm": "SHA256", + "checksumValue": "71c2fdd3fc2daa3670b40994d5b0132507879b69cbddc5e0445b2c90a11087c6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Noronha", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Noronha-5828e12a7f5886ad", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "17b452b638a45ac66fa0c37dac73647322b580c9" + }, + { + "algorithm": "SHA256", + "checksumValue": "d47c47c7faba76d805fadb6fde14087023df5bff9b9dae7cb49a2907efea8537" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/North_Dakota/Beulah", + "SPDXID": "SPDXRef-File-...right-America-North-Dakota-Beulah-050892a3c53da237", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f56da4a372e09fddb4b21529dd236ceded7aae3c" + }, + { + "algorithm": "SHA256", + "checksumValue": "33e570d57ff43a8ecc4eb2b5fff849c37fcb488d18dfbf5da9961acc989ee248" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/North_Dakota/Center", + "SPDXID": "SPDXRef-File-...right-America-North-Dakota-Center-67c098182522533e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "212d1613e8e744716c1098ed56816a8026f63db4" + }, + { + "algorithm": "SHA256", + "checksumValue": "75847a6592b29c5f010bfd063ae285cee2c4990331b31c0eeaa4f02197b063d8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/North_Dakota/New_Salem", + "SPDXID": "SPDXRef-File-...right-America-North-Dakota-New-Salem-f887330ad2508114", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2dcf86f09a933961680ff5a819bd0cb4aaa5b58a" + }, + { + "algorithm": "SHA256", + "checksumValue": "63a7e424c49f9cc222424e6857ce09d909319aec22285ebfbef7d16f6c2afc61" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Ojinaga", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Ojinaga-fffd5cb4f74e83f6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "60ac2b7e95cf5ace3dbfe8f85c032da8f67c2e3e" + }, + { + "algorithm": "SHA256", + "checksumValue": "1d7e9c203e1876396d4f554b69111994472f185d682cfd3d7bba9dea957e21db" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Paramaribo", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Paramaribo-d4614fe385f00f79", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a2942764c9bc9e8deab17ca740881f7a84521535" + }, + { + "algorithm": "SHA256", + "checksumValue": "e56d27942c7770d739698012db60f59808bc59a59638d2961c55590cfe693ee6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Port-au-Prince", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Port-au-Prince-12a05d87e75dab27", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "44d4b0e2a9cf0054e954327c627d9f8c86b7d0c4" + }, + { + "algorithm": "SHA256", + "checksumValue": "2a2e9854608f9c5e984399ed7ee325a5632165e7a8e8fb5aa3b0afbf65e7ed9e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Porto_Acre", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Porto-Acre-395ebb726ab52116", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "59a07fb803d31728c2750def5532643c7cc1a6c5" + }, + { + "algorithm": "SHA256", + "checksumValue": "d3c4b22423c1999a0b2a1aaf11967b27df7d7d3ae095313c14b1eb190a74bcf2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Porto_Velho", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Porto-Velho-3c8284764dc0f389", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e9508588ee1dbd3f35b2ccc9847c82288e1c8efd" + }, + { + "algorithm": "SHA256", + "checksumValue": "686e94634d729f9aa8307bc248431a43c1ec476515c3e5c0e73b57d74e3f14cd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Punta_Arenas", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Punta-Arenas-6a3f7d2a8302e01a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9aec5b58d2bc70ade6a554363c2548e7f6ffa451" + }, + { + "algorithm": "SHA256", + "checksumValue": "a13d6ed6df004a5761a851d49f48360f98c21a184eba51578c4d0be7ed496cdb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Rainy_River", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Rainy-River-f13a66478d1d4f7f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f9dc02d184bdb9a6569cc1692fd05b66515c7c52" + }, + { + "algorithm": "SHA256", + "checksumValue": "d319be96dde3c4101f61279e1d11487b5257e5231ab4aa3edf14cadf149097f2" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Rankin_Inlet", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Rankin-Inlet-e4284902313b756c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ace24220687586e910d6fc64dfa49d0eba7ac247" + }, + { + "algorithm": "SHA256", + "checksumValue": "6a4a295ef6c89d44cc4ff815c6d8589440f64c531dea4f0a09c91f1439fa5e9f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Recife", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Recife-5fb70be249c632ec", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dbc7eba08a96c826476c38bba06344a37916d052" + }, + { + "algorithm": "SHA256", + "checksumValue": "764feb407ef17a1fd465a69be32f25669ca09f25cfe686bbc111bbcab88031c9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Regina", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Regina-394f853a78e79d09", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16cb13021bb4c482433af3f758793f86fba79213" + }, + { + "algorithm": "SHA256", + "checksumValue": "ec572e3bd6fea3d591fd296ef3e2e95adf12e929ac5516c3800a960105d035e5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Resolute", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Resolute-8fac2a05f0ced3b9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "de2c2dd8ca96f2a42fc05032a9fd66dc161f5b63" + }, + { + "algorithm": "SHA256", + "checksumValue": "73b701dea80faffe0cfb8172a99b7bab90a77666e71ddc712a0c5273c305e40d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Santarem", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Santarem-0fb73c464008585a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "414ab4090f546c9a12c5c5941d321125091f5fb5" + }, + { + "algorithm": "SHA256", + "checksumValue": "91d7fc19bfecb703a724ad11a17f67a7095cd9d494ccebdd506bc2bc776e000d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Santiago", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Santiago-e7bef37a1e89212c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "da7cfc0c9348276da6a369cfb57e98f24bb6d5bd" + }, + { + "algorithm": "SHA256", + "checksumValue": "30acb9f36104eb92e583e873f2daa58abacda173d476d7d0433d811cef20dcfc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Santo_Domingo", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Santo-Domingo-f98ad82667182c2e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4c3d3548c87c381ca3c8f6920d2626793ffa6b2e" + }, + { + "algorithm": "SHA256", + "checksumValue": "14f58c692f142bdcb59cf3d700aa9604be1ff22827c6c17140953d0611b9a924" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Sao_Paulo", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Sao-Paulo-99c5c1db23551e10", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1dba6b1e8a63ce0e93829f2421ec318205bff3b0" + }, + { + "algorithm": "SHA256", + "checksumValue": "fede3897f0ae7fe27958092c4ac1848b45c6443898883096702eea92f1c63edb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Scoresbysund", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Scoresbysund-d6f4c046a9800974", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f08b8257e0a581fc83ded1927d7a0b360c840f8d" + }, + { + "algorithm": "SHA256", + "checksumValue": "4e01cc705341e29b44036a82cff81732b50b3e540d55ccd087433918d27f0da6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Sitka", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-America-Sitka-f1b33c0757415541", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0ebbf1b0654e6a259715df1def2f1e0c7c4fa229" + }, + { + "algorithm": "SHA256", + "checksumValue": "3236f77d934ce9d5a591961e15838a0b5e7c2134edf43cce18c0ccd7d0b37955" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/St_Johns", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-St-Johns-522bcaed0e9fdeef", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4934b83930525c3c309352f6af496e087faf9948" + }, + { + "algorithm": "SHA256", + "checksumValue": "c981661bea74f4fb22944f78424489cec690f056a5dc2b9255fe0fabd24f041c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Swift_Current", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Swift-Current-fc3b98a8f6d637fb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "099493700a99ed9851592b991123b3a8cc8781a2" + }, + { + "algorithm": "SHA256", + "checksumValue": "2ef279908fc95e3d2a430c7201b837b2763e56e8650b767c2641f557d1461681" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Tegucigalpa", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Tegucigalpa-88f0454222a38655", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "008d8db61342a3e193eb1b8e1a053e8f20e616ce" + }, + { + "algorithm": "SHA256", + "checksumValue": "a08df830c1e23a5f1bf1469ee4fa780aafaf25ff94894d28cfae7bce83b9b9f1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Thule", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-America-Thule-85e8535fbb307dd2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a3080d45c06e80045b2031b1e8c025bc53fb1382" + }, + { + "algorithm": "SHA256", + "checksumValue": "c52d066a190b66826c90f918412d1723846983693c4193a571bb6f51a3fdca36" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Vancouver", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Vancouver-2da65ec945716182", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "037c0602a89e54427c6f83f271162a765291cd3c" + }, + { + "algorithm": "SHA256", + "checksumValue": "656726b667e9b7abce63ab5788c32152b1bcd20ddf3e9fd7056ec39a4df2542c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Whitehorse", + "SPDXID": "SPDXRef-File-...zoneinfo-right-America-Whitehorse-83cd44460d30719d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d3fa562af8fbe7b14d6ee9913557a483b5806b4d" + }, + { + "algorithm": "SHA256", + "checksumValue": "413ee9b56dcd0788468a0ae8d5d2d3b55a7186c054d2917b2b7dd94200f9921c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/America/Yakutat", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-America-Yakutat-cd64b079efb31e36", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c7956e7d9ac30efe42af9cdb330410782e3abc88" + }, + { + "algorithm": "SHA256", + "checksumValue": "5cde21c64c156969bd1b2983d1ad9d608b0de21ca2da793c6c48db21f3543f11" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Antarctica/Casey", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Antarctica-Casey-124763e4f24095a1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1699ff811a5392d13da6e21f372a6b3e66716dae" + }, + { + "algorithm": "SHA256", + "checksumValue": "9407c27aea0e373d4c9c9d3b5e97bc269135adcd82569e8a1fa8324dfd17efbe" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Antarctica/Davis", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Antarctica-Davis-35cd04a7b1fcde3f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6109ff72cda1e276f699111987f26e9d8bd22b51" + }, + { + "algorithm": "SHA256", + "checksumValue": "32917626152dcdd9eb7279663fe0b33ff383f2a8e07ce5b10cd53fd26aba0bcb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Antarctica/DumontDUrville", + "SPDXID": "SPDXRef-File-...right-Antarctica-DumontDUrville-2f2ed61fb4309f30", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "672b5118da5f67bee1a6df1ce396367dda086852" + }, + { + "algorithm": "SHA256", + "checksumValue": "dfcbe211275b20b5959c160ac363d99dbd25ef6ae357e2bcf161a9ed9eca6f0d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Antarctica/Macquarie", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Antarctica-Macquarie-54c6380fa829bb2d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "545f2a975c9c40e02f06e24fea94f246aad7d1ff" + }, + { + "algorithm": "SHA256", + "checksumValue": "3e03e6ffa22cbdf5d509e165100d10b3b80f8c5dc5e53fa2346eb894fc1fd060" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Antarctica/Mawson", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Antarctica-Mawson-2f0f0490c9bb437a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1c5b016e9f0583ba5f1ca79852a1456fd05f5146" + }, + { + "algorithm": "SHA256", + "checksumValue": "293a4db864cd6373b3862a753d10c5e66801365dc9e6343e9fb427f2915ff96b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Antarctica/McMurdo", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Antarctica-McMurdo-59f00c4a6afaeca3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16f941f3eba51cec1909197d1def8e981c90c95d" + }, + { + "algorithm": "SHA256", + "checksumValue": "6cf0475f637a0105f80af3aed943f6c86ccec3dd8d7aa3a0882147a54001e69a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Antarctica/Palmer", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Antarctica-Palmer-ced3c624b6bc6637", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c57dff985f208423be9acbb1cbc83ede8b9f83dc" + }, + { + "algorithm": "SHA256", + "checksumValue": "9e60db920af40199feb2c3b32901b596c8a7fd710e34ff44b298259fddd637b0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Antarctica/Rothera", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Antarctica-Rothera-b567b01303e388da", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "138923d95b5e8a57b673c54c8621188d0f6d2641" + }, + { + "algorithm": "SHA256", + "checksumValue": "881b79a6f03a9cb3ff504b40ff4307c3b1ee2440b504fca46b00efbb7c11a352" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Antarctica/Syowa", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Antarctica-Syowa-07ed7d3b280f15db", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "96520ac840c70593586f6a4a6a147bf7a6ed8aa5" + }, + { + "algorithm": "SHA256", + "checksumValue": "a0fe59eb5abbde35b25c7daa4ae408c7efb3668be6a0ed8d6b341ec2c30b0bcf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Antarctica/Troll", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Antarctica-Troll-45d19be0cbb7d625", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5ea49961c1b0a81c70bf70a67500c3228cb91915" + }, + { + "algorithm": "SHA256", + "checksumValue": "76825c28587b56d36bfcbe02ac96979f3633bcddff0ab8b00da0edc1e9a81c8f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Antarctica/Vostok", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Antarctica-Vostok-b678bb63d669a6a1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9b070ff80d6b53034fbcc06f7f47317e0f0ea6db" + }, + { + "algorithm": "SHA256", + "checksumValue": "29a5a255c288f672ee381983970da9090c81b4056b9506db3d67a453ae739dc5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Arctic/Longyearbyen", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Arctic-Longyearbyen-b2efc539cf50ff1e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "75502b16b3d1e853d5586c71ff73e94f4f665017" + }, + { + "algorithm": "SHA256", + "checksumValue": "485189e858e34ea0dc8467797379074240effd120e3cf71a3d64b830888b6d8d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Almaty", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Almaty-4007c15f993f184f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d2f6672521c36d12a25e96400adf46bd649d2420" + }, + { + "algorithm": "SHA256", + "checksumValue": "2af708dde05b31b79c1df7a3b656c4e9b0cef50c4db8e458afd3e029dc89a0da" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Amman", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Amman-78a9c1310740c8aa", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3009c0144755c35fb50c5bba84b231ceb645ee50" + }, + { + "algorithm": "SHA256", + "checksumValue": "c4870a6a4221ff72066f8aa21499a2bb92d452a3b50576fa7f4e2203bd8517da" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Anadyr", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Anadyr-7b07abce48102625", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "84c139bd92c0debc37a2b7212c81bc31cebb5de7" + }, + { + "algorithm": "SHA256", + "checksumValue": "72d3c61e7fbae5c1374d5eff46194ee654a074f4cc85adfe12de8094b260348c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Aqtau", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Aqtau-b0b15fae3ce98719", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "78e3bbab2f5f5b757bd0c27789c77bc2610eef5f" + }, + { + "algorithm": "SHA256", + "checksumValue": "0a722faee98ac9e960da4978754434daf29921a1a5758920eb098940c0f20cdf" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Aqtobe", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Aqtobe-4bf08701e5e976fd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "640135b378d540b8c5cd82bf9b53fb7996be7b26" + }, + { + "algorithm": "SHA256", + "checksumValue": "ed7b46d90e245917536bc492068a7dc4b123df5ad90cd586a055139bf8e1f5ae" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Ashgabat", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Ashgabat-20897921da67aa61", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a2d482cc7977bee041d4782384724ab74f255b1" + }, + { + "algorithm": "SHA256", + "checksumValue": "20eda1eddf2d458e73637f4504a7756b071f4ac39403e726c023b606395e7c4d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Atyrau", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Atyrau-9c27a24c4e4022cf", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ff442cd1c0cd3ec8862463c37e0b37b7b13735ee" + }, + { + "algorithm": "SHA256", + "checksumValue": "a0baa3c0f54e9c5972aaeceaaed4f5bf256be1747728cbe2d334175363e771c1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Baghdad", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Baghdad-11347187883af73d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f2d497edd20f89908a7861a896d12a54009cb7e6" + }, + { + "algorithm": "SHA256", + "checksumValue": "bfc112458498dfd4b6965d5538b164b568d923505c6d6b12aee5f58b692dc047" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Bahrain", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Bahrain-b0e384f6d27da550", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b1786773a9fc906067a20ab4b8d13bd5fb7b928f" + }, + { + "algorithm": "SHA256", + "checksumValue": "b183e0ed340781649a8870e63bd860aba246a0924f5c318e7cac551f2ae82b78" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Baku", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Baku-a41093a0e71bc7c5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c8b2e461264483de94495bb176a8abf43755156e" + }, + { + "algorithm": "SHA256", + "checksumValue": "b213a1ba26f4f9684ba98ee41f988dfa780d348b28a94fcb85898fe3cd5ce4ab" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Bangkok", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Bangkok-dc37220cbb44f0d2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0a3f4c0d17550194b24f4b9ada015be8cb6fc0b5" + }, + { + "algorithm": "SHA256", + "checksumValue": "6a9ab5fcd3ec2c28ba6de7223f5e036219dcbfb8c12cf180095268be1e03f969" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Barnaul", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Barnaul-a64a0b29550b0350", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "146cfbda228a6e302e4fc47f2e9a9ab6d03b0318" + }, + { + "algorithm": "SHA256", + "checksumValue": "a811724f90d0d3b317fec7844eeca62f481e40b55723f7c49adbbb3b66dcd9e7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Beirut", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Beirut-e366832f15f000fb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "91631f4be4a1d64ddbdee7cb915d9b013bda6f8a" + }, + { + "algorithm": "SHA256", + "checksumValue": "12facfe95d656a35dde148d2e220e01a0aafa1e7b9b71b40396c91abfcb4c140" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Bishkek", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Bishkek-43b40b3dc6d5af7f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d2be9177efcc3ff48369d6d55ca99dd07047dbcf" + }, + { + "algorithm": "SHA256", + "checksumValue": "742d9eb1d99e5183e33c817af952ac5a54f8d73b1b5e6c6ab676ce048b47ea79" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Brunei", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Brunei-f184a8de6446ce39", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "aca968c21717c987da3ae47008c8549470b83f84" + }, + { + "algorithm": "SHA256", + "checksumValue": "1378d7bffa56e11bd0a5185b50264ce7deb763051a80b84e6015c2dcb5abc46d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Calcutta", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Calcutta-5b7463d3a87f99ef", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b53017fc884b3d75cef1f966d48b4c81b1b0bbf8" + }, + { + "algorithm": "SHA256", + "checksumValue": "8c4b2523c8fbf932c166659e8545f8e130c007436643bae5d87b493fbec00618" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Chita", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Chita-b8952e82b53fd6c8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1d5e51e255bb40d3c5723605b9fb54f9b747b4af" + }, + { + "algorithm": "SHA256", + "checksumValue": "d432791b40f33a27d26fa8015da821cbbbd342e5f0f446f08dcb335f61114480" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Choibalsan", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Choibalsan-91442d4b20abbb1f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "55b3eaa0a380d475b0f79f30c2c2d7247275b644" + }, + { + "algorithm": "SHA256", + "checksumValue": "a85c3f8409af204452a090c8f8dc073ba63ef07f9c54abc647bdd3d73320f84f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Chongqing", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Chongqing-a6d8fd571d0c2a85", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5340ad3c4a745aa72e53c45730f5d37ef9595247" + }, + { + "algorithm": "SHA256", + "checksumValue": "3dabb2cbd654bfeff65ce40f9e3e6e1f8905196bf11dbb7d09da90bfee0902dc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Colombo", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Colombo-97ed177bcc7d9709", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3f2ad711403100a37148a39dd3eefab62f7d932b" + }, + { + "algorithm": "SHA256", + "checksumValue": "9568be7d3c15c035fe21d134fcf3e4cbbe9fb88630669e1d5a82856045a1894e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Dacca", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Dacca-b0545a2e8bf99f5a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d3f2af008bc8df50bb2d2de41d9f14cfd4e974a2" + }, + { + "algorithm": "SHA256", + "checksumValue": "883255334c7a560186731a994545992a58ddb7ebe0046d9bfac5d9bc0404fc31" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Damascus", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Damascus-89257e7dc821cd7b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "176a3b5071cb03b245ad878bcdc92c1ce8dc439c" + }, + { + "algorithm": "SHA256", + "checksumValue": "905ca552d118390d8a55d110ccc510fd8ca62ee1c924b8fedb6e51ee06723bfd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Dili", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Dili-6ef9a3f0d37591ae", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a54f0751e09c9141f190d1205a760ef6b6b0767d" + }, + { + "algorithm": "SHA256", + "checksumValue": "7f774195ded2dcae0fd35ad7c8631e25592b1dfaf7adf2f1a6fdfc57a756117d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Dubai", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Dubai-d02947be782f9df4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "077ec02fa7bda3c9f944ed47697c01b65180b80e" + }, + { + "algorithm": "SHA256", + "checksumValue": "e81a84a54de891c2d04582ff7df63e4216f7b8da850a85f408295e5d4563cbd7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Dushanbe", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Dushanbe-531fb4d3a25e9d01", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9f0215b35da9609585714253883b2c4380371661" + }, + { + "algorithm": "SHA256", + "checksumValue": "ea635b2d543c7cef8e22a7f5e4908237b7b0f9c0d0913e0fac541005034e449c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Famagusta", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Famagusta-33b6e90ad7e50c5c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "defd649b9777d729621e77010ea776b2791b0475" + }, + { + "algorithm": "SHA256", + "checksumValue": "20091893b43e49e89146c6565d0354a3e66eddf8cd7a684543516320cc43df79" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Gaza", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Gaza-79077984a7a6c0be", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "da2270f493b9e2357ea72c2a270885792746a648" + }, + { + "algorithm": "SHA256", + "checksumValue": "9944849e649605ade7f9135704640d03377e79ec844685baedd067dd089df7fc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Hebron", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Hebron-7b4af5d654131a8d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "70db72dfdaa561ddc6c56bf23aca11f67df4cffa" + }, + { + "algorithm": "SHA256", + "checksumValue": "c14954909bece0963016e16fe991109861c3f321423dd66f8f079294a7a1763e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Ho-Chi-Minh-c709cc0873ef5444", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a51e212d56cdab39de95f9e7eac13f67e759b40d" + }, + { + "algorithm": "SHA256", + "checksumValue": "2506d16a1e40756e93071eeb87eb390d80677e97af93cfba0a8db85c0c30a78a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Hong_Kong", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Hong-Kong-371522ecf1be2592", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "587a8219541e44b0459a210ba7b625cc06b624d7" + }, + { + "algorithm": "SHA256", + "checksumValue": "7b7d0ca6c638c25f978f1634aa550dbc6b581fc68c7fb8fc8206f185916d13d5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Hovd", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Hovd-574ad9a4c8b3c8b5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e2ecdd163565c11c67efb1198a68bddb71ad0588" + }, + { + "algorithm": "SHA256", + "checksumValue": "65ae13b140b91e71ad833667bfc7f2e6800fc302b58226ef423fc1ecbda4d604" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Irkutsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Irkutsk-3ff198d678ddcf52", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b15464ed6ab87ebb0c8f6be715daf95119b672d5" + }, + { + "algorithm": "SHA256", + "checksumValue": "e949dd759bcfadcb7222bfc64add3bc627604ca295a6550295d4d15a1610f7d3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Istanbul", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Istanbul-0a387cdfe63b745c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b06cbed22013bddcc7a8af2f850737f65ed40a7b" + }, + { + "algorithm": "SHA256", + "checksumValue": "79e7252772bb1e751c4051a881290654a091b48eb6c5f7e8dbd75b902e9b69e3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Jakarta", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Jakarta-5afcb57400b1d273", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3cacbf372d92a7c42c564f6859e97cee44b4911d" + }, + { + "algorithm": "SHA256", + "checksumValue": "4a01dcddf56ccd3dce9bd268e1a9c2f8f45d01599ad1d2756e24b322c88ddf81" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Jayapura", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Jayapura-78fcf48c6bbbb712", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "265b7fc6621a75620d91291e1b71761046de7304" + }, + { + "algorithm": "SHA256", + "checksumValue": "aab37ddf857fffe26ae3c74d6b0be399d4315c1f3e626b51d7c371ca33aa632b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Jerusalem", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Jerusalem-713b27e7e4132849", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e63bea2777e898f46d31d48fb58620ac679df656" + }, + { + "algorithm": "SHA256", + "checksumValue": "b0148f8add566bc74f6812b19c7b6ab83946b49391062d57594b48ff68b4a579" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Kabul", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Kabul-70bcd976ef21e4ce", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e0df8d7ae7f8e92d34378048011ca397e4b5167e" + }, + { + "algorithm": "SHA256", + "checksumValue": "b6801f8238f3facc093d3599d29a938743de04c8bd02a34232b47e2902da0a75" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Kamchatka", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Kamchatka-5d2df31116d2dd9b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5a01c1b5aa80e6fa206d7bbc36567ec3524ac5ff" + }, + { + "algorithm": "SHA256", + "checksumValue": "59e32ed392ec42cdd6a82e8442393d7a26cff5a4efa91463e853ea341bfb9ebd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Karachi", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Karachi-3dca7d224d87d7d8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "bf60ac118bf88a296775eeb8694559d7618b165e" + }, + { + "algorithm": "SHA256", + "checksumValue": "d553bc3c156e678388d870fb20fec1f3a5fafd6df697c16764303d549a0bbc5d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Kashgar", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Kashgar-5c026a85d6a1887f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7d625fc50ef3a86a76f0f01604d21602f9f32b6a" + }, + { + "algorithm": "SHA256", + "checksumValue": "e89dcc179fd438c7f0bfdd7c36386e1ef6ade581a140444a799c36c739218bf8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Kathmandu", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Kathmandu-5de4946ca871786c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d56400746ef3b83c38c9ecd2071817065252fe08" + }, + { + "algorithm": "SHA256", + "checksumValue": "6d72acb61184a8dd4aeb228b7df667a1af8e3166bcd2f942b1500d0c487605b9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Khandyga", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Khandyga-40bd8c2c972b948c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "344e5db35ac3ed8eb0341e1cccbc2b87d9b8dc45" + }, + { + "algorithm": "SHA256", + "checksumValue": "34541fa47299957178a872c4b5a406acca305eb0491a505397590de3790b87a7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Krasnoyarsk", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Krasnoyarsk-35ec5541946df3cd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "43a289f8733c46b541869d84e1c4a77f934df252" + }, + { + "algorithm": "SHA256", + "checksumValue": "3af7c4abd423ffcfbb41c76ce325460e94806b01670507a84d24479a743bc57a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Kuala_Lumpur", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Kuala-Lumpur-ca1e99cc58ec3d45", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2c388208210d01c39a9bf79d6afead374663deda" + }, + { + "algorithm": "SHA256", + "checksumValue": "9aae6b3d02b5d8e625f614d3db703803868cbfd6307370c1ec8f189d23d38e86" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Macao", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Macao-7b7d0bc6cc970d9d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "db0ecdfdd50b43906fb3592143a868c0dbfe7dfd" + }, + { + "algorithm": "SHA256", + "checksumValue": "1bca990b0f1a5a1cd670a97844a919313f001fcd1300e759646b07777464afc0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Magadan", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Magadan-ad6d58d932f042d8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4ae22b2290bd04ca166c0a812ff1377e54631241" + }, + { + "algorithm": "SHA256", + "checksumValue": "e5c4dc15e34614bb39258cf6c02e86e42ceb62ec7af0b5ca925d34ff2b838de3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Makassar", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Makassar-d3868b101b37c63b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b79b9b60fcaf395c3341ec0c41d4fb65b63ac746" + }, + { + "algorithm": "SHA256", + "checksumValue": "9baf5051a31815f8e742137b58b84d39d2e18f7523e31c661154e98cc94236ab" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Manila", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Manila-2311536ec353a770", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e67d75f88df518cb33bca6c471a26450adb86af0" + }, + { + "algorithm": "SHA256", + "checksumValue": "da9a7302d5e020e9c8a25de5c2658913221c6ee6de2fd3c73a9f916d9e092ac6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Nicosia", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Nicosia-8ff5c8f99542c1c7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a0da0714d20196df2041f5b5a2a3b2d6ae43bc29" + }, + { + "algorithm": "SHA256", + "checksumValue": "816ece597d51a1dc8fb9f2b5f704fb92ca46f39193c82d203b3e0f76022bfe6f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Novokuznetsk", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Novokuznetsk-1b6367971456eec2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "07d3d5334fe7e49ceb735707b9edc9ba0115ab9a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ecd1e87524dbea8b32301ab86d801059ea058c4a44ef91413366d0ea1e55a7dd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Novosibirsk", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Novosibirsk-1dad11ed20ccd12e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5574778e4f064d3d26a6703294fa021235df3ad8" + }, + { + "algorithm": "SHA256", + "checksumValue": "4bc8670b03af61f39638e08b06b3233505dd623976ab72df7382989687ac3cfa" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Omsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Omsk-7b73295968c5c5b6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "202ff5a4e480ff3b4a077d5eb5e81effdeb3865b" + }, + { + "algorithm": "SHA256", + "checksumValue": "ba4e12684ef834b2d8fd16eec35fc1f7e742ec9880203294572bdab53d3b5684" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Oral", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Oral-b6134efb4ea8a235", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3bd92541768138fa2551d1459103a6d9c3ea71da" + }, + { + "algorithm": "SHA256", + "checksumValue": "8dab88f61eba53c08e408d58d78c4c18dfc34d03bfdea4ac75b6c69c110227d0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Pontianak", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Pontianak-d33f966ebcd34c24", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e5896712386099f47f8df07d3909eea0c54be1e9" + }, + { + "algorithm": "SHA256", + "checksumValue": "24665b40a1d184b383861fb511ac1842c9697b172aa95553cdbeee510e85207b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Pyongyang", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Pyongyang-1b00c1885d3691e0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ced971b1b3eec6699ff05f271586ea5c0f5fbf9e" + }, + { + "algorithm": "SHA256", + "checksumValue": "2e6cd3912e92ad2ab9de080ad938668ca91dee96f5ff3dc16236e92411cd4970" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Qostanay", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Qostanay-f03b09dbcd6e79f9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e7ac0c5da28e5f4f4710a6825655004397a48156" + }, + { + "algorithm": "SHA256", + "checksumValue": "f0c637df806e7d9b767f035b731651d98766fffbacdfbe46427317142c1c5e18" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Qyzylorda", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Qyzylorda-9c820b6005b1fd42", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5c38ccea287faba02ab1a07bdd5a207bbbc80ae8" + }, + { + "algorithm": "SHA256", + "checksumValue": "a1f7f65b16b26a0ee985c46961fdf72b555a11c8179c07dd07178c45950f33cc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Rangoon", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Rangoon-4c1da9027422da97", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "990c68c465dd9fff8f342b00f254a26f685c9b01" + }, + { + "algorithm": "SHA256", + "checksumValue": "1cfd8f0fa6de43e4e9ed265490c9456349f6d1432d16df8b800d6f05523cd652" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Sakhalin", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Sakhalin-4fdb123fe106361d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "94cebfc4a48a7c51ba46a3a203d3de3c3de42622" + }, + { + "algorithm": "SHA256", + "checksumValue": "200016884eeb4dd0e79b6510428bf4abf98b7a2f7ceb9b01c1243b71a019b4c1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Samarkand", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Samarkand-947292ead3b1c9f5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "19a0174685ff5936c6be38d45d347a0bf00c5f20" + }, + { + "algorithm": "SHA256", + "checksumValue": "0a16a07b835821e5d7df7d673e31e8c23f73a9566756810728c1a714254963ff" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Seoul", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Seoul-659a69b949b557bc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6d292554fd0aeaf5985d169df46a41588618723b" + }, + { + "algorithm": "SHA256", + "checksumValue": "ada505a6950423e64d3dc95d6fb5e49035d9c0660f45196f379fb98ef2db464d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Srednekolymsk", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Asia-Srednekolymsk-cb7e4d427ef498c2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b6fca82b92113e65f6c65b3f2b125dc8e5c1f07d" + }, + { + "algorithm": "SHA256", + "checksumValue": "b71e39c85bc690caa7d5eff6cd8812de59147ae3d734327fa93c6c161541081d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Taipei", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Taipei-5f6f49aadfb5db41", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8d4be4d3b722864b1f536d03b2a70e018f118fba" + }, + { + "algorithm": "SHA256", + "checksumValue": "2e0fab6e1dc06ffab787f03fbedb00bfba79cd7e24111d4bba043941951da401" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Tashkent", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Tashkent-d6fa85942ba9725e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3210cb6407d585cc697a2d9bc389d379305a1d8c" + }, + { + "algorithm": "SHA256", + "checksumValue": "a401a4c5888b6a017118b63716cd5d511601ee0414546facf1c6b13b11e2d778" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Tbilisi", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Tbilisi-c2f4ae12b0131be4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "49a179a3182d043b2dfa369a00622d7574e72da0" + }, + { + "algorithm": "SHA256", + "checksumValue": "6a88a837d9b4cfe9763a39074af7cee568b4b8301ce76f554648cfd591bb2c40" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Tehran", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Tehran-41cde13c4321af41", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "81e8997961e94c1c42e96a58f792efd6a66eb341" + }, + { + "algorithm": "SHA256", + "checksumValue": "51517431e87fc787c60334fea3fdcac3212d69cfe68efdfab1af7078db475421" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Thimbu", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Thimbu-5d03d5cceb52edcb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "631dd80eab2ce1452fdc509a5cd697a2fd5bf8f7" + }, + { + "algorithm": "SHA256", + "checksumValue": "8b68b1bd1b172cc41d1182634f6396d1883a07472294a1b9b08b53f22c7d526b" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Tokyo", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Tokyo-79f74fce7309437f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7e4053e2e29443711029309c48578ca7f62b1414" + }, + { + "algorithm": "SHA256", + "checksumValue": "ebd0981ce34f6067ae2a1ac10cb93045e2c53207739cd4c4e5a5182c1e58eb29" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Tomsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Tomsk-9f2344594005c427", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "96da6262867933a3013a35be44ddbadc699ee94a" + }, + { + "algorithm": "SHA256", + "checksumValue": "d097fcdc0791e3ad95b57007487139d569daa9cc454201a3b5a9e23eabc5ad12" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Ust-Nera", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Ust-Nera-1bfda69ae0d15947", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1bd1dea8749ad76123c9dcb37f3dcb751e97b0c9" + }, + { + "algorithm": "SHA256", + "checksumValue": "2e5ae847187fe508b769c504e5374d1849bb96538dbc8c37734c8e0fe7fe0d64" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Vladivostok", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Asia-Vladivostok-462943816575345e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3d89cafa4a299c829df4f12872113f0822cf38eb" + }, + { + "algorithm": "SHA256", + "checksumValue": "3169967b2fdc43cf45958af33ba6f68d1b21e77483de43a4c2e7bb9937ae09e0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Yakutsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Yakutsk-773da227ed26a95c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3ca9614080780401f816ba7ef31281f6b7c1d163" + }, + { + "algorithm": "SHA256", + "checksumValue": "6a008c10551d500021b9656ac0275359050f7dfeeb95c6f09a5e92ff947a929c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Yekaterinburg", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Asia-Yekaterinburg-61975e0fc245b5fd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6f1c15a33f56104325f5a7986e0c41675f673343" + }, + { + "algorithm": "SHA256", + "checksumValue": "a38ccdd3308be5ba8d0d05a194034f8f878df83efae43f9542f2bf32d12f371e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Asia/Yerevan", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Yerevan-c69343349cab865d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5b0d5cc2fa7bcf8e12eb1f5cdb666add3baebb6f" + }, + { + "algorithm": "SHA256", + "checksumValue": "eb1d78885ef08e71fbd252a8a94211a75ef5945df8d13cef0a2b7ecb1b4327db" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Atlantic/Azores", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Atlantic-Azores-1da72657d491b1fe", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4a8a3046c83115427014d718232321dfb529bb6f" + }, + { + "algorithm": "SHA256", + "checksumValue": "8d43571970c544ffa840bf6a6c36e22ba2e61f0a08f305b872550533cdbbe84d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Atlantic/Bermuda", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Atlantic-Bermuda-01626c7aa79391d6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "497f4fdb96607af07ad67240e4158ade5450621e" + }, + { + "algorithm": "SHA256", + "checksumValue": "acde2d95e4d36821033d1dabbc8a8411b9e6350c23a2ad2d80801f7fec87a6d0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Atlantic/Canary", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Atlantic-Canary-e7e899b1ce982e9c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4a4e277bfe3e7523b5d5e874249f1e4613117c56" + }, + { + "algorithm": "SHA256", + "checksumValue": "9c494307b553c65f8b98288d007d865588e17f02fccd5198dae5d8a304506df7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Atlantic/Cape_Verde", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Atlantic-Cape-Verde-8697e4a748fbd08f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "36fe56da97a23c6a4cd48e284dac698d2969ed5f" + }, + { + "algorithm": "SHA256", + "checksumValue": "80298c8e9532d3c7f14575b254803ee66856504126bdec0c78bbea9a5c11023d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Atlantic/Faeroe", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Atlantic-Faeroe-a1df52b82f376959", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ecd696a5d84c7b21495e64362be3986c8daf4e7d" + }, + { + "algorithm": "SHA256", + "checksumValue": "e4bc706cbf76ac1b6af63a674384a5b29bce64d961cc701453de33a9df2da140" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Atlantic/Madeira", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Atlantic-Madeira-3c62995ac83b64e2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fce98afb032cef8850ec9b2772823f7cc7ece926" + }, + { + "algorithm": "SHA256", + "checksumValue": "c9d7c63adae12bd3b067d9da920e70b46c80918958f66fe8e58e763fe39b9e3d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Atlantic/South_Georgia", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Atlantic-South-Georgia-4bd39480910fe7cd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "15dcfd9b6d4f1e8ca1621b42696dfff5db443b4a" + }, + { + "algorithm": "SHA256", + "checksumValue": "230b5565a00d4a87d68c1aa7f36316522fb46f2b10de37b8ba6f03276c40851f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Atlantic/Stanley", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Atlantic-Stanley-5a07402af5bd1e09", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c8cd11ae9b9598e3b0e65f696bd387c2a1f3ed26" + }, + { + "algorithm": "SHA256", + "checksumValue": "8e17fa24405bdeab427f31d715b75aad22ff767bca0f421f47a0c1ea57410bba" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Australia/ACT", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Australia-ACT-340e43cc61beadc0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c1b019759c3304c37cff6105c21ff7be8bef593c" + }, + { + "algorithm": "SHA256", + "checksumValue": "642e4c43482e65d17e43cbc5fe2c665bcfc6500fbd7be117997a958519357c54" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Australia/Adelaide", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Australia-Adelaide-59e5eb2178088d7e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ab180f8298580a42f5ed6abd9a863fb670ba90a5" + }, + { + "algorithm": "SHA256", + "checksumValue": "ba3b9c88bef36f4b814ca5049c06b5eb2a1935a61c237c79aa2c88b2292819a3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Australia/Brisbane", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Australia-Brisbane-c8e1ea9e021b8c14", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cfc68f176bd8111ac8b958d4eb46e035e210c963" + }, + { + "algorithm": "SHA256", + "checksumValue": "0d0dd2a38a62d3fe7b8d7b26719631363df500dd58c34194c7615bd369465309" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Australia/Broken_Hill", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Australia-Broken-Hill-60abe0e813d2f612", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e54f8b79e01a528999736c56ac706ed8dd81779a" + }, + { + "algorithm": "SHA256", + "checksumValue": "2f15cd9d3c530060a73b2bb4a5f6e9d88cadd4eee4fa132a688fe592a7a24e66" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Australia/Currie", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Australia-Currie-b31d04042b9abaf5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fcc12af93d2a8076f2a17bca6524e4a3d586a284" + }, + { + "algorithm": "SHA256", + "checksumValue": "ed21235521d7650b7ab9c2fbac6670b52ef1c316a7d3387c3468ffcc2f1c4e56" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Australia/Darwin", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Australia-Darwin-9794c76a6eab5ba0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "13e1296d4be729fb8d9a86919df1f195f7218d91" + }, + { + "algorithm": "SHA256", + "checksumValue": "e6a593646f567712af1a334e9386b4e2b12af1bfbb84478bfa03a1a752ed1041" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Australia/Eucla", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Australia-Eucla-3cb1bec0eab9a923", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c4844badf7172980dc1503f8830d88e926a8d94e" + }, + { + "algorithm": "SHA256", + "checksumValue": "b7d2a342295c3224ba9d297b001af131566ef88a3546cbe8c225ce5053414a8c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Australia/LHI", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Australia-LHI-8d77a21b60654221", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f3a4cd1061d946c78e1967a6f915fb2e3f0dc9c5" + }, + { + "algorithm": "SHA256", + "checksumValue": "76162efac0f2925905052ab5cf35988527658a004db0d2c441ad97db8a3e22d7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Australia/Lindeman", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Australia-Lindeman-39a1cf12e24e2f4f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "05a8ef9490a9c58d3ea4e86aa511215d1d775785" + }, + { + "algorithm": "SHA256", + "checksumValue": "a8d5b962760b0cfd9dd1f008029b15ae5e074855e82ec66d742563027eb55d24" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Australia/Melbourne", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Australia-Melbourne-670e6465ecf7620e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "003ff467e9e0c888fb7cedfa58e1b36ca95fa8d3" + }, + { + "algorithm": "SHA256", + "checksumValue": "84ab5e18504d4001ee4e97c6008760e6851ec1b81ff2fac5c33a5551cbb1001e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Australia/Perth", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Australia-Perth-b53344cb3ffb3226", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "88a7b56f6c36745706c5035e016c88c14b92d328" + }, + { + "algorithm": "SHA256", + "checksumValue": "27a4964d7927ddd70e9940a5b0bd82611825ec6e505195cd4a4a46605e5d6b2d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/CET", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-CET-9e2ad02256d0b761", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9cb0d4b1bf570da2aafc521c224a0076cbad101b" + }, + { + "algorithm": "SHA256", + "checksumValue": "f335b2e2a80f9fa6c01a7ab22bff2167484a28c1dd50fbeb24921e7b78d19ab7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Chile/EasterIsland", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Chile-EasterIsland-3698970716458c61", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9967efcbbd039d1b943aa7c9a774f55a84c874a5" + }, + { + "algorithm": "SHA256", + "checksumValue": "b0635e8bb3a3efb07b5e4955576082a7ea8886d6ccc9a7b7eb80792e75a81aae" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/EET", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-EET-6d7e70e2ecdac341", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8e411b27520abf1944f05001a51366011b2a4659" + }, + { + "algorithm": "SHA256", + "checksumValue": "51319031e6a4e42a4c15c2952140f2d428a71255bfd4ad0dce25b8fde7d00585" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Eire", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Eire-33a9f4a242c7ac02", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "34b501693409050c81f7e6a862e2f99a9fda73e2" + }, + { + "algorithm": "SHA256", + "checksumValue": "2cd23fa1542d2e8f07e27e17560d1f6283b8b525e8a9ca4be9f0c16ce66aa7dd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-98e838ae849e045b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5d11e5d055b0cfce4cb63d5bca81cfd4ef55eb09" + }, + { + "algorithm": "SHA256", + "checksumValue": "c0ae0c488922dfe5baff09fea6c5d252a8f2d5cdd8f3cd280c68e31d2d8ac6fb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT+1", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-1-e0797c1b8a059c87", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dc800a1905e6bde8f42a1ea7ecf7bf9a704744ae" + }, + { + "algorithm": "SHA256", + "checksumValue": "16ea18914e1676430fee370b242d86587d3117b432482ec8a497db8bd14453ba" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT+10", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-10-6ba439dbb90f5c3f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "b8845ee6ea17122ce40fa360c14c9d24149cbee0" + }, + { + "algorithm": "SHA256", + "checksumValue": "c683654d0864baadc2f98ba9fa75b5f203af117c4e611cc8cc4c73eaac254cd5" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT+11", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-11-1246b723e35244d7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0941313052cbfa8accf728c69863a5437e8906e7" + }, + { + "algorithm": "SHA256", + "checksumValue": "5fea7c2d91940b17e15f78137ab3d40073ea161c858899498a7b90c79d84d48d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT+12", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-12-e9f47ff9032019c5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6b30c13e7049e88b5e0016af86b62a81b0f51a39" + }, + { + "algorithm": "SHA256", + "checksumValue": "24bbfaa6ff8159d3012fe838b6db32b77c13164f652c84dc43d7d3dc6a25f265" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT+2", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-2-ee1f0d09827619d5", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e1aeb70315ae8d7fceca5287ec0d3f8269121c83" + }, + { + "algorithm": "SHA256", + "checksumValue": "580fa5dae9587a6a260d0933985575b20cfefc9e7e17ce0587c24df848b82700" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT+3", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-3-4e0485fa464e8a3a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "271eb39e95bd06b8c97934fe4ac5516427d3d7e8" + }, + { + "algorithm": "SHA256", + "checksumValue": "4e52fa3acf4d068ab35ec9d0fb5c10122bee012c6fd0bc1fbb3ed6419d2d8db9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT+4", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-4-caf0ea4d1eb037ab", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f8e307c55d9665cc75744b2ed80937bfc0ae2101" + }, + { + "algorithm": "SHA256", + "checksumValue": "ec22c8e01edffa45b339dedcbcbdf8be615094f09b649213183cd75a5ab29800" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT+5", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-5-ed6e7e869c1525c3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ed1e43a6942cf3e9c52ca3730c75bf3bcbd037c4" + }, + { + "algorithm": "SHA256", + "checksumValue": "46fdd6be7520a43a5465619781bdd047e72c0b1a8e6a16a5b31b00b758221a57" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT+6", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-6-e475ca363045a9d6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "950c2c31bb8ace71a719fa73b49ed46bd4d19500" + }, + { + "algorithm": "SHA256", + "checksumValue": "0439857b0b94981df61fbf4070041d0f3f26f6102012843bca69e750e5b49ad8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT+7", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-7-ec0a17f08b1c7038", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2f0211b60ac2b4e2b2e3827930dfb025a0675f99" + }, + { + "algorithm": "SHA256", + "checksumValue": "75138491c3bd0ac7b172c3cf9c878159f557d7346144d71c89001fa0b5434eef" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT+8", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-8-307bb7c30af3573a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9abd61d2abe5b7e131d6736950497f70400f6f01" + }, + { + "algorithm": "SHA256", + "checksumValue": "65f78112a4e299dd478d06bef4569e93ca88781f5a7aca82861aca64f2a54921" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT+9", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-9-9c17adc7a7394b19", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "00d5ff8a8ce24a0f1080f33ab566a3e830cc439b" + }, + { + "algorithm": "SHA256", + "checksumValue": "14fa76a891398da90e64238f578675169038c2aabdece2bdd807c7e5c8014423" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT-1", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-1-b2ebeea47dd5475f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6316c3634f21e6bf13d207a591033a271d94eb8e" + }, + { + "algorithm": "SHA256", + "checksumValue": "bd9f157a6d4ed2edaecc9986c6a37a15b4cf24b4ec285d1fb033f60a8b6b40ea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT-10", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-10-1d82694b1ecba6e9", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "062ab53272e54f1769b6f995b655e322f4aa4acb" + }, + { + "algorithm": "SHA256", + "checksumValue": "31ad29ec2374b91ee2c65ec4a3d55a9a349f656cf147e88ceab2078866118555" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT-11", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-11-6741fb1bc0959778", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "78b796490451519ed6c6ffa51b451769c4589ac2" + }, + { + "algorithm": "SHA256", + "checksumValue": "7e8147d18a82011ce5c40cfdb3e72ee7c9f663a36319c769ff34c861c07d46e0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT-12", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-12-15cafed9eea83afd", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2a14e214d1402045660aff1597c1d453ef7e51d2" + }, + { + "algorithm": "SHA256", + "checksumValue": "1643f375f77a9cfa4f5a43a7edc5b1c9aaf6b142e38f5f11a5ad424d3c3bc50e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT-13", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-13-5d4a7c3f72373cd3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "140541627964666ae10d5711e792f057b8a39189" + }, + { + "algorithm": "SHA256", + "checksumValue": "ae045edea58729a07bf482af7f0514ef1f58cf0229da64203d847cbd73091ced" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT-14", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-14-6d909f42127f418d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f489ecbc9b0b1b9f9ea2eeb722f750869d3d4856" + }, + { + "algorithm": "SHA256", + "checksumValue": "6cfd1aea860e6e5bdc9acf61fb9d73b8157a184699af09ec60a7ac9105129d09" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT-2", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-2-b6e3181a3e6614ee", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8e159ada07f1178c4535b0dd44e022030bc3d55a" + }, + { + "algorithm": "SHA256", + "checksumValue": "ab411c42f81cf32921ba066b3fd207c19f8fadfc7a645ac498d0cd99403e08b4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT-3", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-3-178617aa61acb30a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7dc6d972313812676501ed51d41af4f2e7fe5869" + }, + { + "algorithm": "SHA256", + "checksumValue": "456321d4535e73ea2f90d57b4c6a01985b6c61975d3192079010ecba1756319a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT-4", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-4-7730cbb1fd359e9b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5f2e5d838282a6bf1aa35598a125aa2c24bc5c15" + }, + { + "algorithm": "SHA256", + "checksumValue": "3bd4a880605600d48d2c6a66bb8c06f8311517e66ab8f36033712637741804aa" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT-5", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-5-29e48de2cfb8b31b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a8e2f8a4a1101008e9dcffed0f6879935341a22b" + }, + { + "algorithm": "SHA256", + "checksumValue": "1d1c996246907f0f3a9acd5e718e2081d09fa9302db8cdba699970f042ec2bb7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT-6", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-6-a6a2bc1498452340", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "d9d202e8903ebdcbf04072991b0996f0b0539291" + }, + { + "algorithm": "SHA256", + "checksumValue": "240967a18e32890d63fbf85c36a4f68ee7e34ee2e74369ca7cc302e8d5628081" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT-7", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-7-a8f39bbe81d9520e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a1a6365d8ff5442395e22ef58c2ea8c9aafdac99" + }, + { + "algorithm": "SHA256", + "checksumValue": "d64bfa44a85bf15af2bae860eb7c983d37e105feec38bbac7abdb68e7301db9e" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT-8", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-8-0ab86e68732c77f6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "40c731d7f7e968f858d51e7144576cdff2def224" + }, + { + "algorithm": "SHA256", + "checksumValue": "5a45eb9a1793d21016cca402103fc96cada05665bb04419479a8c16dfb2d127d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/GMT-9", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-9-91a6a39db5404ccc", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9725dcf44d5eaa7324839093a4b0fe8407250ca7" + }, + { + "algorithm": "SHA256", + "checksumValue": "7b073597e60378b11510062f4763f5b028665d89a202f460f8076a66ce9c1e86" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Etc/UCT", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Etc-UCT-d551f7fcc01926ec", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4babbaada1d584e9a3e28f98cb69eb7b10e860cb" + }, + { + "algorithm": "SHA256", + "checksumValue": "d8ae7a9298ef0de0e84b7cbe5988f476d9ac76168506ad4a15ba2a4c77d0f882" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Andorra", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Andorra-b92545c8f9a22670", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9ef865d4570c9281fabd04323b6ac113646d09ea" + }, + { + "algorithm": "SHA256", + "checksumValue": "636f35db63ba2d24513234d0aaeac9176dffe5c59b992fb8ec284306fc1e8e55" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Astrakhan", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Astrakhan-bad99f1041412d06", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8031b764ca3ceb16cda37326490e43d364371877" + }, + { + "algorithm": "SHA256", + "checksumValue": "db0f7db18f4422f75f50905bbe3e1385d9beb785ac3ab4830c95e60ed6d26663" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Belfast", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Belfast-d0e7561284493ba4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8202180a4ee1e918ddd75ed206143b34886acaf4" + }, + { + "algorithm": "SHA256", + "checksumValue": "46b7d10bfe167c8abbe0a6b9568a56254b1d32bf709c59f79730d434c01f620a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Belgrade", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Belgrade-eebe74989742d15d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "72f2469525d821fe40ae93906dac331aa4e6a353" + }, + { + "algorithm": "SHA256", + "checksumValue": "424a31c5076e7e8df83719bef2256bfc462950cb25dbe4757ec6bf2bffc73407" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Bratislava", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Bratislava-8211995d747ee077", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6cb5e7db1f99c055196d9de1dda31791a357e602" + }, + { + "algorithm": "SHA256", + "checksumValue": "2724db32864ac46c3519d2e65ceaab5c5aa47ea40fc7ef223b0e95f1d6123478" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Bucharest", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Bucharest-1b1888dd3d110bb1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "06a411a4631ed971e9151302d5ecb4da38760ebc" + }, + { + "algorithm": "SHA256", + "checksumValue": "1c344ffd880bb10fab22505e6a155ede7966118ffe8154f9823d636f539f1fad" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Budapest", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Budapest-4c6b58c8cfeb69bb", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0907d069c1491bce06d4a3c159f9e5a1fc421a35" + }, + { + "algorithm": "SHA256", + "checksumValue": "b794eb2756f3064a56dc6d69b6283d782c4fe5b847f08e8f01791febc2aa7d64" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Busingen", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Busingen-93a77504158cd24d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2919e708ebcfd645a1fca479db8d9da144622cd3" + }, + { + "algorithm": "SHA256", + "checksumValue": "c7933f897854ae9ba3f186d4e69e6a4d8c83a7aadeac05bfc6ad24b352902c87" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Chisinau", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Chisinau-4c04952207bfba6c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8459d95aa0efd7870ebf490143f02cde3dc95aef" + }, + { + "algorithm": "SHA256", + "checksumValue": "7f5a8ec399f624b8c76af090704ff395e751d5a1b01d97d591e6bb7456e50707" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Gibraltar", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Gibraltar-3ed169a32febde4c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2fb18702fea92748f0e68e346f08457574e106c2" + }, + { + "algorithm": "SHA256", + "checksumValue": "bfa36a2a92509b37f9ce349039b318cfacd1a8f42b8d45a90123441b0bc5f614" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Helsinki", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Helsinki-f225389200f0e315", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "633ba90f4a99c66bc44c66a8e4be1c276bbfcb9b" + }, + { + "algorithm": "SHA256", + "checksumValue": "99774635d3673503f5f9a68bfa0a8ed22904a6aa240a54ca146c769a6b44f04f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Kaliningrad", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Europe-Kaliningrad-eacd3bb0a1f85734", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7a867ecfbc653667d2c2792a668e5f0af91ae86e" + }, + { + "algorithm": "SHA256", + "checksumValue": "4e9d028d6e75c1d8dee0ea1d2911be263c15986ce0d85f7962fc3a74980abea3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Kiev", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Kiev-f6fd23d435484c92", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ee04aa646c89c29b550a518214803d26e5db56e9" + }, + { + "algorithm": "SHA256", + "checksumValue": "2908feb1a02054053d38f4237fef440ecb8c4823532447f37dd40496081a7aab" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Kirov", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Kirov-023abd2d44bed68c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3b690fe08dc1e06a508cf8fba1b63db998b0a13b" + }, + { + "algorithm": "SHA256", + "checksumValue": "cd4ce071df873475dae25a8f9bc6669f210ffb2f59459177ba85cecdb1066869" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Lisbon", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Lisbon-94da58a2c071562e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6f602fd5c09c3445a92f17f53ec85d406f937702" + }, + { + "algorithm": "SHA256", + "checksumValue": "a36f7b5c14745fcf1ce8d81bd69ddf2a5f54acb42ae257b4f9a76979af60d2fd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Madrid", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Madrid-dc2b397038a0500b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "1b90f061a2bc9f220d6e57b22bc5fae57a5b3ed3" + }, + { + "algorithm": "SHA256", + "checksumValue": "60a674aaf464d0c1c6449054d431dbf18e3530563279b8a504816f3652a16d24" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Malta", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Malta-c9d4c510e981e36d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "be80e8ebb0f0a88fac52cf2cf1efbf79f6560a8f" + }, + { + "algorithm": "SHA256", + "checksumValue": "cff70fde0bb281552820a88054c3474f60421052182e1f5c5dfc6f79d9964d20" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Minsk", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Minsk-8dce2c711372eb31", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "50dc57fce2464261b4c032870b5fcce6e195e768" + }, + { + "algorithm": "SHA256", + "checksumValue": "2143110d5ab8d697694075f8a9f9e6e4db2e9ae3fc864588dc4aaf06bd215940" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Monaco", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Monaco-920898bb95373af4", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "96625c03b0e4ac66d5f325769c475d7c964feae5" + }, + { + "algorithm": "SHA256", + "checksumValue": "843e7e61f730fd653c286c01cbc9cd290b79e3e61d2fb2e9f216bbe3f7db31f8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Moscow", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Moscow-680b9e96e231e221", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8ec8d15220779bf4ceeaf6814c5542031c68d483" + }, + { + "algorithm": "SHA256", + "checksumValue": "fbe286e4e8b537f98c782958f935e648f86643a4db89bf8566f4037afe216d15" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Riga", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Riga-a80c7b5ed6f75459", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "fc0350b614040545ac06259e2a92a8ec9a9dc2b2" + }, + { + "algorithm": "SHA256", + "checksumValue": "8ba637f5e64e2e7ec5c3f78b2e60905d33107a9ef6f81ed9d7c4f4e0c3a5f1c6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Rome", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Rome-f297d7e288331d68", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "33ffe1aff43f2af208c9f04dc79e801b2d9f22a5" + }, + { + "algorithm": "SHA256", + "checksumValue": "c5891612c9a5e83e5ed103fe82045826dcd6c82c7c566622fdb9e77eafc7d50a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Samara", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Samara-e64353ec62870cf0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "2cf00481bef1b358434913d33d679b084885e832" + }, + { + "algorithm": "SHA256", + "checksumValue": "82f9a27b9f643a01a4dc1da68b08864a6713345326309721466b128e72c32231" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Saratov", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Saratov-d35cc7feb6820a60", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "20228b853bba740b6cc6205d650ac0eeada223e9" + }, + { + "algorithm": "SHA256", + "checksumValue": "bf2199a05b90cb3b923d20bc669acf2f86fd843130a1d9dfe3383807d5245941" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Simferopol", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Simferopol-39ac364a9c3507b7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5200c2fb1e905aecbef1eddb41a9a1af95b6a464" + }, + { + "algorithm": "SHA256", + "checksumValue": "58dbfa564500222376adbd40333a91130fa799752e66bdf1a45551c726e27faa" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Sofia", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Sofia-d229438e006fa531", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "893df349a8c4ccd2f07ec0e45925b2c11df032e9" + }, + { + "algorithm": "SHA256", + "checksumValue": "37bbdd3d0a1bbb85dddaf9bd9379405f1c7ccda6b319f0344818e1a92731aed8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Tallinn", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Tallinn-5fd92881aac7828d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ad32f4c0baca3b9e0711042ec04f507c1fe5c617" + }, + { + "algorithm": "SHA256", + "checksumValue": "fe35837b7201844c0f4cc40926df64aca256425ef499bafb5d4dddac7231fbb9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Tirane", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Tirane-18b452a763fa2e4f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c198540a74d481f47672421b8b0aa12c6f05369f" + }, + { + "algorithm": "SHA256", + "checksumValue": "728eeba75e4e7c47d50342c1d0cb77442d5433ec082942f4291d404af86e9b38" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Ulyanovsk", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Ulyanovsk-760e015bda49528c", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6dbadd79da1915515246c07efd473fadb711e6da" + }, + { + "algorithm": "SHA256", + "checksumValue": "178ebea5ec84691a5e29c09f05b268bb6a3839bd2b6069537acab096b2608dce" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Vienna", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Vienna-9aae9fa192834b5f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3a6106f78fa6d278254ed381107f79f1f72ae590" + }, + { + "algorithm": "SHA256", + "checksumValue": "1978e5d57f4ae3db762ad0cc8d9b1825467ddb6e7b37add40589ad88d67dcf12" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Vilnius", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Vilnius-a446144c2a8db246", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dd4651522a8fc50fbfeab9138139c0a98be78160" + }, + { + "algorithm": "SHA256", + "checksumValue": "9e0346c05bd62e5062c3e9c1af6abb3a76cac647d69904414df525dc699a8da1" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Volgograd", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Europe-Volgograd-7081a0e34a6b350e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "87ff92ee927befd36a5776064b50a60b015cc344" + }, + { + "algorithm": "SHA256", + "checksumValue": "c0a89c4186f6cb4116f953bee1e96336d76a95fe242958b36f1d343d3feae1ae" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Europe/Warsaw", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Warsaw-a2ed9481b9ffb2f0", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "8425ef070f27439d0e75b3cd1907a26833f06efc" + }, + { + "algorithm": "SHA256", + "checksumValue": "9e8225d49707e4b369634eb200212e63222e6ea0a8ef16a346ea6e32a12ca651" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Factory", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Factory-b350ce7ab7810a11", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "6db6f78bd95bed7639ecfa9fbcb32e5e53fae236" + }, + { + "algorithm": "SHA256", + "checksumValue": "1562a07bd51e51e00a99a8db7ceac2bc5d473008d9798b66d1046ff7ca69f2e3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/HST", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-HST-50f76fc25a911876", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "dcfa0711611efd412cfc39a00e06a7a651c24f39" + }, + { + "algorithm": "SHA256", + "checksumValue": "3cd58372124c8149411f3b1e7a923096293afb60d234258ae9230e768f906175" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Indian/Chagos", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Indian-Chagos-7d27e81560137a98", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "58a379fb0376e5abbb370c26f5311d1daec2498f" + }, + { + "algorithm": "SHA256", + "checksumValue": "a56c856698ed900dd9f105de3ecfa7c02a47d3e0a72cf9b0b2dda8d78e1ca668" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Indian/Kerguelen", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Indian-Kerguelen-a5d6c087f1ce0421", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "836b7f8b8924e979f9d150043ed836fb9e031066" + }, + { + "algorithm": "SHA256", + "checksumValue": "6f460c82f439e2d45a82af8290775e71ebe2ee472d802c2fc36ca477151ed03a" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Indian/Mauritius", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Indian-Mauritius-948a7edf6e965ad2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "ae6aa848ebef8ed4b361a36ff2760a1d05ccacbb" + }, + { + "algorithm": "SHA256", + "checksumValue": "392bac1d8217b660b7affe6623ef563ab1deefd077661e4ca48746f20ff07e73" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Kwajalein", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Kwajalein-27e20379fcc146d1", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "34af0076af4a4341be0f8b2abc0ebfda3b1371bb" + }, + { + "algorithm": "SHA256", + "checksumValue": "fe0269639dfeb4da4a29422764e8ce5d131bceb70eb858288feacb33adb93357" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/NZ-CHAT", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-NZ-CHAT-bda3f09d4ce029a2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "cd84961c4d50e4185f3a741815a51c13b712ff01" + }, + { + "algorithm": "SHA256", + "checksumValue": "7418e8e399cac56ecc7db3b17dd98b99af2a78c01009f6090b81fa74bb9ed1be" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Apia", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Pacific-Apia-47d47bfe9daa28df", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9b7740ef01a83771a188c6a3eea515420a4b1e7e" + }, + { + "algorithm": "SHA256", + "checksumValue": "9232e8d2e7c4b0851c24b934806eed6ad8c782b70b5f8077ecd085a344cf21a6" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Bougainville", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Pacific-Bougainville-78855593e2583a9e", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "52def485011a03bf0630796589a006350826d7fe" + }, + { + "algorithm": "SHA256", + "checksumValue": "3424ec28a42e16e2aecfedcb0e9460623e322ef6e91b0cbcd0f30ea3f81a38ea" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Efate", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Pacific-Efate-799f8d5301678c96", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a8ee1e5ccf78182632c20c0b8017100c83a66c3a" + }, + { + "algorithm": "SHA256", + "checksumValue": "2c3fa89e70a1e6f04d32a1425a7c4a17ea831bdb2991e2b2e7a6207eb2a2da34" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Enderbury", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Pacific-Enderbury-7a1210001590214a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "c3800c386333b9234fe998a348859ef6800892ab" + }, + { + "algorithm": "SHA256", + "checksumValue": "0d861c486407a2cfa76dcb792e29ab6b5a7dc23fc88e436fcf0e91aa934ce50f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Fakaofo", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Pacific-Fakaofo-17c26a924f613a8f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "242e87d997bca50490a5963afbd296e9db98d42d" + }, + { + "algorithm": "SHA256", + "checksumValue": "310746ea8f1df6f1fda801edfd8bf9dbe668ff0d67fc8f2ee6b09d13e08b1342" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Fiji", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Pacific-Fiji-d8442b79c9bb211f", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "003ab2f2e58a95975dc0bedb26c6239f5f63ca2d" + }, + { + "algorithm": "SHA256", + "checksumValue": "61d9791f14bdcd80003cc510d466349ddddae5425da99a15ff54363e61c82663" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Funafuti", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Pacific-Funafuti-10ecd7443a2e0f8d", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "264561f06a4b450a54c2958aa0a31c9aab233fd2" + }, + { + "algorithm": "SHA256", + "checksumValue": "a19599331d7971282a3d99d552f3580e18e1a3f291fe1c2a724b732b28d19dda" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Galapagos", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Pacific-Galapagos-d755b234f0f5e121", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "063fd61ea477769597792730fcb4e1db44da00e3" + }, + { + "algorithm": "SHA256", + "checksumValue": "e11d59240fad0b7863207bf94d2a3b1a1bee3dd638562cd52ad82dff0c5500cc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Gambier", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Pacific-Gambier-e3be249111356540", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a7bdf929ff895c8fd766a9b01ec7768a55239487" + }, + { + "algorithm": "SHA256", + "checksumValue": "e740a7ffbc13dd2ceba41ad306ef0ea8648404f94647a5f0acb6a53cc7fd07bd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Guadalcanal", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Pacific-Guadalcanal-6669f53a5e886496", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "9f1ae4c71492393dd281cca4c25fb9c02d9424cb" + }, + { + "algorithm": "SHA256", + "checksumValue": "395078e1bda2f361dadc972e7cac74766378db47e93ab0eb40831c1bd3cd0eb4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Guam", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Pacific-Guam-de70877551d180b8", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "96217fa9b9e0900f36df167e05a1be6285e7304c" + }, + { + "algorithm": "SHA256", + "checksumValue": "dd2618ab40e4937e8a7e77ee99cb16850d680dd751fbafbc7f1315910c1c654d" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Kiritimati", + "SPDXID": "SPDXRef-File-...zoneinfo-right-Pacific-Kiritimati-86462bf7cfae9fca", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "5c23c7d62279762fdc99e27b913b4e5614131095" + }, + { + "algorithm": "SHA256", + "checksumValue": "174e89b399cdcb099e3fbdb56726bcd5e4ff5407143375bbe3f325c2d9681ec7" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Kosrae", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Pacific-Kosrae-7846ce6f1446a572", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "badfb6360e23281f1586f8cc31f9bf0ddead03f0" + }, + { + "algorithm": "SHA256", + "checksumValue": "f3e0ee73aa07ea88079d523f04e18013c2faa1f451c16e84d8ce44b508ed1e7c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Marquesas", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Pacific-Marquesas-f42ed6977c96b3f6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "f9ab84a187a3dc1bd186524d4b475544aed3297f" + }, + { + "algorithm": "SHA256", + "checksumValue": "ec00139c96225da5c430689485dad62c37f3ea2a44bbfdbba984779ec39898ab" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Midway", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Pacific-Midway-009ece66b505db9a", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "a22abb4b6195611dfb909670078c38c2fcd02a7e" + }, + { + "algorithm": "SHA256", + "checksumValue": "123dc0bb0c84f740272684766dfe16f0bc190dbf9c221b944e4df2c98788d95c" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Nauru", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Pacific-Nauru-bc1dc5a11617ff3b", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "38b372bc34a518151fdbb18bd40313f9f1003331" + }, + { + "algorithm": "SHA256", + "checksumValue": "bd939db4129d29f0b99daaa023926e04a75f26de36dd4bde3af05093998da477" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Niue", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Pacific-Niue-287406beb3a9c308", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "219ce89833abdfb6f7900ef96259a079b33f98bb" + }, + { + "algorithm": "SHA256", + "checksumValue": "30cc62073dfdf73d40c8ba8cac33a52f7313e04a431a48f0576772745565afa4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Norfolk", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Pacific-Norfolk-893640ffaadb3fd7", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "771eb27866fb346a346dc123dad325bd0406dee2" + }, + { + "algorithm": "SHA256", + "checksumValue": "5c71894f23b70d59b166ba89cd77cc2f5e04587b07dff3db877ba131ec16e1dd" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Noumea", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Pacific-Noumea-5b3923f8e2b41631", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3a634960055fea8fa21f3c7335ca008e7e8ad7c5" + }, + { + "algorithm": "SHA256", + "checksumValue": "2c0159163af1753811f401a39dec7e715cd509e0240350bf4509319894f09a01" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Palau", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-right-Pacific-Palau-92cfdd5827806bea", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "3616d2b603942be1a069e138538be2a2554ef30f" + }, + { + "algorithm": "SHA256", + "checksumValue": "77b1aa8530b84c1e02080129746a797d03c2b34dab1c40f97067774e13e3c2fc" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Pitcairn", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Pacific-Pitcairn-5eb1e4f5972cf9c2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "32772a169319c0efe77169ddfdc6c7882306db47" + }, + { + "algorithm": "SHA256", + "checksumValue": "1a54aed7b3405c034a9d551e64c096b46e7edada97236f17844998ea7cd19665" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Rarotonga", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Pacific-Rarotonga-b94bacb68e7641d6", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0bff8c5944b3830f71a3aa7a904c209d2786db6f" + }, + { + "algorithm": "SHA256", + "checksumValue": "1a0b149b0644a1079e60c30e2568dc33201afabf080753a8ae61163c9f6614f3" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Tahiti", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Pacific-Tahiti-0a7fb6e5bfc5fc19", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "16b52774376b3b8dcb2ae812ef0f28bce49abd88" + }, + { + "algorithm": "SHA256", + "checksumValue": "692b326779d3a5f9ce9469353c2646ccfcba1c22ec790d06a76c382d41f8ac7f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/right/Pacific/Tongatapu", + "SPDXID": "SPDXRef-File-...share-zoneinfo-right-Pacific-Tongatapu-c10ae445b88bd9c2", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4a9cc0b35e2db131553cd7f89e9a2d8e8ecac8c1" + }, + { + "algorithm": "SHA256", + "checksumValue": "c5c1bed0f54f756cff29ebb9d7b1ffef96bd0d121b0cb0dbf9722c9181917601" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/tzdata.zi", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-tzdata.zi-ffa40bf00111bcc1", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e106ccbb7aaf0cafd1b2faa80616fafb5674fa66" + }, + { + "algorithm": "SHA256", + "checksumValue": "b707de303ec6cb982b853d30430970fd5cac7cd6086396d911b6fe5e66a746e0" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/zone.tab", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-zone.tab-7439d6928726b505", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "4f9c2681dad62e7eb99c7ed3a376a04d2cc581e9" + }, + { + "algorithm": "SHA256", + "checksumValue": "586b4207e6c76722de82adcda6bf49d761f668517f45a673f64da83b333eecc4" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "usr/share/zoneinfo/zone1970.tab", + "SPDXID": "SPDXRef-File-usr-share-zoneinfo-zone1970.tab-2e80788a46bd1d3a", + "fileTypes": [ + "TEXT" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0409ecccab58b2cd0d5aa758d2a518354dd83bdb" + }, + { + "algorithm": "SHA256", + "checksumValue": "e9d9fe30942a880f756b73f649667d8647a1ecf2131149445d9cc24c65e4ee8f" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "var/cache/ldconfig/aux-cache", + "SPDXID": "SPDXRef-File-var-cache-ldconfig-aux-cache-f7b1ca91de4b87e3", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "e262a9b428960942bd73da550bc313c4e8595c8c" + }, + { + "algorithm": "SHA256", + "checksumValue": "b7e9580a23b413e77efbb2b5ece1629ba22a45c22802c754f90ac5b3dc4f3fa8" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:9bc7c492562f465ba19a77b35e5f630d7559005d0753b2d888b175a07126b785" + }, + { + "fileName": "var/lib/rpm/.rpm.lock", + "SPDXID": "SPDXRef-File-var-lib-rpm-.rpm.lock-3647d85aef6052d4", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + { + "fileName": "var/lib/rpm/rpmdb.sqlite", + "SPDXID": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "7a8c03d5b08705a280360933df7cd1976094ba4a" + }, + { + "algorithm": "SHA256", + "checksumValue": "6888185a33db9606643fcd280b7a8e3e306125aa168dd3f9cf607e49018cf6e9" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "var/lib/rpm/rpmdb.sqlite-shm", + "SPDXID": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-shm-9e643efa3244df62", + "fileTypes": [ + "APPLICATION" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "608eeb7488042453c9ca40f7e1398fc1a270f3f4" + }, + { + "algorithm": "SHA256", + "checksumValue": "fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + { + "fileName": "var/lib/rpm/rpmdb.sqlite-wal", + "SPDXID": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-wal-42347261e3296811", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION", + "comment": "layerID: sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + } + ], + "hasExtractedLicensingInfos": [ + { + "licenseId": "LicenseRef--GPLv2--or-LGPLv3---and-GPLv3-", + "extractedText": "NOASSERTION", + "name": "(GPLv2+ or LGPLv3+) and GPLv3+" + }, + { + "licenseId": "LicenseRef--LGPLv3--or-GPLv2---and-GPLv3-", + "extractedText": "NOASSERTION", + "name": "(LGPLv3+ or GPLv2+) and GPLv3+" + }, + { + "licenseId": "LicenseRef-ASL-2.0", + "extractedText": "NOASSERTION", + "name": "ASL 2.0" + }, + { + "licenseId": "LicenseRef-BSD", + "extractedText": "NOASSERTION", + "name": "BSD" + }, + { + "licenseId": "LicenseRef-BSD-and-GPLv2", + "extractedText": "NOASSERTION", + "name": "BSD and GPLv2" + }, + { + "licenseId": "LicenseRef-BSD-and-GPLv2-", + "extractedText": "NOASSERTION", + "name": "BSD and GPLv2+" + }, + { + "licenseId": "LicenseRef-BSD-and-ISC", + "extractedText": "NOASSERTION", + "name": "BSD and ISC" + }, + { + "licenseId": "LicenseRef-BSD-or-GPLv2", + "extractedText": "NOASSERTION", + "name": "BSD or GPLv2" + }, + { + "licenseId": "LicenseRef-BSD-with-advertising", + "extractedText": "NOASSERTION", + "name": "BSD with advertising" + }, + { + "licenseId": "LicenseRef-Bitstream-Vera-and-Public-Domain", + "extractedText": "NOASSERTION", + "name": "Bitstream Vera and Public Domain" + }, + { + "licenseId": "LicenseRef-GPLv2", + "extractedText": "NOASSERTION", + "name": "GPLv2" + }, + { + "licenseId": "LicenseRef-GPLv2-", + "extractedText": "NOASSERTION", + "name": "GPLv2+" + }, + { + "licenseId": "LicenseRef-GPLv2--and-BSD", + "extractedText": "NOASSERTION", + "name": "GPLv2+ and BSD" + }, + { + "licenseId": "LicenseRef-GPLv2--and-LGPLv2-", + "extractedText": "NOASSERTION", + "name": "GPLv2+ and LGPLv2+" + }, + { + "licenseId": "LicenseRef-GPLv2--and-LGPLv2--and-MIT", + "extractedText": "NOASSERTION", + "name": "GPLv2+ and LGPLv2+ and MIT" + }, + { + "licenseId": "LicenseRef-GPLv2--and-LGPLv2--with-exceptions", + "extractedText": "NOASSERTION", + "name": "GPLv2+ and LGPLv2+ with exceptions" + }, + { + "licenseId": "LicenseRef-GPLv2--or-LGPLv3-", + "extractedText": "NOASSERTION", + "name": "GPLv2+ or LGPLv3+" + }, + { + "licenseId": "LicenseRef-GPLv3-", + "extractedText": "NOASSERTION", + "name": "GPLv3+" + }, + { + "licenseId": "LicenseRef-GPLv3--and-GPLv2--and-LGPLv2--and-BSD", + "extractedText": "NOASSERTION", + "name": "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + }, + { + "licenseId": "LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD", + "extractedText": "NOASSERTION", + "name": "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + }, + { + "licenseId": "LicenseRef-GPLv3--and-LGPLv2-", + "extractedText": "NOASSERTION", + "name": "GPLv3+ and LGPLv2+" + }, + { + "licenseId": "LicenseRef-LGPLv2-", + "extractedText": "NOASSERTION", + "name": "LGPLv2+" + }, + { + "licenseId": "LicenseRef-LGPLv2--and-BSD-and-Public-Domain", + "extractedText": "NOASSERTION", + "name": "LGPLv2+ and BSD and Public Domain" + }, + { + "licenseId": "LicenseRef-LGPLv2--and-GPLv3-", + "extractedText": "NOASSERTION", + "name": "LGPLv2+ and GPLv3+" + }, + { + "licenseId": "LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL", + "extractedText": "NOASSERTION", + "name": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + }, + { + "licenseId": "LicenseRef-LGPLv2--and-MIT", + "extractedText": "NOASSERTION", + "name": "LGPLv2+ and MIT" + }, + { + "licenseId": "LicenseRef-LGPLv3-", + "extractedText": "NOASSERTION", + "name": "LGPLv3+" + }, + { + "licenseId": "LicenseRef-LGPLv3--or-GPLv2-", + "extractedText": "NOASSERTION", + "name": "LGPLv3+ or GPLv2+" + }, + { + "licenseId": "LicenseRef-Public-Domain", + "extractedText": "NOASSERTION", + "name": "Public Domain" + }, + { + "licenseId": "LicenseRef-pubkey", + "extractedText": "NOASSERTION", + "name": "pubkey" + }, + { + "licenseId": "LicenseRef-zlib-and-Boost", + "extractedText": "NOASSERTION", + "name": "zlib and Boost" + } + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-sun-01d4f5973d1c627a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-16color-022bdd650baaeff4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v43-0403744b03ece668", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vt200-07b4d533d94c80f2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-...share-terminfo-r-rxvt-cygwin-native-088ade83e6eebed3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-d-dumb-09084d46a70bf81b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-a-ansi80x25-0c3e4cf799fcc30f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-8bit-0cb46cc286b242d6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-direct2-0d62abe9ceec72d8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-E-Eterm-256color-0e34fb41de1b62b1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-t-tmux-direct-0e50753a88851779", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-hp-10b15c7300d1de17", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-vt220-10e3777ce389b734", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-g-gnome-256color-117bddb3be9fc6c4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-a-aterm-11b19e39d79597cb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-e-eterm-color-1897f00c748327d1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.linux-1b17f7a3b989d675", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-c-cygwin-1d1a43393b1232b9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vt100-nav-22d92096b251462b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vt52-243f7f524d627de6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-pcolor-262bec80ab3b6fc9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen-16color-2671778ef1b1ae46", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-new-27fa8cd5292f5759", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-tabset-vt100-2d4b5bcf32f6cbc2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-g-gnome-2d6b3c65dcb51837", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-m-mlterm-2f07e6cfdae0c898", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-t-teraterm-326ff4dc26b7e7f3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-bold-358a54515c04e917", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vte-358e676f3ce16efa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-x11hilite-36256cdb62622e80", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-1002-37b118056dc26790", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-256color-3a06aa97b9d3c315", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-basic-3a3dd63fc31cf9f0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-t-tmux-3c671293eaa35b7d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-e-eterm-3ca2d9bbc94af0e3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v32-40c55a7db4a229cd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.teraterm-469423e151105775", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v44-4745f6daad934514", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-478f145eadc35c6e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-x10mouse-48281070c504d26d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-p-pcansi-49ce661ec5b0e144", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-A-Apple-Terminal-49fb4120d637fe1a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-m-mrxvt-4c763e54c767a733", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v40-5170d1225175e819", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-color-523c6606f11f2b6b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-tabset-vt300-5517326a8e488359", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-ncurses-base-COPYING-5b03fcebec1ce207", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-m-mach-color-5b678d76cc0043bf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-1006-5bc14091563d357b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-m-mach-5c91ea5dfc763123", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-1003-5d67ea35ce22f6ae", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-5dadf1adff8ce7ae", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-...terminfo-s-screen.mlterm-256color-62b0b802c45d2d9e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-...share-terminfo-s-screen.putty-256color-63723b0f4336e0db", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-cygwin-64f587ed99b945e5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-t-tmux-256color-66aaab4ba24bc5b4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-vt52-68e1197e7698a852", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-b-bterm-6d9636fb6e232098", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.vte-70069cacf08e5836", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-a-alacritty-739c4c996183e33c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-mono-770bb10fedc6e4ed", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vte-256color-8290f04afbda7365", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-m-mach-gnu-color-84b5e513d406987a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v333-85c3ed778f0ddb90", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-k-kitty-87088da3c73ee47a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.mlterm-878ad561b086b8ad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-r5-8e1d542f8169b000", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-direct16-9243f8be77ca5508", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-16color-9343d5cbf9e585e5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-w-wsvt25m-968fd195a4554675", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-k-konsole-256color-96c8175a8f36d182", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.gnome-96eaafd3944dde48", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-...share-terminfo-s-screen.vte-256color-97be65b698050a66", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-p-putty-9927684daea6e98f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-r6-9a82f7c0ce9888c0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-sun-9ae4907d5846a39c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-direct256-9ba2547f37f694f8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-a-ansi-9ce0eef993dd6662", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-j-jfbterm-9e7a24f8b9f9a4a0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-utf8-9ed2eb25fdb82770", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vt102-a00981ff8a31aa27", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-n-nxterm-a4671eb99dd9ce2d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-h-hurd-a563a8a6f4101d54", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-88color-a5abdb1170ef5088", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-m-mach-gnu-a968fc110e78a7e9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-w-wsvt25-aa00d5296f618d6a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-ncurses-base-README-ab815bf6c0edffd2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-88color-ae45f54c300bb636", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-old-aeb11193f8402ce7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-...share-terminfo-s-screen.xterm-256color-b1a9a334edfc782d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xfce-b2c06c93987dc6df", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-tabset-std-b41a49b6e27da37f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-basic-b4b0af52e0102e33", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-st-16color-b6c79f65123c68c7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-l-linux-b77f01b69f16a601", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-t-teraterm2.3-b8e23a2c85c074aa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xfree86-b93e2d2cfb64bc9b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-noapp-b9c6ec960b364afe", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-256color-ba04e1a02ccf0e79", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-xpm-ba2b8aeeed756e4b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-p-putty-256color-bb7b9486d2967e4f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-...share-terminfo-r-rxvt-unicode-256color-be6d66b461c658b9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-1005-be7456704d957929", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen-bf552973196385fd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.putty-bf768e51b1b0694d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-E-Eterm-c159e8b0661e7d06", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xf86-v33-c35dd89b3eb05a79", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vs100-c3c8cf0a40b73304", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.rxvt-c458e6458e9b08ba", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.Eterm-c70fed58b78ebdab", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vwmterm-c8cc24147a716899", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-r-rxvt-unicode-ca75d7cf751c3a9b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-sco-d00ddd9f869070e6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.mrxvt-d58e250ca45ee93a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.konsole-de1aaed71982acfe", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-xi-e218da38269c139b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-tabset-stdcrt-e4b58777688d3db6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.xterm-new-e58f4643f64e0965", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-x11mouse-e8c64ca72ddad3e6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-k-konsole-ee7f726c682ba5b0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen.xterm-r6-efa0d7dce3147d57", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-screen-256color-f03e4607a68f7fff", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-E-Eterm-88color-f0ecee1a41d9766c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-st-256color-f1092c0f72a807b1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-m-mach-bold-f34d0eb0a29edab3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-direct-f3f45085dd41c8af", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-s-st-f40c1864762c12c0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-v-vt100-fc15b1cbbbc8b700", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-...terminfo-s-screen.konsole-256color-fc223aa7c8c6f6f1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-usr-share-terminfo-x-xterm-nic-fff2cc852438009f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libevent-0299e311fe243bca", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libevent-core-2.1.so.7.0.1-0641d6c97b0ce150", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libevent-0299e311fe243bca", + "relatedSpdxElement": "SPDXRef-File-...lib64-libevent-openssl-2.1.so.7.0.1-126ddf605a08aa6f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libevent-0299e311fe243bca", + "relatedSpdxElement": "SPDXRef-File-...lib64-libevent-pthreads-2.1.so.7.0.1-4032189b898fefaf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libevent-0299e311fe243bca", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libevent-extra-2.1.so.7.0.1-7e97c46e2ba7aa0e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libevent-0299e311fe243bca", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libevent-LICENSE-9b1fc29507f6153b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libevent-0299e311fe243bca", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libevent-2.1.so.7.0.1-caa129ad797767a7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-fips-provider-so-039e508ce9d5da38", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-ossl-modules-fips.so-67ddf331d95fbab9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-read-00b2dfb2762e3451", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-bash-COPYING-181d870990e0b987", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-wait-293eafcf9526eaf2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-ulimit-399960ec84398034", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-bash-457e99e6356b07d9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-fg-4eb740e67d5a13d9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-hash-544a5e04e861b70c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-cd-8721732baf3d2db8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-getopts-8b20c49352d19b94", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-etc-skel-.bashrc-8b56bfbdb189c2e3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-unalias-911641d65b7558d3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-alias-b0144fc5fac67179", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-etc-skel-.bash-logout-b3f4e891b12a90bd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-bashbug-64-b6cdb94774d588e9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-jobs-c2099ec9fb017164", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-type-c2b780c83765c415", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-umask-c8e5318148bed297", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-fc-cf2b5514af5f4b1c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-command-d567ea1a1bff3f0b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-usr-bin-bg-dcd596fa9d66ed3f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-etc-skel-.bash-profile-e7e93dc9a8cd8988", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libgcc-COPYING3.LIB-220d69e3f8293bbd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgcc-s-11-20240719.so.1-56b979a8eab3398a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libgcc-COPYING.LIB-b82a899b41957e3f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libgcc-COPYING-ce9138e160be5543", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libgcc-COPYING3-d57ed1f4490e2301", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-libgcc-COPYING.RUNTIME-f374ebc3b3ace9d7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libuuid-07c41562e2bee55f", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libuuid.so.1.3.0-2f4c1c268d776d3e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libuuid-07c41562e2bee55f", + "relatedSpdxElement": "SPDXRef-File-...licenses-libuuid-COPYING.BSD-3-Clause-5788a17f6149e070", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libuuid-07c41562e2bee55f", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libuuid-COPYING-d57093f10f5ee2d8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libffi-090027c7d7254e53", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libffi-LICENSE-1961bfa9d1198d5b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libffi-090027c7d7254e53", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libffi.so.8.1.0-c9e0a30b10d2fe01", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libblkid-09371eedc2b9d95d", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-libblkid-COPYING-6c3fe7be3bf29827", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libblkid-09371eedc2b9d95d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libblkid.so.1.1.0-b3bce0528aee3419", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-lz4-libs-0fc14552c6652ab5", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-liblz4.so.1.9.3-07c7e420648edb7f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgpg-error-102fca6f01ef28cf", + "relatedSpdxElement": "SPDXRef-File-usr-share-libgpg-error-errorref.txt-0022cc837623aa93", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgpg-error-102fca6f01ef28cf", + "relatedSpdxElement": "SPDXRef-File-...licenses-libgpg-error-COPYING.LIB-14d8cebc04906f0a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgpg-error-102fca6f01ef28cf", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gpg-error-506b975f1b474e9c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgpg-error-102fca6f01ef28cf", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgpg-error.so.0.32.0-6b8f40a297fb9256", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgpg-error-102fca6f01ef28cf", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-libgpg-error-COPYING-cc8e1d8350367ddf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bzip2-libs-17802e5820eaaec1", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libbz2.so.1.0.8-03fde1b1904f0a48", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bzip2-libs-17802e5820eaaec1", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-bzip2-libs-LICENSE-334ab95186904be9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relatedSpdxElement": "SPDXRef-File-usr-bin-grep-0bceaf8088a9ad73", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relatedSpdxElement": "SPDXRef-File-etc-profile.d-colorgrep.sh-43e6c2af7d668269", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relatedSpdxElement": "SPDXRef-File-usr-bin-egrep-6c51703fecd14955", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-grep-COPYING-6dba54af8c7facae", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relatedSpdxElement": "SPDXRef-File-usr-bin-fgrep-9e6bcbbaf4a27702", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relatedSpdxElement": "SPDXRef-File-usr-libexec-grepconf.sh-9f5373b01acacc41", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relatedSpdxElement": "SPDXRef-File-etc-profile.d-colorgrep.csh-ba105d23baa6b7a7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relatedSpdxElement": "SPDXRef-File-etc-GREP-COLORS-e427d65853822d0a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsemanage-1d43a3fb8f185afb", + "relatedSpdxElement": "SPDXRef-File-etc-selinux-semanage.conf-23ff64af82c9eae7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsemanage-1d43a3fb8f185afb", + "relatedSpdxElement": "SPDXRef-File-...share-man-ru-man5-semanage.conf.5.gz-aa7a3466a80a0996", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsemanage-1d43a3fb8f185afb", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libsemanage-LICENSE-ba5945950e24531a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsemanage-1d43a3fb8f185afb", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-semanage.conf.5.gz-cc59bee454cfe52c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsemanage-1d43a3fb8f185afb", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libsemanage.so.2-f4640f5ead471b71", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-alternatives-22d0e7bdd9bb8c1a", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-alternatives-COPYING-6a9d7cb03432b94a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-alternatives-22d0e7bdd9bb8c1a", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-alternatives-d536adb8f0ad5bbf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-alternatives-22d0e7bdd9bb8c1a", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-alternatives.8.gz-f7da459eec88b367", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-findutils-COPYING-23ce7a6f5cc39317", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-findutils-AUTHORS-2b831b50af534f2b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-File-usr-share-info-find.info-2.gz-4268922d65c4bac2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-File-usr-share-info-find.info.gz-6643a17eada4fe22", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-File-usr-share-info-find.info-1.gz-6bec087ae55f3170", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-findutils-TODO-7e256dc3c07e3bbf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-File-usr-share-info-find-maint.info.gz-8666c08c86669390", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-findutils-THANKS-a222427dafd590d6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-findutils-README-a2321d70af729a09", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-findutils-NEWS-c29277a285f11a54", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-File-usr-bin-xargs-cb344590729d5a35", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-xargs.1.gz-de5571141680d5bc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-find.1.gz-edd5a8e8d4e5104f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-File-usr-bin-find-f60c8826d1355380", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...ossl-guide-tls-client-block.7ossl.gz-00e72aac91d28573", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-spkac.1ossl.gz-01930f5f73b7f35d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-KDF-X942-ASN1.7ossl.gz-03b262d8fe93a385", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-provider-storemgmt.7ossl.gz-04979271e7e61cf1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-CIPHER-AES.7ossl.gz-04a987f5b10a610c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-PKEY-DH.7ossl.gz-05269894336f94f1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-CIPHER-DES.7ossl.gz-080a70f9a4603dbc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-OSSL-PROVIDER-base.7ossl.gz-08389c7ca7020248", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-cmds.1ossl.gz-0908fd4fd5f4a818", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-pkey.1ossl.gz-098a7230ad91992c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-PKEY-HMAC.7ossl.gz-0a2c3c47f7545b9e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-ASYM-CIPHER-RSA.7ossl.gz-0a62741227568113", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-MD-SHAKE.7ossl.gz-0b11dc6ec27fcb50", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-SIGNATURE-DSA.7ossl.gz-0b3ada17b5808025", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...ossl-guide-tls-client-non-block.7ossl.gz-0d6444570e9a4441", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-dhparam.1ossl.gz-0e7e8dc5e9378ef8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-genrsa.1ossl.gz-0f3d7c8384d26afc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-KEM-X25519.7ossl.gz-116612c7f9a4276c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-MD-SHA3.7ossl.gz-1223afc00cf0844c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-life-cycle-pkey.7ossl.gz-127b13d2bc472163", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-MAC-Siphash.7ossl.gz-12fb8dcbf17e12f9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-storeutl.1ossl.gz-13b677168cd419ca", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-CIPHER-CHACHA.7ossl.gz-1530f883db4b364b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-PKEY-ML-DSA.7ossl.gz-164f352d72d01539", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-openssl-ca.1ossl.gz-17109a9d9fd0da32", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-provider-kem.7ossl.gz-18ede0deb982b800", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-ossl-store.7ossl.gz-1ba2765c720edf90", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man7-openssl-quic-concurrency.7ossl.gz-1cf26eb3e5d7d8f4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-req.1ossl.gz-1d83425a6d3a43ed", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-pkcs7.1ossl.gz-1df1410d70a4f922", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-passphrase-encoding.7ossl.gz-1fc819056b194ba1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-MAC-CMAC.7ossl.gz-21b9bf623e477c9b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-SIGNATURE-ECDSA.7ossl.gz-22a3961e6fdd8f2e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-rehash.1ossl.gz-22ee4bba12ea0d5a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-s-client.1ossl.gz-2302c94d9b695ace", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-kdf.1ossl.gz-238f5a7f2c70ae74", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-MD-KECCAK.7ossl.gz-2492038fe7738f6b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-speed.1ossl.gz-26de3af2b0c9031f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-s-server.1ossl.gz-273a9dd2b508fd4e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-sess-id.1ossl.gz-27d2730b405f40c1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-EVP-KDF-KB.7ossl.gz-2867a7f559c350c2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...ossl-guide-quic-client-block.7ossl.gz-28dfcfd179be0b78", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-KDF-PBKDF1.7ossl.gz-2ccf1330944b3911", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-openssl-README.md-2dda2c3f18ee55a7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...openssl-passphrase-options.1ossl.gz-2e29e91c30514a79", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-provider-signature.7ossl.gz-2e6e0bd2077d78e3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-openssl-threads.7ossl.gz-2f61072da3b72ad2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...ossl-guide-tls-introduction.7ossl.gz-30ba784dfcde4319", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-crl.1ossl.gz-32b179d3dd5804a6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-openssl.1ossl.gz-32e3efd142dc1df3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-MD-BLAKE2.7ossl.gz-33151bcb993bbe1b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-MD-NULL.7ossl.gz-34502f16226e82d3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-passwd.1ossl.gz-345b04093df8b158", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-RAND-CTR-DRBG.7ossl.gz-34df9b20f6f66964", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man7-ossl-guide-introduction.7ossl.gz-34f86a316b899160", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-provider-digest.7ossl.gz-35251537084ad631", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-provider-encoder.7ossl.gz-35e43fc4d5dfd95a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-EVP-MD-MD2.7ossl.gz-362858c8cee5ee21", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-CIPHER-CAST.7ossl.gz-368098ac9821757c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-PKEY-DSA.7ossl.gz-3717e7a528f67db3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-MD-SHA2.7ossl.gz-380f15a0186b69d1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...ossl-guide-libssl-introduction.7ossl.gz-38c9e9de9ef8b1bf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-SIGNATURE-RSA.7ossl.gz-3978c1ded75360d2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-KDF-HKDF.7ossl.gz-3a7fc15fcc4dadfa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-provider-base.7ossl.gz-3ad33f14bbbecc4f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-provider-mac.7ossl.gz-3af3c17164dced1d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-MD-MD5-SHA1.7ossl.gz-3b4405ce04b1600e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-provider-kdf.7ossl.gz-3b7481d6c56feb94", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...ossl-guide-quic-server-block.7ossl.gz-3dfdfeadef568451", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-X25519.7ossl.gz-40616822d43702fa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-EVP-MD-SM3.7ossl.gz-40e6051abeb3f042", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...ossl-guide-quic-client-non-block.7ossl.gz-45807708e472faea", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-KDF-TLS13-KDF.7ossl.gz-459e9f148272cee8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-openssl-user-macros.7ossl.gz-45bce5e300fd4ccf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...ossl-guide-quic-introduction.7ossl.gz-460d5c116f6223dd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-CIPHER-SEED.7ossl.gz-467837e1f76df428", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-RAND-HMAC-DRBG.7ossl.gz-469a3d0c003455eb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-KEM-RSA.7ossl.gz-4b71fd7f4dd7c76a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-property.7ossl.gz-4c23c7378d159b46", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-PKEY-EC.7ossl.gz-4c7ea6934cd41c12", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-errstr.1ossl.gz-4d3db18e5ba09e94", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...openssl-namedisplay-options.1ossl.gz-4d84e8f5b61a4032", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-PKEY-SLH-DSA.7ossl.gz-4e88db845a1d6c20", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-KDF-ARGON2.7ossl.gz-4f6c8c0223470a84", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man7-openssl-core-dispatch.h.7ossl.gz-50eb8ce87c65d0b9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-MAC-HMAC.7ossl.gz-512d053c17d87ee2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-KDF-PKCS12KDF.7ossl.gz-525dee4e979d11a3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-openssl-ec.1ossl.gz-530981cb7fd39695", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-KEYEXCH-ECDH.7ossl.gz-534f9530f3e7d4ef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-KDF-SSHKDF.7ossl.gz-552f5139f3e4f68d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-EVP-MD-MD4.7ossl.gz-557a753af79601d4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-genpkey.1ossl.gz-575440ca93aa9cf3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-KEYEXCH-X25519.7ossl.gz-579c5e1799c04e87", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-CIPHER-NULL.7ossl.gz-589755c709a5e68e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-KDF-X963.7ossl.gz-5debda3dd8c43da2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-PKEY-X25519.7ossl.gz-5e03800152dd27d6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man5-x509v3-config.5ossl.gz-5e292b3a78fa663e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-CIPHER-SM4.7ossl.gz-5e55681099c9ac55", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-verify.1ossl.gz-6003ee08f870b8e0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-rsautl.1ossl.gz-614a1b6a37fae2ab", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-ASYM-CIPHER-SM2.7ossl.gz-614b857c27a1c5f8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-CIPHER-RC2.7ossl.gz-64135b28c46f9bb3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-provider-rand.7ossl.gz-64f306c08f107916", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-MAC-GMAC.7ossl.gz-6670e4a5d0e8f7b4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-x509.1ossl.gz-6708b04c922a30f8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-dgst.1ossl.gz-67c6af8d96a64031", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-evp.7ossl.gz-6c8868eb7d22aacf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-life-cycle-kdf.7ossl.gz-7075d77f48f819db", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...ossl-guide-tls-server-block.7ossl.gz-70a4e9c2614d0bc8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-KDF-TLS1-PRF.7ossl.gz-757c5e7433c8bba4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-openssl.cnf.5.gz-7682f6723e342eb9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man7-EVP-SIGNATURE-SLH-DSA.7ossl.gz-77c3c07010d12669", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-KDF-X942-CONCAT.7ossl.gz-7972d18b8c491ea5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-openssl-LICENSE.txt-799e684ab92fe053", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-enc.1ossl.gz-7dc068014a9b892c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man7-EVP-SIGNATURE-ED25519.7ossl.gz-7e6f15db1d2d3469", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-provider-asym-cipher.7ossl.gz-7f4b6e2448ed3140", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-provider-skeymgmt.7ossl.gz-807793bc82961c26", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-bin-renew-dummy-cert-80a60d7b813a682b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-nseq.1ossl.gz-840907f3de9baefd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-ecparam.1ossl.gz-862b82be72f04846", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-skeyutl.1ossl.gz-868a400a31e858b9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man5-fips-config.5ossl.gz-87fed008d823de82", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-OSSL-PROVIDER-null.7ossl.gz-8824c210f678a8fb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-KDF-PVKKDF.7ossl.gz-8b2a0b87a4276bd3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-KDF-HMAC-DRBG.7ossl.gz-8b74dbb9b76ffae7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-x509.7ossl.gz-8cb4be846bdf4a6b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-life-cycle-rand.7ossl.gz-8e00f1b19b53f224", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-bin-make-dummy-cert-8ee41d4c6e9953ef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-RSA-PSS.7ossl.gz-8f3b76c59363aa11", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-PKEY-RSA.7ossl.gz-8f48b348d58b0ba4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-rand.1ossl.gz-8fecaeade48e90c2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-srp.1ossl.gz-90a4241bf68fbfff", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-life-cycle-mac.7ossl.gz-9198d6c05a6327fb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-MD-MDC2.7ossl.gz-91df02eaeecd459d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-PKEY-FFC.7ossl.gz-91f91d555a9103a8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-dsaparam.1ossl.gz-9317b3bdb7a401ee", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-openssl-glossary.7ossl.gz-9318266d310bb3cb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-rsa.1ossl.gz-93532361ae12ed8f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-openssl-env.7ossl.gz-93aca83efcab4231", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-openssl-core.h.7ossl.gz-9405b70229ad2c0a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...ossl-guide-libcrypto-introduction.7ossl.gz-9472f49a2146cbf3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-OSSL-PROVIDER-legacy.7ossl.gz-953494b038436cb6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-provider-decoder.7ossl.gz-95755bdbf4c35b87", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-openssl-NEWS.md-966b775465888454", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-CIPHER-BLOWFISH.7ossl.gz-975fffbcfac782eb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-bio.7ossl.gz-9850eedf46693151", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-ossl-store-file.7ossl.gz-98d38560381f1526", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-openssl-qlog.7ossl.gz-9c4dff099946523a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-ciphers.1ossl.gz-9fa5deb8729f3821", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-KDF-KRB5KDF.7ossl.gz-a0b6c5155090d47d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-life-cycle-cipher.7ossl.gz-a16275234016a655", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-PKEY-ML-KEM.7ossl.gz-a1e614a5bfcbaf8b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-ocsp.1ossl.gz-a261c7dda099b902", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-des-modes.7ossl.gz-a3f6b17683961d43", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-info.1ossl.gz-a5e8bff5370b1e19", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...ossl-guide-libraries-introduction.7ossl.gz-a90401c687aafd46", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-mac.1ossl.gz-aa1ee177b72ce245", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-s-time.1ossl.gz-aa543e4068d97fd5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-ct.7ossl.gz-ac109f4be4188339", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-MD-WHIRLPOOL.7ossl.gz-ac57a7fab3558da3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-prime.1ossl.gz-ac719cc39b9f9075", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-KEYEXCH-DH.7ossl.gz-ad000ecdfa943769", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-fips-module.7ossl.gz-ad74469e5bea331e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-provider-object.7ossl.gz-ad7650e90c02e7ae", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-smime.1ossl.gz-ae24ee67d5c58772", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-provider.7ossl.gz-afa96907b0c15332", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-SIGNATURE-ML-DSA.7ossl.gz-b03e6f64daabd092", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-crl2pkcs7.1ossl.gz-b0c8815f33b14bc9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-version.1ossl.gz-b3711aa9269af576", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-RAND.7ossl.gz-b4eb6556380b1ece", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-CIPHER-RC4.7ossl.gz-b5478fdde922a6c2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-ossl-guide-migration.7ossl.gz-b8889875fe5d8ccc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-provider-cipher.7ossl.gz-bb179cb5784643e0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-bin-openssl-bd9492321caa4c92", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-OSSL-STORE-winstore.7ossl.gz-c302d53de8a0a610", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-RAND-TEST-RAND.7ossl.gz-c358961d83fa600f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-SIGNATURE-HMAC.7ossl.gz-c5d017216849682d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-MAC-Poly1305.7ossl.gz-c9b816255fc03fd3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-pkcs8.1ossl.gz-cb358798958b3813", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-RAND-CRNG-TEST.7ossl.gz-cd89c7149d5b8519", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-dsa.1ossl.gz-ce4f9f095c302b35", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-CIPHER-ARIA.7ossl.gz-ceb0217c8a12470b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-CIPHER-CAMELLIA.7ossl.gz-cec6961786f8edc3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-openssl-ts.1ossl.gz-d07aedc7eebcf38f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-engine.1ossl.gz-d0e810fad76c8bcc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-CIPHER-RC5.7ossl.gz-d2e151662e06a92f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-EVP-KDF-SS.7ossl.gz-d2f4648fd31ce066", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-pkcs12.1ossl.gz-d3c869f45dc75e7e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-list.1ossl.gz-d40c4d74d5d2e19e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-EVP-MD-MD5.7ossl.gz-d51833fa2e124644", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-proxy-certificates.7ossl.gz-d9428be1cfec208f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-MAC-BLAKE2.7ossl.gz-d94a24d38f12eab7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-provider-keyexch.7ossl.gz-d99e42a25be30c76", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-provider-keymgmt.7ossl.gz-d9f36e6fed776f19", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-cmp.1ossl.gz-db2112de23468a3d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man1-openssl-format-options.1ossl.gz-dbad20590b337b0b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man7-OSSL-PROVIDER-default.7ossl.gz-dcfede4baf820cb0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-RAND-SEED-SRC.7ossl.gz-dda5f2f598756220", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...ossl-guide-quic-multi-stream.7ossl.gz-ddd66b78c7891cd8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-KEM-ML-KEM.7ossl.gz-dde1ad43ffe850f7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-cms.1ossl.gz-de726e601e08077c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-MAC-KMAC.7ossl.gz-e0ddeaa423d94e65", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-asn1parse.1ossl.gz-e35276299485df38", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-MD-SHA1.7ossl.gz-e6158bdeccf8b95c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-openssl-quic.7ossl.gz-e79d0b5e8522462e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-openssl-core-names.h.7ossl.gz-e7ef7561df01cdbd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-OSSL-PROVIDER-FIPS.7ossl.gz-e851d200f2c305dd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-MD-RIPEMD160.7ossl.gz-e9514150e59eddd1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-EVP-KEM-EC.7ossl.gz-eaf10019bfa53e6c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-MD-common.7ossl.gz-eb4659e903b52f95", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-pkeyparam.1ossl.gz-ec9aa26d671d3eac", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-RAND-JITTER.7ossl.gz-effd69c97c9344b7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...openssl-verification-options.1ossl.gz-f0d5b9184199c52b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-KDF-PBKDF2.7ossl.gz-f2ed5774c659335b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-openssl-gendsa.1ossl.gz-f4ae5a8c6162ab46", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-RAND-HASH-DRBG.7ossl.gz-f4cfffc2116f7bfe", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-life-cycle-digest.7ossl.gz-f7389995945cefc5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-PKEY-SM2.7ossl.gz-f8db2e7291900711", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-EVP-KDF-SCRYPT.7ossl.gz-fa7659be1bbaac1c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...ossl-guide-quic-server-non-block.7ossl.gz-fa9a2006ebdb8c1b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man7-EVP-CIPHER-IDEA.7ossl.gz-fab0ad695fe86de7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-pkeyutl.1ossl.gz-fba93cbf0804cffd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-...man-man1-openssl-fipsinstall.1ossl.gz-fcbe3b9c6ec15ddf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-EVP-RAND.7ossl.gz-fe9eae88652d3c8c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-langpacks-en-27488b456777ffc1", + "relatedSpdxElement": "SPDXRef-File-...org.fedoraproject.LangPack-en.metainfo.xml-66e657ce713db75b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsigsegv-2baa82c983b30582", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libsigsegv-COPYING-8c8375028cffb497", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsigsegv-2baa82c983b30582", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libsigsegv.so.2.0.6-9f3a8aed149de7d0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-file-libs-2bd21e0156fe2aa0", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libmagic.so.1.0.0-33e898c1f45c8cd6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-file-libs-2bd21e0156fe2aa0", + "relatedSpdxElement": "SPDXRef-File-usr-share-misc-magic-42849d310597b27b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-file-libs-2bd21e0156fe2aa0", + "relatedSpdxElement": "SPDXRef-File-usr-share-misc-magic.mgc-b8d036a3b338b686", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-file-libs-2bd21e0156fe2aa0", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-file-libs-COPYING-cb8e98a52ae7350a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libusbx-2f1e24780cfea663", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libusb-1.0.so.0.3.0-d1c85f195452933d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libusbx-2f1e24780cfea663", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libusbx-COPYING-fd14e35ef9e39d9a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libattr-304e2047f10e5c4f", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libattr.so.1.1.2501-37278abcf11da63d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libattr-304e2047f10e5c4f", + "relatedSpdxElement": "SPDXRef-File-etc-xattr.conf-43fea2a5407cf6a0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-librepo-32c854c70c4b9bc6", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-librepo-COPYING-bc06f97c1cdad90e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-librepo-32c854c70c4b9bc6", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-librepo-README.md-e47abad8b54b40c6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-librepo-32c854c70c4b9bc6", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-librepo.so.0-f90f9b325a9a1788", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-json-glib-32dc8d9385f596a8", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libjson-glib-1.0.so.0.600.6-b4b67fbfb5f5e23e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-json-glib-32dc8d9385f596a8", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-json-glib-COPYING-d6e3aa97877dce2f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-json-glib-32dc8d9385f596a8", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-Json-1.0.typelib-e43bb769482b55c9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-audit-libs-394eda196ea9cc18", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libaudit.so.1.0.0-3c3792c46b7bdb52", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-audit-libs-394eda196ea9cc18", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-libaudit.conf.5.gz-7b984e33ee9bdc53", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-audit-libs-394eda196ea9cc18", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libauparse.so.0.0.0-aa0cee721cb7084a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-audit-libs-394eda196ea9cc18", + "relatedSpdxElement": "SPDXRef-File-etc-libaudit.conf-ce2591a5f235263b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-audit-libs-394eda196ea9cc18", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-audit-libs-lgpl-2.1.txt-e3582f67f8651df5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-39edf0f240a77402", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libp11-kit.so.0.3.1-4b7e13d2d8bedc71", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-39edf0f240a77402", + "relatedSpdxElement": "SPDXRef-File-usr-bin-p11-kit-4c0fede68f0598f1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-39edf0f240a77402", + "relatedSpdxElement": "SPDXRef-File-...bash-completion-completions-p11-kit-8696c78b618bb236", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-39edf0f240a77402", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-p11-kit-COPYING-99f0b08099ad078a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-39edf0f240a77402", + "relatedSpdxElement": "SPDXRef-File-usr-libexec-p11-kit-p11-kit-remote-c12db9c09490c941", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libz.so.1.2.11-b19008fcaf37b79a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-zlib-README-c41400570a0ae433", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-librhsm-3bba3fa15b959901", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-librhsm-COPYING-4fa97c5130dd81dc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-librhsm-3bba3fa15b959901", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-librhsm.so.0-64b06586db1d77b9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-fips-provider-3f743355082e9e4b", + "relatedSpdxElement": "SPDXRef-File-...doc-openssl-fips-provider-README.md-a38d4d64727600bf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libmount-403e3b854fc89f1e", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libmount.so.1.1.0-93fe09231cb93279", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libmount-403e3b854fc89f1e", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libmount-COPYING-b5f96c6e00d259b3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libmount-403e3b854fc89f1e", + "relatedSpdxElement": "SPDXRef-File-...libmount-COPYING.LGPL-2.1-or-later-ebf52dcf4e87c111", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-keyutils-libs-4422e914738c17ef", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libkeyutils.so.1.10-09908bd891f4a1fb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-keyutils-libs-4422e914738c17ef", + "relatedSpdxElement": "SPDXRef-File-...licenses-keyutils-libs-LICENCE.LGPL-58e69df7e0409835", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-libexec-keyboxd-065c6ce3e216c867", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-libexec-gpg-check-pattern-0b538d4e3bdd8dca", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-libexec-gpg-wks-client-11a2f3793b9fe540", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-gnupg2-COPYING-227900176c400f3a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-libexec-gpg-preset-passphrase-23d7f71ae89b5434", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-applygnupgdefaults-2ec5b1c87fd0a215", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-libexec-scdaemon-354c42ab720de6f2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gpg-wks-client-3803513ccea114ad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-libexec-gpg-protect-tool-3cb192baafd3b531", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-bin-dirmngr-client-42ff3dedd2729016", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gpgconf-48073038849245c3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-libexec-gpg-pair-tool-52874dccfe95c831", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-bin-watchgnupg-5db6da7845914c87", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-bin-dirmngr-5f553a8203875941", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gpg-wks-server-600d18be0a1f4796", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-addgnupghome-602a7edba2b31626", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gpg-connect-agent-6b17a25ebe568098", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gpg-card-7ae425cfbef4d3db", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gpgsplit-8b767435cc79702c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gpgtar-b5acc177f3d31ff8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-libexec-dirmngr-ldap-c34070cd9804459e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gpgv-d48dfdfee64bde22", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-g13-syshelp-e199d7c82c646f70", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-bin-g13-e30dfe11fd680ba9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gpgparsemail-e5adbfb76fdfb396", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gpg-ea18bc9bca18857f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-share-gnupg-distsigkey.gpg-eacb78f0177ac6e1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gpg-agent-f678176067e0b9ee", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-...share-gnupg-sks-keyservers.netCA.pem-fadfa2cc594e6ac1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-subuid.5.gz-00e8e8122abacd21", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-chpasswd-0318fa63a12c4a45", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-usermod.8.gz-03871e262f623541", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-vipw-04c372714feedfa3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-chpasswd.8.gz-04f2af066de0b149", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-groupmems-0c8befd445f256b3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-pwunconv.8.gz-1fac9ba21322fcea", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-vigr.8.gz-20916f2b078a8aad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-login.defs.5.gz-24816b3267972eed", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-groupdel-2556d4cc0a065d36", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-shadow-utils-README-27ac861c1eb25c36", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-bin-newuidmap-2c3538d1f4b313d8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-pwck-3989eec5a7cefa6c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-newusers.8.gz-3a93c2921610e609", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-etc-default-useradd-3bc0077c49d2950e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-usermod-4848c9705b78b970", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-etc-login.defs-4bbbca48a63a9a75", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-shadow.5.gz-4ca44dad5b6c5e5e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-newgidmap.1.gz-593678eff8e8e760", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-subgid.5.gz-5b7163d7c563855f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-userdel.8.gz-5bfd1be1aabee033", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man3-shadow.3.gz-627e139f8f6ad642", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-userdel-687b78fb392028b5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-groupadd-74be897ab6c1efcb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-gshadow.5.gz-7780f82722a193f9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-useradd.8.gz-7f383931a464767c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-groupmems.8.gz-7fecc962fc876f80", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-shadow-utils-HOWTO-819bee19751e8fbd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-useradd-84bb3257aae64297", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-pwunconv-8568fb8ca2582731", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-chgpasswd.8.gz-8c6e70c8073dd743", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-...licenses-shadow-utils-gpl-2.0.txt-8dd999a0604f6b53", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-bin-newgrp-931f29023ddf6706", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-groupdel.8.gz-9339aac8feecce6d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-...licenses-shadow-utils-shadow-bsd.txt-99084efb9a55b6ee", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-groupmod.8.gz-aaf3bf68249c31a2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-grpconv-ab69700c9a4b85fc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-shadow-utils-NEWS-acd3a81b3ac2b9e0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-grpck-b6b95802760806da", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-lastlog.8.gz-bf13bb4fc87a4e51", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-gpasswd.1.gz-c71bfad7a3472fb5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-grpunconv-c73f0ac2f71e5768", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-groupadd.8.gz-c8eef5d64160aec3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-grpconv.8.gz-c95c777efd3b33f0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-groupmod-cc64b9fa91010ff6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-bin-chage-ccd7ed3375247fe5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-pwconv.8.gz-cdbe43f9ded41de2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-newgrp.1.gz-ce4cf1b303e1f5e7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-bin-newgidmap-cee3d27dbb7a4d8c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-bin-lastlog-d4005ba7fec7534c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-pwck.8.gz-d666a7310157583d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-chage.1.gz-de4502809ef1a91e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-grpunconv.8.gz-e7c59d719c145ebe", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-newuidmap.1.gz-eaaa7709f2e3bb87", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gpasswd-ec72e729f0fd3a67", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-pwconv-ec97b8fc62a55343", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-chgpasswd-f33afab34bceebb1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-grpck.8.gz-f6867945d3c955d1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-sg.1.gz-f7f5f5ee42ed5718", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-newusers-f90e01085c96de5d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-vipw.8.gz-fbfd1d356eb4ddb3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libtasn1-4fbfd80d85bb460e", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-libtasn1-COPYING.LESSER-14d6b8c8ff89b95e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libtasn1-4fbfd80d85bb460e", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libtasn1-COPYING-88e2e21ed60c85a1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libtasn1-4fbfd80d85bb460e", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-libtasn1-AUTHORS-8b10aaeddcc8bbd0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libtasn1-4fbfd80d85bb460e", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-libtasn1-NEWS-a2c8b5224135e21a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libtasn1-4fbfd80d85bb460e", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libtasn1.so.6.6.0-a7aebe099275d13d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libtasn1-4fbfd80d85bb460e", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libtasn1-LICENSE-d00550d0a2acf914", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libtasn1-4fbfd80d85bb460e", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-libtasn1-README.md-e96158079ca16b1c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-trust-546bedf3e2fa6b85", + "relatedSpdxElement": "SPDXRef-File-...libexec-p11-kit-trust-extract-compat-7ef56425a25f608f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-trust-546bedf3e2fa6b85", + "relatedSpdxElement": "SPDXRef-File-usr-bin-trust-b8e48c126ab0bfb8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-trust-546bedf3e2fa6b85", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-pkcs11-p11-kit-trust.so-d6f9cc0f25c163fa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-trust-546bedf3e2fa6b85", + "relatedSpdxElement": "SPDXRef-File-...p11-kit-modules-p11-kit-trust.module-e99e8977d610e2df", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-trust-546bedf3e2fa6b85", + "relatedSpdxElement": "SPDXRef-File-...bash-completion-completions-trust-f977a337241b88a6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gmp-5530ff7e4715e8b5", + "relatedSpdxElement": "SPDXRef-File-...lib64-fipscheck-libgmp.so.10.4.0.hmac-3e384d933fad624e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gmp-5530ff7e4715e8b5", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-gmp-COPYING-4d97ae3ae35a9c5a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gmp-5530ff7e4715e8b5", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-gmp-COPYING.LESSERv3-6eabae886edadff7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gmp-5530ff7e4715e8b5", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgmp.so.10.4.0-76096f929a097db2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gmp-5530ff7e4715e8b5", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-.libgmp.so.10.4.0.hmac-ef5630fdf7377aa2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gmp-5530ff7e4715e8b5", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-gmp-COPYINGv3-f8649341444163e6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gmp-5530ff7e4715e8b5", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-gmp-COPYINGv2-f92ef671d1cffb18", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-HK-LC-TELEPHONE-016345ea3b4fbc1e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU-LC-PAPER-02257acfd818616a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-CA.utf8-LC-MONETARY-0534dc3d0fb74b3b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IE-euro-LC-MONETARY-07257989d347eea8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-SG-LC-IDENTIFICATION-07d997f9a0fe5fe4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-NZ.utf8-LC-TELEPHONE-07ef2d1b3dfe929b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-GB-LC-MONETARY-087a30a47e7d2808", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-HK.utf8-LC-TELEPHONE-087d554a60a9e9a2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-PH.utf8-LC-ADDRESS-0894711dce7ba59b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-PH-LC-MONETARY-0a30e333053051f6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...en-GB.iso885915-LC-IDENTIFICATION-0be7d3b586c46105", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IE-euro-LC-NAME-0bedf070662f6eed", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IN-LC-ADDRESS-0c56452f190f5e2a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-CA-LC-TIME-0d602d287c631d2a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AG-LC-PAPER-0dc3369aa146566b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-NG-LC-IDENTIFICATION-0ed734304b626d51", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...lib-locale-en-US.iso885915-LC-PAPER-0ed8db47d526c931", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...en-CA-LC-MESSAGES-SYS-LC-MESSAGES-11ad1e501ff5a517", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-GB.iso885915-LC-TELEPHONE-131228cffbc275be", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IE-euro-LC-TIME-14542e0fa508d94c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZM-LC-IDENTIFICATION-14bc4f957f460b86", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-DK-LC-NUMERIC-1564dba6a452deef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-DK.utf8-LC-MONETARY-16a3dbb47e4b6133", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-PH.utf8-LC-TELEPHONE-1716f766099ad74e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZA-LC-MONETARY-18560ae915b36da4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-DK.utf8-LC-IDENTIFICATION-19819003d8ead48e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-US.utf8-LC-TELEPHONE-1dd0186f52f33e01", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-CA.utf8-LC-ADDRESS-1e13f4e55de245d4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-SC.utf8-LC-IDENTIFICATION-1e4c3c1d973b97f9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU.utf8-LC-TELEPHONE-1f464d6eeb356353", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZW-LC-ADDRESS-20b5a44a773db525", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZA-LC-ADDRESS-259d2fc8e938cfdc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-NZ.utf8-LC-MONETARY-26db2509eb130a1d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-SC.utf8-LC-MONETARY-2c8f934a6186475f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-SG.utf8-LC-ADDRESS-2cb886fdfb3311d8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IE-LC-IDENTIFICATION-3481bc602338f6bc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-GB.utf8-LC-TELEPHONE-38223e6d17b74cc4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-BW.utf8-LC-IDENTIFICATION-385eb7ca2b5df1db", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZW-LC-MONETARY-399b97a713de04e5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IE-LC-MONETARY-3a971696e0257f4b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-CA-LC-TELEPHONE-3b774200efaaa5a3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-GB.utf8-LC-IDENTIFICATION-3c3157b9737f6049", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-HK.utf8-LC-MONETARY-3cd8731281643bb5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-US-LC-ADDRESS-3efb6f9baf7aa9bc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU-LC-MEASUREMENT-3f4b0a2e212ca8f0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU-LC-TIME-3fa74a4ea1c7fe73", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-IE-euro-LC-IDENTIFICATION-40007b730202332e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-NZ.utf8-LC-IDENTIFICATION-4030524a87104fd1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-NZ-LC-MONETARY-41102a2b1e61867a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-BW.utf8-LC-ADDRESS-4165522a6a93fb52", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...en-DK-LC-MESSAGES-SYS-LC-MESSAGES-43377cb0de103532", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-US.iso885915-LC-TELEPHONE-443e0595cd752ddb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-US.utf8-LC-MONETARY-4501793c1c85d97e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU-LC-ADDRESS-4579654fe5e2062d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-SG-LC-MONETARY-45bb161855a3bc8a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-BW-LC-TELEPHONE-46a2402991369690", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-DK.utf8-LC-ADDRESS-47048e5e680f4587", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZA-LC-TELEPHONE-485db2c8d2fb8138", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AG-LC-MONETARY-4aa127ec7276729a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZA.utf8-LC-NAME-4b970ae23ba68900", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU-LC-NAME-4cc2957527bb1e76", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-CA-LC-ADDRESS-4e0b9ca36bc71db2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-HK-LC-NAME-4fad18e9f1f34949", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-CA-LC-PAPER-50fae05699f85bc0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-GB.iso885915-LC-TIME-5256e0f5d831158a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IL-LC-ADDRESS-53a775065e12e26e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZW-LC-TELEPHONE-547f2986d3ed7982", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AG-LC-ADDRESS-5736fecaa205a84a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...en-DK.utf8-LC-MESSAGES-SYS-LC-MESSAGES-5767a909fb45a626", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-US-LC-TELEPHONE-5cbf057679313401", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-PH.utf8-LC-TIME-5cc21ea06b49b59b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-DK-LC-TIME-5dc58b5b9c05615e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-US-LC-IDENTIFICATION-5e00798fd370e07c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-CA-LC-IDENTIFICATION-5e906942ffbc22ef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU.utf8-LC-TIME-5eb6f052fdcfeb64", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZA-LC-IDENTIFICATION-5f6ea0b28b89f843", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU-LC-IDENTIFICATION-622ce1883f901aaa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AG-LC-IDENTIFICATION-6250bcdea8ac266f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-SC.utf8-LC-TELEPHONE-63ebf25a5df506e5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-DK.utf8-LC-TIME-648b8f4491ceb0cf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-BW-LC-TIME-6504c999649c2c74", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-SG-LC-TIME-6528a473bcf2bdad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-GB-LC-NAME-660be2e6c4fdd627", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-ZA.utf8-LC-IDENTIFICATION-676a0168a2d88433", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-GB-LC-TELEPHONE-6789fad1f0696709", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU.utf8-LC-NAME-680d915f9f7beadd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-GB-LC-TIME-687713fa2fab73f4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-BW.utf8-LC-MONETARY-68c2a41d3a42213a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-DK.utf8-LC-NUMERIC-69116ebb76b98b3e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IL-LC-IDENTIFICATION-69516bff7e8fe0b1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-GB.iso885915-LC-NAME-6b33d60371bcefe8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-NZ-LC-TELEPHONE-6d52427e28cb797b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AG-LC-NUMERIC-6da63bba4b634c31", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-BW-LC-MONETARY-6dcc0570c216e03b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-NG-LC-TELEPHONE-6dd9f48f9cc7324a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IE.utf8-LC-TIME-6e41a6411c90aee3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-HK-LC-NUMERIC-6e606d6a2b91f0ad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IN-LC-NUMERIC-6f7db9001d123721", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...lib-locale-en-GB.iso885915-LC-NUMERIC-6f957c50a76c70a2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IN-LC-TELEPHONE-6fa5d65ad06c31be", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-PH-LC-ADDRESS-70681bb5f4f5447d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZW-LC-IDENTIFICATION-72605f986b13ca3d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-SG-LC-ADDRESS-72f7d7071b21f622", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IL-LC-TIME-72f8044f4347f883", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-ZW.utf8-LC-IDENTIFICATION-736190675d602bfa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-CTYPE-74a5b79731824b85", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-PH-LC-IDENTIFICATION-75f6b1f3c8801c49", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-DK-LC-ADDRESS-763253821f540b9a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-PH.utf8-LC-IDENTIFICATION-768f1f699be33ce4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AG-LC-MEASUREMENT-76c4882206ff7296", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...en-AU-LC-MESSAGES-SYS-LC-MESSAGES-782ac26529b02d79", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-GB.utf8-LC-TIME-7a8af1ed46dd9f8c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IE-euro-LC-ADDRESS-7c2897b0b8b017d7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-GB.utf8-LC-MONETARY-7e55c4da2785d9b9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-GB-LC-IDENTIFICATION-803e68723aa983bc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IE-euro-LC-TELEPHONE-809dd48a69e97c62", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-SG.utf8-LC-TELEPHONE-83a4c7883cb4c2ba", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-NZ-LC-ADDRESS-84346be3b5ef9b58", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZA.utf8-LC-MONETARY-84e242430eb68221", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-US-LC-MEASUREMENT-84ef38a699af04be", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-CA.utf8-LC-IDENTIFICATION-8591b67cf420ee02", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-PH-LC-NAME-881f30e3fe440357", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZW.utf8-LC-ADDRESS-884bc5fb76a01df8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...en-CA.utf8-LC-MESSAGES-SYS-LC-MESSAGES-88501f138668e3e3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IN-LC-MONETARY-8946a994e6c14dd9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZA.utf8-LC-TELEPHONE-89ef152397566e74", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-PH.utf8-LC-NAME-8a27c11a8a706d8a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-US.iso885915-LC-MEASUREMENT-8a8b42f36b9b8207", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IE.utf8-LC-ADDRESS-8b33184254ae6925", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-US.iso885915-LC-TIME-8b4ee97f654cfb3c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AG-LC-TELEPHONE-8f4f44e4835c3a73", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-IE.utf8-LC-IDENTIFICATION-8f90cf55604a5833", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-HK-LC-ADDRESS-9147bdfb83baaa78", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZW.utf8-LC-MONETARY-926d6657b61c9339", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IE.utf8-LC-TELEPHONE-9427f51900d8d63a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...lib-locale-en-US.iso885915-LC-MONETARY-94a7ade69d58bff6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...LC-MESSAGES-SYS-LC-MESSAGES-95dc35df297b0e5a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IN-LC-IDENTIFICATION-96936d9ae77b6b26", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU.utf8-LC-MONETARY-974130794f3b583f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-NG-LC-TIME-974cb428e9efd99c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU-LC-NUMERIC-9782bb361b4231ac", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZM-LC-ADDRESS-9981640786333366", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-DK-LC-TELEPHONE-9a4111aa70462d0a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-CA.utf8-LC-COLLATE-9c6cdd46d7063a23", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-HK.utf8-LC-NAME-9c721d319e583619", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-GB-LC-ADDRESS-9cb0c3f864e39d7d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-US-LC-MONETARY-a13db4d8922902a7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...lib-locale-en-GB.iso885915-LC-CTYPE-a17169af35cc9326", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZM-LC-MONETARY-a2a19081abee02b8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-HK.utf8-LC-ADDRESS-a2ba436862b4c3c9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-HK.utf8-LC-IDENTIFICATION-a41b1715d686046c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-SC.utf8-LC-ADDRESS-a4934c5939380028", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IE-LC-ADDRESS-a657e0e2c72e745a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-SG.utf8-LC-IDENTIFICATION-a737b8e0cb054ea5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZA-LC-NAME-a876f6dda47cbcc0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZM-LC-TIME-a96471caf25b4001", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-PH.utf8-LC-MONETARY-a9e5728cddaab742", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...lib-locale-en-GB.iso885915-LC-MONETARY-ac0f215e0c0a19f5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZM-LC-TELEPHONE-ae9324f13db8978d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-NG-LC-MONETARY-affc307a88d5ffb0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-SG-LC-TELEPHONE-b08038c6338b8aaf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-GB.utf8-LC-ADDRESS-b311c3d3b34dcedf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-NZ-LC-IDENTIFICATION-b6a8d8476886d50c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...en-ZM-LC-MESSAGES-SYS-LC-MESSAGES-b707b4d2a6ef1129", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AG-LC-COLLATE-b7fdb8e1cc4478ff", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-CA.utf8-LC-PAPER-bae8bf6c7a730366", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...lib-locale-en-US.utf8-LC-MEASUREMENT-bc8f80fad7ae69a1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZW.utf8-LC-TELEPHONE-bde3bec97649a8ef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-HK.utf8-LC-TIME-bef7f4538e099681", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-BW.utf8-LC-TIME-bfaf25a4fb40dc8f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...lib-locale-en-GB.iso885915-LC-PAPER-bfda0b536a3e99ef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-AU.utf8-LC-IDENTIFICATION-bfea4ce3ba74bdeb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AG-LC-NAME-c0f9fe8472cd70dd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...en-US.iso885915-LC-IDENTIFICATION-c1473b99cc79f35d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU-LC-MONETARY-c1e5d83ac54e0817", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AG-LC-TIME-c2f201c1032e0240", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-HK-LC-TIME-c831e9a251cf8488", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-CA-LC-MONETARY-c86ca3a145e632c3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-NZ.utf8-LC-ADDRESS-c99cb163821c1258", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-US-LC-TIME-ce57b3ad6cf33a38", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-GB.iso885915-LC-MEASUREMENT-d12bc318303a114d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU.utf8-LC-ADDRESS-d3b5eec6478e6b93", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-DK-LC-IDENTIFICATION-d4ba241ccd0a78e0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-BW-LC-ADDRESS-d530bfc779b8307b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...en-AG-LC-MESSAGES-SYS-LC-MESSAGES-d567e3219baf5464", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-NG-LC-ADDRESS-d5da6b7330821348", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-HK-LC-MONETARY-d6412a0d6661438e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-BW-LC-IDENTIFICATION-d6bbe8bd06422fa4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...lib-locale-en-GB.iso885915-LC-COLLATE-d81fac72cfcec764", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...lib-locale-en-US.iso885915-LC-ADDRESS-da911527e3f13369", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-ZA.utf8-LC-ADDRESS-dc3dd19625a60d97", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU-LC-TELEPHONE-dccacb9cf76e809c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-PH-LC-TELEPHONE-e02fb9f51f91e081", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-SG.utf8-LC-TIME-e1a4cdd347d804d0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...lib-locale-en-GB.iso885915-LC-ADDRESS-e26d1e58e38fc335", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IE-LC-TELEPHONE-e2e8cbd2f42860b0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU-LC-COLLATE-e30f4ca4aab12940", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IE.utf8-LC-MONETARY-e4e3ef91e2d6537d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IN-LC-TIME-e55a1736aab009ee", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-CA-LC-COLLATE-e68b7ef714eb5304", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IE-LC-TIME-e73c68dea9ebd6c3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IL-LC-TELEPHONE-ea26208b08f108be", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-BW.utf8-LC-TELEPHONE-ef62cd45a6099251", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-PH-LC-TIME-f0545fa0cad8c392", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-HK.utf8-LC-NUMERIC-f079b2527f88b717", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-...locale-en-US.utf8-LC-IDENTIFICATION-f0ae05c7c5252d2e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-DK-LC-MONETARY-f18f06f51704cd09", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-HK-LC-IDENTIFICATION-f1903afcd8474e29", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-US.utf8-LC-ADDRESS-f261aef256ecbb61", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-AU-LC-CTYPE-f3334cd6d5a4e692", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-US.utf8-LC-TIME-f3bec4ff8fe53568", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-IL-LC-MONETARY-f470afd6fecb1c57", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-DK.utf8-LC-TELEPHONE-f6c24750a9f85cd6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-SG.utf8-LC-MONETARY-f75c76c71ceede8c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-en-CA.utf8-LC-TIME-fd5ce8b428ca3c7e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libdnf-plugins-README-2a53cced56358980", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-libdnf-README.md-2f93b603c0f10ccc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-libdnf-AUTHORS-5cf0045bda65895b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libdnf.so.2-b392fb15dd7ac667", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libdnf-COPYING-b8f10c1a6f677c7e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-services-06f9f967b38cdb1b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-profile-09d562b678f1e99d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-gshadow-0d2d3ea44fec0394", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-shadow-14b36bc2e9d50e6f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-group-17f0452d88c35045", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-hosts-22e48b3787fe754f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-aliases-2ccdba2d440270fd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-profile.d-csh.local-309e9a859538dede", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-ethertypes-3fdd477d017dfa61", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-bashrc-4214e7ba484a297f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-subuid-45437c0792f4c201", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-subgid-4765190f6febf036", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-shells-4af50e7c341ae36f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-inputrc-59b11299ce6d190a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-setup-COPYING-5b9e86a686ed2319", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-passwd-645eceef84258f08", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-csh.login-6a0e82cf1b36536f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-host.conf-771749e6b4b96062", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-networks-778fd3cc081fcb4b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-run-motd-7957bae02b1bafd1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-profile.d-lang.csh-8749be7a28c9df79", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-protocols-8f747ea6b704da50", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-environment-93adb1065f80dba5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-dnf-protected.d-setup.conf-baeeddada1c5c95f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-exports-bd8b17f97c934a0e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-usr-lib-motd-c84b226abccf7d4b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-motd-ce2b6455c3786791", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-usr-lib-tmpfiles.d-setup.conf-db4305a1b2dc79a9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-printcap-de86f0e21726089b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-csh.cshrc-e97d4e379ab1245e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-profile.d-lang.sh-ecd59c27c4d0b4cf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-profile.d-sh.local-f729120a91b21aad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-etc-filesystems-fce3874eeffc9682", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-mtree.5.gz-31b68411d055e59a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libarchive-COPYING-43476dfef7297d78", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-tar.5.gz-6cc990701a0483cf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-cpio.5.gz-93c93a8b98729a8e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libarchive.so.13.5.3-9b76edb27d874f0d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-libarchive-README.md-d445ce13fbbc3dfd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-libarchive-NEWS-f244dcf2fc44b61b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libidn2-6a3c1818891dac67", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libidn2-COPYINGv2-1d089c70e8b5b492", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libidn2-6a3c1818891dac67", + "relatedSpdxElement": "SPDXRef-File-...licenses-libidn2-COPYING.LESSERv3-8394e4bdb23fc3ec", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libidn2-6a3c1818891dac67", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-libidn2-COPYING.unicode-9216d49d4ce2eff9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libidn2-6a3c1818891dac67", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libidn2-COPYING-b8438551fa0dad99", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libidn2-6a3c1818891dac67", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libidn2.so.0.3.7-f25c4208eeb070b6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...ca-trust-extracted-edk2-cacerts.bin-0015d10e62088f4c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Actalis-Authentication-Root-CA.pem-0582c63d360ee85d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...pem-directory-hash-ISRG-Root-X2.pem-079c21d9907f9cfd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...IdenTrust-Public-Sector-Root-CA-1.pem-07a27c099fae9123", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-Amazon-Root-CA-1.pem-09545d087772de76", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...GlobalSign-Root-CA---R6.pem-0ac3ffc119e413fa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-etc-pki-ca-trust-extracted-java-README-0b4db8d1d6ef42ec", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Starfield-Root-Certificate-Authority---G2.pem-0ba8180fa6f35a3e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...pem-directory-hash-GTS-Root-R1.pem-0f1557987e632aa7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Hellenic-Academic-and-Research-Institutions-RootCA-2015.pem-13f76655123400bf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Autoridad-de-Certificacion-Firmaprofesional-CIF-A62634068.pem-14f7f0a29e08b2ce", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...ePKI-Root-Certification-Authority.pem-150c1fcead3a7969", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Microsec-e-Szigno-Root-CA-2009.pem-16cb119ab1193d7c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...TrustAsia-Global-Root-CA-G3.pem-16f766edb35bbce4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-QuoVadis-Root-CA-3.pem-17b9d60e0e1b35df", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Security-Communication-RootCA2.pem-17d06a4ad7f9687a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...AffirmTrust-Networking.pem-182fdfb202e298d5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...extracted-openssl-ca-bundle.trust.crt-1927e8c59b24fe60", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...pem-directory-hash-Izenpe.com.pem-193a2581250f135d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Certum-Trusted-Root-CA.pem-1a3ccf2e951b28df", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Sectigo-Public-Server-Authentication-Root-R46.pem-1d227a39ec963bc2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...D-TRUST-Root-Class-3-CA-2-EV-2009.pem-1e18b66e6564af0a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...SSL.com-EV-Root-Certification-Authority-RSA-R2.pem-1e55eed924243527", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...DigiCert-Assured-ID-Root-CA.pem-1f640a80eae5d75b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-vTrus-ECC-Root-CA.pem-1fe092df0653a342", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-etc-pki-tls-ct-log-list.cnf-21294e0d0b121cda", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...OISTE-WISeKey-Global-Root-GB-CA.pem-227a51e35002cabe", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...CommScope-Public-Trust-ECC-Root-02.pem-2394e5f517192d0e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-Certainly-Root-E1.pem-23b3a0ffd6f381af", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...CommScope-Public-Trust-RSA-Root-01.pem-27274b78fdb5b66a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-Certainly-Root-R1.pem-2af87fae7d870d72", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-GlobalSign-Root-R46.pem-2c52da743358feab", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Telekom-Security-TLS-ECC-Root-2020.pem-2cd277574bf2ef9e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Microsoft-ECC-Root-Certificate-Authority-2017.pem-2f1754af535cdc5d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...SSL.com-Root-Certification-Authority-ECC.pem-30ef2bfd0f1a0e58", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...pki-ca-trust-extracted-java-cacerts-32c35a9235c07703", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Microsoft-RSA-Root-Certificate-Authority-2017.pem-353e4439f2dd7f41", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...D-TRUST-Root-Class-3-CA-2-2009.pem-37231c1c1b691ada", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...ca-bundle.legacy.disable.crt-3759503d470d31ea", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-usr-share-pki-ca-trust-source-README-385bef3e509708fa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...NetLock-Arany--Class-Gold--F--tan--s--tv--ny.pem-39143e0586bda8fb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Go-Daddy-Root-Certificate-Authority---G2.pem-3952cf141f7a7988", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...pem-directory-hash-vTrus-Root-CA.pem-3cbd859f9017a22b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...pem-directory-hash-GTS-Root-R3.pem-3de4fa7dcd29bf21", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...emSign-ECC-Root-CA---C3.pem-3e0c91ae1e25cc84", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Entrust-Root-Certification-Authority.pem-4075c56de1d4abc7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Entrust-Root-Certification-Authority---EC1.pem-413fb225936be2cf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-Secure-Global-CA.pem-45839436149b96de", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...QuoVadis-Root-CA-3-G3.pem-47f5221ea947fdb1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-HiPKI-Root-CA---G1.pem-48be61ae1c21cf77", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...OISTE-WISeKey-Global-Root-GC-CA.pem-4970fec0edea6086", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...TUBITAK-Kamu-SM-SSL-Kok-Sertifikasi---Surum-1.pem-49990674bf8a8995", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...emSign-ECC-Root-CA---G3.pem-4a0e3fa71c05dd54", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...pem-directory-hash-ISRG-Root-X1.pem-4ae49a9e734148b6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Atos-TrustedRoot-Root-CA-RSA-TLS-2021.pem-50a066f8ec10e833", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-certSIGN-Root-CA-G2.pem-51636301020480a2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...DigiCert-TLS-ECC-P384-Root-G5.pem-530a86f1b4192055", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Atos-TrustedRoot-2011.pem-561baef31372130f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...HARICA-TLS-RSA-Root-CA-2021.pem-591a41db9b79af5d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-etc-pki-ca-trust-ca-legacy.conf-59abd7dfd624e787", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...DigiCert-TLS-RSA4096-Root-G5.pem-5ae379d9c156a3ef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...SSL.com-TLS-ECC-Root-CA-2022.pem-5d8a2d8699ed9ee4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-usr-bin-update-ca-trust-5ee359e70fde1643", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-Amazon-Root-CA-3.pem-62810776df7db742", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-GlobalSign-Root-E46.pem-62bdfcdf58cd874c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...SecureSign-Root-CA15.pem-642256529f0ff6ab", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-Certum-EC-384-CA.pem-656c280d47bd952e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Trustwave-Global-ECC-P256-Certification-Authority.pem-65cf00dde68b5145", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...D-TRUST-BR-Root-CA-2-2023.pem-671ef7876e00725f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-QuoVadis-Root-CA-2.pem-677e7b3acd57270a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...ca-bundle.legacy.default.crt-68b4d5db7e9b5c5e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...COMODO-RSA-Certification-Authority.pem-68df5c1193377790", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...TeliaSonera-Root-CA-v1.pem-6a975a110e918ef8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-GLOBALTRUST-2020.pem-6d32fab6df045544", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...IdenTrust-Commercial-Root-CA-1.pem-6dfd0beaa799ad0e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Certum-Trusted-Network-CA-2.pem-6eb5b07c16b5c623", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...T-TeleSec-GlobalRoot-Class-3.pem-70d5705ef7765b89", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-AffirmTrust-Premium.pem-71894ac0e3522f7c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...pem-directory-hash-CFCA-EV-ROOT.pem-73f4503d64a66d9a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...AffirmTrust-Premium-ECC.pem-744baa7aa5e8d192", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-UCA-Global-G2-Root.pem-74985de09ec98764", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...TWCA-Root-Certification-Authority.pem-7753c8e8ea6b2b66", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Atos-TrustedRoot-Root-CA-ECC-TLS-2021.pem-78447ed4edd2842a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...GlobalSign-ECC-Root-CA---R4.pem-79585666e0964d2e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...HARICA-TLS-ECC-Root-CA-2021.pem-7b1cb270c9065cd2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...D-TRUST-BR-Root-CA-1-2020.pem-7bc3fbae8531dfa6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-etc-pki-ca-trust-extracted-pem-README-7d7490fa611754ad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...DigiCert-Global-Root-G2.pem-81c2c135a68d29f4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-Telia-Root-CA-v2.pem-81eb54b3f8a738b9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Buypass-Class-3-Root-CA.pem-85bd2ba5b1ebf7e9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-TunTrust-Root-CA.pem-89aa76251ced5286", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...DigiCert-High-Assurance-EV-Root-CA.pem-8e9fafe6e242e811", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...AffirmTrust-Commercial.pem-8ec53f46a05edb5f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...DigiCert-Global-Root-CA.pem-91233860774a931b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-etc-pki-ca-trust-extracted-README-91b647bbbba6deb5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...COMODO-Certification-Authority.pem-940ffac4f8480d15", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-ca-legacy.8.gz-979f7169936e88d6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...SSL.com-Root-Certification-Authority-RSA.pem-98bc80b97ed6f71e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...GlobalSign-Root-CA---R3.pem-9bf39454af476ddf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...CommScope-Public-Trust-RSA-Root-02.pem-9d9e9158a6244e83", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-etc-pki-ca-trust-extracted-edk2-README-9fa29831a822e32d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-etc-pki-tls-openssl.cnf-a07cb8e47e12414f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...AC-RAIZ-FNMT-RCM-SERVIDORES-SEGUROS.pem-a1ad3775f61392a3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Hellenic-Academic-and-Research-Institutions-ECC-RootCA-2015.pem-a1ff587af407dfb7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...SecureSign-Root-CA14.pem-a3595503d07fec00", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Certum-Trusted-Network-CA.pem-a4045bf2b74d58b0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...SSL.com-TLS-RSA-Root-CA-2022.pem-a56ebf7e9a40fb59", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...FIRMAPROFESIONAL-CA-ROOT-A-WEB.pem-a6a99cfab1fecb9b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...pem-directory-hash-GTS-Root-R4.pem-a7d187c4307ab11e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...USERTrust-ECC-Certification-Authority.pem-a814f6702809f1e3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Trustwave-Global-ECC-P384-Certification-Authority.pem-a8c2e1a2264357bd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...extracted-pem-tls-ca-bundle.pem-a9b76305742edafb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-Amazon-Root-CA-4.pem-aa7d9b28187b65d2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Trustwave-Global-Certification-Authority.pem-ab7f88149ec866dc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-AC-RAIZ-FNMT-RCM.pem-ae69d9be7bd46a62", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...TrustAsia-Global-Root-CA-G4.pem-afc79d5859e4f1d4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...CommScope-Public-Trust-ECC-Root-01.pem-b03b81b90f9917f2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-Certigna-Root-CA.pem-b0bfd10354716753", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...D-TRUST-EV-Root-CA-2-2023.pem-b14405cc33922027", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...share-man-man8-update-ca-trust.8.gz-b63a0a7b01d148eb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...pem-directory-hash-GTS-Root-R2.pem-b83f8e631682a492", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-Amazon-Root-CA-2.pem-b94eaca0dedd811c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...extracted-pem-objsign-ca-bundle.pem-b9b3c747a4031e46", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Security-Communication-ECC-RootCA1.pem-bd5228ada8121d91", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...DigiCert-Trusted-Root-G4.pem-bdc8668c4b51e731", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...TrustAsia-TLS-RSA-Root-CA.pem-bdced0d08b9f3b29", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-etc-pki-ca-trust-source-README-bdf32f5d5416ab16", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...ca-bundle.trust.p11-kit-c045464a7d75f70d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Sectigo-Public-Server-Authentication-Root-E46.pem-c2d37f13fff878bb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...DigiCert-Global-Root-G3.pem-c6f78a73469f9f35", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...pki-ca-trust-extracted-openssl-README-c75545382b15487f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...pem-directory-hash-SZAFIR-ROOT-CA2.pem-c7ae26ddbcb34411", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Telekom-Security-TLS-RSA-Root-2023.pem-c89156f9c954187b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...QuoVadis-Root-CA-1-G3.pem-c954bd9a6a034eae", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...BJCA-Global-Root-CA2.pem-cb569fa58f58ac94", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...TrustAsia-TLS-ECC-Root-CA.pem-cbca403cefeaf0aa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-etc-pki-ca-trust-README-cc1dd49bb25490aa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...SSL.com-EV-Root-Certification-Authority-ECC.pem-ce2bebc2a583aca5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-certSIGN-ROOT-CA.pem-cf78c0304a8231d0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...BJCA-Global-Root-CA1.pem-d158af0f907a075a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...ANF-Secure-Server-Root-CA.pem-d361bb2407bda534", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Buypass-Class-2-Root-CA.pem-d49d21277e12004a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...GDCA-TrustAUTH-R5-ROOT.pem-d4c5db59ee201691", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...COMODO-ECC-Certification-Authority.pem-d65a8a096859eeaa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-emSign-Root-CA---G1.pem-d6f8ea519d12a481", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-TWCA-CYBER-Root-CA.pem-d72a35ab6edac53b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...GlobalSign-ECC-Root-CA---R5.pem-d9444c634712dee5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...D-TRUST-EV-Root-CA-1-2020.pem-d968bac0a3f46c58", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...NAVER-Global-Root-Certification-Authority.pem-dc13bf6b2a6e2b69", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...SecureSign-Root-CA12.pem-dc3665da59955d9a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...extracted-pem-email-ca-bundle.pem-decd17b619f52264", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...SwissSign-Gold-CA---G2.pem-e413eb82e4aedb71", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...SwissSign-RSA-TLS-Root-CA-2022---1.pem-e4e29ef2803ed609", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Entrust-Root-Certification-Authority---G2.pem-e633bee8f313f043", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-CA-Disig-Root-R2.pem-e7307252140f3444", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...pem-directory-hash-ACCVRAIZ1.pem-e89e0020249dd0a9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...USERTrust-RSA-Certification-Authority.pem-ea3e1340c08ef25b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...UCA-Extended-Validation-Root.pem-ebbd0474709b5396", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...pem-directory-hash-SecureTrust-CA.pem-edfdbd6d1f4c0ab6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...QuoVadis-Root-CA-2-G3.pem-ee0231f8dab414d5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...pem-directory-hash-Certigna.pem-ee1f4013048d2e22", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-usr-bin-ca-legacy-ef27b9cf22a1df17", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Hongkong-Post-Root-CA-3.pem-efa0302dda182d8b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-emSign-Root-CA---C1.pem-f0e1ebbf7474881e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...directory-hash-TWCA-Global-Root-CA.pem-f534115f859e6e48", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...DigiCert-Assured-ID-Root-G2.pem-f53cc7a5ec5dce3e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...DigiCert-Assured-ID-Root-G3.pem-f54bda09b2c311df", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...Starfield-Services-Root-Certificate-Authority---G2.pem-f64ff4bd865c88b8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...T-TeleSec-GlobalRoot-Class-2.pem-fa50ef55337074f9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-...e-Szigno-Root-CA-2017.pem-fe69c5fb98d90ec5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...rpm-platform-ppc64iseries-linux-macros-00af1ed07291d251", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-aarch64-linux-macros-01af87c9c3234fd9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...rpm-platform-alphapca56-linux-macros-04748987cd664b77", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-rpm.daily-06f279013c2ddb0d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-platform-ppc-linux-macros-07c5e413293f46fb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-armv7hnl-linux-macros-0948aa0248ac39c0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-platform-i686-linux-macros-0cdf4ec6c911c167", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-x86-64-linux-macros-0d7c62d8d6903a19", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...rpm-platform-ppc64pseries-linux-macros-11b67fdacd5bd84b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-riscv64-linux-macros-123eb4726fd7bb4f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-geode-linux-macros-19f0134bc73caf69", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-platform-i386-linux-macros-1c6f39b2f2e1a424", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...rpm-platform-alphaev67-linux-macros-22f163cb88120aae", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-platform-mips-linux-macros-24395998c3835017", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-bin-rpm2cpio-28a09a6d00e432e5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-rpm-queryformat-29f580ed6ad02546", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-rpm-misc.8.gz-34bd4326f0fa931f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-rpm-macros-35b8382e49af6760", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-.rpm.lock-3647d85aef6052d4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-alphaev6-linux-macros-3e134d92deb588cf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-wal-42347261e3296811", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-ppc32dy4-linux-macros-42c3a29c5226055c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-armv6hl-linux-macros-48ede018fe652204", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...rpm-platform-alphaev56-linux-macros-4ce658f7dd104e72", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-ppc8260-linux-macros-4d3fbd7f2e338bf8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-bin-rpmkeys-5060c67d3dd6ce6e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-rpm-spec-55e972a9bd3adf7d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-macros-58a9573d6a5680b7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-platform-sh4-linux-macros-60cda47c3612fb98", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-rpm-dependencies-618be8f32a42d98b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-pentium3-linux-macros-619f55068291b7e3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-tgpg-65b422093ea150ab", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-rpmdb-dump-6d23106926cedc71", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-armv6l-linux-macros-6eb3a51250acad08", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-rpm-buildroot-70e0901d857c8852", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-sparcv9-linux-macros-71149ce0d4fa13e8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-sparc64-linux-macros-71a974a45dfc01c1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-mipsr6el-linux-macros-72c27738e94dc409", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...rpm-platform-ppciseries-linux-macros-72c84a7592207973", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-athlon-linux-macros-777fc75ff71407e0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-rpm-format-77d382b59680ea33", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-mips64el-linux-macros-7867fc44f8e31937", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-rpm-COPYING-78dfd94ad0b5da76", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-alphaev5-linux-macros-7a845028b5bae0d1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-armv5tel-linux-macros-7b0dc52e202d93a3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-rpm-CREDITS-7e9fece2ad52f597", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-rpm.supp-8044442fd16feb3e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-armv4b-linux-macros-835a22ca7f6e2af6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-rpm-conditionalbuilds-84af44f4271d45ac", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-armv7hl-linux-macros-8668e791af9c87d4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-noarch-linux-macros-8a7fa34a163d0e10", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-mips64-linux-macros-8b391ec87ce7b62d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-rpm-signatures-8ea6468decc16ca3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-rpmkeys.8.gz-97eb1dd3d3eee063", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...rpm-platform-armv5tejl-linux-macros-9a358b3dc9139fab", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-mips64r6-linux-macros-9bac7949c43d359d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-rpm-relocatable-9c61ea48cb83168a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-shm-9e643efa3244df62", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-platform-s390-linux-macros-9e87c4f4f5dd7f9d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-rpm2archive.8.gz-a0780dbff54c9fb1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-armv8l-linux-macros-a191e74827a4d174", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-sparcv8-linux-macros-a22a3cb85a3df386", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...systemd-system-rpmdb-rebuild.service-a4781691b8b11ddb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-s390x-linux-macros-a49c7cc8554394e4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...rpm-platform-mips64r6el-linux-macros-a7befdb346e36827", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-rpm2cpio.8.gz-aba75d947d4bd17c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-rpm-hregions-ad0dd43970cd551f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-rpmdb.8.gz-aff45e84ed41704c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-rpm.8.gz-b0fc8d476106d1c3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-platform-i486-linux-macros-b26a6304c1ef0500", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-platform-ia64-linux-macros-b2d20e1e334c8352", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-armv8hl-linux-macros-b3e0fcdc8aede938", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-mipsel-linux-macros-b76704d083cdc036", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-sparc-linux-macros-b9040db32c3f5e83", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-rpm-builddependencies-ba367ba1a6a17446", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-ppc64le-linux-macros-bcd59c395dbe89c5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-ppc64-linux-macros-bd62974511ef530e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-pentium4-linux-macros-bed470dfb0bbe7a6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-bin-rpm2archive-c0694eb564b439d2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-rpm-tsort-c15c94c1738fbcb5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-armv3l-linux-macros-c5b4b4c9ca497091", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-armv7l-linux-macros-c6ff9f920ab2b11a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-rpm-multiplebuilds-c72cc34a7734b8ad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-rpmrc-c8315aa5258a6107", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-ia32e-linux-macros-c8721f07ccd27587", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-platform-sh-linux-macros-c9c46e2fd50b9998", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-bin-rpmdb-ca069608975818cd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-mipsr6-linux-macros-cc0097a1fbc291ca", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-rpm.log-cc798dcb38eba1a3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-rpmpopt-4.16.1.3-ce9dbdde35edfecd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-rpmdb-load-d0ceb81547867a2e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-ppc8560-linux-macros-d1aa45670f4ecf3f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-rpm2cpio.sh-d2e455bcbb756676", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-platform-sh4a-linux-macros-d31e7007a922c92f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-platform-i586-linux-macros-d56bf495cf13bf7f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-sparcv9v-linux-macros-dc644502f7b052c1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-sparc64v-linux-macros-e0f6dc1403a7fc83", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-amd64-linux-macros-e53bc700ab48c604", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-armv5tl-linux-macros-e6b76fb248e9f89d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-platform-sh3-linux-macros-e7e92d3264e62f48", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-rpm-plugins.8.gz-ea9a00cfc2cc63bf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-ppc64p7-linux-macros-f003e31ecf7ad578", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-platform-m68k-linux-macros-f0b4bee997df3a24", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-alpha-linux-macros-f4d41badd69d9d18", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-bin-rpm-f8dfa8c598243359", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...lib-rpm-platform-armv4l-linux-macros-f93d74998c6599d7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-rpm-triggers-fd26c3eb3403b2b5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-...rpm-platform-ppcpseries-linux-macros-fe23acc7f29f87b0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsmartcols-7069d90382d7c593", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libsmartcols.so.1.1.0-10fc03496e85dae5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsmartcols-7069d90382d7c593", + "relatedSpdxElement": "SPDXRef-File-...libsmartcols-COPYING.LGPL-2.1-or-later-1bc7f120ce61e78d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsmartcols-7069d90382d7c593", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-libsmartcols-COPYING-3c0ea2891a5411af", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxcrypt-726407ce9205c669", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libxcrypt-AUTHORS-0b17479f01b63ffd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxcrypt-726407ce9205c669", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-libxcrypt-COPYING.LIB-1f2e76756034330a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxcrypt-726407ce9205c669", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libxcrypt-LICENSING-64898a35c1ce7274", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxcrypt-726407ce9205c669", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libcrypt.so.2.0.0-c1d8fac200470efc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxcrypt-726407ce9205c669", + "relatedSpdxElement": "SPDXRef-File-...lib64-fipscheck-libcrypt.so.2.0.0.hmac-e6f45669dd679452", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-...rpm-gpg-RPM-GPG-KEY-PQC-redhat-release-02b145a905282982", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-...system-preset-90-default.preset-093ca300cfa0cb3e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-etc-redhat-release-17eac59ecc5bec3f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-...pki-rpm-gpg-RPM-GPG-KEY-redhat-beta-1bdf5fe48c4bd4d0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-etc-pki-product-default-479.pem-2460ffdfcb2fe6c9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-redhat-release-GPL-2d96fcb60e6d6812", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-usr-lib-os-release-39590e9e4490af42", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-...dnf-protected.d-redhat-release.conf-3aa1742f2e3585c3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-etc-issue.net-402ed8348f10e3ff", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-...com.redhat.RHEL-9.7-x86-64.swidtag-436b1621020334c0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-...85-display-manager.preset-5fc131a7cd3b5997", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-etc-system-release-cpe-62536104a97be853", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-...user-preset-99-default-disable.preset-71df7a257a3f5f8b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-...user-preset-90-default-user.preset-74da127c15a13fa0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-usr-lib-rpm-macros.d-macros.dist-99c1b98e096be416", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-...pki-rpm-gpg-RPM-GPG-KEY-redhat-release-a6efd6855e2f7c11", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-...99-default-disable.preset-aab8806f5eb00d9d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-...CA-redhat.com-redhatcodesignca.cert-ba08977cca6b4d95", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-...pki-rpm-gpg-ISV-Container-signing-key-cc275f3ce8421483", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-etc-issue-e797ce9f0d1cdb1c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-...doc-redhat-release-GPL-source-offer-ecc1c4f163b4ad49", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-...com.redhat.RHEL-9-x86-64.swidtag-f1544ef0e6f4315a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-usr-lib-sysctl.d-50-redhat.conf-ff6a3189201331ec", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-pcre2-syntax-79b3a388130aa9b9", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-pcre2-syntax-COPYING-058a5272ca28051a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-pcre2-syntax-79b3a388130aa9b9", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-pcre2-syntax-LICENCE-95b49113891e48c8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsolv-79ba35edcc44da5f", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libsolv-LICENSE.BSD-49c83cbafb892a3c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsolv-79ba35edcc44da5f", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libsolv.so.1-c1271ae5fbf0e0c3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsolv-79ba35edcc44da5f", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libsolvext.so.1-c47cc5d32f44cc87", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-libxml2-NEWS-26101b2a73c22813", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-libxml2-TODO-518d26076223bf16", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-libxml2-README.md-5600ce50a10eb4d4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relatedSpdxElement": "SPDXRef-File-usr-bin-xmllint-5673356a70c66fd3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libxml2.so.2.9.13-9548eb24c8261a07", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libxml2-Copyright-a568d61394aed97b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-xmllint.1.gz-d63ae4c3c914d90e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relatedSpdxElement": "SPDXRef-File-usr-bin-xmlcatalog-dda0ae07e7341f9a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-xmlcatalog.1.gz-e57ad82a664df51c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man3-libxml.3.gz-f3ff4aa1233cced7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-librpmio.so.9.1.3-5d732d586d21e1a2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-librpm.so.9.1.3-b7a5e9efcb9b8596", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-popt-81dc18ef79d2b2cb", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpopt.so.0.0.1-5563d371a9f13ec7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-popt-81dc18ef79d2b2cb", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-popt-COPYING-f36b0135a6b24d42", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-readline-86bb1c48d046cf90", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libhistory.so.8.1-315872dd93390c03", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-readline-86bb1c48d046cf90", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-readline-USAGE-5a61db40e1e1ecca", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-readline-86bb1c48d046cf90", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-readline-COPYING-877484d5d72064a0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-readline-86bb1c48d046cf90", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libreadline.so.8.1-cf56343ce42be2bf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-sqlite-libs-87ad778255840d3f", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libsqlite3.so.0.8.6-9e76aa220f9aaf91", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-sqlite-libs-87ad778255840d3f", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-sqlite-libs-README.md-d50f1628fdf00808", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libzstd-88eb82cde1f0760c", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libzstd-COPYING-4ddb6a5846d7bb35", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libzstd-88eb82cde1f0760c", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libzstd-LICENSE-69c16800ed95c329", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libzstd-88eb82cde1f0760c", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libzstd.so.1.5.5-cd4bf5eeea9572a1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-whoami-0165175e69387e89", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-tac-045839e332bd074b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-dir-056f2a85423da82f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-tsort-06cf40470ae4ac57", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-sha1sum-06db0d5547f53281", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-unexpand-071dc954e7781a30", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-printf-078a87259774791f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-basename-08d5dce244fc18f7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-chown-0c56734d7fa5e5cc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-du-0d4ca6c562d852f9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin---0f394e0e6d66cadc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-true-10e9321605ed3b26", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-chroot-111b65a59d05de01", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-tee-1636a85d52c489d5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-users-18bdae839efdebc0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-cp-18d4b98cd33be63a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-timeout-1be594e56e910cf5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-join-1d7f2b7ddde30ecf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-realpath-1f88fb5719c35c4f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-truncate-25202def2b28cd94", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-pr-25c8cb45e6ef8bc8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-readlink-265ca13d36eb9a9f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-tr-26fb773c19e548c0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-sync-27557935309fffaf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-tail-2957aae07091a3ba", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-link-2c9b2ae407d86fc3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-sha512sum-2e22b86fe576d2fc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-sha384sum-2f7824beeae17415", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-id-33fcc6393c0ff3b9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-dircolors-3808baf814d3a75c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-base32-3a804ac96191b8e8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-fmt-3e0a0208162355ef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-test-40060b01d4e80f69", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-pwd-4356d92199f25d2e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-expr-461b28a03c440a0d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-uniq-492ba4e8343fe476", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-yes-52eab4688d6b3751", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-env-544b26d2152532b2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-seq-5c1ca5b1d84a25fe", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-ls-6028286556616715", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-shuf-6551339451ed4e59", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-cat-668fe15830d11a98", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-date-6818434c95393f5e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-head-6a36f3048b5f9e23", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-cksum-6f704900967b5d77", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-printenv-71b77256524029a4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-sort-73eba117e1b20f85", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-df-744b5a4693813695", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-coreutils-754a39ec4d130e17", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-od-7728a96ffaeb0a44", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-shred-78c64b29850751ed", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-ln-7997369f78b8711f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-touch-7be78d5770955fa8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-factor-8174a59113d54fa2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-sha256sum-82c2f6b68752383b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-...licenses-coreutils-single-COPYING-83a5e806ca6828ee", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-chmod-88a6c97c9d25b4c6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-nohup-88c5c7b7b7f31d92", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-mkfifo-88f4bc5e0bfe84ef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-nl-8ca713d9ce28c6c8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-install-8da665206da2605c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-split-8e0bbaa4e4ba02c6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-pinky-8e68499e4c58f652", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-sleep-9020f49b86409025", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-nproc-941b8b9c01250526", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-unlink-9558b322aefc819c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-groups-9d343b0c0a3dc26b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-csplit-9e37c41b16242727", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-stty-9e82d0c55444d9af", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-basenc-9f1055e6d4762493", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-vdir-9f99ca58212d2c01", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-sum-9fd078013bce73a3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-uname-a19b4b04eca0119a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-chcon-a58763c7570727c9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-tty-a7684040d49bc8e4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-mknod-a8f59c988de64619", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-stat-aa95fe9a066fd0be", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-comm-ab85920cb956969e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-who-aca89e9d60961302", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-mv-b315a3fe6e89f6af", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-rm-b8f0751fbb447dc8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-numfmt-b9c731f240f51940", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-hostid-b9ef157d7a552dc5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-pathchk-bc17b45a7346d4d6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-sha224sum-bc40c98387d40c0b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-echo-bea301c1054368b7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-logname-c08b9f0c72a8631c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-arch-c15a9f36bca77f3f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-b2sum-c5e667d66df5bd48", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-runcon-cb618c4b8c037138", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-fold-ceacea456c269068", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-dirname-d3dfe363c4518619", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-nice-d467c883214fdfaf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-paste-d9e693836ef87035", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-chgrp-dd8cd37050122d84", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-ptx-dea9371d2e47745d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-md5sum-df0d483d6d8698cc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-false-dfad1fe2d91edeb0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-mkdir-e3c4434cb39b0d8d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-libexec-coreutils-libstdbuf.so-e3d3859fc36afde9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-dd-e9bd0e2c33303c2f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-rmdir-ead172520b1e7e9b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-stdbuf-f411654f922fadee", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-mktemp-f922a4af4b958b54", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-wc-f99398e3fee4fde9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-base64-fcb63864518bbdb3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-expand-fe9db330a6ced29d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-usr-bin-cut-ff21bbd88cf7b191", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libnghttp2-8f40faa2a3bf3018", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libnghttp2-COPYING-1848dc41d7411a55", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libnghttp2-8f40faa2a3bf3018", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libnghttp2.so.14.20.1-a2d7e7570645fbd9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libtool-ltdl-923f2a036f9ecf65", + "relatedSpdxElement": "SPDXRef-File-...licenses-libtool-ltdl-COPYING.LIB-02b5faaa0d20cf40", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libtool-ltdl-923f2a036f9ecf65", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libltdl.so.7.3.1-0d3040dbb5de38e4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-microdnf-9564ca1ffe7fce37", + "relatedSpdxElement": "SPDXRef-File-usr-bin-microdnf-047e6b67f6510fd7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-microdnf-9564ca1ffe7fce37", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-microdnf-COPYING-282764f7cd534318", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-mpfr-9606bf2c1d407bed", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-mpfr-COPYING.LESSER-3159c5c8e6dbee23", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-mpfr-9606bf2c1d407bed", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-mpfr-COPYING-929c01b4e14e02b9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-mpfr-9606bf2c1d407bed", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libmpfr.so.6.1.0-c430935fd8f2dc21", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-ossl-modules-legacy.so-074d9b8ca153069f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-engines-3-capi.so-112e864d5ac992aa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-File-etc-pki-tls-ct-log-list.cnf-21294e0d0b121cda", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-engines-3-loader-attic.so-27b4483b3942a858", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libssl.so.3.5.1-600acfaadf45a128", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-File-...licenses-openssl-libs-LICENSE.txt-8e5de5fe02f24a18", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-File-etc-pki-tls-openssl.cnf-a07cb8e47e12414f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libcrypto.so.3.5.1-c1f88b3854213579", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-engines-3-afalg.so-c302ae351fd4cf79", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-engines-3-padlock.so-d32171e48673fb5e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-File-...DEFAULT-openssl-fips.txt-da22838b523ebb31", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libmenu.so.6.2-180fe3cdf9d49788", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libtinfo.so.6.2-2187328ae913998e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libmenuw.so.6.2-21e1efe3fc994cb7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpanel.so.6.2-2669fc1c6862e336", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpanelw.so.6.2-61853170048c8d39", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libformw.so.6.2-620ece52533dccad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libtic.so.6.2-7f4d4f7aa9afb6fb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libform.so.6.2-92877ee769577e05", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libncursesw.so.6.2-a49ecb62b0ebac88", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libncurses.so.6.2-abab580ee1866cde", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-ctime.awk-03ded06f5978a219", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-zerofile.awk-0459a6aa08d9b230", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gawk-06978697a3279859", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-noassign.awk-0a88a27a0a532250", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-inplace.awk-21f69a66a8e1f30d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gawk-readfile.so-23d013f0de6bb227", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gawk-inplace.so-2a9ba5e47a1caf49", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-gettime.awk-3ce5c71bd91a6fb8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-cliff-rand.awk-3f9e7beb12691dc7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-assert.awk-43f5c8e2c050e9b4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-round.awk-4faae474a1995428", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-have-mpfr.awk-504ece9f854051a7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-join.awk-57a23fddeb51a231", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-passwd.awk-604ed35d2e3c3905", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gawk-fnmatch.so-6459258497686318", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gawk-revoutput.so-64d9d5371892c01a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-etc-profile.d-gawk.csh-75de514af4a6a058", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gawk-fork.so-7b5244660b3ff49f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gawk-filefuncs.so-86a9e363787cae70", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-readfile.awk-89e5a19c73e3c007", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-ftrans.awk-9177f91992e80c85", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-gawk-LICENSE.GPLv2-9a3472e293b9bde1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gawk-rwarray.so-9b4fdfd089bd0f72", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gawk-revtwoway.so-9eebb7943e5997ad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-rewind.awk-a586091b446e0346", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-bits2str.awk-a7ff93fae1c38258", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-walkarray.awk-af1939bedac4fc42", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-ns-passwd.awk-af584ef6a682393d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-readable.awk-c57d87b0b5a2fdf1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-libintl.awk-c5d5d77dbb5b491d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-libexec-awk-pwcat-c668344a0bca4102", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-etc-profile.d-gawk.sh-c7221a3ee9652521", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-gawk-LICENSE.BSD-c9e4b809beaa97bd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-intdiv0.awk-cad2d692d922a012", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-gawk-COPYING-cc34ed57e626e93f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gawk-ordchr.so-d548c3c0c2e1c5f3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gawk-time.so-d64f3b4ac3fb03ad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-processarray.awk-db8886a0050e15b4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-getopt.awk-e01b45f2896e2b8f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gawk-intdiv.so-e1955cc8bd7d7354", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-ord.awk-e2d294e2988586b1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-libexec-awk-grcat-e7b09fa086b60c5a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gawk-readdir.so-e91e2e6213b87b0b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-gawk-LICENSE.LGPLv2-eb8d2881557e6d12", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-quicksort.awk-eeb961a2a9d5084b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-group.awk-f68d462d6f0dec41", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-strtonum.awk-ff0ea36e439da173", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-usr-share-awk-shellquote.awk-ffd67d68e23c19c8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dnf-data-9fcab3ada3c25f5e", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-dnf.conf.5.gz-0df328b7f8c16083", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dnf-data-9fcab3ada3c25f5e", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-dnf-COPYING-5cc4a51ee7c8655e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dnf-data-9fcab3ada3c25f5e", + "relatedSpdxElement": "SPDXRef-File-...libreport-events.d-collect-dnf.conf-69a1f8b190180ac2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dnf-data-9fcab3ada3c25f5e", + "relatedSpdxElement": "SPDXRef-File-etc-logrotate.d-dnf-8c585fd49a1add6b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dnf-data-9fcab3ada3c25f5e", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-dnf-PACKAGE-LICENSING-dc88753ee1f91b36", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dnf-data-9fcab3ada3c25f5e", + "relatedSpdxElement": "SPDXRef-File-etc-dnf-protected.d-dnf.conf-df0de9d0d9d031e1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dnf-data-9fcab3ada3c25f5e", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-dnf-README.rst-e45b53ec2f0ac0a0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dnf-data-9fcab3ada3c25f5e", + "relatedSpdxElement": "SPDXRef-File-etc-dnf-dnf.conf-e715eea96e3656d1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dnf-data-9fcab3ada3c25f5e", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-dnf-AUTHORS-f2a10369c567f48e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dnf-data-9fcab3ada3c25f5e", + "relatedSpdxElement": "SPDXRef-File-usr-lib-tmpfiles.d-dnf.conf-f3601cef86b4f2cd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Volgograd-0011d80650bd57b7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Belfast-006b1ef26c19fa86", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Pacific-Midway-009ece66b505db9a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-America-Indiana-Petersburg-00a4fc892c991cfb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Punta-Arenas-013750e15c50f33e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Atlantic-Bermuda-01626c7aa79391d6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Antarctica-Troll-016d8025fd9f110b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Taipei-01757da876968567", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Ojinaga-01ce09736956ec2d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Hovd-020b84622fb900db", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Davis-0212eb2afb4e13a0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Kirov-023abd2d44bed68c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Palmer-0277a7b6c13e0e18", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-Argentina-Buenos-Aires-028dadd23d403b43", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Tehran-02ad88301776db65", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Dili-0373ef1d181d86a6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Montevideo-043695b356310635", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Guyana-043fb5366c6c3f62", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Yakutsk-0486da6e1e56e929", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Istanbul-0488de992cd66915", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-4-049b90f71d2fe7e8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Minsk-05042171f6eec703", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-North-Dakota-Beulah-050892a3c53da237", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Aqtau-05134288540b9a17", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Africa-Ceuta-0515ffe984f626d8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Dawson-0554a04109a113fa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Fakaofo-057a5f6ec928791d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Santarem-0654d6e280f96ad4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Factory-066e06135920a3fe", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-tzdata-theory.html-0687579881861600", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Santo-Domingo-06c8dae4fcda6094", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Australia-Adelaide-07a3a3a51a8e3f6c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Porto-Velho-07d76771e560a228", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Taipei-07dd2930e1b6b74f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Antarctica-Syowa-07ed7d3b280f15db", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-2-085b8e3d17b13241", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Bogota-08c0d75a4724966d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Chita-0939219069390b95", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Indiana-Knox-097d210877f6bbc8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-Indiana-Vincennes-09ccf06d5abdc234", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Volgograd-09d951f943e65978", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Istanbul-0a387cdfe63b745c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Pacific-Tahiti-0a7fb6e5bfc5fc19", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-America-Lima-0aab09bf1271c5bd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-8-0ab86e68732c77f6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-America-Bahia-0ade089dd60c5f85", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-10-0b6064d0ab67205f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Helsinki-0ba296fdbd0793ad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-9-0bf6c8d5e79525f9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Africa-Algiers-0caf887c9a2180c1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Novosibirsk-0d8efe1900de9bc8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Asia-Srednekolymsk-0d9243f8d38fed47", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Araguaina-0d9f97c062a39e17", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Atlantic-Faeroe-0e1e1c595cca2f74", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-2-0e3d7fa5ccaa00b8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Baghdad-0e4d5e3dea1ba873", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Goose-Bay-0e64f6f90d9e0545", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Jamaica-0ee4e00c20eb77b0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Santarem-0fb73c464008585a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Kiev-108c1e7b2a68808d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Creston-10db08e203dc8002", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Pacific-Funafuti-10ecd7443a2e0f8d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-3-1118f4bdea71fa15", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Baghdad-11347187883af73d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Factory-1146b88da7a69dde", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Beirut-1184d1f54fa15648", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Bishkek-11b695663ecd0f36", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-11-1246b723e35244d7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Antarctica-Casey-124763e4f24095a1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Australia-Adelaide-124bba0ca3ded7a4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Port-au-Prince-12a05d87e75dab27", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Africa-Bangui-12ae5e9461e3b5ae", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Antarctica-Vostok-12d1add738110cee", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Rothera-13197f3fca74319d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Thimbu-13240979e9b0a02b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Pontianak-132a3666861a86da", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Australia-Eucla-14653b642de8a981", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Vilnius-14a8522223084a28", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Australia-Melbourne-1514165139b117f0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Managua-155deab0d1b75139", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...America-Argentina-Buenos-Aires-15aec7429804cc49", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-12-15cafed9eea83afd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Guyana-15e0b2f49afa5fb8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Martinique-16588574ba987865", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Swift-Current-169a1f9cb1911cff", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-3-178617aa61acb30a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Tashkent-179ea1c3ef1bc59c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-Indiana-Petersburg-179ff93f13c1cfb2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Pacific-Fakaofo-17c26a924f613a8f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Barnaul-17d210f51ceceff4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Maceio-17da2ac5fdcc25a6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Galapagos-17dfdf30d4d5c5f2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Kosrae-17f16514685ef7f0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Australia-Eucla-180c377ec849fba4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Thule-181ac7465d94e356", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Moncton-185090340733aeea", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Manila-18a968f29e5740c6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Tirane-18b452a763fa2e4f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Pacific-Guadalcanal-18dea002d13130a1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Rome-194c99d5c6dfd860", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Aqtobe-1977e82ca78998ff", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Los-Angeles-1a08dc105bfa3288", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Atlantic-Azores-1a84896fd2eb9d3e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Sao-Tome-1ac51dcf88d495c2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Monaco-1ac852847005acbb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Pyongyang-1b00c1885d3691e0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Bucharest-1b1888dd3d110bb1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Novokuznetsk-1b6367971456eec2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Ust-Nera-1bfda69ae0d15947", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Tashkent-1c1c8c076ee8a8fd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Kuala-Lumpur-1c5427fce54bfbeb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-10-1d82694b1ecba6e9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Atlantic-Azores-1da72657d491b1fe", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Africa-Juba-1da9452bc193c348", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Novosibirsk-1dad11ed20ccd12e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Vancouver-1dafda874efa42e4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Africa-Abidjan-1e12e2b7baffc502", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Kashgar-1e4ac086c3c7f220", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Africa-Bissau-1ea40f38c3af340f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Bucharest-1ecc2805c23bda81", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Miquelon-1ee20c6134fae95f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Macao-1f5e8f8731296243", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Grand-Turk-1f9eb38b4f39d50b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Sofia-201518c5bc694622", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Inuvik-20811c14c8ff84dd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Ashgabat-20897921da67aa61", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Atlantic-Bermuda-20b7ddeebb4a8e6b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Brunei-20d6cf74fbe318d1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Atikokan-2112b844bdb7263e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-7-2116c5a9302e3f0a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Monaco-211f559c0f4bbf4a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Kathmandu-2137faa0e906ad55", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Midway-21aebeff396d90d6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-7-21e63581b7b02e9f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Sitka-2214a1edfbca4d81", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Australia-Darwin-2262e80d8459d76e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-9-226ab5fdc7401d2f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Manila-2311536ec353a770", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Dacca-238cecb2a77ae8a6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Cayenne-2390dfa51e4ff768", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Kirov-23c601af39604c0a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Sao-Paulo-23e1dd3ee39e9c2e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Moncton-2419686c77b5d0d7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Ceuta-24d0eefe07c685d5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Antarctica-McMurdo-24faa7550e718ffd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Halifax-259405cab0d1a560", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Fortaleza-25a4abe4eaf7d07e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-La-Paz-26a99c7d4a95e43a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Pitcairn-26f1e9f423da2438", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Krasnoyarsk-26f75c5ac6f16539", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Barbados-27b60de34eee0b61", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Seoul-27b7ebcc965ed969", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Kwajalein-27e20379fcc146d1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Edmonton-27e84291ee71ad39", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Africa-El-Aaiun-27f5c384e6257312", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Godthab-2835b9af3f19e1d2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Pacific-Niue-287406beb3a9c308", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Africa-Addis-Ababa-28a58a71753afd9d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-14-28b506d95f98eff8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Fortaleza-29bc63839999e78e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Recife-29d9570982072ae4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-5-29e48de2cfb8b31b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Chicago-2a187ef845ab494a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Chongqing-2a7a7d29536a09d1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Tokyo-2af6995ed37d66e2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Saratov-2b2e27e3c71746d4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Rainy-River-2b395eebcb4a67ff", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Chile-EasterIsland-2b4e7cf7323c8867", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Pontianak-2b506f7f2e1c9f60", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Tahiti-2ba0227f0817622e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Kashgar-2ba37f18f5bf7884", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Pacific-Efate-2cf98fe7a8654079", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Tbilisi-2d4abebbc2b2bf97", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Vancouver-2da65ec945716182", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Denver-2e3d233ce4bf3668", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-zone1970.tab-2e80788a46bd1d3a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Vilnius-2eac927b46cddaa0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...America-North-Dakota-New-Salem-2eb23f6b7c6b479e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Ulyanovsk-2eb274251cae73a6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Marquesas-2ee3a5a33392d02c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Antarctica-Mawson-2f0f0490c9bb437a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Kabul-2f19b94e364a70a5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-Antarctica-DumontDUrville-2f2ed61fb4309f30", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Ojinaga-2f7d8e71fee1aaef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Moscow-2fcff6eb734c19f3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-8-307bb7c30af3573a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Australia-Brisbane-3090009812f92579", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Martinique-3110956f3338d30e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-America-Kentucky-Monticello-312cc6f73b42ebc3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Abidjan-318d6eab1c4b4756", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Los-Angeles-31b6aed83a59a4d7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Bissau-322000192658f13d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Vancouver-322f6ad2ea49ba49", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-UCT-3289702b1d71d398", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Baghdad-32fa3bb6af7e7c21", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-Indiana-Tell-City-3347c3874ec8f3f8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Fort-Wayne-337818befc3ad70c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Eire-33a9f4a242c7ac02", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Famagusta-33b6e90ad7e50c5c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Australia-ACT-340e43cc61beadc0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Atlantic-Bermuda-340f6ac7059eaca6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Belize-35312210bdc0464f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Monterrey-3589032a6e7d507f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Antarctica-Davis-35cd04a7b1fcde3f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Krasnoyarsk-35ec5541946df3cd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Nicosia-366e61f85b8f86e1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Chile-EasterIsland-3698970716458c61", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-1-36c654c8c660a279", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Hong-Kong-371522ecf1be2592", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Novokuznetsk-371e66a63ad5cb5d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Kiev-373ae748a8cbcd46", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Simferopol-37dbd70f590af32f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Kaliningrad-38303342a053167e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Indiana-Winamac-385ad24ba0f04bad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Sofia-385f39c9f2fe1333", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Australia-Currie-38955202e36be11d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-Indiana-Tell-City-38c3fabbad78e2b0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-5-38c93329f777744a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-America-Argentina-Ushuaia-38d0fbbdf89964cf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Regina-394f853a78e79d09", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Porto-Acre-395ebb726ab52116", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Pyongyang-398efbbacb77ff35", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Matamoros-3994723bfb139261", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Australia-Lindeman-39a1cf12e24e2f4f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Simferopol-39ac364a9c3507b7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-North-Dakota-Center-3a22b177ad565097", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Merida-3ad1c8c3c0c61955", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Atlantic-South-Georgia-3b0bede735021781", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Scoresbysund-3b1a0b290e22f7ce", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Indiana-Winamac-3b2083b83dd7a371", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-America-Bahia-3b945d58d746a6b6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Belem-3bc3cdb4c0d18237", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Amman-3c1113be1893fc56", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Magadan-3c1f0c7b44068f06", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Atlantic-Madeira-3c62995ac83b64e2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Porto-Velho-3c8284764dc0f389", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Australia-Eucla-3cb1bec0eab9a923", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Boa-Vista-3d034132e6079387", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Ust-Nera-3d4aa454e7520182", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Eire-3d800320aae0d855", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Africa-Monrovia-3dc2ade608bb09da", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Karachi-3dca7d224d87d7d8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Khandyga-3dd26d3784448dae", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Oral-3df03911c231f0a6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Dili-3e09cd0ce754bdbf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Glace-Bay-3e1cf308907ffd0d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-9-3e587927663bf2d2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Antarctica-Macquarie-3e7aad594196cf97", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Jayapura-3ebb04112fa6864c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Gibraltar-3ed169a32febde4c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Kathmandu-3eda3ebfd73285c0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Nome-3ee9e9bc94152cab", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Africa-Windhoek-3efdc5b032bda724", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-5-3f71bb83b42bf7fe", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Irkutsk-3ff198d678ddcf52", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-tzdata-LICENSE-4000effc7cb0f74d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Almaty-4007c15f993f184f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-America-Thule-4014146544af9f8f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-El-Salvador-4032531ee2615597", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Karachi-403b6dd2aea67f45", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Caracas-404e0f2c906fcf3e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Africa-Bissau-4054b00b1ba2fbcf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Khandyga-40bd8c2c972b948c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Bahrain-41310208a3651bff", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Indian-Mauritius-4156ca814b032d3f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Moncton-418571b0a4cdaf67", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-Australia-Broken-Hill-4195cb7a999e6f5f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Jakarta-41a5726c799af744", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Atlantic-Stanley-41c24463c1caeb9c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Tehran-41cde13c4321af41", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Calcutta-41e55d95d3e71834", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Galapagos-4205f8b4e25f7938", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Tegucigalpa-4293d64c3fcafdb2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-6-4312a77b0dee8bd3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Bishkek-43b40b3dc6d5af7f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Eirunepe-43c2072ca7c33906", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Maceio-43db8d93cbb13f3c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-America-Argentina-Tucuman-43dbbaa7ed552857", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Africa-Casablanca-43ecffc436a18913", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Pacific-Guam-44028b6bb5dd7fc0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Santo-Domingo-451a2d4d79e5ff2f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Vladivostok-4599e19ac72591d0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Antarctica-Troll-45d19be0cbb7d625", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Ust-Nera-45e7be0fc4d7ce7b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Vladivostok-462943816575345e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Chisinau-463fd1185acb3ea7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Pacific-Nauru-46d8ffd21be5a635", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Antarctica-Rothera-47389c1f2788315a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-3-4773fa53cdd52e44", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Australia-ACT-47b76754d929de5f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Pacific-Apia-47d47bfe9daa28df", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Jamaica-47eaba1f98f04820", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-UCT-4834666be23b0336", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Kwajalein-48f50aeeac70e98a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-North-Dakota-New-Salem-48f69c3bd2c4dfe3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Saratov-48f8c2a987661df7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Cayenne-491311a52b2465d3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-Argentina-San-Juan-4983ebde4b36d4bd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Argentina-Jujuy-4a3eda6da3ff252c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-Argentina-Rio-Gallegos-4a547b957bb16238", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-13-4ae492f507985141", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Australia-Perth-4af1abc60ed4b3ae", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Dawson-4b434e46d7216259", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-Indiana-Vincennes-4bb7d8e23c355cf0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Atlantic-South-Georgia-4bd39480910fe7cd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Aqtobe-4bf08701e5e976fd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Chisinau-4c04952207bfba6c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Rangoon-4c1da9027422da97", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Africa-Ceuta-4c4c00f75a1b2521", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Budapest-4c6b58c8cfeb69bb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Africa-Johannesburg-4cab43b7a6d64883", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-9-4cc17f4e31664845", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Antarctica-Casey-4cd086e938b5d439", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Dushanbe-4cf67b5bdef43c1e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Indiana-Marengo-4dde89b97050f0d3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-14-4df260a5a6d61b81", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-3-4e0485fa464e8a3a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Budapest-4e0f832ccffb5bf8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-America-Adak-4e1ca7b19d9ea1e5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Australia-Lindeman-4e8cc4fdeeac808a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Astrakhan-4ea56c2152db1aaf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-2-4eb3fe00ba14e9c4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Algiers-4f0e212bbcaed305", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Africa-Windhoek-4f17e9450cb616ff", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Atlantic-Cape-Verde-4f2072b67274b92c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Indian-Kerguelen-4f21c2134ca3699d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-11-4f362059c2bd5a60", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Anchorage-4f7ebf154c9dee62", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Sakhalin-4fdb123fe106361d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Detroit-503e22ea1ae00bff", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-HST-50f76fc25a911876", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Tirane-514cb52107ce34ed", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-8-51bd19b360dbd27e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Belgrade-51cdda05f997befc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Iqaluit-51e5cd74bb2ff2b6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-St-Johns-522bcaed0e9fdeef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Dushanbe-531fb4d3a25e9d01", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Chihuahua-532e2f858590f4ad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Araguaina-536a0170a2e837ec", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-13-5447e42cb615d2d3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Anchorage-545524b58c8b745e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Antarctica-Macquarie-54c6380fa829bb2d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Ho-Chi-Minh-54e7b7be1b3ae175", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-Indiana-Petersburg-551a77d088635f9b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Nauru-551b0b4dd1919168", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Fortaleza-55db14dcae4a215e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Johannesburg-566978418a8582b5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Karachi-56962c5b00032699", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Santiago-56f140668c930944", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Campo-Grande-57174e40dd79a7b8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-Kentucky-Monticello-57338feedf76dae2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Hovd-574ad9a4c8b3c8b5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Pitcairn-576fa0b745d60603", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-11-5786305fa98ec735", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Qyzylorda-57ebb2104f6050b6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Merida-5815083ad3d1b4cd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Noronha-5828e12a7f5886ad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-12-5871dfbf7874cae3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Whitehorse-5895d89acd4e3705", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Porto-Velho-593cb16b27097278", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Grand-Turk-598379db727de0c1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-America-Nome-59b4af6842b248c3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-8-59bc2fa9b50cd094", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Australia-Adelaide-59e5eb2178088d7e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Antarctica-McMurdo-59f00c4a6afaeca3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Atlantic-Stanley-5a07402af5bd1e09", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Australia-Melbourne-5a5b31c6ed441c58", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Dawson-Creek-5abb4c317c67493e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Jakarta-5afcb57400b1d273", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Pacific-Noumea-5b3923f8e2b41631", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Calcutta-5b7463d3a87f99ef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-Antarctica-DumontDUrville-5bbdcf82423f512e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Kashgar-5c026a85d6a1887f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Belfast-5c421e73c56aad12", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Belgrade-5c6bfcdbc4578b60", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Efate-5cddee3c98d816cc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Thimbu-5d03d5cceb52edcb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Kamchatka-5d2df31116d2dd9b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-13-5d4a7c3f72373cd3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Guam-5d624fa9a429b1e6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Anguilla-5d7943c7e30119bb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Kathmandu-5de4946ca871786c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Rarotonga-5e58792604a2de92", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Antarctica-McMurdo-5e7841414f3ab611", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-Argentina-San-Luis-5ea9fa5ae87e7aed", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Africa-Algiers-5eaa64d615bfbbf6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-12-5eaeeecf47e10af1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Pacific-Pitcairn-5eb1e4f5972cf9c2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-EET-5ed840c9cb2b6f34", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Chongqing-5f259ebabd9e8726", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-El-Salvador-5f2e5395ca7b421f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Taipei-5f6f49aadfb5db41", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-Kentucky-Louisville-5fb2236f15b7246f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Recife-5fb70be249c632ec", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Tallinn-5fc0468959b8e2ca", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Tallinn-5fd92881aac7828d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Argentina-Salta-5fec325ab2367c56", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Australia-Broken-Hill-60abe0e813d2f612", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Montreal-6106ccc4337dac51", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Punta-Arenas-611985209674e281", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Australia-Brisbane-61870667349de61b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Juba-6191b262893eb64a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Asia-Yekaterinburg-61975e0fc245b5fd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Tehran-61c77f2293826510", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Godthab-62a35e2874bfe2d7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Chile-EasterIsland-62d6b89873f37a68", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Havana-634e2721b391cd86", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Anguilla-636826ee7c43e6fa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Samarkand-637c30cb07068c21", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Glace-Bay-6396e1bb85ca2420", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Africa-Tripoli-63f5243af314e0b5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Madrid-641ee0288cbb8df5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-America-Adak-644aa8c946738c20", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-12-645ebfede035aaea", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Los-Angeles-64947a93aceb9392", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Rangoon-64ec135af71c4d24", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Bogota-64fd9f51d9d2fe9a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Resolute-6506494742ab1f9e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Seoul-659a69b949b557bc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-El-Salvador-66332fc00e499578", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Pacific-Guadalcanal-6669f53a5e886496", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Tokyo-66ccf3fa33e02a87", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-America-Indiana-Tell-City-66e3e42e88e3467b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Australia-Melbourne-670e6465ecf7620e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Africa-Ndjamena-673d21dbd2158552", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-11-6741fb1bc0959778", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Africa-Tripoli-67626b40a8ea206b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Gibraltar-67a4fe6b7b5e0b6a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-North-Dakota-Center-67c098182522533e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Moscow-680b9e96e231e221", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Barbados-68dc887745847a95", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Istanbul-698282e99a14057e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Fakaofo-69d0293d392d7b80", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Punta-Arenas-6a3f7d2a8302e01a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Choibalsan-6a58270c4e19e86c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Indian-Chagos-6a7104b310debc0d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Belize-6b00277688781bab", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Qyzylorda-6b2728a383c7712f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Atyrau-6ba30209572ae26e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-10-6ba439dbb90f5c3f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-St-Johns-6bd19075def974a6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Bahia-Banderas-6c1e03e0ff4c5fc4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Guyana-6c7ce05349566d0b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Grand-Turk-6c7dffa3a28243d1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Ciudad-Juarez-6cad865e5e3d3d96", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Funafuti-6cec62463126b762", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Indian-Chagos-6d6688aea27fa8fa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-EET-6d7e70e2ecdac341", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-14-6d909f42127f418d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Yerevan-6da615580f542f67", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Caracas-6db85fd6485015b1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-Argentina-La-Rioja-6dc93bf4829cb8ce", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Antarctica-Syowa-6dd7c3f7988a57c3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Kamchatka-6df7fa08b1ea1e63", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Bahrain-6df9f4201e1bd0e4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Costa-Rica-6ef6737447295ce7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Dili-6ef9a3f0d37591ae", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Yerevan-6f27318e991b55ff", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Santiago-6f773f10edc48288", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-America-Belem-6fcc59ea1daed1c0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Bratislava-7052a3c37eb89373", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Africa-Casablanca-706b737aa97ab26b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Volgograd-7081a0e34a6b350e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Africa-Abidjan-708dd170b218f2c7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Atlantic-Canary-70ae1d36282a9c44", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Malta-70b83a93e0a21641", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Kabul-70bcd976ef21e4ce", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Riga-70dad2ef15073618", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Jerusalem-713b27e7e4132849", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Dushanbe-7206f4575066d8b5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Sakhalin-722044944ad58575", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Windhoek-722217af7e61be0e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Bahia-Banderas-72bbfbf43a13bdfd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Norfolk-72bd1bf6a1f8325a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Arctic-Longyearbyen-734f0946a03d7707", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Asia-Yekaterinburg-7354ff083fb2caea", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Anchorage-7366e6a01808526e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Jerusalem-7375efccc3679997", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-zone.tab-7439d6928726b505", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-leapseconds-7481b9a678cfb593", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-Argentina-Mendoza-749cbcc52c60375e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Porto-Acre-74a1c70f5b7de613", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Atikokan-74c4ec0cba7629ee", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Malta-74fcc1b62422ba79", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Famagusta-75275687a666710d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Ulyanovsk-760e015bda49528c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Africa-Khartoum-762dee584417a829", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-Argentina-Ushuaia-765160302ae1e137", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Lima-76c0c45bbfc61e39", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-4-7730cbb1fd359e9b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Yakutsk-773da227ed26a95c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Argentina-Salta-7775c68823622bef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Vienna-77b6dbb3b0b69bc1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Jerusalem-77dec77de21ce078", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-CET-781ba5c6912c8771", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Guatemala-783ef47a4b6cc7c7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Pacific-Kosrae-7846ce6f1446a572", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Pacific-Bougainville-78855593e2583a9e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Amman-78a9c1310740c8aa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Hermosillo-78ccdae019d28585", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Monrovia-78f5d71f306ef4ce", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Jayapura-78fcf48c6bbbb712", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Gaza-79077984a7a6c0be", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Juneau-790fa2b99a8abe0b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Casablanca-796657e2d7cc9dcf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Porto-Acre-797ef78fce0668f0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-iso3166.tab-798f2ecf54223fbe", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Pacific-Efate-799f8d5301678c96", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-America-Argentina-San-Luis-79a942968674b495", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Halifax-79b1a23ae343c28d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-Argentina-San-Luis-79bced351aedbd0c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Tokyo-79f74fce7309437f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Pacific-Enderbury-7a1210001590214a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-America-Argentina-San-Juan-7a903f7a2c9d5ba9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Famagusta-7ae7878adef825f3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Africa-Sao-Tome-7b0126f480a1d35a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Anadyr-7b07abce48102625", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Bogota-7b2ab2deee4bf264", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Hebron-7b4af5d654131a8d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Omsk-7b73295968c5c5b6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Macao-7b7d0bc6cc970d9d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Aqtobe-7bdec1c6f9ad7660", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-America-North-Dakota-Center-7c03028642527858", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Baku-7c204caa0f4f162d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Boa-Vista-7cb88702cda86e95", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Kuala-Lumpur-7cd97aee09ee2a47", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Creston-7d23b4abca3bf0cf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Indian-Chagos-7d27e81560137a98", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Macao-7d447b2ce9446c96", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Manaus-7d5d839b76215ad9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Gambier-7daee65cf4a04418", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-4-7e295ef0c947ca85", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Paramaribo-7e585fce630f1e19", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Kosrae-7ead89c2b331912b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Niue-7f11aa76fb1d8e80", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Metlakatla-7f2410592e4e0a98", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Asuncion-7f9562764d10c0b9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-America-Boise-800aa6d1893bdd9e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-Kentucky-Louisville-801d2a76dc576570", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Irkutsk-8048172bf741c0f9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Coyhaique-807df220f5b72e03", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Kiritimati-80b12f5602f95d7f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Africa-Blantyre-81ab02364bf1f697", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Enderbury-81b79f4927e50813", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Bratislava-8211995d747ee077", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Omsk-823bd205cf39249a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Norfolk-82bdd4a41a73e93f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-Argentina-Rio-Gallegos-82f885559c79e03e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Dubai-83090e6d3da79b8e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Hermosillo-831849ec1a38a628", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Noronha-831f0664c5476a76", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Magadan-834807d11e38bf7d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Bangkok-8369533c70045307", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Whitehorse-83cd44460d30719d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Edmonton-84289022f58576ce", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Asuncion-84989d803046a4cc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Seoul-84d8c27f9fc6385d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Almaty-8521e77186536070", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Anadyr-85439c400bbc86d5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-America-Thule-85e8535fbb307dd2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Noumea-863e3e46bb44ff41", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Pacific-Kiritimati-86462bf7cfae9fca", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Damascus-86808dddd6ed4312", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Atlantic-Cape-Verde-8697e4a748fbd08f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Tongatapu-86b1760d0094da18", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Ndjamena-86d26aeda90b4234", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Matamoros-8750144d13781f83", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Creston-87a32bf8148754ae", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-7-8822a65fabe47778", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Tegucigalpa-88f0454222a38655", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Africa-Monrovia-891be320c08c7dcc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Damascus-89257e7dc821cd7b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Pacific-Norfolk-893640ffaadb3fd7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Coyhaique-8979cba7762ce8f1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Samara-8a0f58a73f65f6b8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Scoresbysund-8a4a91898f4982f7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Montreal-8a8d315146c83b5b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Managua-8abee6515b5f03b5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Africa-Cairo-8aca294312e655c7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Tongatapu-8bacd41007b5e109", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Argentina-Salta-8bdfa32e69de48fa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Danmarkshavn-8bed8fda8c543629", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Srednekolymsk-8c8ab4bea52abb5b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Mazatlan-8d2a9e70b1763d0f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Australia-LHI-8d77a21b60654221", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Minsk-8dce2c711372eb31", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Argentina-Jujuy-8ea257eac59089ca", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-America-North-Dakota-Beulah-8f7068be9c87455e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Casey-8f71ccf80b2ad19b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Indiana-Marengo-8f79201038155384", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Resolute-8fac2a05f0ced3b9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Nicosia-8ff5c8f99542c1c7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Pacific-Kiritimati-90771ac81ab468b8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Andorra-909799b37a21942e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Arctic-Longyearbyen-909c114e91953fa5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-5-90d2820f5da684dd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-3-91327d43c35f78a6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Choibalsan-91442d4b20abbb1f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-7-9168bad0b03ce195", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Anadyr-9188cae0e2d7e66c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Asuncion-91904eed74ebab7c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-9-91a6a39db5404ccc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Monaco-920898bb95373af4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Rangoon-926b2a78a71c5bdd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Montreal-92b007f40eddfeb5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Pacific-Palau-92cfdd5827806bea", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Vostok-932e0a15f794d6ea", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Busingen-93a77504158cd24d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Cuiaba-93e44073edf8bfa8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-Argentina-Cordoba-9447ec7fc9baea14", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Samarkand-947292ead3b1c9f5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Indian-Mauritius-948a7edf6e965ad2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-NZ-CHAT-94958ba44fa043aa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-New-York-949f877ffcc782bd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Miquelon-94d8f29154035f0e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Lisbon-94da58a2c071562e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-3-9583da24d1cf6bdb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Oral-9621ef6c92b03c21", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Amman-9623aead673ec6f5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Africa-Khartoum-967e3a10ec37458f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Ensenada-96c7c4394fb89eb7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-971b147bcac60dc4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Australia-Darwin-9794c76a6eab5ba0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Colombo-97ed177bcc7d9709", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Sakhalin-97f3937e1790735c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Midway-980393f7bdf1e927", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-98e838ae849e045b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-6-98fb9bceea211a42", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Africa-Tunis-996f559bdbcdf702", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Antarctica-Davis-99aca4dbfb4ccfdb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-1-99ada4e07c31c653", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Nicosia-99b2bdbf14ff57d8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Sao-Paulo-99c5c1db23551e10", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Atlantic-Stanley-9a10afe86413fe1b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Tunis-9a76fb50afdcaa0e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Vienna-9aae9fa192834b5f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Aqtau-9aed0a30b0b87a05", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Astrakhan-9afaa370e1493930", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-Argentina-Tucuman-9b647f55ebb0b60b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-9-9c17adc7a7394b19", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Atyrau-9c27a24c4e4022cf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Samarkand-9c5a7e6750b42fe2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Qyzylorda-9c820b6005b1fd42", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Mazatlan-9d50067b8f8ca339", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Thimbu-9da0d06e1fcead8c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Atyrau-9da9e525e01ac96a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-CET-9e2ad02256d0b761", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Mexico-City-9e4be64056e719aa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-El-Aaiun-9e8d2102ea28598a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Fort-Nelson-9e8e0dcd6461e814", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Caracas-9f0583310b4acb5b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Atlantic-Madeira-9f207aa74c31f0b8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Tomsk-9f2344594005c427", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Port-au-Prince-9f28d3c8d4d5de91", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-Argentina-La-Rioja-9f31d5e035978451", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Chisinau-a040004dfdfc4b8f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Gaza-a07326b416b47314", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Menominee-a09763c9eea2c126", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Qostanay-a0e0fb0ab31ce0e1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Busingen-a0e66e6c4fdddb35", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Cuiaba-a0f2d7770002fb9c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-10-a0fa56c69164af96", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Ulyanovsk-a179fa54cf5c4c26", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Antarctica-Mawson-a183734120280e91", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Atlantic-Faeroe-a1df52b82f376959", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Indiana-Vevay-a1f9e28be9e1515a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Warsaw-a2ed9481b9ffb2f0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Costa-Rica-a318b559e8ec5e01", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Baku-a41093a0e71bc7c5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Vilnius-a446144c2a8db246", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Eirunepe-a4f511e1a2654e3c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Mexico-City-a59b7b888d5b4655", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Indian-Kerguelen-a5d6c087f1ce0421", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Barnaul-a64a0b29550b0350", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-6-a6a2bc1498452340", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Chongqing-a6d8fd571d0c2a85", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Juneau-a7047fe6e2fe36b1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-CET-a7395e2e631fe286", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Halifax-a8012fc33e8f27f8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Atlantic-Faeroe-a80940ed5b5ba2cc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Riga-a80c7b5ed6f75459", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Goose-Bay-a82580e6f79f5ff5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Indiana-Winamac-a8c22c4c598830b6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-7-a8f39bbe81d9520e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-leap-seconds.list-a9190084e3644c0e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Mazatlan-a94c967281cc09b1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-Argentina-Catamarca-a9fee61f29c681de", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Menominee-aa7c6fe4e206bc29", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Omsk-aa8af4fed1af33d2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Hebron-aaf8680b8bfcb498", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Gaza-abb8a442c65a8e3d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-4-abd2c8452b9b1897", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Atlantic-Cape-Verde-ac38ff5072279c22", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Guayaquil-ac44cca1e7a44914", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Noumea-ac44ce4edaa057c8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Pacific-Apia-ac704fff8d045cef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Ciudad-Juarez-acaf22218730a5df", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Indiana-Knox-acdc2927b4f053b0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Magadan-ad6d58d932f042d8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-Argentina-Ushuaia-ad88d08f39df0077", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-11-adba9de770a57ed4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Africa-Cairo-ae535b182d40b06e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Rankin-Inlet-ae752373b648ec23", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-New-York-ae8194cca135c514", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Recife-aea59607411935a9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Funafuti-aeb4b9efd34fc302", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Kamchatka-af2692a760bcc3d7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Yekaterinburg-af2f85e92c305a99", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Indiana-Vevay-af4a7dc03fc61093", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Managua-af628877550cb038", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Inuvik-af64189d59f68a6c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Syowa-afd4814904e23921", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Dacca-b0545a2e8bf99f5a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Aqtau-b0b15fae3ce98719", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-Antarctica-Macquarie-b0ce1cac5c29fc5c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Bahrain-b0e384f6d27da550", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Antarctica-Palmer-b0f960fcd690076b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Juneau-b0fa9cbd276df6bd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Novosibirsk-b1a17607f30e3edf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Yakutat-b1bc1a2041ffcfa5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Indiana-Vevay-b1c6be64f1598066", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-tzdata-tz-art.html-b1d2358a79ff3e1f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Mawson-b22d792fc4fc1316", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Costa-Rica-b2853301acd2fdab", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Africa-Juba-b2cfd17a18d5a1bd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-2-b2e4e38ed8791f04", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-1-b2ebeea47dd5475f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Arctic-Longyearbyen-b2efc539cf50ff1e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-1-b30ea32dd3503666", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Australia-Currie-b31d04042b9abaf5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Irkutsk-b32984eb37225c93", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Factory-b350ce7ab7810a11", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Yakutsk-b3b0e2f90433506e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Barbados-b3ff2a61ff5b4796", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Africa-Bangui-b426a0890ba8c900", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Ensenada-b47ee08b9c7d4905", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-tzdata-README-b491273c5071c377", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Matamoros-b4ccccec0713b3e6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Atlantic-Canary-b4f91d8034801ec4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-America-Nome-b527118fa63d4dce", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Australia-Perth-b53344cb3ffb3226", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Antarctica-Rothera-b567b01303e388da", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Fiji-b57a36a92b5eb980", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Danmarkshavn-b57e758310e08e08", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Manaus-b58b430e813e1e19", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Iqaluit-b5b43a537b956807", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Calcutta-b5e862a573d7ed9f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Oral-b6134efb4ea8a235", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Antarctica-Vostok-b678bb63d669a6a1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Australia-Currie-b6b2b2ff2c14c4f7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Merida-b6d69186fa08c51a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-2-b6e3181a3e6614ee", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-HST-b6f45f1dbbc5ee47", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-North-Dakota-Beulah-b73e44fe1c60ab9b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Antarctica-Troll-b79fe7da5b4023c6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Metlakatla-b7f83def08194949", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Menominee-b7ff261fe1222dc9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Chita-b8952e82b53fd6c8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Ciudad-Juarez-b8afad39a9ebfd7c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Chicago-b91225324d6263a0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Andorra-b92545c8f9a22670", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Australia-Darwin-b941d058a9e60caf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Pacific-Rarotonga-b94bacb68e7641d6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Africa-Sao-Tome-b97a7a2f3fbf4c36", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Lisbon-ba21fd1aa2af3853", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Cuiaba-ba42caa71e93d958", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-America-Argentina-Catamarca-ba53573b9cfd0fcb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Ho-Chi-Minh-bab9e9f85c79c245", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Astrakhan-bad99f1041412d06", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-10-badb4b2cb912dd47", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Hovd-bb847c5ee50cdda3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-America-Boise-bbb1f2b3570b915e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Bahia-bbc47973b9d50f9f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Monterrey-bbd67870ff51785b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Eirunepe-bbd8826fbc7d4c0b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Pacific-Nauru-bc1dc5a11617ff3b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Miquelon-bc4114dabf5c1926", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Palau-bc7a57e20262ee4f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Tallinn-bc8d998b99a817ae", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Guayaquil-bd312d7e54bbf346", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Warsaw-bd9dbbf07eac4f97", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-NZ-CHAT-bda3f09d4ce029a2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Guatemala-be051504c746aade", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-La-Paz-be1fb51e4d61dcd6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Yakutat-be5bb17b40fd50c2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Danmarkshavn-be96d0167c0ac1f9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-St-Johns-bef62ea9048f0f45", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Cambridge-Bay-c0252d612386b659", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Pacific-Tongatapu-c10ae445b88bd9c2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Andorra-c1243c1120ba7c56", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-8-c1c398fa2c623ea8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Pacific-Niue-c276e24691787eff", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Khartoum-c2a8edf6c75a67a6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Tbilisi-c2f4ae12b0131be4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Atlantic-Azores-c3326ed61922a612", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Coyhaique-c38520c3d5cfe803", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Anguilla-c3b81e97789af4f1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Atikokan-c52ed71aa894aa39", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-Argentina-Tucuman-c63555534c04dfd9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Jakarta-c66466b6e18873a5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-Kentucky-Monticello-c67e353ca5e7bbeb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Yerevan-c69343349cab865d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Iqaluit-c6c2b5321e7e8d16", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Manila-c6d0dd5d4cf5c061", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Pacific-Fiji-c6de8cfabb0d2d20", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Edmonton-c6e59beebb7b1c28", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Ho-Chi-Minh-c709cc0873ef5444", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Hebron-c7583b1a24cdbb05", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Simferopol-c817df2401644d95", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Paramaribo-c8310a6caaf65f94", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-4-c89f38590453da25", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Australia-Brisbane-c8e1ea9e021b8c14", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Brunei-c8ee22b893a72c95", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Manaus-c9676d8f122f5c89", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Pacific-Bougainville-c985cb2dc1a169bc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Malta-c9d4c510e981e36d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Addis-Ababa-c9f88fd6c52d991f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Fort-Nelson-ca000ca372e4d431", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Belize-ca05fe3e6305beea", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Kuala-Lumpur-ca1e99cc58ec3d45", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Rome-ca432ae695acaa61", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-America-Argentina-La-Rioja-ca71f5553b5d6b00", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Ashgabat-cabaebda56dc9639", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-4-caf0ea4d1eb037ab", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Kabul-cb22050893636562", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Martinique-cb5ca6e7813dea77", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Asia-Srednekolymsk-cb7e4d427ef498c2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-America-Kentucky-Louisville-cb8e9eb83e52c3ea", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Dubai-cbb0ce76dec7a451", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-8-cbf72f5b9543b190", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Pyongyang-ccc7cbc8cf1cb1bb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-America-Belem-ccf81edcc32a4f29", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Fort-Wayne-cd4926f945491db3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Beirut-cd5cef0f0e983751", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Yakutat-cd64b079efb31e36", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Dawson-Creek-cd840c892dbec610", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-America-Argentina-Mendoza-cd9b726fe5f144e5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Campo-Grande-cdb7c18c637626be", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Australia-Lindeman-ce26ee87860739cc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Africa-Ndjamena-ce3dfe4995c8f24f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Fort-Nelson-ce5074f2b7cd35e5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-11-ce9e052bb4f505ea", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Chihuahua-ce9ff7ae1a540ba3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Metlakatla-cec5d92d2742b191", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Antarctica-Palmer-ced3c624b6bc6637", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Africa-Tunis-cf7f960b881084d1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Cancun-cfcf3b57eca8267c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Choibalsan-cff69e2dbc82f86c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Dubai-d02947be782f9df4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Jayapura-d033123020293d3c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Tirane-d056db3910810802", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Belfast-d0e7561284493ba4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Apia-d1bfaa52e4bebb5c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Indian-Mauritius-d1c10e34d3aafde3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Sao-Paulo-d1c1756746a5da30", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Australia-Perth-d21755e322b75c3f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Sofia-d229438e006fa531", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Tbilisi-d2b2ca8e16fefbdf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Bahia-Banderas-d306fdcd238494dd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-tzdata-tz-link.html-d31a81ab8db21c1e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Asia-Pontianak-d33f966ebcd34c24", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-America-Argentina-Cordoba-d34abf13f23fa547", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Boa-Vista-d34cf2a21c861c20", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Saratov-d35cc7feb6820a60", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Makassar-d3868b101b37c63b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Araguaina-d3edd44f6865e2b6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Paramaribo-d4614fe385f00f79", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-La-Paz-d477339a413ab91d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Noronha-d4d597f6762866c3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Dacca-d4e57dbd2e2c4a50", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Warsaw-d5106c46a9567f39", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Busingen-d527689295f8a310", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-UCT-d551f7fcc01926ec", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-tzdata-NEWS-d582b81e5c24dbe2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Cancun-d60a955930ff4a3f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-EET-d67ac102d34d7339", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Scoresbysund-d6f4c046a9800974", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Tashkent-d6fa85942ba9725e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Kirov-d705fc609541cf5f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Pacific-Galapagos-d755b234f0f5e121", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-America-Lima-d759c5b545415d1d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Europe-Kaliningrad-d75f7a1687554234", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Guadalcanal-d7982316838b14d5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Gambier-d7c5fd0bd56e8a21", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Pacific-Fiji-d8442b79c9bb211f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Minsk-d93c522207cbf1bf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-New-York-d97d6872449d4e6a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Regina-da2575a45478ba4c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Campo-Grande-da56e399ea6614c0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Swift-Current-db3b41478abd19c9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Santarem-db9ed6006ae2095f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Australia-LHI-dbc117de4035649c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Kwajalein-dbdc3b07da2deabb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Tegucigalpa-dbf2cd9405019f59", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Madrid-dc2b397038a0500b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Bangkok-dc37220cbb44f0d2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-Argentina-San-Juan-dc9f06d4ba7b9f7c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Australia-ACT-dd7c01fb057a54fc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Chicago-dd83a8010444a199", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Bratislava-dd8aa6a155f509af", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Helsinki-dda9eee877f7aecc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Bishkek-ddf4a0d970493a4c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Pacific-Guam-de70877551d180b8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-df34fa3daf0ac99c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-Antarctica-DumontDUrville-dfee78d6cc699226", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-1-e0797c1b8a059c87", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Europe-Gibraltar-e0ede8868e534771", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Detroit-e10bb262a37a0d1a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Barnaul-e17549bc40721333", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Tripoli-e187e467e11bb275", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Bucharest-e1ede9996d1494c2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Tahiti-e2295f10ac3fcc40", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Godthab-e26f98fd4ad10e74", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Vladivostok-e32f01816e708557", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Beirut-e366832f15f000fb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Pacific-Gambier-e3be249111356540", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Indian-Kerguelen-e3cc6d32a56f65b7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...America-Argentina-Rio-Gallegos-e3f08a267b684227", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Rankin-Inlet-e4284902313b756c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Australia-LHI-e46d52a77ffd2012", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-6-e475ca363045a9d6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Havana-e4917ad7e3741dd9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-5-e4a6f4a56ddcfb16", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-Argentina-Catamarca-e5b54b73ef3461ad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Lisbon-e5b5caa8f8fc650a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Samara-e64353ec62870cf0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-10-e6730eb41efbdecf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Port-au-Prince-e679befc0207bb79", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-1-e75e96a04cbc7bad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...posix-America-Argentina-Mendoza-e7a70bbb02e6931f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Bangkok-e7bbcf8faecb67e1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Santiago-e7bef37a1e89212c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Atlantic-Canary-e7e899b1ce982e9c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Hong-Kong-e930291958ab98ae", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Africa-Blantyre-e9a7daefbb8b52fc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Rainy-River-e9aee5bc271dcd1a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-Pacific-Bougainville-e9b0a023122242cd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Baku-e9d853b7613e991d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Glace-Bay-e9f26b2889649ba5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-12-e9f47ff9032019c5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Adak-ea0f3b8bf78643a2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Hermosillo-ea46ed9196f3d64d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Europe-Kaliningrad-eacd3bb0a1f85734", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-Africa-Johannesburg-eafe51e1e824cc94", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Europe-Budapest-eba681381951981d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Damascus-ebdf0273c85b7f11", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-7-ec0a17f08b1c7038", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Ashgabat-ec2603cc92b83da1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Dawson-Creek-ec55daf0b0767148", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Tomsk-ecf9f03cf839599b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-12-ed031e2497e62995", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Rarotonga-ed3622667116df82", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-5-ed6e7e869c1525c3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Almaty-edd8438e8eab25c7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-Argentina-Cordoba-ee089b91a7005898", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Etc-GMT-2-ee1f0d09827619d5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Vienna-ee42227bc84df0ea", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Rankin-Inlet-ee5d12e425b2a4f6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Colombo-ee9fd2a420997207", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Belgrade-eebe74989742d15d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Cairo-eef0a08628daad13", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Dawson-ef3d410ae8f703b8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Bangui-ef4b2ad66ec4cf22", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Montevideo-efd33b0c03f7f2d1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Monterrey-f024214f6c82dc25", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Qostanay-f03b09dbcd6e79f9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Pacific-Enderbury-f049ddb3599ce35d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-America-Sitka-f07efa25045dc460", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Pacific-Marquesas-f08e65df79237a22", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Denver-f130723512533721", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Rainy-River-f13a66478d1d4f7f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Fort-Wayne-f17c51d39cbe85b7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Asia-Brunei-f184a8de6446ce39", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Etc-GMT-6-f1956bd1a3691380", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-America-Sitka-f1b33c0757415541", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Makassar-f1dd28afef6d6466", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Europe-Helsinki-f225389200f0e315", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Inuvik-f232ff6f62af2a7b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Africa-Blantyre-f27d0499d3b1c954", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Rome-f297d7e288331d68", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Madrid-f2d3cfaacbb01880", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Africa-Addis-Ababa-f2d63fcbed1ebf04", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Khandyga-f3259f345ccd3b65", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Cancun-f385e92015c773bf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Chita-f3cd5fc16ded8e9f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Chihuahua-f3e2614697a555d3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Denver-f3ee23e99741aee9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Africa-El-Aaiun-f4063f58b813e126", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-Pacific-Marquesas-f42ed6977c96b3f6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Atlantic-Madeira-f477ad75112e2997", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-America-Indiana-Vincennes-f5a1cbbac5704326", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-NZ-CHAT-f62c57c5ad5fd2a6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Guayaquil-f63f6f85c3f220a3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Makassar-f6488689362ca2d1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Indiana-Marengo-f6e3d69d53a65a0e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Boise-f6f403ed0f9f3203", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-right-Europe-Kiev-f6fd23d435484c92", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Resolute-f742ec86d0af67ef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-America-Maceio-f754203069453f64", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Moscow-f78d3bb4be66b75b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Argentina-Jujuy-f79fda36a0e19923", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Guatemala-f7a89b46185949c9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-North-Dakota-New-Salem-f887330ad2508114", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Pacific-Palau-f889562e18d25a1a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Cambridge-Bay-f895d61410f55511", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Krasnoyarsk-f8e012ae6fbc2748", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Santo-Domingo-f98ad82667182c2e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Ensenada-f9a9c4bb9f9dbc98", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Goose-Bay-f9fb5ff594c9fda7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Mexico-City-fa1a0ca8233565f2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-HST-fa4e8eab62182cad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Samara-fa730dd75d64d5a3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-Atlantic-South-Georgia-fb61b3c1d01776f4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Colombo-fba5531118eb4f00", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-America-Cambridge-Bay-fba6ced282174415", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...right-America-Argentina-Buenos-Aires-fba85d57dfe36e70", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Etc-GMT-6-fbb68aefc6ca041b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Montevideo-fc2d9d293f0e545b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Jamaica-fc2e43f73453940e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-right-America-Swift-Current-fc3b98a8f6d637fb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-posix-Asia-Novokuznetsk-fc4b946bb5757bb5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Europe-Riga-fcef089df6ff596a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Regina-fd29287444e98f95", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Havana-fd82b327989fca18", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Whitehorse-fe7a4a0368fdcf2a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Qostanay-fe919bc0bce64ff9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Cayenne-fedcac4633f1430a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-posix-Asia-Tomsk-fef4f22ce4e0a641", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-Australia-Broken-Hill-ff3491878d8985ba", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Asia-Hong-Kong-ff72e7d686c2154d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...zoneinfo-posix-America-Indiana-Knox-ff7c90f720c54752", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-tzdata.zi-ffa40bf00111bcc1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-America-Detroit-ffd04305e07a420d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-usr-share-zoneinfo-Eire-ffd566d34fc1d2f9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-...share-zoneinfo-right-America-Ojinaga-fffd5cb4f74e83f6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-ng-a3aa75d8273e1cac", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libdrop-ambient.so.0.0.0-873c917cafce7f50", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-ng-a3aa75d8273e1cac", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libcap-ng.so.0.0.0-874052fff98a4177", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-ng-a3aa75d8273e1cac", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-libcap-ng-COPYING.LIB-98fcd3e601d40fd1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libyaml-a495c2a7de1ac993", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libyaml-License-05062048799b19bf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libyaml-a495c2a7de1ac993", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libyaml-0.so.2.0.9-4958c0305cc0c1c1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-gnutls-AUTHORS-09778ad4d5c0d6cc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-gnutls-README.md-58756d9f36396527", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-gnutls-NEWS-72fed51334ae231b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-.libgnutls.so.30.37.1.hmac-7846d632fac88d93", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgnutls.so.30.37.1-9664c43dc87b8ed4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-gnutls-THANKS-a04110cf28fb5340", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-gnutls-COPYING-bcaf00ba173110fe", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-gnutls-LICENSE-d0738c4e72c4921b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-gnutls-COPYING.LESSER-d68d8112761d584e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libassuan-a799ab1600e49872", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-libassuan-COPYING.LIB-177ad30b4dd8175d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libassuan-a799ab1600e49872", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libassuan.so.0.8.5-20166f892a70cb1d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libassuan-a799ab1600e49872", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libassuan-COPYING-97780ed7a4226be7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-DBusGLib-1.0.typelib-0ddc9dba708b678b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-libxml2-2.0.typelib-18cf06d4abbb39ce", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-Vulkan-1.0.typelib-1a3133d2f0305784", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...licenses-gobject-introspection-COPYING-21aedef33c6a13c9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-DBus-1.0.typelib-3203fde87778c9ed", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-xlib-2.0.typelib-32a0c00ecef8529c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-GObject-2.0.typelib-47daa9b0930ea0f5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-xfixes-4.0.typelib-67c5ab204d910f75", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-freetype2-2.0.typelib-7ab7f3522d309852", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-GModule-2.0.typelib-838664dccf164d17", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...lib64-girepository-1.0-xft-2.0.typelib-85e93a42c71df820", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...lib64-girepository-1.0-Gio-2.0.typelib-8a3d13c3ee10bc95", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-xrandr-1.3.typelib-9e393ba47e750cde", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...lib64-girepository-1.0-GL-1.0.typelib-a6ecbe53b00c0170", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...gobject-introspection-COPYING.GPL-a9674222eadcd7f2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-GLib-2.0.typelib-bf0b590157599e95", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...gobject-introspection-COPYING.LGPL-c5fd943acd121228", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-win32-1.0.typelib-c6783499aa12b204", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...GIRepository-2.0.typelib-c9e7cc7fd09f7054", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...fontconfig-2.0.typelib-d9ff4f32eeb17c6b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgirepository-1.0.so.1.0.0-e69d26bcb0a24e1b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-cairo-1.0.typelib-ec87058761e8948b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libksba-b0dd457df676ceac", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-libksba-COPYING.GPLv2-025702a1e5b63e69", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libksba-b0dd457df676ceac", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libksba.so.8.13.1-1e29db6133907052", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libksba-b0dd457df676ceac", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-libksba-COPYING.LGPLv3-1e41d52c1fd496c7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libksba-b0dd457df676ceac", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-libksba-COPYING.GPLv3-50368cb4892a7855", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libksba-b0dd457df676ceac", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libksba-COPYING-ab7413a242ae644a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpcprofile.so-023549e866ed57ef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libnss-compat.so.2-076c827c3f1dc44e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-glibc-COPYING.LIB-0c6263baa58699ee", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-ANSI-X3.110.so-10db71b631af3760", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libBrokenLocale.so.1-13a9f52f69916435", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-UTF-7.so-148a25b1c2d99bc2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libmemusage.so-164c9dcdd18d1fc9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-...libexec-getconf-POSIX-V6-LP64-OFF64-1716d1a69e4531ec", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-UNICODE.so-2990c286d4a80ee1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-etc-ld.so.conf-32ec75dedc8ed09d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-ISO8859-1.so-367d12ccb8f871f1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-UTF-32.so-3d05d8fb200663bd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-glibc-COPYING-4c3362aa50faa23f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libdl.so.2-6310624b78c38417", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libnss-files.so.2-640d7278e8974c51", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-iconvconfig-64575dd9d0be23a4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libresolv.so.2-664d277def349e86", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-UTF-16.so-6e1ba648d2b11550", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-glibc-LICENSES-6e267a1855234be9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-ldconfig-7536453ef2a26c46", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-etc-ld.so.cache-76f1c9985254e2be", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libc-malloc-debug.so.0-7907305384f2540e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libc.so.6-898c7000b5881f61", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libSegFault.so-8dcdbc2daec313fa", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-ld-linux-x86-64.so.2-9195ac6a4e9b45d6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-ISO8859-15.so-9679b18dcdd53e17", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-audit-sotruss-lib.so-99df092f7bb8222f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libm.so.6-9c5b99a9203f7dc7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-gconv-modules.cache-a536ab71c04de1d4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libanl.so.1-a6f9568da893cbea", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-gconv-modules-ac52326c6010ee90", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libthread-db.so.1-ae3fc97113fbe7ca", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-librt.so.1-bf18eec22303c1b8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libnss-dns.so.2-cb11cdc4189fc7fb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libmvec.so.1-cc6fde5122ccb21c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpthread.so.0-d19d670da6254e2f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-etc-nsswitch.conf-dcb109d4616daae5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libutil.so.1-e4935d5aa0ba62ff", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-gconv-CP1252.so-e71a752222ab1cf0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-etc-rpc-eb199925a99265ef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-var-cache-ldconfig-aux-cache-f7b1ca91de4b87e3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-libcap-capability.notes-0f0ce024c81213be", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpsx.so.2.48-1897bbb4f7efd63c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libcap-License-1cb31a5be70c0358", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-capsh-34f8467e3a606deb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-getcap.8.gz-508f3556caa1e8ec", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-capsh.1.gz-55feb480571762d8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-security-pam-cap.so-6e696beaf5a6f45a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libcap.so.2.48-7b4d7d0f77ce8dc2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-getpcaps-8a707565ca91434e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-getpcaps.8.gz-ae8e6fdb3bff5894", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-setcap-b0a10e424e7b1086", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-getcap-c1427ebe890dcc80", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man8-setcap.8.gz-d8bdde81208a0a93", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libmodulemd-b47dd00953817b05", + "relatedSpdxElement": "SPDXRef-File-usr-bin-modulemd-validator-026e9bfa4e973170", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libmodulemd-b47dd00953817b05", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-Modulemd-2.0.typelib-27ae868c8ec36403", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libmodulemd-b47dd00953817b05", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libmodulemd.so.2.13.0-88ecb7a06373bb64", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libmodulemd-b47dd00953817b05", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libmodulemd-COPYING-df99bd0ce5d10c31", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-krb5-plugins-tls-k5tls.so-001812e01c9af599", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-krb5.conf.5.gz-0c15dc319b7ac053", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libkdb5.so.10.0-142bc36112f14a35", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-k5identity.5.gz-396f3170300f5eac", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-DEFAULT-krb5.txt-3f42f7a518ff9cd2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgssrpc.so.4.2-40cfbade72a94901", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-etc-krb5.conf-485cebdb5c8d2a32", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-.k5identity.5.gz-55ae2bfbc993fb90", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libkrb5support.so.0.1-65c571a404e6bbe2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libkrad.so.0.0-6a6b8cc19b094b2c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man7-kerberos.7.gz-6dd72dec86149806", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-.k5login.5.gz-6ee3a0391f2a137d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-k5login.5.gz-7dc959edf743cd9a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libkrb5.so.3.3-810479e6a3eae050", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-krb5-libs-NOTICE-a123f7eee70c72eb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-krb5-libs-README-bfcafeb6183520a2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-...lib64-krb5-plugins-preauth-spake.so-d36ea61b0f7b6a70", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgssapi-krb5.so.2.2-dab0f87cf2057742", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libk5crypto.so.3.1-e66eb4f8be4409fb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-krb5-libs-LICENSE-f11be3044d82d8b0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-lua-libs-b9930935983f5330", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-liblua-5.4.so-f18c9f92057ac960", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-...share-doc-cyrus-sasl-lib-setup.html-14a117e88aabf24b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-...share-doc-cyrus-sasl-lib-support.html-348d1f812826c9f4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-...doc-cyrus-sasl-lib-developer.html-3ba77e6bd881631f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-...share-doc-cyrus-sasl-lib-search.html-479cbc92a7a36509", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-cyrus-sasl-lib-COPYING-524d8032f81017af", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-...share-doc-cyrus-sasl-lib-download.html-636f619f9c1536be", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-sasl2-libsasldb.so.3.0.0-67d38e340f4577d3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libsasl2.so.3.0.0-7e81ec7a8f66c3ca", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-sasl2-libanonymous.so.3.0.0-86bf2ecd1788501f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-...share-doc-cyrus-sasl-lib-genindex.html-9e66ce4e0a6eb3cb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-cyrus-sasl-lib-AUTHORS-a2f54b1b196c86e0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-sasldblistusers2-a903dcfa92379f1c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-usr-bin-cyrusbdb2current-ac8c81ddb4590392", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-...share-doc-cyrus-sasl-lib-index.html-b50526e63108f8d2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-...share-doc-cyrus-sasl-lib-packager.html-c2da83b6c923127b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-saslpasswd2-d20220678434ab7f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-...share-doc-cyrus-sasl-lib-getsasl.html-d92702dbbda7e1c4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-...doc-cyrus-sasl-lib-operations.html-e5fec12d1cea722f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gapplication-06db0aac5cdcba72", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-glib2-NEWS-09b75c7c7656032e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gio-11302a785a1ce540", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgmodule-2.0.so.0.6800.4-1280ca8837f1e5f5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-...share-bash-completion-completions-gio-2d800e884032c615", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-glib2-COPYING-34f393bc80919207", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-...bash-completion-completions-gsettings-47a82969cc47629d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-gio.1.gz-47c400f5c24f856f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-...share-man-man1-gio-querymodules.1.gz-552d2c53a768d981", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-...completions-gapplication-558485814f2546ce", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-...bash-completion-completions-gdbus-63fcf5c880513783", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-gdbus.1.gz-77cbc96976386886", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-glib2-README-832a99d51bcc976c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-...man-man1-glib-compile-schemas.1.gz-887e3b3e646d1504", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gdbus-8b573813f1675648", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-gapplication.1.gz-9177b59dbe124c50", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgobject-2.0.so.0.6800.4-9992a8eaecbbd713", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gsettings-9a640bfc7a35e27b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libglib-2.0.so.0.6800.4-aa17c20def3d2ed1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgio-2.0.so.0.6800.4-b73ccb7a63516532", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-glib2-AUTHORS-b92d7f889edab03c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-bin-glib-compile-schemas-d6f141d5e13b0ae0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-gsettings.1.gz-d74bc027ece3129e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgthread-2.0.so.0.6800.4-d99f54c344ef6351", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gio-querymodules-64-f7346e98a83a716a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libpeas-bd201f1503e17989", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpeas-1.0.so.0.3000.0-196b545787abaf02", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libpeas-bd201f1503e17989", + "relatedSpdxElement": "SPDXRef-File-...girepository-1.0-Peas-1.0.typelib-81bbe926b6aead1e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libpeas-bd201f1503e17989", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libpeas-COPYING-8238f8f0844d48b1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcrypt-bdcb3bee3b1ed812", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgcrypt.so.20.4.0-64405ea653cfe62f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcrypt-bdcb3bee3b1ed812", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-libgcrypt-COPYING.LIB-afa1339ce3d11f25", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relatedSpdxElement": "SPDXRef-File-usr-lib-tmpfiles.d-libselinux.conf-87bcdfdfb15d3488", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libselinux.so.1-89115b1e9262abe4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libselinux-LICENSE-f41eeeb12e786c07", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsepol-cecb06c03b371de6", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libsepol.so.2-840c32fd3150949d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsepol-cecb06c03b371de6", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libsepol-LICENSE-de37ebc778a4b974", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcom-err-cf7d0f71948121ea", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libcom-err.so.2.1-3aa74c97ee3ced19", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcom-err-cf7d0f71948121ea", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libcom-err-NOTICE-96396d4d262bdabc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-pcre2-d52857c4436af57f", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpcre2-8.so.0.11.0-11d09b8e145a45b4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-pcre2-d52857c4436af57f", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpcre2-posix.so.3.0.2-225f79c9b0575a25", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-langpacks-core-font-en-d73e936743b685e7", + "relatedSpdxElement": "SPDXRef-File-...org.fedoraproject.LangPack-Core-Font-en.metainfo.xml-e98ab666782456f4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-nettle-d95be7a40dea16b9", + "relatedSpdxElement": "SPDXRef-File-usr-share-info-nettle.info.gz-04915934a2e73e28", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-nettle-d95be7a40dea16b9", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-nettle-COPYING.LESSERv3-4614cea04c46ab52", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-nettle-d95be7a40dea16b9", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libhogweed.so.6.10-59528e0c83849368", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-nettle-d95be7a40dea16b9", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-nettle-COPYINGv2-72c25efc2e6e63cc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-nettle-d95be7a40dea16b9", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-nettle-README-80154d44abd9a5df", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-nettle-d95be7a40dea16b9", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-nettle-NEWS-b38fb49ec7a7ad9a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-nettle-d95be7a40dea16b9", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-.libnettle.so.8.10.hmac-baeb2ef9e81c6f00", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-nettle-d95be7a40dea16b9", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-nettle-AUTHORS-d8440719a2647712", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-nettle-d95be7a40dea16b9", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libnettle.so.8.10-e6663d1e664c7729", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-nettle-d95be7a40dea16b9", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-.libhogweed.so.6.10.hmac-eb67df499c22e945", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-share-locale-locale.alias-0162f52421956672", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-bin-sprof-01e3295cf525038a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-PAPER-24b7a789ea1de86d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-ADDRESS-3a77f0eb2f121f92", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-bin-getent-402379cda2734cb1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-NAME-44461ef359eebd22", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-COLLATE-5a3f08ff2ba7eb83", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-...C.utf8-LC-MESSAGES-SYS-LC-MESSAGES-6492c40f18325b8f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-bin-getconf-64fe31773eb4999e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-CTYPE-74a5b79731824b85", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-bin-iconv-75601b8758c5c606", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-bin-catchsegv-7ac217344c32a4d0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-sbin-zic-879ec3ccb9c2d440", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-ld-linux-x86-64.so.2-9195ac6a4e9b45d6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-...lib-locale-C.utf8-LC-IDENTIFICATION-923c136f4c5de86a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-bin-locale-9c64a140bb800cff", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-bin-zdump-a9dcf0efdca030d9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-NUMERIC-ab10c6584b53de9d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-bin-ldd-ab68aceb1603e266", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-bin-tzselect-b436ec625d3e4637", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-TIME-bc498e83cc41964a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-TELEPHONE-c0765b8dd9f14fd4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-bin-pldd-c71625ca0ae03d90", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-MEASUREMENT-cbd26163fa70927c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-lib-locale-C.utf8-LC-MONETARY-cc81a1d8e7798571", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-bin-sotruss-da6893d8b64d3642", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-bin-localedef-fb7925b2ec23b7e9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gencat-fc282208ed48aa6f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-FIPS-opensslcnf.txt-0522bcec26e6a026", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-LEGACY-rpm-sequoia.txt-053bcf254f43a96f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-FUTURE-opensslcnf.txt-1044ecf2ad0ce2c4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...policies-modules-NO-SHA1.pmod-14f5ce0d98a90b87", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-DEFAULT-gnutls.txt-1d7fd03128d7e4d2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-DEFAULT-nss.txt-2065aab50b73cc76", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-LEGACY-libreswan.txt-29b57084e873a85b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-FUTURE-libreswan.txt-2cc560a83b80dd47", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-reload-cmds.sh-2db41ac88cdf8431", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...policies-modules-PQ.pmod-38ecd8c72b7eea92", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-DEFAULT-krb5.txt-3f42f7a518ff9cd2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-policies-LEGACY.pol-410c97f05ec8cc4e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-FUTURE-libssh.txt-44833f78acc30bc1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-usr-libexec-fips-setup-helper-4e0814ecba9a840f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-FIPS-gnutls.txt-4ee5f68b748edff0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-FUTURE-krb5.txt-4f619fe86f82aca9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-FUTURE-openssl.txt-51a16dd2240268af", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-DEFAULT-libreswan.txt-561140d4efe66e37", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-FIPS-java.txt-57dc34cef5fc7029", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...policies-modules-NO-ENFORCE-EMS.pmod-5903baac62ef6626", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...policies-modules-ECDHE-ONLY.pmod-5d0c649679feae87", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...policies-modules-SHA1.pmod-5e724ac7dc6c5896", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-FIPS-libssh.txt-60b3bbf1dc150e29", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-FIPS-openssl.txt-6595665567b15dfd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-FIPS-opensshserver.txt-65edcd9856a2ba28", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-usr-share-crypto-policies-FIPS-nss.txt-6cff7cc34969a538", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...policies-modules-OSPP.pmod-6e35e39585ba7d79", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-LEGACY-libssh.txt-72c4214de7eaf7c3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-LEGACY-nss.txt-72f663c04a0c56fc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-DEFAULT-opensslcnf.txt-7702c5c821e9f285", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...DEFAULT-opensshserver.txt-8380dd3e428b0f55", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-DEFAULT-libssh.txt-86552a9b61a01a58", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-LEGACY-javasystem.txt-869d689a25f2e1d8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-DEFAULT-openssh.txt-8711641c4e8bbd25", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-FIPS-rpm-sequoia.txt-878ecff90dec0cfb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-DEFAULT-java.txt-882e9fef471425f7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...modules-AD-SUPPORT-LEGACY.pmod-888b6b58afbd2377", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-LEGACY-bind.txt-8bf3176e21b3abc5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...FUTURE-openssl-fips.txt-8e3c16288ba60b3a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-FIPS-openssl-fips.txt-8e3c8bdb7f75bd5d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-policies-FIPS.pol-90ab5cddee596df7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-default-config-913208470fae46ec", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-policies-EMPTY.pol-9133809489ed5bd0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-LEGACY-openssl.txt-9197b3a790c9df93", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...LEGACY-openssl-fips.txt-9672f29db1784412", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-FIPS-libreswan.txt-9d3c270b586cf9e8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-DEFAULT-javasystem.txt-a38e5ca8cef6d8f6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-policies-FUTURE.pol-a392553ad2d8f3f6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-FIPS-krb5.txt-abe5d35fd9e4b896", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-DEFAULT-bind.txt-afdd73f093ebb639", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-LEGACY-gnutls.txt-b0484622aa727260", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-LEGACY-openssh.txt-b307e99b0bf1a901", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-COPYING.LESSER-b34e1538c9281ef1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-policies-DEFAULT.pol-b80049f0c6041e3f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-FIPS-bind.txt-b8bc1d0869ed022a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-FUTURE-openssh.txt-b8d925cbba552dae", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-LEGACY-krb5.txt-bb6f1a66cbc46ca9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-FIPS-openssh.txt-c102b34d4850f420", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-FUTURE-javasystem.txt-c5064e1c6b2b82fd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-etc-crypto-policies-config-c84674aa2b18f5e3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...LEGACY-opensshserver.txt-cfea9a73750a32b2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-LEGACY-java.txt-d1f527359f518a57", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...policies-modules-AD-SUPPORT.pmod-d876baa9427407a2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...FUTURE-opensshserver.txt-da0bddfcd645ebdf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...DEFAULT-openssl-fips.txt-da22838b523ebb31", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-LEGACY-opensslcnf.txt-db84aa46836bf358", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-etc-crypto-policies-state-current-dcff234cc54fd81f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-FUTURE-gnutls.txt-df6d8ed5a12429b0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-FUTURE-bind.txt-e70790cfb823b2ce", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-man-man7-crypto-policies.7.gz-e805870ce82f9ddf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-FUTURE-rpm-sequoia.txt-e911694cbc73fcea", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-FUTURE-nss.txt-eb3af61ac7994eee", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...DEFAULT-rpm-sequoia.txt-f2121e401df4d509", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...share-crypto-policies-FUTURE-java.txt-f72f9876da0bf51a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-FIPS-javasystem.txt-f807571eba875c73", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-...crypto-policies-DEFAULT-openssl.txt-fdd5ef7ec49ba6bf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcurl-minimal-dbb58be7b5652cc7", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-libcurl-minimal-COPYING-b0fa0980073d1886", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcurl-minimal-dbb58be7b5652cc7", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libcurl.so.4.7.0-fab1deefcb5e0964", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-langpacks-core-en-df5d3ce64e6dc98c", + "relatedSpdxElement": "SPDXRef-File-...org.fedoraproject.LangPack-Core-en.metainfo.xml-c3b61ebf351721f4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relatedSpdxElement": "SPDXRef-File-...DejaVuSans-Oblique.ttf-10e1abf320fef787", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relatedSpdxElement": "SPDXRef-File-...conf.avail-57-dejavu-sans-fonts.conf-1e810aa32799dda1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relatedSpdxElement": "SPDXRef-File-...dejavu-sans-fonts-DejaVuSans-Bold.ttf-4ec017684ca0701e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relatedSpdxElement": "SPDXRef-File-...DejaVuSans-BoldOblique.ttf-68a7a1aecef0f0bb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relatedSpdxElement": "SPDXRef-File-...licenses-dejavu-sans-fonts-LICENSE-82c2c4328ac0b8d1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relatedSpdxElement": "SPDXRef-File-...DejaVuSans-ExtraLight.ttf-8f422b316d200560", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relatedSpdxElement": "SPDXRef-File-...fonts-dejavu-sans-fonts-DejaVuSans.ttf-b23178d125545f49", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relatedSpdxElement": "SPDXRef-File-...DejaVuSansCondensed-Bold.ttf-b6ef71dfaf54dd21", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relatedSpdxElement": "SPDXRef-File-...org.fedoraproject.dejavu-sans-fonts.metainfo.xml-be8b1ad0cdc10508", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relatedSpdxElement": "SPDXRef-File-...DejaVuSansCondensed-BoldOblique.ttf-c3d987af03b2c23d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relatedSpdxElement": "SPDXRef-File-...DejaVuSansCondensed.ttf-e03106a16175f05c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relatedSpdxElement": "SPDXRef-File-...20-unhint-small-dejavu-sans.conf-f38158a60f58dcf7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relatedSpdxElement": "SPDXRef-File-...DejaVuSansCondensed-Oblique.ttf-f868e0e9521cbfd9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libunistring-e1c9803b20913af1", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libunistring.so.2.1.0-24d9c2015a515f85", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libunistring-e1c9803b20913af1", + "relatedSpdxElement": "SPDXRef-File-...licenses-libunistring-COPYING.LIB-bf3b33b89a3fbb84", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libunistring-e1c9803b20913af1", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-libunistring-COPYING-d43cff324ed877ee", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-sed-e21cb9e7dda039e1", + "relatedSpdxElement": "SPDXRef-File-usr-bin-sed-7522e277c19c73d2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-sed-e21cb9e7dda039e1", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-sed-COPYING-9d448763622f504d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relatedSpdxElement": "SPDXRef-File-...man-man8-libnss-myhostname.so.2.8.gz-32ecdc00bc8f1320", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libnss-myhostname.so.2-37b798076510be9c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libnss-systemd.so.2-5109f754756ed3e7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libudev.so.1.7.5-6756fb3d8b92dd02", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relatedSpdxElement": "SPDXRef-File-...man-man8-libnss-resolve.so.2.8.gz-8913e02f37ae1f62", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libnss-resolve.so.2-a5e14019242958a4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relatedSpdxElement": "SPDXRef-File-...man-man8-libnss-systemd.so.2.8.gz-c941dd2fee8bc9dc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libsystemd.so.0.35.0-d9bf5c868eb88dae", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-systemd-LICENSE.LGPL2.1-f94fae61ddaf4f6c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-json-c-e2e600817bb6e830", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libjson-c.so.5.0.0-77c9b4d0917880dc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-json-c-e2e600817bb6e830", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-json-c-AUTHORS-867f228cd495980e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-json-c-e2e600817bb6e830", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-json-c-COPYING-8a3cb5a87d8b3cc3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relatedSpdxElement": "SPDXRef-File-...gcc-11-python-libstdcxx---init--.py-0fe68e1bb714f0e3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relatedSpdxElement": "SPDXRef-File-...usr-lib64-libstdc--.so.6.0.29-gdb.py-23259e543780ca49", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relatedSpdxElement": "SPDXRef-File-...--init--.cpython-39.opt-1.pyc-24b3a3f969bb4ffc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relatedSpdxElement": "SPDXRef-File-...gcc-11-python-libstdcxx-v6---init--.py-37aa0a1b0543f751", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relatedSpdxElement": "SPDXRef-File-...printers.cpython-39.opt-1.pyc-395fbd00f29f7d3c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libstdc--.so.6.0.29-6de1484d06c4f0ad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relatedSpdxElement": "SPDXRef-File-...--init--.cpython-39.opt-1.pyc-6f49fe62ba8d300d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relatedSpdxElement": "SPDXRef-File-...libstdc--.so.6.0.29-gdb.cpython-39.opt-1.pyc-7048897fa7034e19", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relatedSpdxElement": "SPDXRef-File-...gcc-11-python-libstdcxx-v6-xmethods.py-9a675f46f0e5bbd6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relatedSpdxElement": "SPDXRef-File-...gcc-11-python-libstdcxx-v6-printers.py-b17c36bfeff5fe18", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relatedSpdxElement": "SPDXRef-File-...xmethods.cpython-39.opt-1.pyc-f8f393ad0c1f8e18", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-npth-e8d4429184219587", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libnpth.so.0.1.2-cb56001146a5f57c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-npth-e8d4429184219587", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-npth-COPYING.LIB-ee2836613968619b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-curl-minimal-eb5d2c76ed21fa8e", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man1-curl.1.gz-3c8b941fb8090d67", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-curl-minimal-eb5d2c76ed21fa8e", + "relatedSpdxElement": "SPDXRef-File-usr-bin-curl-f8133b91a4a284c4", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libverto-ec9dd0ac24b8d8c2", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libverto.so.1.0.0-4a37b99f0e0affbc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libverto-ec9dd0ac24b8d8c2", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-libverto-COPYING-6bd46b35ec7e0e19", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-pcre-eed46dd832bd62c9", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpcre.so.1.2.12-61217bc8d6063ca5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-pcre-eed46dd832bd62c9", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-pcre-COPYING-86721dcc9a419b3e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-pcre-eed46dd832bd62c9", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-pcre-LICENCE-a0aff6935cc99500", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-pcre-eed46dd832bd62c9", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libpcreposix.so.0.0.7-ba67a519ab935fa6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libacl-efaae8c603855dcd", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libacl.so.1.1.2301-ee957d0fd6dceb6b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rootfiles-f180d99433c6c3a0", + "relatedSpdxElement": "SPDXRef-File-usr-share-rootfiles-.cshrc-1cf7480adb1b706a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rootfiles-f180d99433c6c3a0", + "relatedSpdxElement": "SPDXRef-File-root-.tcshrc-396b6bea574d6036", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rootfiles-f180d99433c6c3a0", + "relatedSpdxElement": "SPDXRef-File-usr-share-rootfiles-.bashrc-684ba92e32e6b8db", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rootfiles-f180d99433c6c3a0", + "relatedSpdxElement": "SPDXRef-File-root-.bash-logout-7cb64c7e18cde43e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rootfiles-f180d99433c6c3a0", + "relatedSpdxElement": "SPDXRef-File-usr-share-rootfiles-.bash-profile-88819ffead5dde14", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rootfiles-f180d99433c6c3a0", + "relatedSpdxElement": "SPDXRef-File-usr-lib-tmpfiles.d-rootfiles.conf-a3ec0861f75a8a31", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rootfiles-f180d99433c6c3a0", + "relatedSpdxElement": "SPDXRef-File-usr-share-rootfiles-.bash-logout-b70ce668c38e8866", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rootfiles-f180d99433c6c3a0", + "relatedSpdxElement": "SPDXRef-File-usr-share-rootfiles-.tcshrc-d81651ac3ba0104d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rootfiles-f180d99433c6c3a0", + "relatedSpdxElement": "SPDXRef-File-root-.cshrc-e190ef15bc4d4bad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rootfiles-f180d99433c6c3a0", + "relatedSpdxElement": "SPDXRef-File-root-.bash-profile-f2709836d058e8a6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rootfiles-f180d99433c6c3a0", + "relatedSpdxElement": "SPDXRef-File-root-.bashrc-f406f3d9e22dd9bc", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gpgme-f1b53ce035ee04b6", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgpgme.so.11.24.1-3c3cb91a078fde6e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gpgme-f1b53ce035ee04b6", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-gpgme-LICENSES-87ae451c23a5ef8a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gpgme-f1b53ce035ee04b6", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-gpgme-COPYING-c80a36e5dd926d46", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gpgme-f1b53ce035ee04b6", + "relatedSpdxElement": "SPDXRef-File-...share-licenses-gpgme-COPYING.LESSER-d615f7deb40d8890", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gpgme-f1b53ce035ee04b6", + "relatedSpdxElement": "SPDXRef-File-usr-bin-gpgme-json-e68c533bd3284ce0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-xz-libs-f3e667a0375f3959", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-xz-libs-COPYING-d1548084e38b4f04", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-xz-libs-f3e667a0375f3959", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-liblzma.so.5.2.5-d25c76d984b3aa3b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-openldap-ANNOUNCEMENT-06ddd2c5ab1466d1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libslapi.so.2.0.200-2a65f2229e73080a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-ldif.5.gz-331465f839b11ac2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-liblber.so.2.0.200-57cbd1b8c9f3214c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libldap-r.so.2.0.200-5ee50c5b622f51d8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libldap.so.2.0.200-9e9bb1f6d2ddc650", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-openldap-LICENSE-a3d4d44688c63b2c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-openldap-README-af87b9e7aabb7c0d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relatedSpdxElement": "SPDXRef-File-etc-openldap-ldap.conf-bf8b332a7275c03b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relatedSpdxElement": "SPDXRef-File-usr-share-man-man5-ldap.conf.5.gz-c9e25f63de34d365", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relatedSpdxElement": "SPDXRef-File-usr-share-doc-openldap-CHANGES-e3c8722270703b1f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-openldap-COPYRIGHT-f31ba919b023de20", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gdbm-libs-fcfdc07fd546a72e", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgdbm.so.6.0.0-62aab177572c81d2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gdbm-libs-fcfdc07fd546a72e", + "relatedSpdxElement": "SPDXRef-File-usr-lib64-libgdbm-compat.so.4.0.0-bea130dbfc935616", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gdbm-libs-fcfdc07fd546a72e", + "relatedSpdxElement": "SPDXRef-File-usr-share-licenses-gdbm-libs-COPYING-c85e4b9dfd628442", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libevent-0299e311fe243bca", + "relatedSpdxElement": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-fips-provider-so-039e508ce9d5da38", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-fips-provider-3f743355082e9e4b", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-Package-rpm-libblkid-09371eedc2b9d95d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-Package-rpm-filesystem-35298adfca223979", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-Package-rpm-p11-kit-trust-546bedf3e2fa6b85", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-Package-rpm-rootfiles-f180d99433c6c3a0", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-Package-rpm-librepo-32c854c70c4b9bc6", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-Package-rpm-librhsm-3bba3fa15b959901", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-Package-rpm-microdnf-9564ca1ffe7fce37", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-Package-rpm-libmodulemd-b47dd00953817b05", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libuuid-07c41562e2bee55f", + "relatedSpdxElement": "SPDXRef-Package-rpm-libblkid-09371eedc2b9d95d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libuuid-07c41562e2bee55f", + "relatedSpdxElement": "SPDXRef-Package-rpm-libmount-403e3b854fc89f1e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libffi-090027c7d7254e53", + "relatedSpdxElement": "SPDXRef-Package-rpm-p11-kit-39edf0f240a77402", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libffi-090027c7d7254e53", + "relatedSpdxElement": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libffi-090027c7d7254e53", + "relatedSpdxElement": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libffi-090027c7d7254e53", + "relatedSpdxElement": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libblkid-09371eedc2b9d95d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libmount-403e3b854fc89f1e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-lz4-libs-0fc14552c6652ab5", + "relatedSpdxElement": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-lz4-libs-0fc14552c6652ab5", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgpg-error-102fca6f01ef28cf", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgpg-error-102fca6f01ef28cf", + "relatedSpdxElement": "SPDXRef-Package-rpm-libassuan-a799ab1600e49872", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgpg-error-102fca6f01ef28cf", + "relatedSpdxElement": "SPDXRef-Package-rpm-libksba-b0dd457df676ceac", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgpg-error-102fca6f01ef28cf", + "relatedSpdxElement": "SPDXRef-Package-rpm-libgcrypt-bdcb3bee3b1ed812", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgpg-error-102fca6f01ef28cf", + "relatedSpdxElement": "SPDXRef-Package-rpm-gpgme-f1b53ce035ee04b6", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bzip2-libs-17802e5820eaaec1", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsemanage-1d43a3fb8f185afb", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bzip2-libs-17802e5820eaaec1", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bzip2-libs-17802e5820eaaec1", + "relatedSpdxElement": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bzip2-libs-17802e5820eaaec1", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsolv-79ba35edcc44da5f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bzip2-libs-17802e5820eaaec1", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relatedSpdxElement": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relatedSpdxElement": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsemanage-1d43a3fb8f185afb", + "relatedSpdxElement": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-alternatives-22d0e7bdd9bb8c1a", + "relatedSpdxElement": "SPDXRef-Package-rpm-p11-kit-trust-546bedf3e2fa6b85", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-fonts-filesystem-2635452dfff4321d", + "relatedSpdxElement": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsigsegv-2baa82c983b30582", + "relatedSpdxElement": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsigsegv-2baa82c983b30582", + "relatedSpdxElement": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-file-libs-2bd21e0156fe2aa0", + "relatedSpdxElement": "SPDXRef-Package-rpm-libmodulemd-b47dd00953817b05", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-basesystem-2cedbe7bd36d2161", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libattr-304e2047f10e5c4f", + "relatedSpdxElement": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libattr-304e2047f10e5c4f", + "relatedSpdxElement": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libattr-304e2047f10e5c4f", + "relatedSpdxElement": "SPDXRef-Package-rpm-libacl-efaae8c603855dcd", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-librepo-32c854c70c4b9bc6", + "relatedSpdxElement": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-json-glib-32dc8d9385f596a8", + "relatedSpdxElement": "SPDXRef-Package-rpm-librhsm-3bba3fa15b959901", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-filesystem-35298adfca223979", + "relatedSpdxElement": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-filesystem-35298adfca223979", + "relatedSpdxElement": "SPDXRef-Package-rpm-basesystem-2cedbe7bd36d2161", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-filesystem-35298adfca223979", + "relatedSpdxElement": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-audit-libs-394eda196ea9cc18", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsemanage-1d43a3fb8f185afb", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-audit-libs-394eda196ea9cc18", + "relatedSpdxElement": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-audit-libs-394eda196ea9cc18", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-39edf0f240a77402", + "relatedSpdxElement": "SPDXRef-Package-rpm-p11-kit-trust-546bedf3e2fa6b85", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-39edf0f240a77402", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-39edf0f240a77402", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "relatedSpdxElement": "SPDXRef-Package-rpm-file-libs-2bd21e0156fe2aa0", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "relatedSpdxElement": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsolv-79ba35edcc44da5f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "relatedSpdxElement": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "relatedSpdxElement": "SPDXRef-Package-rpm-sqlite-libs-87ad778255840d3f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "relatedSpdxElement": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "relatedSpdxElement": "SPDXRef-Package-rpm-libcurl-minimal-dbb58be7b5652cc7", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-librhsm-3bba3fa15b959901", + "relatedSpdxElement": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-fips-provider-3f743355082e9e4b", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libmount-403e3b854fc89f1e", + "relatedSpdxElement": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-keyutils-libs-4422e914738c17ef", + "relatedSpdxElement": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-Package-rpm-gpgme-f1b53ce035ee04b6", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libtasn1-4fbfd80d85bb460e", + "relatedSpdxElement": "SPDXRef-Package-rpm-p11-kit-39edf0f240a77402", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libtasn1-4fbfd80d85bb460e", + "relatedSpdxElement": "SPDXRef-Package-rpm-p11-kit-trust-546bedf3e2fa6b85", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libtasn1-4fbfd80d85bb460e", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libreport-filesystem-53232b1db4311718", + "relatedSpdxElement": "SPDXRef-Package-rpm-dnf-data-9fcab3ada3c25f5e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-trust-546bedf3e2fa6b85", + "relatedSpdxElement": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-trust-546bedf3e2fa6b85", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gmp-5530ff7e4715e8b5", + "relatedSpdxElement": "SPDXRef-Package-rpm-mpfr-9606bf2c1d407bed", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gmp-5530ff7e4715e8b5", + "relatedSpdxElement": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relatedSpdxElement": "SPDXRef-Package-rpm-microdnf-9564ca1ffe7fce37", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-Package-rpm-basesystem-2cedbe7bd36d2161", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-Package-rpm-filesystem-35298adfca223979", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libidn2-6a3c1818891dac67", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsmartcols-7069d90382d7c593", + "relatedSpdxElement": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsmartcols-7069d90382d7c593", + "relatedSpdxElement": "SPDXRef-Package-rpm-microdnf-9564ca1ffe7fce37", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxcrypt-726407ce9205c669", + "relatedSpdxElement": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxcrypt-726407ce9205c669", + "relatedSpdxElement": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxcrypt-726407ce9205c669", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-pcre2-syntax-79b3a388130aa9b9", + "relatedSpdxElement": "SPDXRef-Package-rpm-pcre2-d52857c4436af57f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsolv-79ba35edcc44da5f", + "relatedSpdxElement": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relatedSpdxElement": "SPDXRef-Package-rpm-librepo-32c854c70c4b9bc6", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relatedSpdxElement": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsolv-79ba35edcc44da5f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relatedSpdxElement": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsolv-79ba35edcc44da5f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relatedSpdxElement": "SPDXRef-Package-rpm-microdnf-9564ca1ffe7fce37", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relatedSpdxElement": "SPDXRef-Package-rpm-libmodulemd-b47dd00953817b05", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-popt-81dc18ef79d2b2cb", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-popt-81dc18ef79d2b2cb", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-readline-86bb1c48d046cf90", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-readline-86bb1c48d046cf90", + "relatedSpdxElement": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-sqlite-libs-87ad778255840d3f", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-sqlite-libs-87ad778255840d3f", + "relatedSpdxElement": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-sqlite-libs-87ad778255840d3f", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libzstd-88eb82cde1f0760c", + "relatedSpdxElement": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libzstd-88eb82cde1f0760c", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsolv-79ba35edcc44da5f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libzstd-88eb82cde1f0760c", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libzstd-88eb82cde1f0760c", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-fips-provider-so-039e508ce9d5da38", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-Package-rpm-libblkid-09371eedc2b9d95d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libnghttp2-8f40faa2a3bf3018", + "relatedSpdxElement": "SPDXRef-Package-rpm-libcurl-minimal-dbb58be7b5652cc7", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libtool-ltdl-923f2a036f9ecf65", + "relatedSpdxElement": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-mpfr-9606bf2c1d407bed", + "relatedSpdxElement": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-Package-rpm-libevent-0299e311fe243bca", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-Package-rpm-librepo-32c854c70c4b9bc6", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-Package-rpm-librhsm-3bba3fa15b959901", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsolv-79ba35edcc44da5f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-Package-rpm-libcurl-minimal-dbb58be7b5652cc7", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relatedSpdxElement": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relatedSpdxElement": "SPDXRef-Package-rpm-readline-86bb1c48d046cf90", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dnf-data-9fcab3ada3c25f5e", + "relatedSpdxElement": "SPDXRef-Package-rpm-microdnf-9564ca1ffe7fce37", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-ng-a3aa75d8273e1cac", + "relatedSpdxElement": "SPDXRef-Package-rpm-audit-libs-394eda196ea9cc18", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libyaml-a495c2a7de1ac993", + "relatedSpdxElement": "SPDXRef-Package-rpm-libmodulemd-b47dd00953817b05", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relatedSpdxElement": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libassuan-a799ab1600e49872", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libassuan-a799ab1600e49872", + "relatedSpdxElement": "SPDXRef-Package-rpm-gpgme-f1b53ce035ee04b6", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-Package-rpm-libpeas-bd201f1503e17989", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libksba-b0dd457df676ceac", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libevent-0299e311fe243bca", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-fips-provider-so-039e508ce9d5da38", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libuuid-07c41562e2bee55f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libffi-090027c7d7254e53", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libblkid-09371eedc2b9d95d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-lz4-libs-0fc14552c6652ab5", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libgpg-error-102fca6f01ef28cf", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-bzip2-libs-17802e5820eaaec1", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsemanage-1d43a3fb8f185afb", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-alternatives-22d0e7bdd9bb8c1a", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsigsegv-2baa82c983b30582", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-file-libs-2bd21e0156fe2aa0", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libusbx-2f1e24780cfea663", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libattr-304e2047f10e5c4f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-librepo-32c854c70c4b9bc6", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-json-glib-32dc8d9385f596a8", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-audit-libs-394eda196ea9cc18", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-p11-kit-39edf0f240a77402", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-librhsm-3bba3fa15b959901", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libmount-403e3b854fc89f1e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-keyutils-libs-4422e914738c17ef", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libtasn1-4fbfd80d85bb460e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-p11-kit-trust-546bedf3e2fa6b85", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-gmp-5530ff7e4715e8b5", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libidn2-6a3c1818891dac67", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsmartcols-7069d90382d7c593", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libxcrypt-726407ce9205c669", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsolv-79ba35edcc44da5f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-popt-81dc18ef79d2b2cb", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-readline-86bb1c48d046cf90", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-sqlite-libs-87ad778255840d3f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libzstd-88eb82cde1f0760c", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libnghttp2-8f40faa2a3bf3018", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libtool-ltdl-923f2a036f9ecf65", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-microdnf-9564ca1ffe7fce37", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-mpfr-9606bf2c1d407bed", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libcap-ng-a3aa75d8273e1cac", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libyaml-a495c2a7de1ac993", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libassuan-a799ab1600e49872", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libksba-b0dd457df676ceac", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libmodulemd-b47dd00953817b05", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-minimal-langpack-b75c9ce4cb4a4d36", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-lua-libs-b9930935983f5330", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libpeas-bd201f1503e17989", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libgcrypt-bdcb3bee3b1ed812", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsepol-cecb06c03b371de6", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libcom-err-cf7d0f71948121ea", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-pcre2-d52857c4436af57f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-nettle-d95be7a40dea16b9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libcurl-minimal-dbb58be7b5652cc7", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libunistring-e1c9803b20913af1", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-sed-e21cb9e7dda039e1", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-json-c-e2e600817bb6e830", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-npth-e8d4429184219587", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-curl-minimal-eb5d2c76ed21fa8e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libverto-ec9dd0ac24b8d8c2", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-pcre-eed46dd832bd62c9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libacl-efaae8c603855dcd", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-gpgme-f1b53ce035ee04b6", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-xz-libs-f3e667a0375f3959", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-Package-rpm-gdbm-libs-fcfdc07fd546a72e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libmodulemd-b47dd00953817b05", + "relatedSpdxElement": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-minimal-langpack-b75c9ce4cb4a4d36", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-Package-rpm-libcurl-minimal-dbb58be7b5652cc7", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-lua-libs-b9930935983f5330", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-Package-rpm-librepo-32c854c70c4b9bc6", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-Package-rpm-json-glib-32dc8d9385f596a8", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-Package-rpm-librhsm-3bba3fa15b959901", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-Package-rpm-microdnf-9564ca1ffe7fce37", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libmodulemd-b47dd00953817b05", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-Package-rpm-libpeas-bd201f1503e17989", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libpeas-bd201f1503e17989", + "relatedSpdxElement": "SPDXRef-Package-rpm-microdnf-9564ca1ffe7fce37", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcrypt-bdcb3bee3b1ed812", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcrypt-bdcb3bee3b1ed812", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsemanage-1d43a3fb8f185afb", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relatedSpdxElement": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relatedSpdxElement": "SPDXRef-Package-rpm-librepo-32c854c70c4b9bc6", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relatedSpdxElement": "SPDXRef-Package-rpm-libmount-403e3b854fc89f1e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relatedSpdxElement": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relatedSpdxElement": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relatedSpdxElement": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relatedSpdxElement": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relatedSpdxElement": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relatedSpdxElement": "SPDXRef-Package-rpm-sed-e21cb9e7dda039e1", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsepol-cecb06c03b371de6", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsemanage-1d43a3fb8f185afb", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsepol-cecb06c03b371de6", + "relatedSpdxElement": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcom-err-cf7d0f71948121ea", + "relatedSpdxElement": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcom-err-cf7d0f71948121ea", + "relatedSpdxElement": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcom-err-cf7d0f71948121ea", + "relatedSpdxElement": "SPDXRef-Package-rpm-libcurl-minimal-dbb58be7b5652cc7", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-pcre2-d52857c4436af57f", + "relatedSpdxElement": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-langpacks-core-font-en-d73e936743b685e7", + "relatedSpdxElement": "SPDXRef-Package-rpm-langpacks-core-en-df5d3ce64e6dc98c", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-nettle-d95be7a40dea16b9", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-minimal-langpack-b75c9ce4cb4a4d36", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcurl-minimal-dbb58be7b5652cc7", + "relatedSpdxElement": "SPDXRef-Package-rpm-librepo-32c854c70c4b9bc6", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcurl-minimal-dbb58be7b5652cc7", + "relatedSpdxElement": "SPDXRef-Package-rpm-curl-minimal-eb5d2c76ed21fa8e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-langpacks-core-en-df5d3ce64e6dc98c", + "relatedSpdxElement": "SPDXRef-Package-rpm-langpacks-en-27488b456777ffc1", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relatedSpdxElement": "SPDXRef-Package-rpm-langpacks-core-font-en-d73e936743b685e7", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libunistring-e1c9803b20913af1", + "relatedSpdxElement": "SPDXRef-Package-rpm-libidn2-6a3c1818891dac67", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libunistring-e1c9803b20913af1", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-sed-e21cb9e7dda039e1", + "relatedSpdxElement": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-sed-e21cb9e7dda039e1", + "relatedSpdxElement": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-sed-e21cb9e7dda039e1", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relatedSpdxElement": "SPDXRef-Package-rpm-libusbx-2f1e24780cfea663", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-json-c-e2e600817bb6e830", + "relatedSpdxElement": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relatedSpdxElement": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-npth-e8d4429184219587", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-curl-minimal-eb5d2c76ed21fa8e", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libverto-ec9dd0ac24b8d8c2", + "relatedSpdxElement": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-pcre-eed46dd832bd62c9", + "relatedSpdxElement": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-pcre-eed46dd832bd62c9", + "relatedSpdxElement": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libacl-efaae8c603855dcd", + "relatedSpdxElement": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libacl-efaae8c603855dcd", + "relatedSpdxElement": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libacl-efaae8c603855dcd", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libacl-efaae8c603855dcd", + "relatedSpdxElement": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libacl-efaae8c603855dcd", + "relatedSpdxElement": "SPDXRef-Package-rpm-sed-e21cb9e7dda039e1", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gpgme-f1b53ce035ee04b6", + "relatedSpdxElement": "SPDXRef-Package-rpm-librepo-32c854c70c4b9bc6", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gpgme-f1b53ce035ee04b6", + "relatedSpdxElement": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-xz-libs-f3e667a0375f3959", + "relatedSpdxElement": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-xz-libs-f3e667a0375f3959", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsolv-79ba35edcc44da5f", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-xz-libs-f3e667a0375f3959", + "relatedSpdxElement": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-xz-libs-f3e667a0375f3959", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-xz-libs-f3e667a0375f3959", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gdbm-libs-fcfdc07fd546a72e", + "relatedSpdxElement": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relationshipType": "DEPENDENCY_OF" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libevent-0299e311fe243bca", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-fips-provider-so-039e508ce9d5da38", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gpg-pubkey-07413682000f3d88", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libuuid-07c41562e2bee55f", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libffi-090027c7d7254e53", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libblkid-09371eedc2b9d95d", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-lz4-libs-0fc14552c6652ab5", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgpg-error-102fca6f01ef28cf", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-bzip2-libs-17802e5820eaaec1", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsemanage-1d43a3fb8f185afb", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-alternatives-22d0e7bdd9bb8c1a", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-fonts-filesystem-2635452dfff4321d", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-langpacks-en-27488b456777ffc1", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsigsegv-2baa82c983b30582", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-file-libs-2bd21e0156fe2aa0", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-basesystem-2cedbe7bd36d2161", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libusbx-2f1e24780cfea663", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libattr-304e2047f10e5c4f", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-librepo-32c854c70c4b9bc6", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-json-glib-32dc8d9385f596a8", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-filesystem-35298adfca223979", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-audit-libs-394eda196ea9cc18", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-39edf0f240a77402", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-librhsm-3bba3fa15b959901", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-fips-provider-3f743355082e9e4b", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libmount-403e3b854fc89f1e", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-keyutils-libs-4422e914738c17ef", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libtasn1-4fbfd80d85bb460e", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libreport-filesystem-53232b1db4311718", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-p11-kit-trust-546bedf3e2fa6b85", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gmp-5530ff7e4715e8b5", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libidn2-6a3c1818891dac67", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsmartcols-7069d90382d7c593", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxcrypt-726407ce9205c669", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-pcre2-syntax-79b3a388130aa9b9", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsolv-79ba35edcc44da5f", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-popt-81dc18ef79d2b2cb", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-readline-86bb1c48d046cf90", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-sqlite-libs-87ad778255840d3f", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libzstd-88eb82cde1f0760c", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libnghttp2-8f40faa2a3bf3018", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libtool-ltdl-923f2a036f9ecf65", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-microdnf-9564ca1ffe7fce37", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-mpfr-9606bf2c1d407bed", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dnf-data-9fcab3ada3c25f5e", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gpg-pubkey-a243d3460507af96", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-ng-a3aa75d8273e1cac", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libyaml-a495c2a7de1ac993", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libassuan-a799ab1600e49872", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-binary-fluent-bit-af1ef2b90efeccfe", + "relatedSpdxElement": "SPDXRef-File-fluent-bit-bin-fluent-bit-886a39eba3384970", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libksba-b0dd457df676ceac", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libmodulemd-b47dd00953817b05", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-minimal-langpack-b75c9ce4cb4a4d36", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-lua-libs-b9930935983f5330", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libpeas-bd201f1503e17989", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libgcrypt-bdcb3bee3b1ed812", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libsepol-cecb06c03b371de6", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcom-err-cf7d0f71948121ea", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-pcre2-d52857c4436af57f", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-langpacks-core-font-en-d73e936743b685e7", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-nettle-d95be7a40dea16b9", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libcurl-minimal-dbb58be7b5652cc7", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-langpacks-core-en-df5d3ce64e6dc98c", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libunistring-e1c9803b20913af1", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-sed-e21cb9e7dda039e1", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-json-c-e2e600817bb6e830", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-npth-e8d4429184219587", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-curl-minimal-eb5d2c76ed21fa8e", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libverto-ec9dd0ac24b8d8c2", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-pcre-eed46dd832bd62c9", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-libacl-efaae8c603855dcd", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-rootfiles-f180d99433c6c3a0", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gpgme-f1b53ce035ee04b6", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-xz-libs-f3e667a0375f3959", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-Package-rpm-gdbm-libs-fcfdc07fd546a72e", + "relatedSpdxElement": "SPDXRef-File-var-lib-rpm-rpmdb.sqlite-084238eeedbaeb04", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-alternatives-22d0e7bdd9bb8c1a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-audit-libs-394eda196ea9cc18", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-basesystem-2cedbe7bd36d2161", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-bash-0515b52ebbb5144c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-bzip2-libs-17802e5820eaaec1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-ca-certificates-6be629e4a12f87af", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-coreutils-single-8ef168befafd7b27", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-crypto-policies-db4134870a686c23", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-curl-minimal-eb5d2c76ed21fa8e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-cyrus-sasl-lib-bace04fe1571465a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-dnf-data-9fcab3ada3c25f5e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-file-libs-2bd21e0156fe2aa0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-filesystem-35298adfca223979", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-findutils-23c842a484ebcfd5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-binary-fluent-bit-af1ef2b90efeccfe", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-fonts-filesystem-2635452dfff4321d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-gdbm-libs-fcfdc07fd546a72e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-glib2-bcbac17c560ff49d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-b22efca5f0bac92d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-common-daddd35181720871", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-langpack-en-5adaf9930b0243ad", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-glibc-minimal-langpack-b75c9ce4cb4a4d36", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-gmp-5530ff7e4715e8b5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnupg2-4796aaf427df0782", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-gnutls-a65fe92a04ecf6ce", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-gpg-pubkey-07413682000f3d88", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-gpg-pubkey-a243d3460507af96", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-gpgme-f1b53ce035ee04b6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-grep-196df9cad96e380f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-json-c-e2e600817bb6e830", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-json-glib-32dc8d9385f596a8", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-keyutils-libs-4422e914738c17ef", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-krb5-libs-b888bcdc2051543e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-langpacks-core-en-df5d3ce64e6dc98c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-langpacks-core-font-en-d73e936743b685e7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-langpacks-en-27488b456777ffc1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libacl-efaae8c603855dcd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libarchive-5fe8b53173092253", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libassuan-a799ab1600e49872", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libattr-304e2047f10e5c4f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libblkid-09371eedc2b9d95d", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libcap-b3389bc8d420d9cb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libcap-ng-a3aa75d8273e1cac", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libcom-err-cf7d0f71948121ea", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libcurl-minimal-dbb58be7b5652cc7", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libdnf-5cff8fae12ce3677", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libevent-0299e311fe243bca", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libffi-090027c7d7254e53", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libgcc-06e2c48d975ea1da", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libgcrypt-bdcb3bee3b1ed812", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libgpg-error-102fca6f01ef28cf", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libidn2-6a3c1818891dac67", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libksba-b0dd457df676ceac", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libmodulemd-b47dd00953817b05", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libmount-403e3b854fc89f1e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libnghttp2-8f40faa2a3bf3018", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libpeas-bd201f1503e17989", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-librepo-32c854c70c4b9bc6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libreport-filesystem-53232b1db4311718", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-librhsm-3bba3fa15b959901", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libselinux-ccc2461d41d72dde", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsemanage-1d43a3fb8f185afb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsepol-cecb06c03b371de6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsigsegv-2baa82c983b30582", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsmartcols-7069d90382d7c593", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libsolv-79ba35edcc44da5f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libstdc---e66b7275c6659e9c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libtasn1-4fbfd80d85bb460e", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libtool-ltdl-923f2a036f9ecf65", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libunistring-e1c9803b20913af1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libusbx-2f1e24780cfea663", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libuuid-07c41562e2bee55f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libverto-ec9dd0ac24b8d8c2", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libxcrypt-726407ce9205c669", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libxml2-79cdbcbd3d61afd9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libyaml-a495c2a7de1ac993", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-libzstd-88eb82cde1f0760c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-lua-libs-b9930935983f5330", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-lz4-libs-0fc14552c6652ab5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-microdnf-9564ca1ffe7fce37", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-mpfr-9606bf2c1d407bed", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-ncurses-base-0215995764e9f654", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-ncurses-libs-9dc1b34cdde2c695", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-nettle-d95be7a40dea16b9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-npth-e8d4429184219587", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-openldap-f8bdc202e20abd5b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-25e16a00909d33d5", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-fips-provider-3f743355082e9e4b", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-fips-provider-so-039e508ce9d5da38", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-openssl-libs-9620df42e45abf0c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-p11-kit-39edf0f240a77402", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-p11-kit-trust-546bedf3e2fa6b85", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-pcre-eed46dd832bd62c9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-pcre2-d52857c4436af57f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-pcre2-syntax-79b3a388130aa9b9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-popt-81dc18ef79d2b2cb", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-readline-86bb1c48d046cf90", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-redhat-release-734e3b82978b46ed", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-rootfiles-f180d99433c6c3a0", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-6fc4f99cb27a629a", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-rpm-libs-81412860457969fe", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-sed-e21cb9e7dda039e1", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-setup-5e411c4e4f6d3d56", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-shadow-utils-4e01ddd4ea86a505", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-sqlite-libs-87ad778255840d3f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-systemd-libs-e28c009b2c72d8a9", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-tzdata-a08e57c8715e4d05", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-xz-libs-f3e667a0375f3959", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relatedSpdxElement": "SPDXRef-Package-rpm-zlib-3b95a370d9cbeb72", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-DocumentRoot-Image-ghcr.io-fluentdo-agent", + "relationshipType": "DESCRIBES" + } + ] +} diff --git a/docs/security/agent/syft-25.10.10.json b/docs/security/agent/syft-25.10.10.json new file mode 100644 index 0000000..1426d16 --- /dev/null +++ b/docs/security/agent/syft-25.10.10.json @@ -0,0 +1,174919 @@ +{ + "artifacts": [ + { + "id": "22d0e7bdd9bb8c1a", + "name": "alternatives", + "version": "1.24-2.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPL-2.0-only", + "spdxExpression": "GPL-2.0-only", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:alternatives:alternatives:1.24-2.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:alternatives:1.24-2.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/alternatives@1.24-2.el9?arch=x86_64&distro=rhel-9.7&upstream=chkconfig-1.24-2.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "alternatives", + "version": "1.24", + "epoch": null, + "architecture": "x86_64", + "release": "2.el9", + "sourceRpm": "chkconfig-1.24-2.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Apr 15 02:25:50 2032", + "issuer": "431d5172880ffe39" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Sep 23 05:03:23 1940", + "issuer": "431d516f391000a0" + } + ], + "size": 63489, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "alternatives", + "alternatives(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/etc/alternatives", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b7", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b7/7880017b819850115e7de5199840529277c4ce", + "mode": 41471, + "size": 33, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/sbin/alternatives", + "mode": 33261, + "size": 40544, + "digest": { + "algorithm": "sha256", + "value": "b432a2af811781d961fac005249930fea6c7510687ec377414166eeed06f8c9f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/update-alternatives", + "mode": 41471, + "size": 12, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/alternatives", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/alternatives/COPYING", + "mode": 33188, + "size": 18092, + "digest": { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man8/alternatives.8.gz", + "mode": 33188, + "size": 4791, + "digest": { + "algorithm": "sha256", + "value": "486f5011e513cfe9f2aa0fc837f38927c8c2af7b1a54e0d919d43645e552d829" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/update-alternatives.8.gz", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/var/lib/alternatives", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + } + ] + } + }, + { + "id": "394eda196ea9cc18", + "name": "audit-libs", + "version": "3.1.5-7.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:audit-libs:audit-libs:3.1.5-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:audit-libs:audit_libs:3.1.5-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:audit_libs:audit-libs:3.1.5-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:audit_libs:audit_libs:3.1.5-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:audit-libs:3.1.5-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:audit_libs:3.1.5-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:audit:audit-libs:3.1.5-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:audit:audit_libs:3.1.5-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/audit-libs@3.1.5-7.el9?arch=x86_64&distro=rhel-9.7&upstream=audit-3.1.5-7.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "audit-libs", + "version": "3.1.5", + "epoch": null, + "architecture": "x86_64", + "release": "7.el9", + "sourceRpm": "audit-3.1.5-7.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Aug 9 21:02:00 1991", + "issuer": "431d515a38100084" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Dec 5 23:16:32 1914", + "issuer": "431d51c9eb0ffd11" + } + ], + "size": 334617, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "audit-libs", + "audit-libs(x86-64)", + "config(audit-libs)", + "libaudit.so.1()(64bit)", + "libauparse.so.0()(64bit)" + ], + "requires": [ + "config(audit-libs)", + "libaudit.so.1()(64bit)", + "libauparse.so.0()(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libcap-ng.so.0()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/etc/libaudit.conf", + "mode": 33184, + "size": 191, + "digest": { + "algorithm": "sha256", + "value": "d48318c90620fde96cb6a8e6eb1eb64663b21200f9d1d053f9e3b4fce24a2543" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a0/6b3a7a41ae8ad1cab2a0efc4d57e353867c8c7", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b7", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b7/dcd81d91b3dea92cc7e24042f97ecdc4b6ef6c", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libaudit.so.1", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libaudit.so.1.0.0", + "mode": 33261, + "size": 161792, + "digest": { + "algorithm": "sha256", + "value": "fb35b66ad1159789ac4cca877af8866c4134763506773135d392009bcb598bb4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libauparse.so", + "mode": 41471, + "size": 19, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libauparse.so.0", + "mode": 41471, + "size": 19, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libauparse.so.0.0.0", + "mode": 33261, + "size": 145416, + "digest": { + "algorithm": "sha256", + "value": "1e642599409fbfa95199c90cc97fcade6e65d3dd5ee81bf8c39cae4ebab93f3e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/audit-libs", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/audit-libs/lgpl-2.1.txt", + "mode": 33188, + "size": 26530, + "digest": { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man5/libaudit.conf.5.gz", + "mode": 33188, + "size": 553, + "digest": { + "algorithm": "sha256", + "value": "b45065b6598339d91e74ded8b66e39b0452d379b26935948b3c8faa085817b23" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "2cedbe7bd36d2161", + "name": "basesystem", + "version": "11-13.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Public Domain", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:basesystem:basesystem:11-13.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:basesystem:11-13.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/basesystem@11-13.el9?arch=noarch&distro=rhel-9.7&upstream=basesystem-11-13.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "basesystem", + "version": "11", + "epoch": null, + "architecture": "noarch", + "release": "13.el9", + "sourceRpm": "basesystem-11-13.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 10:50:43 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 10:50:43 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 0, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "basesystem" + ], + "requires": [ + "filesystem", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "setup" + ], + "files": [] + } + }, + { + "id": "0515b52ebbb5144c", + "name": "bash", + "version": "5.1.8-9.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv3+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:bash:bash:5.1.8-9.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.7&upstream=bash-5.1.8-9.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "bash", + "version": "5.1.8", + "epoch": null, + "architecture": "x86_64", + "release": "9.el9", + "sourceRpm": "bash-5.1.8-9.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Dec 2 19:35:40 1974", + "issuer": "431d5116970ffb05" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Mar 5 06:40:53 1995", + "issuer": "431d513f2b0ffc0a" + } + ], + "size": 7738778, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "/bin/bash", + "/bin/sh", + "bash", + "bash(x86-64)", + "config(bash)" + ], + "requires": [ + "/usr/bin/sh", + "config(bash)", + "filesystem", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.11)(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.25)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libtinfo.so.6()(64bit)", + "rpmlib(BuiltinLuaScripts)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/etc/skel/.bash_logout", + "mode": 33188, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "2584c4ba8b0d2a52d94023f420b7e356a1b1a3f2291ad5eba06683d58c48570d" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/skel/.bash_profile", + "mode": 33188, + "size": 141, + "digest": { + "algorithm": "sha256", + "value": "28bc81aadfd6e6639675760dc11dddd4ed1fcbd08f423224a93c09802552b87e" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/skel/.bashrc", + "mode": 33188, + "size": 492, + "digest": { + "algorithm": "sha256", + "value": "b152cd21940a5775052414906ab7473a62b69da2300bbf541ce8e10f00c487d5" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/usr/bin/alias", + "mode": 33261, + "size": 33, + "digest": { + "algorithm": "sha256", + "value": "c277897660adddce26a75871188bdae7ffa73f571a6fb779090a4c92df33988d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/bash", + "mode": 33261, + "size": 1389072, + "digest": { + "algorithm": "sha256", + "value": "97995faa249e5706dd0b0373c9da547709bf7349755d5fc8e52f97a4bd04feaf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/bashbug", + "mode": 41471, + "size": 10, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/bashbug-64", + "mode": 33261, + "size": 7079, + "digest": { + "algorithm": "sha256", + "value": "5588678b4cf9d513e85c908fad23ed079135656be7b79559570b23f4c3433022" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/bg", + "mode": 33261, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "5a864f2047a83aa767ac1a3fca577e5f3a8eb4d129b4b1974fb2009960a9a0be" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/cd", + "mode": 33261, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "3f794988bc9b6e734d06c6507b4335054d01760a741b60104a49543cf7a964ed" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/command", + "mode": 33261, + "size": 35, + "digest": { + "algorithm": "sha256", + "value": "aafc06c6657ccf32c0af350777aa38537ff90685345dc19078afaa26bbe4412a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/fc", + "mode": 33261, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "86495d1781eeec50764ce4e629f316087c2b53054b999308f40580633601b270" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/fg", + "mode": 33261, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "0af28b724b8b1850fa6b4f232cf51229b2efed0333ebfb51d940798e28e0d625" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/getopts", + "mode": 33261, + "size": 35, + "digest": { + "algorithm": "sha256", + "value": "7f1a970be00f749e2c9a820592e8109ddb7efc76cd8f8f47b748a16feab8cabb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/hash", + "mode": 33261, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "a5c3efd29eb134da49b68b78155c0338ab614eec99094bd07cdda7e99e53ddca" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/jobs", + "mode": 33261, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "1e4046021f3ae7abb820a995c8572cda3f3b4a4d14cb50e3bcb0f50f391a5bd2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/read", + "mode": 33261, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "f0f717be7c907acc0c1c4b489d619663076e5f08ed56257d647d192d492a147b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/sh", + "mode": 41471, + "size": 4, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/type", + "mode": 33261, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "36d5d35fee92010a0869fa9229d201b54f795217557105409e381f471a8038cd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/ulimit", + "mode": 33261, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "d66bfb63a8afcea2c6d17561f27f8d3ddb49062f221c9b18d64e7c846c34ff94" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/umask", + "mode": 33261, + "size": 33, + "digest": { + "algorithm": "sha256", + "value": "975d986bf2124069a5781239ba169c894f3c0c152e3262cbddd64fff74e88171" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/unalias", + "mode": 33261, + "size": 35, + "digest": { + "algorithm": "sha256", + "value": "9631a027d22e68cb01c9753dc6cd44b9b210007cb0c1162cab12a715a2bcef60" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/wait", + "mode": 33261, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "238e0bce60ea5baff73d00fe4bb580335c5fb2c50fc3d9527f80fa57f5648550" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/42", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/42/cf5733b0cde9cc1e03a785e0b32b4b1caa147f", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/share/licenses/bash", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/bash/COPYING", + "mode": 33188, + "size": 35147, + "digest": { + "algorithm": "sha256", + "value": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "17802e5820eaaec1", + "name": "bzip2-libs", + "version": "1.0.8-10.el9_5", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:bzip2-libs:bzip2-libs:1.0.8-10.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:bzip2-libs:bzip2_libs:1.0.8-10.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:bzip2_libs:bzip2-libs:1.0.8-10.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:bzip2_libs:bzip2_libs:1.0.8-10.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:bzip2-libs:1.0.8-10.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:bzip2_libs:1.0.8-10.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:bzip2:bzip2-libs:1.0.8-10.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:bzip2:bzip2_libs:1.0.8-10.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/bzip2-libs@1.0.8-10.el9_5?arch=x86_64&distro=rhel-9.7&upstream=bzip2-1.0.8-10.el9_5.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "bzip2-libs", + "version": "1.0.8", + "epoch": null, + "architecture": "x86_64", + "release": "10.el9_5", + "sourceRpm": "bzip2-1.0.8-10.el9_5.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Aug 2 20:43:19 1945", + "issuer": "431d51b58b0ffe3b" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Apr 23 18:47:51 1953", + "issuer": "431d5130e50fff5b" + } + ], + "size": 78228, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "bzip2-libs", + "bzip2-libs(x86-64)", + "libbz2.so.1()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/bc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/bc/995af1c7722691ca92b24ea8a48d74609fbe74", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libbz2.so.1", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libbz2.so.1.0.8", + "mode": 33261, + "size": 76280, + "digest": { + "algorithm": "sha256", + "value": "0be7c010debc1bc5b53f59449ee204e5f927978439e6bd5df256cd36c288272d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/bzip2-libs", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/bzip2-libs/LICENSE", + "mode": 33188, + "size": 1896, + "digest": { + "algorithm": "sha256", + "value": "c6dbbf828498be844a89eaa3b84adbab3199e342eb5cb2ed2f0d4ba7ec0f38a3" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "6be629e4a12f87af", + "name": "ca-certificates", + "version": "2025.2.80_v9.0.305-91.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT AND GPL-2.0-or-later", + "spdxExpression": "MIT AND GPL-2.0-or-later", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:ca-certificates:ca-certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ca-certificates:ca_certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ca_certificates:ca-certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ca_certificates:ca_certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:ca-certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:ca_certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ca:ca-certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ca:ca_certificates:2025.2.80_v9.0.305-91.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/ca-certificates@2025.2.80_v9.0.305-91.el9?arch=noarch&distro=rhel-9.7&upstream=ca-certificates-2025.2.80_v9.0.305-91.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "ca-certificates", + "version": "2025.2.80_v9.0.305", + "epoch": null, + "architecture": "noarch", + "release": "91.el9", + "sourceRpm": "ca-certificates-2025.2.80_v9.0.305-91.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Mar 23 09:11:00 1907", + "issuer": "431d5135330fff53" + } + ], + "size": 2791711, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "ca-certificates", + "config(ca-certificates)" + ], + "requires": [ + "/bin/sh", + "/bin/sh", + "/bin/sh", + "/usr/bin/sh", + "bash", + "bash", + "config(ca-certificates)", + "coreutils", + "findutils", + "grep", + "grep", + "libffi", + "libffi", + "p11-kit-trust", + "p11-kit-trust", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "sed", + "sed" + ], + "files": [ + { + "path": "/etc/pki/ca-trust", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/README", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "6c7b9287c41c171c64b358fc7331b8a9ae969fc2d00d997d88bcbf4da0de598a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/ca-legacy.conf", + "mode": 33188, + "size": 980, + "digest": { + "algorithm": "sha256", + "value": "400b96da374503fa6b6350a867347082d0c90e05ba4d02cc6b51b11229199c4d" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/pki/ca-trust/extracted", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/extracted/README", + "mode": 33188, + "size": 560, + "digest": { + "algorithm": "sha256", + "value": "146ff96c60a8ee32bbcf2da59d624d6ecfbab7ef7442529d46d8d63064d8ca58" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/extracted/edk2/README", + "mode": 33188, + "size": 566, + "digest": { + "algorithm": "sha256", + "value": "757c28eddb0634b74e6482d16324193be27eee41864c1f96c447020dae14b44f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/extracted/edk2/cacerts.bin", + "mode": 33060, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/java", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/extracted/java/README", + "mode": 33188, + "size": 726, + "digest": { + "algorithm": "sha256", + "value": "7bb8781320fb3ff84e76c7e7e4a9c3813879c4f1943710a3b0140b31efacfd32" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/extracted/java/cacerts", + "mode": 33060, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/openssl", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/extracted/openssl/README", + "mode": 33188, + "size": 787, + "digest": { + "algorithm": "sha256", + "value": "6c812d1ec8ce5bde2216cc42be33021d6345fbea05c14f50c52191a38c175ea9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt", + "mode": 33060, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/README", + "mode": 33188, + "size": 898, + "digest": { + "algorithm": "sha256", + "value": "27362e773c8b6bb065a455a66badb05e2652720bab8ade9ab91f0404cf827dab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/002c0b4f.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/01419da9.0", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/0179095f.0", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/02265526.0", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/04f60c28.0", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/062cdee6.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/064e0aa9.0", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/068570d1.0", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/06dc52d5.0", + "mode": 41471, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/073bfcc5.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/09789157.0", + "mode": 41471, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/0a775a30.0", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/0b1b94ef.0", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/0b9bc432.0", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/0bf05006.0", + "mode": 41471, + "size": 44, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/0d69c7e1.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/0f5dc4f3.0", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/0f6fa695.0", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/1001acf7.0", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/10531352.0", + "mode": 41471, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/106f3e4d.0", + "mode": 41471, + "size": 46, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/128f4b91.0", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/14bc7599.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/1ae85e5e.0", + "mode": 41471, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/1b0f7e5c.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/1cef98f5.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/1d3472b9.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/1df5a75f.0", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/1e08bfd1.0", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/1e09d511.0", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/1e1eab7c.0", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/1e44ef15.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/1e8e7201.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/1ec40989.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/1f58a078.0", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/228f89db.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/244b5494.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/252252d2.0", + "mode": 41471, + "size": 33, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/2923b3f9.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/2add47b6.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/2ae6433e.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/2b349938.0", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/2c63f966.0", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/2cc2056d.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/2ccbdda3.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/2d21b73c.0", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/2d9dafe4.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/302904dd.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/304d27c3.0", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/31188b5e.0", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/32888f65.0", + "mode": 41471, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/33ee480d.0", + "mode": 41471, + "size": 44, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/34d996fb.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/35105088.0", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/3513523f.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/399e7759.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/3afde786.0", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/3bde41ac.0", + "mode": 41471, + "size": 61, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/3c860d51.0", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/3c899c73.0", + "mode": 41471, + "size": 35, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/3c9a4d3b.0", + "mode": 41471, + "size": 13, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/3e359ba6.0", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/3fb36b73.0", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/40193066.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/4042bcee.0", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/40547a79.0", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/406c9bb1.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/41a3f684.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/455f1b52.0", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/47b283f6.0", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/48a195d8.0", + "mode": 41471, + "size": 14, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/48bec511.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/4b718d9b.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/4be590e0.0", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/4bfab552.0", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/4c3982f2.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/4f316efb.0", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/4fd49c6c.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/52b525c7.0", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/53a1b57a.0", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/5443e9e3.0", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/54657681.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/583ac115.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/583d0756.0", + "mode": 41471, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/5860aaa6.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/5931b5bc.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/595e996b.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/5a3f0ff8.0", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/5acf816d.0", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/5cd81ad7.0", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/5d139d02.0", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/5f15c80c.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/5f47b495.0", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/5f618aec.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/5f9a69fa.0", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/5fdd185d.0", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/607986c7.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/60afe812.0", + "mode": 41471, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/616816f6.0", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/6187b673.0", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/626dceaf.0", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/63a2c897.0", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/68dd7389.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/69105f4f.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/6a9bdba3.0", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/6b03dec0.0", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/6b483515.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/6b99d060.0", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/6c85d883.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/6d41d539.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/6fa5da56.0", + "mode": 41471, + "size": 44, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/749e9e03.0", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/75d1b2ed.0", + "mode": 41471, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/76faf6c0.0", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/7719f463.0", + "mode": 41471, + "size": 63, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/773e07ad.0", + "mode": 41471, + "size": 35, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/7892ad52.0", + "mode": 41471, + "size": 47, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/7a3adc42.0", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/7a780d93.0", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/7a7c655d.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/7a819ef2.0", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/7e067d03.0", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/7f3d5d1d.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/7fa05551.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/8160b96c.0", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/81b9768f.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/81f2d2b1.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/82223c44.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/8312c4c1.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/83e9984f.0", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/8508e720.0", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/85cde254.0", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/86212b19.0", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/865fbdf9.0", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/869fbf79.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/8761519c.0", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/878d9bca.0", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/8794b4e3.0", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/882de061.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/88950faa.0", + "mode": 41471, + "size": 44, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/89c02a45.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/8cb5ee0f.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/8d10a21f.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/8d6437c3.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/8d81b251.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/8d86cdd1.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/8d89cda1.0", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/8f103249.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/8f6cd7bb.0", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9046744a.0", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/90c5a3c8.0", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9282e51c.0", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/930ac5d2.0", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9339512a.0", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/93851c9e.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/93bc0acc.0", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9479c8c3.0", + "mode": 41471, + "size": 63, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9482e63a.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9576d26b.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9591a472.0", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/95aff9e3.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9846683b.0", + "mode": 41471, + "size": 33, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/985c1f52.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/988a38cb.0", + "mode": 41471, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/98aaf404.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/99e1b953.0", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9aef356c.0", + "mode": 41471, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9b46e03d.0", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9b5697b0.0", + "mode": 41471, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9bf03295.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9c8dfbd4.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9d04f354.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9d6523ce.0", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9e654b62.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9ef4a08a.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/9f727ac7.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ACCVRAIZ1.pem", + "mode": 33060, + "size": 2772, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/AC_RAIZ_FNMT-RCM.pem", + "mode": 33060, + "size": 1972, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem", + "mode": 33060, + "size": 904, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ANF_Secure_Server_Root_CA.pem", + "mode": 33060, + "size": 2118, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Actalis_Authentication_Root_CA.pem", + "mode": 33060, + "size": 2049, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Commercial.pem", + "mode": 33060, + "size": 1204, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Networking.pem", + "mode": 33060, + "size": 1204, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Premium.pem", + "mode": 33060, + "size": 1891, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Premium_ECC.pem", + "mode": 33060, + "size": 753, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_1.pem", + "mode": 33060, + "size": 1188, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_2.pem", + "mode": 33060, + "size": 1883, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_3.pem", + "mode": 33060, + "size": 656, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_4.pem", + "mode": 33060, + "size": 737, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Atos_TrustedRoot_2011.pem", + "mode": 33060, + "size": 1261, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem", + "mode": 33060, + "size": 782, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem", + "mode": 33060, + "size": 1931, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem", + "mode": 33060, + "size": 2167, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/BJCA_Global_Root_CA1.pem", + "mode": 33060, + "size": 1952, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/BJCA_Global_Root_CA2.pem", + "mode": 33060, + "size": 806, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Buypass_Class_2_Root_CA.pem", + "mode": 33060, + "size": 1915, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Buypass_Class_3_Root_CA.pem", + "mode": 33060, + "size": 1915, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/CA_Disig_Root_R2.pem", + "mode": 33060, + "size": 1935, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/CFCA_EV_ROOT.pem", + "mode": 33060, + "size": 1984, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/COMODO_Certification_Authority.pem", + "mode": 33060, + "size": 1489, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/COMODO_ECC_Certification_Authority.pem", + "mode": 33060, + "size": 940, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/COMODO_RSA_Certification_Authority.pem", + "mode": 33060, + "size": 2086, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certainly_Root_E1.pem", + "mode": 33060, + "size": 741, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certainly_Root_R1.pem", + "mode": 33060, + "size": 1891, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certigna.pem", + "mode": 33060, + "size": 1330, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certigna_Root_CA.pem", + "mode": 33060, + "size": 2264, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certum_EC-384_CA.pem", + "mode": 33060, + "size": 891, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certum_Trusted_Network_CA.pem", + "mode": 33060, + "size": 1354, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certum_Trusted_Network_CA_2.pem", + "mode": 33060, + "size": 2078, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certum_Trusted_Root_CA.pem", + "mode": 33060, + "size": 2053, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_ECC_Root-01.pem", + "mode": 33060, + "size": 794, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_ECC_Root-02.pem", + "mode": 33060, + "size": 794, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_RSA_Root-01.pem", + "mode": 33060, + "size": 1939, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_RSA_Root-02.pem", + "mode": 33060, + "size": 1939, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_BR_Root_CA_1_2020.pem", + "mode": 33060, + "size": 1050, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_BR_Root_CA_2_2023.pem", + "mode": 33060, + "size": 2025, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_EV_Root_CA_1_2020.pem", + "mode": 33060, + "size": 1050, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_EV_Root_CA_2_2023.pem", + "mode": 33060, + "size": 2025, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_Root_Class_3_CA_2_2009.pem", + "mode": 33060, + "size": 1517, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_Root_Class_3_CA_2_EV_2009.pem", + "mode": 33060, + "size": 1537, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Assured_ID_Root_CA.pem", + "mode": 33060, + "size": 1350, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Assured_ID_Root_G2.pem", + "mode": 33060, + "size": 1306, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Assured_ID_Root_G3.pem", + "mode": 33060, + "size": 851, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Global_Root_CA.pem", + "mode": 33060, + "size": 1338, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Global_Root_G2.pem", + "mode": 33060, + "size": 1294, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Global_Root_G3.pem", + "mode": 33060, + "size": 839, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_High_Assurance_EV_Root_CA.pem", + "mode": 33060, + "size": 1367, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_TLS_ECC_P384_Root_G5.pem", + "mode": 33060, + "size": 790, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_TLS_RSA4096_Root_G5.pem", + "mode": 33060, + "size": 1931, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Trusted_Root_G4.pem", + "mode": 33060, + "size": 1988, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Entrust_Root_Certification_Authority.pem", + "mode": 33060, + "size": 1643, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Entrust_Root_Certification_Authority_-_EC1.pem", + "mode": 33060, + "size": 1090, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Entrust_Root_Certification_Authority_-_G2.pem", + "mode": 33060, + "size": 1533, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/FIRMAPROFESIONAL_CA_ROOT-A_WEB.pem", + "mode": 33060, + "size": 920, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GDCA_TrustAUTH_R5_ROOT.pem", + "mode": 33060, + "size": 1980, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GLOBALTRUST_2020.pem", + "mode": 33060, + "size": 1972, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R1.pem", + "mode": 33060, + "size": 1911, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R2.pem", + "mode": 33060, + "size": 1911, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R3.pem", + "mode": 33060, + "size": 765, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R4.pem", + "mode": 33060, + "size": 765, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_ECC_Root_CA_-_R4.pem", + "mode": 33060, + "size": 704, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_ECC_Root_CA_-_R5.pem", + "mode": 33060, + "size": 794, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_CA_-_R3.pem", + "mode": 33060, + "size": 1229, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_CA_-_R6.pem", + "mode": 33060, + "size": 1972, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_E46.pem", + "mode": 33060, + "size": 769, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_R46.pem", + "mode": 33060, + "size": 1915, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Go_Daddy_Root_Certificate_Authority_-_G2.pem", + "mode": 33060, + "size": 1367, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/HARICA_TLS_ECC_Root_CA_2021.pem", + "mode": 33060, + "size": 867, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/HARICA_TLS_RSA_Root_CA_2021.pem", + "mode": 33060, + "size": 2017, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem", + "mode": 33060, + "size": 1017, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem", + "mode": 33060, + "size": 2155, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/HiPKI_Root_CA_-_G1.pem", + "mode": 33060, + "size": 1939, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Hongkong_Post_Root_CA_3.pem", + "mode": 33060, + "size": 2074, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ISRG_Root_X1.pem", + "mode": 33060, + "size": 1939, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ISRG_Root_X2.pem", + "mode": 33060, + "size": 790, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/IdenTrust_Commercial_Root_CA_1.pem", + "mode": 33060, + "size": 1923, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/IdenTrust_Public_Sector_Root_CA_1.pem", + "mode": 33060, + "size": 1931, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Izenpe.com.pem", + "mode": 33060, + "size": 2122, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Microsec_e-Szigno_Root_CA_2009.pem", + "mode": 33060, + "size": 1460, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Microsoft_ECC_Root_Certificate_Authority_2017.pem", + "mode": 33060, + "size": 875, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Microsoft_RSA_Root_Certificate_Authority_2017.pem", + "mode": 33060, + "size": 2021, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/NAVER_Global_Root_Certification_Authority.pem", + "mode": 33060, + "size": 2013, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem", + "mode": 33060, + "size": 1476, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/OISTE_WISeKey_Global_Root_GB_CA.pem", + "mode": 33060, + "size": 1346, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/OISTE_WISeKey_Global_Root_GC_CA.pem", + "mode": 33060, + "size": 895, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_1_G3.pem", + "mode": 33060, + "size": 1923, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_2.pem", + "mode": 33060, + "size": 2041, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_2_G3.pem", + "mode": 33060, + "size": 1923, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_3.pem", + "mode": 33060, + "size": 2354, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_3_G3.pem", + "mode": 33060, + "size": 1923, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_EV_Root_Certification_Authority_ECC.pem", + "mode": 33060, + "size": 956, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_EV_Root_Certification_Authority_RSA_R2.pem", + "mode": 33060, + "size": 2114, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_Root_Certification_Authority_ECC.pem", + "mode": 33060, + "size": 944, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_Root_Certification_Authority_RSA.pem", + "mode": 33060, + "size": 2094, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_TLS_ECC_Root_CA_2022.pem", + "mode": 33060, + "size": 834, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_TLS_RSA_Root_CA_2022.pem", + "mode": 33060, + "size": 1980, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SZAFIR_ROOT_CA2.pem", + "mode": 33060, + "size": 1257, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Sectigo_Public_Server_Authentication_Root_E46.pem", + "mode": 33060, + "size": 834, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Sectigo_Public_Server_Authentication_Root_R46.pem", + "mode": 33060, + "size": 1980, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SecureSign_Root_CA12.pem", + "mode": 33060, + "size": 1257, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SecureSign_Root_CA14.pem", + "mode": 33060, + "size": 1948, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SecureSign_Root_CA15.pem", + "mode": 33060, + "size": 802, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SecureTrust_CA.pem", + "mode": 33060, + "size": 1350, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Secure_Global_CA.pem", + "mode": 33060, + "size": 1354, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Security_Communication_ECC_RootCA1.pem", + "mode": 33060, + "size": 830, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Security_Communication_RootCA2.pem", + "mode": 33060, + "size": 1261, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Starfield_Root_Certificate_Authority_-_G2.pem", + "mode": 33060, + "size": 1399, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Starfield_Services_Root_Certificate_Authority_-_G2.pem", + "mode": 33060, + "size": 1424, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SwissSign_Gold_CA_-_G2.pem", + "mode": 33060, + "size": 2045, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SwissSign_RSA_TLS_Root_CA_2022_-_1.pem", + "mode": 33060, + "size": 1992, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/T-TeleSec_GlobalRoot_Class_2.pem", + "mode": 33060, + "size": 1367, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/T-TeleSec_GlobalRoot_Class_3.pem", + "mode": 33060, + "size": 1367, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem", + "mode": 33060, + "size": 1582, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TWCA_CYBER_Root_CA.pem", + "mode": 33060, + "size": 1984, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TWCA_Global_Root_CA.pem", + "mode": 33060, + "size": 1883, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TWCA_Root_Certification_Authority.pem", + "mode": 33060, + "size": 1269, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Telekom_Security_TLS_ECC_Root_2020.pem", + "mode": 33060, + "size": 843, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Telekom_Security_TLS_RSA_Root_2023.pem", + "mode": 33060, + "size": 2037, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TeliaSonera_Root_CA_v1.pem", + "mode": 33060, + "size": 1870, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Telia_Root_CA_v2.pem", + "mode": 33060, + "size": 1952, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_Global_Root_CA_G3.pem", + "mode": 33060, + "size": 2017, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_Global_Root_CA_G4.pem", + "mode": 33060, + "size": 871, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_TLS_ECC_Root_CA.pem", + "mode": 33060, + "size": 822, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_TLS_RSA_Root_CA.pem", + "mode": 33060, + "size": 1968, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Trustwave_Global_Certification_Authority.pem", + "mode": 33060, + "size": 2090, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Trustwave_Global_ECC_P256_Certification_Authority.pem", + "mode": 33060, + "size": 883, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Trustwave_Global_ECC_P384_Certification_Authority.pem", + "mode": 33060, + "size": 969, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TunTrust_Root_CA.pem", + "mode": 33060, + "size": 2037, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/UCA_Extended_Validation_Root.pem", + "mode": 33060, + "size": 1915, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/UCA_Global_G2_Root.pem", + "mode": 33060, + "size": 1891, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/USERTrust_ECC_Certification_Authority.pem", + "mode": 33060, + "size": 948, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/USERTrust_RSA_Certification_Authority.pem", + "mode": 33060, + "size": 2094, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/a09a51ae.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/a2c66da8.0", + "mode": 41471, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/a3418fda.0", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/a716d4ed.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/a81e292b.0", + "mode": 41471, + "size": 19, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/a89d74c2.0", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/a94d09e5.0", + "mode": 41471, + "size": 13, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/a9d40e02.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ab59055e.0", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b0d5255e.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b0e59380.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b0ed035a.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b1159c4c.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b30d5fda.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b3fb433b.0", + "mode": 41471, + "size": 46, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b433981b.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b66938e9.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b727005e.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b74d2bd5.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b7a5b843.0", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b7db1890.0", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b81b93f0.0", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b872f2b4.0", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b8d25de6.0", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b92fd57f.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/b936d1c6.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ba8887ce.0", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/bc3f2570.0", + "mode": 41471, + "size": 44, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/bd43e1dd.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/bdacca6f.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/bf53fb88.0", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/bf64f35b.0", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/c01eb047.0", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/c28a8a30.0", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/c44cc0c0.0", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/c491639e.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/c559d742.0", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/c7f1359b.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/c90bc37d.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ca-bundle.crt", + "mode": 32768, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ca-certificates.crt", + "mode": 32768, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ca6e4ad9.0", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/cb1c3204.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/cbb3f32b.0", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/cbf06781.0", + "mode": 41471, + "size": 44, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/cc450945.0", + "mode": 41471, + "size": 14, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ccc52f49.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/cd58d51e.0", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/cd8c0d63.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ce5e74ef.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/certSIGN_ROOT_CA.pem", + "mode": 33060, + "size": 1176, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/certSIGN_Root_CA_G2.pem", + "mode": 33060, + "size": 1891, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/cf701eeb.0", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/d06393bb.0", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/d16a5865.0", + "mode": 41471, + "size": 61, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/d18e9066.0", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/d39b0a2c.0", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/d41b5e2a.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/d4c339cb.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/d4dae3dd.0", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/d52c538d.0", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/d59297b8.0", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/d6325660.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/d7746a63.0", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/d7e8dc79.0", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/d887a5bb.0", + "mode": 41471, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/d96b65e2.0", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/da0cfd1d.0", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/da7377f6.0", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/dbc54cab.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/dbff3a01.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/dc4d6a89.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/dc99f41e.0", + "mode": 41471, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/dd8e9d41.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ddcda989.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/de6d66f3.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/dfc0fe80.0", + "mode": 41471, + "size": 35, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e-Szigno_Root_CA_2017.pem", + "mode": 33060, + "size": 843, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e071171e.0", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e113c810.0", + "mode": 41471, + "size": 12, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e13665f9.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e18bfb83.0", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e35234b1.0", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e36a6752.0", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e442e424.0", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e48193cf.0", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e73d606e.0", + "mode": 41471, + "size": 35, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e7c037b4.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e7dd1bc4.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e8651083.0", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e868b802.0", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e8de2f56.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ePKI_Root_Certification_Authority.pem", + "mode": 33060, + "size": 2033, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ecccd8db.0", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ed39abd0.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ed858448.0", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/edcbddb5.0", + "mode": 41471, + "size": 44, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ee37c333.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ee532fd5.0", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/eed8c118.0", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ef954a4e.0", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/emSign_ECC_Root_CA_-_C3.pem", + "mode": 33060, + "size": 814, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/emSign_ECC_Root_CA_-_G3.pem", + "mode": 33060, + "size": 859, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/emSign_Root_CA_-_C1.pem", + "mode": 33060, + "size": 1257, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/emSign_Root_CA_-_G1.pem", + "mode": 33060, + "size": 1302, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/f013ecaf.0", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/f058632f.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/f0c70a8d.0", + "mode": 41471, + "size": 47, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/f249de83.0", + "mode": 41471, + "size": 44, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/f30dd6ad.0", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/f39fc864.0", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/f459871d.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/f51bb24c.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/f8fc53da.0", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/fa5da96b.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/fb5fa911.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/fb717492.0", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/fc5a8f99.0", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/fd08c599.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/fd64f3fc.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/fde84897.0", + "mode": 41471, + "size": 12, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/fe8a2cd8.0", + "mode": 41471, + "size": 19, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/feffd413.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ff34af3f.0", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ffa7f1eb.0", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ffdd40f9.0", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/vTrus_ECC_Root_CA.pem", + "mode": 33060, + "size": 774, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/vTrus_Root_CA.pem", + "mode": 33060, + "size": 1911, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem", + "mode": 33060, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem", + "mode": 33060, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", + "mode": 33060, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/ca-trust/source", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/source/README", + "mode": 33188, + "size": 932, + "digest": { + "algorithm": "sha256", + "value": "86184318d451bec55d70c84e618cbfe10c8adb7dc893964ce4aaecff99d83433" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/source/anchors", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/source/blocklist", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/ca-trust/source/ca-bundle.legacy.crt", + "mode": 32768, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/etc/pki/java", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/java/cacerts", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/tls", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/tls/cert.pem", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/tls/certs", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/tls/certs/ca-bundle.crt", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/tls/certs/ca-bundle.trust.crt", + "mode": 41471, + "size": 55, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/ssl", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/ssl/cert.pem", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/ssl/certs", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/ssl/ct_log_list.cnf", + "mode": 41471, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/ssl/openssl.cnf", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/ca-legacy", + "mode": 33261, + "size": 1648, + "digest": { + "algorithm": "sha256", + "value": "48f9c9bd7473d45f2f2e30d5c723cf58d7175be9e3f19573a67049cbac35330a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/update-ca-trust", + "mode": 33261, + "size": 4466, + "digest": { + "algorithm": "sha256", + "value": "4c5515dcbdcdde3140164b1ec731873cd98c8b346359ef4b033cfbf9f82bb6bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man8/ca-legacy.8.gz", + "mode": 33188, + "size": 1345, + "digest": { + "algorithm": "sha256", + "value": "25cfe6db0a9f9ab8f0476903cef280c5a073f099519ae4ddd0a073eefa53cd17" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/update-ca-trust.8.gz", + "mode": 33188, + "size": 4059, + "digest": { + "algorithm": "sha256", + "value": "9dcfcf93ce9ced75a8851784380629b539f5ff1db97ec2bd65409f3232ca692a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/pki", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/pki/ca-trust-legacy", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/pki/ca-trust-source", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/pki/ca-trust-source/README", + "mode": 33188, + "size": 937, + "digest": { + "algorithm": "sha256", + "value": "0d2e90b6cf575678cd9d4f409d92258ef0d676995d4d733acdb2425309a38ff8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/pki/ca-trust-source/anchors", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/pki/ca-trust-source/blocklist", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit", + "mode": 33188, + "size": 2545081, + "digest": { + "algorithm": "sha256", + "value": "02ad6e337e41b5e7bea51e6def6d97f608d244d4ec134856fe0324a375af6b59" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv3+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "coreutils-single", + "version": "8.32", + "epoch": null, + "architecture": "x86_64", + "release": "39.el9", + "sourceRpm": "coreutils-8.32-39.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Apr 4 17:00:25 1986", + "issuer": "431d519c6d0fff7a" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Jul 28 05:09:21 1949", + "issuer": "431d5119750fff4a" + } + ], + "size": 1403185, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "/bin/cat", + "/bin/chmod", + "/bin/echo", + "/bin/ln", + "/bin/rm", + "/bin/touch", + "bundled(gnulib)", + "coreutils", + "coreutils(x86-64)", + "coreutils-single", + "coreutils-single(x86-64)", + "libstdbuf.so.single()(64bit)" + ], + "requires": [ + "libacl.so.1()(64bit)", + "libacl.so.1(ACL_1.0)(64bit)", + "libattr.so.1()(64bit)", + "libattr.so.1(ATTR_1.1)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.10)(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.25)(64bit)", + "libc.so.6(GLIBC_2.27)(64bit)", + "libc.so.6(GLIBC_2.28)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.32)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.6)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.9)(64bit)", + "libcap.so.2()(64bit)", + "libselinux.so.1()(64bit)", + "libselinux.so.1(LIBSELINUX_1.0)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/bin/[", + "mode": 33133, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "afd97bbd643bfe1473794af167cd5c6f44fe449681033e3584b40b836f624b4b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/arch", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "209bae4071910ef54b4a3bd302059bf7e00870d8bacffcd7c5489425f37ed16f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/b2sum", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "9116333c88eee22e55e30db1ad088483f52a3024b624356416873bc14fad9359" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/base32", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "ff10172686b6db691ae57530dff6cd14b980cbba7ed81a8dcf81bd42dd7bb23b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/base64", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "fed1b291454a61812e605fd06b04f915ef7e5436cfc1ee17f96523f56c2fbebf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/basename", + "mode": 33133, + "size": 55, + "digest": { + "algorithm": "sha256", + "value": "9a1e6804fef8ca36d39b008210b187dc4a82c456919574e61e17ab40c033589c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/basenc", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "cd8a131e0af4133b97da4adcca84ae61cc24c898d8d0e2b6aabac6d2d7a34094" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/cat", + "mode": 33133, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "c6138c9502337f42763d627e4b665dd4fd66f26a987891d0a7e8313783f689ad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/chcon", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "c191edddab15fd046170527d27f5f2a864684e118020ae3cab9a8c4ce7e6cc8f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/chgrp", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "e1d37a0d06d1d5db7180b10eb367365214de3c458a356efa32960312dabf9bde" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/chmod", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "8ee704ee6e399f29d23b37223b4c80a1a5a39fd0752c6d913d9bcb176b4bb930" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/chown", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "497a658c90080afd7bba33da8297fdb1be37cf36a3465a344164a8cb14390b53" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/cksum", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "09eada4c0374c3c565ebe1f8965bce9943eb7c2790ef031d7b638b3f191b5592" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/comm", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "7449de734af6ab89331fc34dabfd40d10fa799369a52fd9df7c3829ded1d0261" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/coreutils", + "mode": 33261, + "size": 1347224, + "digest": { + "algorithm": "sha256", + "value": "61bca8e2323b76b8f423568f4631d265a26a88cb309c31ffbb066b925a52ccc2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/cp", + "mode": 33133, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "79c39d67b7969b943045e80485f9dc3202a11ddfc5c9f7fdb4287216d0255a90" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/csplit", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "406a678a5b17869b4d148ad1924dd9ff3f2496e6f8b1dde6572edb355ded6316" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/cut", + "mode": 33133, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "7448d9549e82dc4aa8917fc2bc2c49ad3f99e85e0c4f9a0957926a1f33c60421" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/date", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "71fb38657d2a08ad7fa8a7d6d44b54b4a63b2b0ca654e7865c0993443fe36608" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/dd", + "mode": 33133, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "afc84e0b7f78721d72cc70e5207c0a948889401b1ae985f88fe5557010898d16" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/df", + "mode": 33133, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "7140d87bcfc96e33d0e40e746734dfa02fb2973428059a83f267f490acf2924c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/dir", + "mode": 33133, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "9dfc129738cbf6c04a0a6bce388f6cabe0212abfb4f7011997477d657c552b2f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/dircolors", + "mode": 33133, + "size": 56, + "digest": { + "algorithm": "sha256", + "value": "db0b3071d1896d4cb925e2539b959071d3dd028501e989ae051a7cc2923a131d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/dirname", + "mode": 33133, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "79eb20166b1c6e3c720bbd9d1b7093dba753747f4a9c86c20efd24cfa1b7cd02" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/du", + "mode": 33133, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "4f987dcb68ff9790a7da315f18dba495258e0689c9c145cba4ae33bbf1153ef1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/echo", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "5e2e65807f2d7416260cc04c62a37b6aa14c3336632709406a6eb5e20a25676e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/env", + "mode": 33133, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "3164957405d820d74c59ce94cbe8e20eafa4d25366f53e4de9e3f4a149a9576c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/expand", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "b2f2c111df45d87cb069e96a9152847d31a40d2357e770d4c943d04afe6e1acd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/expr", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "27afd110fdd08ce37ae374cdb19348dc82db58b2a299d601b1a202e524ffad7c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/factor", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "ee9ee5a137e0591cd9cb7c833ea6d132715452b6e8ec15a521d5656825600a51" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/false", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "deeb84f2992538f7fadfc6946e4e34ce8b491c5d15aac723f2545fc53423609e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/fmt", + "mode": 33133, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "64eb499e5fcea80a3132b009285321317b2660173d3052ca3dc9c3871f07e0e8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/fold", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "1af788b3e940772d2d061a2868af5e034faf977d2d7158cbefa3e56a05304049" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/groups", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "80c0a1f602b5a30973ef4aff1549ab8f0c57415f1a1269c60fd463e51bc599f5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/head", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "d9265e0e806df2362b9e6b476b8b16cef39979c6e1ec9f51aae90f202b94a6d4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/hostid", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "a755dbdf0e3c215642c5dad5c02c6b69f1c533fc253aa5206e634cae9a601fff" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/id", + "mode": 33133, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "44cd8c4e4d7c0abda1cf8f4d3cb8c3eaa3a099e3583226a71b7b2717862293d3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/install", + "mode": 33133, + "size": 55, + "digest": { + "algorithm": "sha256", + "value": "a1e9d54276f52269bf3f3c4787159a8582d093acb918026a389bb03ae886424b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/join", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "9b4380b504cfba01d655f9102279abc3fa6105a4e107aa409912de8407ce7514" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/link", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "821714203f91ff6532c52ae3f871e0130435b6ba1f1f08d2d1f7bbc6693c0caf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/ln", + "mode": 33133, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "085d5f728f31abf16f2e2b6f848b10e987c2ddcf160cb9a8f12378de2b6c6657" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/logname", + "mode": 33133, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "55fbba98b8cf7ccc3d0920e6630b525360603b1db4c72c955e6d3a09f8602b68" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/ls", + "mode": 33133, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "309b3c9a3246361ec0338641aed3c14e7f91e23e7cf10de000c75135ba99fddd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/md5sum", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "ec74d410b372b48ef2b522cb903d48184f299c9290e5fa430fda73009e1ba468" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/mkdir", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "3d79925b34d75033957c123dcdb7d9d74bbdf2135ae401aeecd1c7fdbec0541b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/mkfifo", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "3abebd9dd438dfffcd6f958488172a3b403dfa0eac1ac0e1b8c26e94b61472c4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/mknod", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "e0aea7b102cdd165cf69e86c9b72bf9f1610f063a41379ff98e6abd7767a0f0c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/mktemp", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "79dab18e96e909ca19e901731bd14bbd182327ed34050ad15d3c22186c112601" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/mv", + "mode": 33133, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "6ee04af6a9560da8304d298561d76ecc42ce167cd37496cbbee5f7975b2b6c83" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/nice", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "05dd64c5d88a6308828a66bdf10fe43a1d762bdf9867eddd1613ed95abcd9eb8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/nl", + "mode": 33133, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "9cebdddb5c913efd5a2e2056790c58a4b1f0ea753ab776209f620c8aefaa88d4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/nohup", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "1d120028b00ffd10dc5d2bdb8725cccd994206809a17897b7dfa7d9852b4a109" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/nproc", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "802d57a2bb4a148ce86b5987d42de833613df533033939621c98af7c83ed10a9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/numfmt", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "a2d0a24b66f7e706d20cdbf400f0fb170c9737de1f33707639ac83b0c6eb1fe7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/od", + "mode": 33133, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "28cee197c00cc74e4020bc2c63ef4a47269bfc42a0514e8ac39b93d1c9fb5c79" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/paste", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "8bc3ecc3066cf717ff77c775897786c7ffbc96d8b4e7bf74ac0d1b1429840cbb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/pathchk", + "mode": 33133, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "c75cdb9159c70035a4fb0c266c75b7046a5e0c65770f1abd3955169ee84495cc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/pinky", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "99376200da341d1d415806ebe99b80bdab70f8e9fecc9faf16b97dd9a0038062" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/pr", + "mode": 33133, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "a01cee18df2195a84845ab441c0860ccd2e60fe8420165a46450c4215759c2a4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/printenv", + "mode": 33133, + "size": 55, + "digest": { + "algorithm": "sha256", + "value": "d28a352be84024a34f072b7c6a26b94aa87a2e76b90f437107d9b7eeebd0053c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/printf", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "129f7bcc2ae4d017b79e41c979ebfa18fc9052d4186538c25d736bfd2e397280" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/ptx", + "mode": 33133, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "4d3ecca846d94b352b5ba97887e413980af43df47f393f860ed07ed3af0ef681" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/pwd", + "mode": 33133, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "efabc0b34ff064d6a99456f5f74490573f8b9db6d1bf9450ad2e0aae0402b89c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/readlink", + "mode": 33133, + "size": 55, + "digest": { + "algorithm": "sha256", + "value": "b84234996da12c81e5762285b91ae7681342e012612df920b94ae0bd1557884f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/realpath", + "mode": 33133, + "size": 55, + "digest": { + "algorithm": "sha256", + "value": "504d523de86fa1463b8d96abf3cdd7ec8e85571593bc95650130c83ee8ff20cf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/rm", + "mode": 33133, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "c909af3f4c8ae30d059b96a9cf7b097db39159d161622b95190d60d25a5db776" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/rmdir", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "6e999e3d0c2ccfeb001f513f6a6f51c5121327894ea279e2682b4b8272c4bca8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/runcon", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "7ee2793317816a3898f317c53f3ae9324f9e245e52e9df7014553daeaf99b9f8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/seq", + "mode": 33133, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "bb11a10b8a0f5c8e974b844f2fb6c94f81d50ed2508f4583235d4cbe8bc0fbc6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/sha1sum", + "mode": 33133, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "c5e5033951d2d051b6a8412aab455294f2ec529aec279e2bc1600d21dd242a7d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/sha224sum", + "mode": 33133, + "size": 56, + "digest": { + "algorithm": "sha256", + "value": "7737b55fb338ea353ae400752f720edbcf38ef09b84ef9be9985195853a62d0d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/sha256sum", + "mode": 33133, + "size": 56, + "digest": { + "algorithm": "sha256", + "value": "377e96d9304a3e91119a58155becca958b4dc286c203ea2917ebeadba183db1c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/sha384sum", + "mode": 33133, + "size": 56, + "digest": { + "algorithm": "sha256", + "value": "94e88e0dcf5ee93b44fed867bf4e42e737dfac9ca957247489264bbf1b2f6ec7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/sha512sum", + "mode": 33133, + "size": 56, + "digest": { + "algorithm": "sha256", + "value": "23809accfe32a32da5b0fdb65f6d638f96f3c48be4fa59c41a04067677daec6e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/shred", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "b06cd470398f9e5505b962475935ce2922ad8b8f24d469e55ca398c6a4c840fe" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/shuf", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "76918b2e6df2cd31f4e6812766b003fb4a037507d12e089e4a513f8f13c312e1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/sleep", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "96f0366d3535f1556981c0ccc68c160328eb6f2757971e15642d585b2cd1f344" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/sort", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "7db440f4b4270d53050569407160d7f7c23fd7832394ce9bfbbc0b1d6e7e7dac" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/split", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "9b963841b57f729c71909fe9d4c5f1644aea4260b736b37050b35f18ab82b4ab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/stat", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "9f6ffbf89d8463633790130b1d79999e1f5ef72fa63ac128eefc19101116b4d3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/stdbuf", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "64ca8854673bbe7597c0be2ebc1ea1248e16a022e07216fe5ff2af5af1408cd7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/stty", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "347183bf373a494eb701af0b8f2c2c7d296a6ac1a90fad3cfe4745d236bd0dc9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/sum", + "mode": 33133, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "4f443e4c6d5063c4affc2b9d12852eab4c4eb675e323603441b0cc96fb9c2389" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/sync", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "5f3ecf316cc8d0461cdc69e55f97c575a2c37f250e77461ac6241d049d65b177" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/tac", + "mode": 33133, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "054324a3bf86ff8d7de940b38abfea90434de3f7e6dbfb68c28fef13ab194a4b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/tail", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "c84b690e840c9297566787aa939370f9b2e181e01c91b727e77ae07865f06c1a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/tee", + "mode": 33133, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "97a3eca66552d324751b1e8e5af6ca4295328b98fa57bc43f1f81cc0a53e197e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/test", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "12f025e9fc03f2dde8653295c2c685c1a010120b768a5becc53f61a652469005" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/timeout", + "mode": 33133, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "a58c5c3de98fedf0d7199e4e51e6d241169678259b99c21c75e5bbc17b885662" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/touch", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "cc4165b10af3012c31ff266d74ec268c5f0ebf0521faf2596141d1b33b9c1309" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/tr", + "mode": 33133, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "e3bb9a0ff998a6452a2652ad9fe93913ed17426812718c0618b769c0a45859be" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/true", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "c73afb60197c9c64805d2b4ab95efdee8646f8248ff800de2575a11eed8f9f08" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/truncate", + "mode": 33133, + "size": 55, + "digest": { + "algorithm": "sha256", + "value": "e58155261499fd6ba41e6f6cf6b696529f929b2ea82d710b8d0467e28f9eb6b8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/tsort", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "f93ec3a790a5f9283da66b22aa307a9289ba40a6a9f413c74dbb18d243c71da2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/tty", + "mode": 33133, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "47fb87400000912b988e1a8708d99287751c976b942ffb5dacc21316d07fd6d0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/uname", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "050964cc46affadcf00d817106c47a6bde087fc483fa0643e168a816b76de608" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/unexpand", + "mode": 33133, + "size": 55, + "digest": { + "algorithm": "sha256", + "value": "9dd5e2f796993334c5d66b9d2258c48d447fcdc2762a6aa0987590f5384552cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/uniq", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "2e91d5ac599019cb960094ed9a9b9973d7c1980b209dcba3de2f1549e85a0cd2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/unlink", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "d9a4afe24003912290d8a8fed7781afeeee64bb88a53cfd5b2f820ab6df355c2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/users", + "mode": 33133, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "d8f7ba3fd846a96259a17e8785a172d653fdfb03c1507f95aeeb8d5461407b5c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/vdir", + "mode": 33133, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "fff208202d47a5ff1daec8820f11555149ec8d9d9b39235e14555c3a14bd8572" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/wc", + "mode": 33133, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "709f6b9228d11ea5bf6298c953c98a3d11ec89a50916646494661aca8c32a775" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/who", + "mode": 33133, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "5f2f1a73f39388b45a8ee56e44abe0a084d6849ba4c432130f9ef04bc6a58e4e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/whoami", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "112e9bdfc8975c4413bb940c0ab36034902d0037b2b25d24f2d1b4f93a32bd6a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/yes", + "mode": 33133, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "614d5aab2a46b047fb5160018dd4f1c7655f792a467dcb8abea75cbec5579b08" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/30", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/30/858f216e29370ec1cec1da867e18812e7abd41", + "mode": 41471, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/81/fbe81f1fcca3ff874a9a1576e519da5def51db", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/libexec/coreutils", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/coreutils/libstdbuf.so", + "mode": 33261, + "size": 15288, + "digest": { + "algorithm": "sha256", + "value": "12e5481fd926dabcd9304ad69f70ff0bdcb8f69a2a78bce13bdd432dc362ec43" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/chroot", + "mode": 33133, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "739f7aeb037de1264e7801b4a2b01b6e98bf66b1fe81c751989241de6f878b19" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/coreutils-single", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/coreutils-single/COPYING", + "mode": 33188, + "size": 35149, + "digest": { + "algorithm": "sha256", + "value": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "db4134870a686c23", + "name": "crypto-policies", + "version": "20250905-1.git377cc42.el9_7", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPL-2.1-or-later", + "spdxExpression": "LGPL-2.1-or-later", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:crypto-policies:crypto-policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:crypto-policies:crypto_policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:crypto_policies:crypto-policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:crypto_policies:crypto_policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:crypto:crypto-policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:crypto:crypto_policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:crypto-policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:crypto_policies:20250905-1.git377cc42.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/crypto-policies@20250905-1.git377cc42.el9_7?arch=noarch&distro=rhel-9.7&upstream=crypto-policies-20250905-1.git377cc42.el9_7.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "crypto-policies", + "version": "20250905", + "epoch": null, + "architecture": "noarch", + "release": "1.git377cc42.el9_7", + "sourceRpm": "crypto-policies-20250905-1.git377cc42.el9_7.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Jun 27 02:23:23 1927", + "issuer": "431d51ca820ff8b2" + } + ], + "size": 101000, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "config(crypto-policies)", + "crypto-policies" + ], + "requires": [ + "/usr/bin/bash", + "config(crypto-policies)", + "rpmlib(BuiltinLuaScripts)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PartialHardlinkSets)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [ + { + "path": "/etc/crypto-policies", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/crypto-policies/back-ends", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/crypto-policies/back-ends/bind.config", + "mode": 41471, + "size": 43, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/etc/crypto-policies/back-ends/gnutls.config", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/etc/crypto-policies/back-ends/java.config", + "mode": 41471, + "size": 43, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/etc/crypto-policies/back-ends/javasystem.config", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/etc/crypto-policies/back-ends/krb5.config", + "mode": 41471, + "size": 43, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/etc/crypto-policies/back-ends/libreswan.config", + "mode": 41471, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/etc/crypto-policies/back-ends/libssh.config", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/etc/crypto-policies/back-ends/nss.config", + "mode": 41471, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/etc/crypto-policies/back-ends/openssh.config", + "mode": 41471, + "size": 46, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/etc/crypto-policies/back-ends/opensshserver.config", + "mode": 41471, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/etc/crypto-policies/back-ends/openssl.config", + "mode": 41471, + "size": 46, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/etc/crypto-policies/back-ends/openssl_fips.config", + "mode": 41471, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/etc/crypto-policies/back-ends/opensslcnf.config", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/etc/crypto-policies/config", + "mode": 33188, + "size": 680, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/etc/crypto-policies/local.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/crypto-policies/policies", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/crypto-policies/policies/modules", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/crypto-policies/state", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/crypto-policies/state/current", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/usr/libexec/fips-setup-helper", + "mode": 33261, + "size": 333, + "digest": { + "algorithm": "sha256", + "value": "98842d7aab2119a5258e0931c538111d4eb9099395b539b764dc6de427de8939" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/DEFAULT", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/DEFAULT/bind.txt", + "mode": 33188, + "size": 124, + "digest": { + "algorithm": "sha256", + "value": "a58c1a9dc160a31aa185d74a96538aafa634864b8868129ffac0544e789e03e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/DEFAULT/gnutls.txt", + "mode": 33188, + "size": 3075, + "digest": { + "algorithm": "sha256", + "value": "9658d45476815d507ec7598a09b8f32bb67f1f12b1204b0a9ecd9d165a3e8116" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/DEFAULT/java.txt", + "mode": 33188, + "size": 1552, + "digest": { + "algorithm": "sha256", + "value": "21e27a8d83a44a6c1179effe601e95cb3d7373735cc7520cd47be0652dd18945" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/DEFAULT/javasystem.txt", + "mode": 33188, + "size": 153, + "digest": { + "algorithm": "sha256", + "value": "0ddb088db3d8d923e57dfe61dff5e3faadb41108c85b6eb1885b6a4838d382c3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/DEFAULT/krb5.txt", + "mode": 33188, + "size": 137, + "digest": { + "algorithm": "sha256", + "value": "0c1e430ee375bf679019a42098629b7cccc6ca5a530479d787c5fde204da1cb7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/DEFAULT/libreswan.txt", + "mode": 33188, + "size": 565, + "digest": { + "algorithm": "sha256", + "value": "ba0a4319962f0e6a3e83a404becf46a8bb0cf7929ef2b7032fec9ee1b95dd27b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/DEFAULT/libssh.txt", + "mode": 33188, + "size": 1165, + "digest": { + "algorithm": "sha256", + "value": "4cb91562666463b60e23b6b3f0a50164959226126847ee6da1df8f7f0f071da7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/DEFAULT/nss.txt", + "mode": 33188, + "size": 409, + "digest": { + "algorithm": "sha256", + "value": "6e1b17a238bc9879954790db1715dfa69029b0d4e9d566263c804dfb97261d0f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/DEFAULT/openssh.txt", + "mode": 33188, + "size": 1322, + "digest": { + "algorithm": "sha256", + "value": "7716f34aeb67783ba9eeca7e35313fdde274231d902eea760ac4ccb58de165e4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/DEFAULT/opensshserver.txt", + "mode": 33188, + "size": 1804, + "digest": { + "algorithm": "sha256", + "value": "1113a9f57ae80185b59413b7a04f9cd2e5bd3bda51ef703f4f785658a25046d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/DEFAULT/openssl.txt", + "mode": 33188, + "size": 151, + "digest": { + "algorithm": "sha256", + "value": "14c0ac8298081902c37730227e3385e5db9bdb414fc00469a5453d9d8edbcb89" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/DEFAULT/openssl_fips.txt", + "mode": 33188, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/DEFAULT/opensslcnf.txt", + "mode": 33188, + "size": 738, + "digest": { + "algorithm": "sha256", + "value": "5db272604fd06ed01b7bf95427e133ca891aacc5eb8158ebe5437c7ffe63db73" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt", + "mode": 33188, + "size": 1953, + "digest": { + "algorithm": "sha256", + "value": "94e0021e1dfb6a505ae320fd1a810d959f9a8196876112df0b8bd13d1819a6b1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FIPS", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FIPS/bind.txt", + "mode": 33188, + "size": 140, + "digest": { + "algorithm": "sha256", + "value": "2d3530ededdc39742969f28ff137f88e429a5b80e55fb9dcb8ed51eabc14ed0d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FIPS/gnutls.txt", + "mode": 33188, + "size": 2528, + "digest": { + "algorithm": "sha256", + "value": "ba59572ce09550c61e75c70c5bfc0d800661c7011cbced1ad943b408bfde381c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FIPS/java.txt", + "mode": 33188, + "size": 1853, + "digest": { + "algorithm": "sha256", + "value": "2545c17c559c1177239b3bc9292a2b50ca3e1400961ed515a9e50d8bc9991175" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FIPS/javasystem.txt", + "mode": 33188, + "size": 139, + "digest": { + "algorithm": "sha256", + "value": "22f46a8509ac1c19bc76b9ab235820964e9a0469b9f2ba58c8be0aa8da9a8890" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FIPS/krb5.txt", + "mode": 33188, + "size": 89, + "digest": { + "algorithm": "sha256", + "value": "9c1a4d25952e9ba252dfdd110c40ee363a8c69a1f57c396f9c021255f613994a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FIPS/libreswan.txt", + "mode": 33188, + "size": 289, + "digest": { + "algorithm": "sha256", + "value": "3121515ad310fee218aececa8ba41517cb2ff38dbd7903f1cf7712979b872527" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FIPS/libssh.txt", + "mode": 33188, + "size": 962, + "digest": { + "algorithm": "sha256", + "value": "fa908a498254cbe4cbe1ee45e59896c140021fe9ff0ba6796f11784df73d713b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FIPS/nss.txt", + "mode": 33188, + "size": 352, + "digest": { + "algorithm": "sha256", + "value": "f4b387df3824b2831e6ae76c6de4661f879d63366f2737e75222eaf53fce0f76" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FIPS/openssh.txt", + "mode": 33188, + "size": 819, + "digest": { + "algorithm": "sha256", + "value": "8606bb4030c091ffff8f8c3f154eefe322dc78953fed05921b660b91a9a1832b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FIPS/opensshserver.txt", + "mode": 33188, + "size": 1114, + "digest": { + "algorithm": "sha256", + "value": "fc29f93c9ba35b0c98eadc4a5d535750f7ad1439eb7425b46e5fd34958b9a00d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FIPS/openssl.txt", + "mode": 33188, + "size": 182, + "digest": { + "algorithm": "sha256", + "value": "eacc37ccc326fa7a92d1f3bdbe647b8b60c01ef9a2b1cba2980450cce218df54" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FIPS/openssl_fips.txt", + "mode": 33188, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FIPS/opensslcnf.txt", + "mode": 33188, + "size": 714, + "digest": { + "algorithm": "sha256", + "value": "4acf50471178bbca3568561d0d48be519704b2a729d37b2594671bc7cbe38e4d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FIPS/rpm-sequoia.txt", + "mode": 33188, + "size": 1946, + "digest": { + "algorithm": "sha256", + "value": "010e040a5df0846e09730544fc2ff1c8071bbe6ad50aa61fb6e10097f887ea15" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FUTURE", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FUTURE/bind.txt", + "mode": 33188, + "size": 124, + "digest": { + "algorithm": "sha256", + "value": "a58c1a9dc160a31aa185d74a96538aafa634864b8868129ffac0544e789e03e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FUTURE/gnutls.txt", + "mode": 33188, + "size": 2573, + "digest": { + "algorithm": "sha256", + "value": "d68afbedf284403094b49b6fd6e164af1df71df6bfc7260ac9c2f35d0d4044a0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FUTURE/java.txt", + "mode": 33188, + "size": 1941, + "digest": { + "algorithm": "sha256", + "value": "f99bfe41709855b20552f414f78b7a1aab6154ba588bdac72ded87f8d8c80ddb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FUTURE/javasystem.txt", + "mode": 33188, + "size": 142, + "digest": { + "algorithm": "sha256", + "value": "d43f7ce398de1cd518cd0864b58d74d50a8375b800b3231db853ac86175b6d19" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FUTURE/krb5.txt", + "mode": 33188, + "size": 86, + "digest": { + "algorithm": "sha256", + "value": "f7500ad5181c77fd45da469fd7a0991caf7bc29b6c2f4f10bc966c3920fa905e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FUTURE/libreswan.txt", + "mode": 33188, + "size": 303, + "digest": { + "algorithm": "sha256", + "value": "fada0c0238bc899aa3328e6f86b940a7f5a25cdef647ef28c243f89c3db67100" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FUTURE/libssh.txt", + "mode": 33188, + "size": 1065, + "digest": { + "algorithm": "sha256", + "value": "ee3a3567708dd4b79451deef173fe5b8443614d8fb81127dd91f98fb6ff35487" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FUTURE/nss.txt", + "mode": 33188, + "size": 355, + "digest": { + "algorithm": "sha256", + "value": "10a7d15cc2b678c044b2b749d7a0cf9e8706668888b94cea91866fb847588425" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FUTURE/openssh.txt", + "mode": 33188, + "size": 1202, + "digest": { + "algorithm": "sha256", + "value": "cdd99a01e5c7e4ff862b88e5a228f4bb4583b4039a4ff7ceb89b2869b8780059" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FUTURE/opensshserver.txt", + "mode": 33188, + "size": 1684, + "digest": { + "algorithm": "sha256", + "value": "621a381b8c829f95a45dd56ace4b7788dd09db9be43b20897742c0d7478ef27b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FUTURE/openssl.txt", + "mode": 33188, + "size": 180, + "digest": { + "algorithm": "sha256", + "value": "37d50085b783cc65da67a6ead91da93a3dae6ac74d44004b5c6dc9ba41235496" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FUTURE/openssl_fips.txt", + "mode": 33188, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FUTURE/opensslcnf.txt", + "mode": 33188, + "size": 687, + "digest": { + "algorithm": "sha256", + "value": "b8b47a18eaea88dac742a8834c0e5de7ea067974188aa796ee15099e3f216042" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/FUTURE/rpm-sequoia.txt", + "mode": 33188, + "size": 1949, + "digest": { + "algorithm": "sha256", + "value": "abd2ec14c14a90c588d1180daafb98fc93537830da0eb87a8fd127e60a906f8b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/LEGACY", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/LEGACY/bind.txt", + "mode": 33188, + "size": 94, + "digest": { + "algorithm": "sha256", + "value": "de64669cdf2f9b5074089e202ea7f0bc04c94087c1e7ee0c3eba753b8c89c692" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/LEGACY/gnutls.txt", + "mode": 33188, + "size": 3323, + "digest": { + "algorithm": "sha256", + "value": "f1bce6a203cb2ec468342c6106f9c17db6569e19b85b6eabbcfe3b0cabb5053b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/LEGACY/java.txt", + "mode": 33188, + "size": 1450, + "digest": { + "algorithm": "sha256", + "value": "3ebe7bb711949d996bd3470541c3e20a72fc9d5045a6854ef99d679d073a4c97" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/LEGACY/javasystem.txt", + "mode": 33188, + "size": 153, + "digest": { + "algorithm": "sha256", + "value": "0ddb088db3d8d923e57dfe61dff5e3faadb41108c85b6eb1885b6a4838d382c3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/LEGACY/krb5.txt", + "mode": 33188, + "size": 137, + "digest": { + "algorithm": "sha256", + "value": "0c1e430ee375bf679019a42098629b7cccc6ca5a530479d787c5fde204da1cb7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/LEGACY/libreswan.txt", + "mode": 33188, + "size": 594, + "digest": { + "algorithm": "sha256", + "value": "ad8cfdb3cf11f8a18a8d66c5b243ac449587a735355ae1e346cf8d5aabd02ac4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/LEGACY/libssh.txt", + "mode": 33188, + "size": 1324, + "digest": { + "algorithm": "sha256", + "value": "9d0c42289b99760aa2079eb88be6b75fa5d5f346b6939ce4fd8cadc67cf04d9f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/LEGACY/nss.txt", + "mode": 33188, + "size": 414, + "digest": { + "algorithm": "sha256", + "value": "2d8d23e37610b61a50e7557a4fdc86e3a4cf58599c3031e6590942eba0fe51c6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/LEGACY/openssh.txt", + "mode": 33188, + "size": 1484, + "digest": { + "algorithm": "sha256", + "value": "9b1a630302e80162acf8e683ce6ff77262683d7e4a8d7a04553c8c38110d7ca7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/LEGACY/opensshserver.txt", + "mode": 33188, + "size": 2003, + "digest": { + "algorithm": "sha256", + "value": "2490d30ff79c21c5271d1a0845b95c56ebc29db351bce17468a0e114f9671a5e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/LEGACY/openssl.txt", + "mode": 33188, + "size": 151, + "digest": { + "algorithm": "sha256", + "value": "14c0ac8298081902c37730227e3385e5db9bdb414fc00469a5453d9d8edbcb89" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/LEGACY/openssl_fips.txt", + "mode": 33188, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/LEGACY/opensslcnf.txt", + "mode": 33188, + "size": 852, + "digest": { + "algorithm": "sha256", + "value": "dcb4cfdc6b5b7566f33964a8517b55aa03607ea0f985bdb9e8ec815dc740b76c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/LEGACY/rpm-sequoia.txt", + "mode": 33188, + "size": 1953, + "digest": { + "algorithm": "sha256", + "value": "94e0021e1dfb6a505ae320fd1a810d959f9a8196876112df0b8bd13d1819a6b1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/DEFAULT", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/DEFAULT/bind.config", + "mode": 33188, + "size": 124, + "digest": { + "algorithm": "sha256", + "value": "a58c1a9dc160a31aa185d74a96538aafa634864b8868129ffac0544e789e03e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/DEFAULT/gnutls.config", + "mode": 33188, + "size": 3075, + "digest": { + "algorithm": "sha256", + "value": "9658d45476815d507ec7598a09b8f32bb67f1f12b1204b0a9ecd9d165a3e8116" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/DEFAULT/java.config", + "mode": 33188, + "size": 1552, + "digest": { + "algorithm": "sha256", + "value": "21e27a8d83a44a6c1179effe601e95cb3d7373735cc7520cd47be0652dd18945" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/DEFAULT/javasystem.config", + "mode": 33188, + "size": 153, + "digest": { + "algorithm": "sha256", + "value": "0ddb088db3d8d923e57dfe61dff5e3faadb41108c85b6eb1885b6a4838d382c3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/DEFAULT/krb5.config", + "mode": 33188, + "size": 137, + "digest": { + "algorithm": "sha256", + "value": "0c1e430ee375bf679019a42098629b7cccc6ca5a530479d787c5fde204da1cb7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/DEFAULT/libreswan.config", + "mode": 33188, + "size": 565, + "digest": { + "algorithm": "sha256", + "value": "ba0a4319962f0e6a3e83a404becf46a8bb0cf7929ef2b7032fec9ee1b95dd27b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/DEFAULT/libssh.config", + "mode": 33188, + "size": 1165, + "digest": { + "algorithm": "sha256", + "value": "4cb91562666463b60e23b6b3f0a50164959226126847ee6da1df8f7f0f071da7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/DEFAULT/nss.config", + "mode": 33188, + "size": 409, + "digest": { + "algorithm": "sha256", + "value": "6e1b17a238bc9879954790db1715dfa69029b0d4e9d566263c804dfb97261d0f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/DEFAULT/openssh.config", + "mode": 33188, + "size": 1322, + "digest": { + "algorithm": "sha256", + "value": "7716f34aeb67783ba9eeca7e35313fdde274231d902eea760ac4ccb58de165e4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/DEFAULT/opensshserver.config", + "mode": 33188, + "size": 1804, + "digest": { + "algorithm": "sha256", + "value": "1113a9f57ae80185b59413b7a04f9cd2e5bd3bda51ef703f4f785658a25046d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/DEFAULT/openssl.config", + "mode": 33188, + "size": 151, + "digest": { + "algorithm": "sha256", + "value": "14c0ac8298081902c37730227e3385e5db9bdb414fc00469a5453d9d8edbcb89" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/DEFAULT/openssl_fips.config", + "mode": 33188, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/DEFAULT/opensslcnf.config", + "mode": 33188, + "size": 738, + "digest": { + "algorithm": "sha256", + "value": "5db272604fd06ed01b7bf95427e133ca891aacc5eb8158ebe5437c7ffe63db73" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/DEFAULT/rpm-sequoia.config", + "mode": 33188, + "size": 1953, + "digest": { + "algorithm": "sha256", + "value": "94e0021e1dfb6a505ae320fd1a810d959f9a8196876112df0b8bd13d1819a6b1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FIPS", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FIPS/bind.config", + "mode": 33188, + "size": 140, + "digest": { + "algorithm": "sha256", + "value": "2d3530ededdc39742969f28ff137f88e429a5b80e55fb9dcb8ed51eabc14ed0d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FIPS/gnutls.config", + "mode": 33188, + "size": 2528, + "digest": { + "algorithm": "sha256", + "value": "ba59572ce09550c61e75c70c5bfc0d800661c7011cbced1ad943b408bfde381c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FIPS/java.config", + "mode": 33188, + "size": 1853, + "digest": { + "algorithm": "sha256", + "value": "2545c17c559c1177239b3bc9292a2b50ca3e1400961ed515a9e50d8bc9991175" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FIPS/javasystem.config", + "mode": 33188, + "size": 139, + "digest": { + "algorithm": "sha256", + "value": "22f46a8509ac1c19bc76b9ab235820964e9a0469b9f2ba58c8be0aa8da9a8890" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FIPS/krb5.config", + "mode": 33188, + "size": 89, + "digest": { + "algorithm": "sha256", + "value": "9c1a4d25952e9ba252dfdd110c40ee363a8c69a1f57c396f9c021255f613994a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FIPS/libreswan.config", + "mode": 33188, + "size": 289, + "digest": { + "algorithm": "sha256", + "value": "3121515ad310fee218aececa8ba41517cb2ff38dbd7903f1cf7712979b872527" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FIPS/libssh.config", + "mode": 33188, + "size": 962, + "digest": { + "algorithm": "sha256", + "value": "fa908a498254cbe4cbe1ee45e59896c140021fe9ff0ba6796f11784df73d713b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FIPS/nss.config", + "mode": 33188, + "size": 352, + "digest": { + "algorithm": "sha256", + "value": "f4b387df3824b2831e6ae76c6de4661f879d63366f2737e75222eaf53fce0f76" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FIPS/openssh.config", + "mode": 33188, + "size": 819, + "digest": { + "algorithm": "sha256", + "value": "8606bb4030c091ffff8f8c3f154eefe322dc78953fed05921b660b91a9a1832b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FIPS/opensshserver.config", + "mode": 33188, + "size": 1114, + "digest": { + "algorithm": "sha256", + "value": "fc29f93c9ba35b0c98eadc4a5d535750f7ad1439eb7425b46e5fd34958b9a00d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FIPS/openssl.config", + "mode": 33188, + "size": 182, + "digest": { + "algorithm": "sha256", + "value": "eacc37ccc326fa7a92d1f3bdbe647b8b60c01ef9a2b1cba2980450cce218df54" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FIPS/openssl_fips.config", + "mode": 33188, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FIPS/opensslcnf.config", + "mode": 33188, + "size": 714, + "digest": { + "algorithm": "sha256", + "value": "4acf50471178bbca3568561d0d48be519704b2a729d37b2594671bc7cbe38e4d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FIPS/rpm-sequoia.config", + "mode": 33188, + "size": 1946, + "digest": { + "algorithm": "sha256", + "value": "010e040a5df0846e09730544fc2ff1c8071bbe6ad50aa61fb6e10097f887ea15" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FUTURE", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FUTURE/bind.config", + "mode": 33188, + "size": 124, + "digest": { + "algorithm": "sha256", + "value": "a58c1a9dc160a31aa185d74a96538aafa634864b8868129ffac0544e789e03e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FUTURE/gnutls.config", + "mode": 33188, + "size": 2573, + "digest": { + "algorithm": "sha256", + "value": "d68afbedf284403094b49b6fd6e164af1df71df6bfc7260ac9c2f35d0d4044a0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FUTURE/java.config", + "mode": 33188, + "size": 1941, + "digest": { + "algorithm": "sha256", + "value": "f99bfe41709855b20552f414f78b7a1aab6154ba588bdac72ded87f8d8c80ddb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FUTURE/javasystem.config", + "mode": 33188, + "size": 142, + "digest": { + "algorithm": "sha256", + "value": "d43f7ce398de1cd518cd0864b58d74d50a8375b800b3231db853ac86175b6d19" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FUTURE/krb5.config", + "mode": 33188, + "size": 86, + "digest": { + "algorithm": "sha256", + "value": "f7500ad5181c77fd45da469fd7a0991caf7bc29b6c2f4f10bc966c3920fa905e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FUTURE/libreswan.config", + "mode": 33188, + "size": 303, + "digest": { + "algorithm": "sha256", + "value": "fada0c0238bc899aa3328e6f86b940a7f5a25cdef647ef28c243f89c3db67100" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FUTURE/libssh.config", + "mode": 33188, + "size": 1065, + "digest": { + "algorithm": "sha256", + "value": "ee3a3567708dd4b79451deef173fe5b8443614d8fb81127dd91f98fb6ff35487" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FUTURE/nss.config", + "mode": 33188, + "size": 355, + "digest": { + "algorithm": "sha256", + "value": "10a7d15cc2b678c044b2b749d7a0cf9e8706668888b94cea91866fb847588425" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FUTURE/openssh.config", + "mode": 33188, + "size": 1202, + "digest": { + "algorithm": "sha256", + "value": "cdd99a01e5c7e4ff862b88e5a228f4bb4583b4039a4ff7ceb89b2869b8780059" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FUTURE/opensshserver.config", + "mode": 33188, + "size": 1684, + "digest": { + "algorithm": "sha256", + "value": "621a381b8c829f95a45dd56ace4b7788dd09db9be43b20897742c0d7478ef27b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FUTURE/openssl.config", + "mode": 33188, + "size": 180, + "digest": { + "algorithm": "sha256", + "value": "37d50085b783cc65da67a6ead91da93a3dae6ac74d44004b5c6dc9ba41235496" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FUTURE/openssl_fips.config", + "mode": 33188, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FUTURE/opensslcnf.config", + "mode": 33188, + "size": 687, + "digest": { + "algorithm": "sha256", + "value": "b8b47a18eaea88dac742a8834c0e5de7ea067974188aa796ee15099e3f216042" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/FUTURE/rpm-sequoia.config", + "mode": 33188, + "size": 1949, + "digest": { + "algorithm": "sha256", + "value": "abd2ec14c14a90c588d1180daafb98fc93537830da0eb87a8fd127e60a906f8b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/LEGACY", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/LEGACY/bind.config", + "mode": 33188, + "size": 94, + "digest": { + "algorithm": "sha256", + "value": "de64669cdf2f9b5074089e202ea7f0bc04c94087c1e7ee0c3eba753b8c89c692" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/LEGACY/gnutls.config", + "mode": 33188, + "size": 3323, + "digest": { + "algorithm": "sha256", + "value": "f1bce6a203cb2ec468342c6106f9c17db6569e19b85b6eabbcfe3b0cabb5053b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/LEGACY/java.config", + "mode": 33188, + "size": 1450, + "digest": { + "algorithm": "sha256", + "value": "3ebe7bb711949d996bd3470541c3e20a72fc9d5045a6854ef99d679d073a4c97" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/LEGACY/javasystem.config", + "mode": 33188, + "size": 153, + "digest": { + "algorithm": "sha256", + "value": "0ddb088db3d8d923e57dfe61dff5e3faadb41108c85b6eb1885b6a4838d382c3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/LEGACY/krb5.config", + "mode": 33188, + "size": 137, + "digest": { + "algorithm": "sha256", + "value": "0c1e430ee375bf679019a42098629b7cccc6ca5a530479d787c5fde204da1cb7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/LEGACY/libreswan.config", + "mode": 33188, + "size": 594, + "digest": { + "algorithm": "sha256", + "value": "ad8cfdb3cf11f8a18a8d66c5b243ac449587a735355ae1e346cf8d5aabd02ac4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/LEGACY/libssh.config", + "mode": 33188, + "size": 1324, + "digest": { + "algorithm": "sha256", + "value": "9d0c42289b99760aa2079eb88be6b75fa5d5f346b6939ce4fd8cadc67cf04d9f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/LEGACY/nss.config", + "mode": 33188, + "size": 414, + "digest": { + "algorithm": "sha256", + "value": "2d8d23e37610b61a50e7557a4fdc86e3a4cf58599c3031e6590942eba0fe51c6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/LEGACY/openssh.config", + "mode": 33188, + "size": 1484, + "digest": { + "algorithm": "sha256", + "value": "9b1a630302e80162acf8e683ce6ff77262683d7e4a8d7a04553c8c38110d7ca7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/LEGACY/opensshserver.config", + "mode": 33188, + "size": 2003, + "digest": { + "algorithm": "sha256", + "value": "2490d30ff79c21c5271d1a0845b95c56ebc29db351bce17468a0e114f9671a5e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/LEGACY/openssl.config", + "mode": 33188, + "size": 151, + "digest": { + "algorithm": "sha256", + "value": "14c0ac8298081902c37730227e3385e5db9bdb414fc00469a5453d9d8edbcb89" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/LEGACY/openssl_fips.config", + "mode": 33188, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/LEGACY/opensslcnf.config", + "mode": 33188, + "size": 852, + "digest": { + "algorithm": "sha256", + "value": "dcb4cfdc6b5b7566f33964a8517b55aa03607ea0f985bdb9e8ec815dc740b76c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/back-ends/LEGACY/rpm-sequoia.config", + "mode": 33188, + "size": 1953, + "digest": { + "algorithm": "sha256", + "value": "94e0021e1dfb6a505ae320fd1a810d959f9a8196876112df0b8bd13d1819a6b1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/default-config", + "mode": 33188, + "size": 680, + "digest": { + "algorithm": "sha256", + "value": "2f6b44a5d39b9b62dfd5602a979abb7a6547e5662f7ae89934e53079b9bef24d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/policies", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/policies/DEFAULT.pol", + "mode": 33188, + "size": 2613, + "digest": { + "algorithm": "sha256", + "value": "6abb1869ab38cbfe389436d2c0edc135bff11eaa26d45f950676fcfa53e09501" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/policies/EMPTY.pol", + "mode": 33188, + "size": 277, + "digest": { + "algorithm": "sha256", + "value": "17348db5605b98f88f38704b2de8c0eb91a066be19c4c993d2ed0d8dbf411ddd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/policies/FIPS.pol", + "mode": 33188, + "size": 2173, + "digest": { + "algorithm": "sha256", + "value": "453ebba9bf853cc9351d8568bce931c594337a178f27978a80fba5cedac24f64" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/policies/FUTURE.pol", + "mode": 33188, + "size": 2621, + "digest": { + "algorithm": "sha256", + "value": "84731b8aa062979ae374fe22a15beb2cbf2944d972d10bac119ce9627c6a69dc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/policies/LEGACY.pol", + "mode": 33188, + "size": 2777, + "digest": { + "algorithm": "sha256", + "value": "ed1cb209664939c3eec280015e9a322d59c0ae067f6a9514fb70f5bc19476b92" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/policies/modules", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/policies/modules/AD-SUPPORT-LEGACY.pmod", + "mode": 33188, + "size": 469, + "digest": { + "algorithm": "sha256", + "value": "edf8c78bdc5ee2c2b72d63d9c5f8ea662174400fc55b5f59d37b8fbcfb053092" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/policies/modules/AD-SUPPORT.pmod", + "mode": 33188, + "size": 283, + "digest": { + "algorithm": "sha256", + "value": "c101584cf373bd622b9060f30c0003d5d085273d628eb2ac64b53e4ef84da589" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/policies/modules/ECDHE-ONLY.pmod", + "mode": 33188, + "size": 136, + "digest": { + "algorithm": "sha256", + "value": "661c008361be79add5c086db6aed9e84f7c7b569057023cb548911bb0cec1ee0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/policies/modules/NO-ENFORCE-EMS.pmod", + "mode": 33188, + "size": 248, + "digest": { + "algorithm": "sha256", + "value": "304f4728eb3a09a2ec15eedaeffd1ddad83f0afc3bce911538082e74a9e26776" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/policies/modules/NO-SHA1.pmod", + "mode": 33188, + "size": 123, + "digest": { + "algorithm": "sha256", + "value": "2c36639722c6bf74ff296a606d65fd806e54dd1a2af26871efd139efc208c588" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/policies/modules/OSPP.pmod", + "mode": 33188, + "size": 2072, + "digest": { + "algorithm": "sha256", + "value": "f642d2f8eb25c837335c3e634af670d9c56a27539797d072f751d30e70776569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/policies/modules/PQ.pmod", + "mode": 33188, + "size": 385, + "digest": { + "algorithm": "sha256", + "value": "a33e31d844a8b8ab138284609b6184a1110d017f61b9f681f8e73989f8a6096c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/policies/modules/SHA1.pmod", + "mode": 33188, + "size": 131, + "digest": { + "algorithm": "sha256", + "value": "926673bbc7ee7b5c81945f10d103178a8cd5c4a309efbf898a7433e7a4ae49fd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/crypto-policies/reload-cmds.sh", + "mode": 33188, + "size": 167, + "digest": { + "algorithm": "sha256", + "value": "69121b6719a4a96cb77bf2372cb58a389b08726e4448b1037b70ec9950af1048" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/crypto-policies", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/crypto-policies/COPYING.LESSER", + "mode": 33188, + "size": 26432, + "digest": { + "algorithm": "sha256", + "value": "6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man7/crypto-policies.7.gz", + "mode": 33188, + "size": 7054, + "digest": { + "algorithm": "sha256", + "value": "b7798e9f31248342b6a56b6a9555a65fd61f5180808fb98ad26a63b6fa49b8dd" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "curl-minimal", + "version": "7.76.1", + "epoch": null, + "architecture": "x86_64", + "release": "34.el9", + "sourceRpm": "curl-7.76.1-34.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Feb 18 14:34:46 1975", + "issuer": "431d5111630ffd13" + } + ], + "size": 245105, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "curl", + "curl-minimal", + "curl-minimal(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libcurl(x86-64)", + "libcurl.so.4()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/bin/curl", + "mode": 33261, + "size": 197088, + "digest": { + "algorithm": "sha256", + "value": "1f3e81d92f297b50d421749fa71c004569064ac27ecfcd1445137f4c41652878" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b2/2c364dcb9713f8a481615299f601b3c3ac3dd5", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/share/man/man1/curl.1.gz", + "mode": 33188, + "size": 47985, + "digest": { + "algorithm": "sha256", + "value": "971a5b31c031a179ab49867163ff11628f08ba8c6f6d3c412029d6c36e9a22a8" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "bace04fe1571465a", + "name": "cyrus-sasl-lib", + "version": "2.1.27-22.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD with advertising", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:cyrus-sasl-lib:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cyrus-sasl-lib:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cyrus_sasl_lib:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cyrus_sasl_lib:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cyrus-sasl:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cyrus-sasl:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cyrus_sasl:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cyrus_sasl:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cyrus:cyrus-sasl-lib:2.1.27-22.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cyrus:cyrus_sasl_lib:2.1.27-22.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/cyrus-sasl-lib@2.1.27-22.el9?arch=x86_64&distro=rhel-9.7&upstream=cyrus-sasl-2.1.27-22.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "cyrus-sasl-lib", + "version": "2.1.27", + "epoch": null, + "architecture": "x86_64", + "release": "22.el9", + "sourceRpm": "cyrus-sasl-2.1.27-22.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Jun 20 04:17:35 1927", + "issuer": "431d5194e10fff7a" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Dec 20 05:44:43 2020", + "issuer": "431d5123b40fff51" + } + ], + "size": 2380232, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "cyrus-sasl-lib", + "cyrus-sasl-lib(x86-64)", + "libanonymous.so.3()(64bit)", + "libsasl2.so.3()(64bit)", + "libsasldb.so.3()(64bit)" + ], + "requires": [ + "libanonymous.so.3()(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libcom_err.so.2()(64bit)", + "libcrypt.so.2()(64bit)", + "libgdbm.so.6()(64bit)", + "libgssapi_krb5.so.2()(64bit)", + "libk5crypto.so.3()(64bit)", + "libkrb5.so.3()(64bit)", + "libresolv.so.2()(64bit)", + "libsasl2.so.3()(64bit)", + "libsasldb.so.3()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/etc/sasl2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/cyrusbdb2current", + "mode": 33261, + "size": 1651592, + "digest": { + "algorithm": "sha256", + "value": "1fbdbf8d6354ee8477b04f1d5f7b13af20c704c55e55b59d88ee3e3cfbc02c90" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/0b", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/0b/7771d1f1b20a86bf95b8268bb1ea648aad93ed", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/49", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/49/e1d51f3f6a55f75fd441b424be05a71460cf53", + "mode": 41471, + "size": 46, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a2/53e3d4b28b104ddb2ed380b13ce89d1e274f61", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b3", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b3/cc2b500c39559014a82cfb1d90d6c9be2bba4d", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ea", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ea/0266b110266381eac5f0d66ea9780dd23b2175", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f1", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f1/8b94804b84099c0d1fc1f1dce9e36523eabcf4", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libsasl2.so.3", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libsasl2.so.3.0.0", + "mode": 33261, + "size": 128424, + "digest": { + "algorithm": "sha256", + "value": "2e3d8149a9cddffd1c8dc2ed69db920d15d8d620a6472906181e79ac33342c9c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/sasl2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/sasl2/libanonymous.so", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/sasl2/libanonymous.so.3", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/sasl2/libanonymous.so.3.0.0", + "mode": 33261, + "size": 19840, + "digest": { + "algorithm": "sha256", + "value": "3f5750048d1f5f2fc02a64b4c3e479d2da16049a7c262d4b3a6d620ba7a37751" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/sasl2/libsasldb.so", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/sasl2/libsasldb.so.3", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/sasl2/libsasldb.so.3.0.0", + "mode": 33261, + "size": 36152, + "digest": { + "algorithm": "sha256", + "value": "ce60ecb1bf8fbf5d898712b1fbcbc743359ce1d2f8de8e148031e5189ba48132" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/sasldblistusers2", + "mode": 33261, + "size": 15640, + "digest": { + "algorithm": "sha256", + "value": "41dde1653f48b854d0b928dc3242c1ac9a7cf222925b5b7bb00e38ca2115fdbc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/saslpasswd2", + "mode": 33261, + "size": 15608, + "digest": { + "algorithm": "sha256", + "value": "9b6cf403d1d2a816351473d85e638b94ac60d6f729d92a6b812af52de04839e1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/cyrus-sasl-lib", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/cyrus-sasl-lib/AUTHORS", + "mode": 33188, + "size": 2250, + "digest": { + "algorithm": "sha256", + "value": "4b5d24c7d184e16bddad18caf7860f62ffff62d74e07b279d5bcdaa9b18b730a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/cyrus-sasl-lib/developer.html", + "mode": 33188, + "size": 49091, + "digest": { + "algorithm": "sha256", + "value": "48a54e0f2da15462dfc331373dffae4f6657d578a5efb934d9764dbc5948c542" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/cyrus-sasl-lib/download.html", + "mode": 33188, + "size": 52248, + "digest": { + "algorithm": "sha256", + "value": "a5be4ab6e56563267cc4dd25e99bd1eeb88e55a953d04a03544803cb2ffdc9cf" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/cyrus-sasl-lib/genindex.html", + "mode": 33188, + "size": 73422, + "digest": { + "algorithm": "sha256", + "value": "eeb25bd49929d57a75e84f9c4c75f6fa51640627730f691141da8b09d181a7dd" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/cyrus-sasl-lib/getsasl.html", + "mode": 33188, + "size": 43291, + "digest": { + "algorithm": "sha256", + "value": "3c4eb23173434a69427ede084884d26089d805d56119aadae336bb97872cf45c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/cyrus-sasl-lib/index.html", + "mode": 33188, + "size": 57824, + "digest": { + "algorithm": "sha256", + "value": "7013183e505fee223d6eee95ee75d8675d367e60b65f71bf4dcdd33232afe9fa" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/cyrus-sasl-lib/operations.html", + "mode": 33188, + "size": 60786, + "digest": { + "algorithm": "sha256", + "value": "087f6f07ec6b8dd36e98840d961ceff3f9c0c4816a35ee31b8109f981c66a53d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/cyrus-sasl-lib/packager.html", + "mode": 33188, + "size": 42001, + "digest": { + "algorithm": "sha256", + "value": "8eaa2b504007fce395ae3cd9f6d3e5e5f732e6c58b761c85d43db434ea25236b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/cyrus-sasl-lib/search.html", + "mode": 33188, + "size": 41016, + "digest": { + "algorithm": "sha256", + "value": "001df4ff29c794af8c409e16fa2ddc195cce1247474dd701eb530c0187a58476" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/cyrus-sasl-lib/setup.html", + "mode": 33188, + "size": 47328, + "digest": { + "algorithm": "sha256", + "value": "0c2a3935f247f3b31c8c666f6b27a62b8b49e211bad56f48b54e06ce621773c8" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/cyrus-sasl-lib/support.html", + "mode": 33188, + "size": 41524, + "digest": { + "algorithm": "sha256", + "value": "ae3c8fa1e231022f55cd93f11007725d896c0682aeaecee6586f0535e80d8625" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/cyrus-sasl-lib", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/cyrus-sasl-lib/COPYING", + "mode": 33188, + "size": 1861, + "digest": { + "algorithm": "sha256", + "value": "9d6e5d1632140a6c135b251260953650d17d87cd1124f87aaf72192aa4580d4b" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "dfd23518c3ae46b3", + "name": "dejavu-sans-fonts", + "version": "2.37-18.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Bitstream Vera and Public Domain", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:dejavu-sans-fonts:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dejavu-sans-fonts:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dejavu_sans_fonts:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dejavu_sans_fonts:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dejavu-sans:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dejavu-sans:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dejavu_sans:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dejavu_sans:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dejavu:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dejavu:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:dejavu-sans-fonts:2.37-18.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:dejavu_sans_fonts:2.37-18.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/dejavu-sans-fonts@2.37-18.el9?arch=noarch&distro=rhel-9.7&upstream=dejavu-fonts-2.37-18.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "dejavu-sans-fonts", + "version": "2.37", + "epoch": null, + "architecture": "noarch", + "release": "18.el9", + "sourceRpm": "dejavu-fonts-2.37-18.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Nov 21 04:34:10 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Nov 21 04:34:10 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 5930958, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "config(dejavu-sans-fonts)", + "dejavu-sans-fonts", + "font(dejavusans)", + "font(dejavusanscondensed)", + "font(dejavusanslight)", + "metainfo()", + "metainfo(org.fedoraproject.dejavu-sans-fonts.metainfo.xml)" + ], + "requires": [ + "config(dejavu-sans-fonts)", + "fontpackages-filesystem", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [ + { + "path": "/etc/fonts/conf.d/20-unhint-small-dejavu-sans.conf", + "mode": 41471, + "size": 73, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/fonts/conf.d/57-dejavu-sans-fonts.conf", + "mode": 41471, + "size": 66, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/usr/share/fontconfig/conf.avail/20-unhint-small-dejavu-sans.conf", + "mode": 33188, + "size": 868, + "digest": { + "algorithm": "sha256", + "value": "9fd242f22463300d6e365ece9d7a74c9a5442d29bf0c67b2b58f64b8c0303a76" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fontconfig/conf.avail/57-dejavu-sans-fonts.conf", + "mode": 33188, + "size": 2657, + "digest": { + "algorithm": "sha256", + "value": "f0decf1d9c3c25bae3db27516c40ce3f80616362942c5cf1a3b9a21a1de1a0c8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fonts/dejavu-sans-fonts", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSans-Bold.ttf", + "mode": 33188, + "size": 705684, + "digest": { + "algorithm": "sha256", + "value": "6e118ccd0d61f948ee8fe7674efd977e319929a81c0a92bd3081676cbd9e7d6e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSans-BoldOblique.ttf", + "mode": 33188, + "size": 643288, + "digest": { + "algorithm": "sha256", + "value": "02eb8bf872f5d62748c2e5580378ea505f0bc64ebfc96ff1f2e1555a7081b09f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSans-ExtraLight.ttf", + "mode": 33188, + "size": 356756, + "digest": { + "algorithm": "sha256", + "value": "baea85ba0e558d3999b672844170bee9d43a4d107bbf85a41bc436d0ea1f2ac2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSans-Oblique.ttf", + "mode": 33188, + "size": 635412, + "digest": { + "algorithm": "sha256", + "value": "b7f32088fac05f585418f7c6d93951f08968e987a877b4fba96384eb55211181" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSans.ttf", + "mode": 33188, + "size": 757076, + "digest": { + "algorithm": "sha256", + "value": "66b8a8ee0a4d1d46ff40f3352b05dbaffb63669c0577096f4a513772d21290f1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed-Bold.ttf", + "mode": 33188, + "size": 703880, + "digest": { + "algorithm": "sha256", + "value": "f24a0c5afd58a647df07b1cd259b87d597fb1b21c76926d227c520321579c1c7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed-BoldOblique.ttf", + "mode": 33188, + "size": 641696, + "digest": { + "algorithm": "sha256", + "value": "f1bd593e64d302b1e776d0fee1db207f8ce77c3bfaf13e98fffca246ebece1eb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed-Oblique.ttf", + "mode": 33188, + "size": 633824, + "digest": { + "algorithm": "sha256", + "value": "62770f2d0218fb5e839dac94fce530e305aea2c995e688313127b14ba51a8a73" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed.ttf", + "mode": 33188, + "size": 755124, + "digest": { + "algorithm": "sha256", + "value": "16b971ef662a96d3e2d65d1756674c510c3af4dfddd99083dcdfb7aa2acd57c2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/dejavu-sans-fonts", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/dejavu-sans-fonts/LICENSE", + "mode": 33188, + "size": 8816, + "digest": { + "algorithm": "sha256", + "value": "7a083b136e64d064794c3419751e5c7dd10d2f64c108fe5ba161eae5e5958a93" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/metainfo/org.fedoraproject.dejavu-sans-fonts.metainfo.xml", + "mode": 33188, + "size": 5271, + "digest": { + "algorithm": "sha256", + "value": "32c72364ee554c4809cb06a4e4550d8cb5670b50648f0f3981a94dbfbb79efce" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "9fcab3ada3c25f5e", + "name": "dnf-data", + "version": "4.14.0-31.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:dnf-data:dnf-data:4.14.0-31.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dnf-data:dnf_data:4.14.0-31.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dnf_data:dnf-data:4.14.0-31.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dnf_data:dnf_data:4.14.0-31.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:dnf-data:4.14.0-31.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:dnf_data:4.14.0-31.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dnf:dnf-data:4.14.0-31.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dnf:dnf_data:4.14.0-31.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/dnf-data@4.14.0-31.el9?arch=noarch&distro=rhel-9.7&upstream=dnf-4.14.0-31.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "dnf-data", + "version": "4.14.0", + "epoch": null, + "architecture": "noarch", + "release": "31.el9", + "sourceRpm": "dnf-4.14.0-31.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon May 30 04:36:50 1921", + "issuer": "431d51acdc100090" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Jul 13 23:02:39 1949", + "issuer": "431d515ebb0ffc0e" + } + ], + "size": 40102, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "config(dnf-data)", + "dnf-conf", + "dnf-data" + ], + "requires": [ + "config(dnf-data)", + "libreport-filesystem", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [ + { + "path": "/etc/dnf", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/dnf/aliases.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/dnf/dnf.conf", + "mode": 33188, + "size": 108, + "digest": { + "algorithm": "sha256", + "value": "1557f960a39d444375a3a28994eb082fdab2887a16da2b677ba181658f2512b7" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/dnf/modules.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/dnf/modules.defaults.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/dnf/plugins", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/dnf/protected.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/dnf/protected.d/dnf.conf", + "mode": 33188, + "size": 4, + "digest": { + "algorithm": "sha256", + "value": "b6f0d7b9f4d69e86833ec77802d3af8e5ecc5b9820e1fe0d774b7922e1da57fe" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/dnf/usr-drift-protected-paths.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/dnf/vars", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/libreport/events.d/collect_dnf.conf", + "mode": 33188, + "size": 813, + "digest": { + "algorithm": "sha256", + "value": "cc0feca59af66ea18656fc5774b78f586b97864965cf1add75b3f9944678e999" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/logrotate.d/dnf", + "mode": 33188, + "size": 88, + "digest": { + "algorithm": "sha256", + "value": "6d02a56605a12e2dd3e05da2ab86ef77d013af53c31f2b8cf5c7c69288ee3387" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/usr/lib/tmpfiles.d/dnf.conf", + "mode": 33188, + "size": 188, + "digest": { + "algorithm": "sha256", + "value": "365360de240de77d77843de09d14272cb91fe853400473178f44903de4949b68" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/dnf", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/dnf/AUTHORS", + "mode": 33188, + "size": 3113, + "digest": { + "algorithm": "sha256", + "value": "5db00f039c2585bde1ff9d1aeb6f8a34d15a0977757a634886f07a3825a0c785" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/dnf/README.rst", + "mode": 33188, + "size": 5009, + "digest": { + "algorithm": "sha256", + "value": "5f8f14bf713fb23e2a644902b815db6204d71e63bdcfac50703242f834a02119" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/dnf", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/dnf/COPYING", + "mode": 33188, + "size": 18092, + "digest": { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/dnf/PACKAGE-LICENSING", + "mode": 33188, + "size": 415, + "digest": { + "algorithm": "sha256", + "value": "c06f0c7eb611c6d77892bd02832dcae01c9fac292ccd55d205924388e178a35c" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man5/dnf.conf.5.gz", + "mode": 33188, + "size": 12272, + "digest": { + "algorithm": "sha256", + "value": "4b518d1ac8609edf2ffbb30155d1c453179e276698749e50f662c233ca7dd883" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/var/lib/dnf", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + } + ] + } + }, + { + "id": "2bd21e0156fe2aa0", + "name": "file-libs", + "version": "5.39-16.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:file-libs:file-libs:5.39-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:file-libs:file_libs:5.39-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:file_libs:file-libs:5.39-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:file_libs:file_libs:5.39-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:file-libs:5.39-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:file_libs:5.39-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:file:file-libs:5.39-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:file:file_libs:5.39-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/file-libs@5.39-16.el9?arch=x86_64&distro=rhel-9.7&upstream=file-5.39-16.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "file-libs", + "version": "5.39", + "epoch": null, + "architecture": "x86_64", + "release": "16.el9", + "sourceRpm": "file-5.39-16.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun May 11 09:14:57 2036", + "issuer": "431d515a860ffd17" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Oct 28 20:37:22 1910", + "issuer": "431d51dba50fff50" + } + ], + "size": 8086748, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "file-libs", + "file-libs(x86-64)", + "libmagic.so.1()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.28)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libc.so.6(GLIBC_2.9)(64bit)", + "libm.so.6()(64bit)", + "libz.so.1()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/12", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/12/4841524b36310d9de2928bccc80668db927a05", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libmagic.so.1", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libmagic.so.1.0.0", + "mode": 33261, + "size": 185544, + "digest": { + "algorithm": "sha256", + "value": "a0909463137c552f416e7438e4f97beaef6940154c17a974467d339618ad70c2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/file", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/file/magic", + "mode": 41471, + "size": 8, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/file-libs", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/file-libs/COPYING", + "mode": 33188, + "size": 1649, + "digest": { + "algorithm": "sha256", + "value": "0bfa856a9930bddadbef95d1be1cf4e163c0be618e76ea3275caaf255283e274" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/magic", + "mode": 41471, + "size": 10, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/misc/magic", + "mode": 33188, + "size": 1177332, + "digest": { + "algorithm": "sha256", + "value": "61779c6b6e4d51b0d16cc256bac9eb5b2f19bdf06b718e95778509c92b7b569d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/misc/magic.mgc", + "mode": 33188, + "size": 6650688, + "digest": { + "algorithm": "sha256", + "value": "56fece27ef5fb57bbec05f9b0964ad3af68723e85d4271cf4dc7b489038b6b2a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "35298adfca223979", + "name": "filesystem", + "version": "3.16-5.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Public Domain", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:filesystem:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:filesystem:3.16-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/filesystem@3.16-5.el9?arch=x86_64&distro=rhel-9.7&upstream=filesystem-3.16-5.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "filesystem", + "version": "3.16", + "epoch": null, + "architecture": "x86_64", + "release": "5.el9", + "sourceRpm": "filesystem-3.16-5.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Dec 28 11:54:24 1985", + "issuer": "431d513e7b0ffb05" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Aug 24 04:33:14 1910", + "issuer": "431d5119cb10008f" + } + ], + "size": 106, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "filesystem", + "filesystem(x86-64)", + "filesystem-afs" + ], + "requires": [ + "/bin/sh", + "rpmlib(BuiltinLuaScripts)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "setup" + ], + "files": [ + { + "path": "/", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/afs", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/bin", + "mode": 41471, + "size": 7, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/boot", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/dev", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/X11", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/X11/applnk", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/X11/fontpath.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/X11/xinit", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/X11/xinit/xinitrc.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/X11/xinit/xinput.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/bash_completion.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/default", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/opt", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pm", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pm/config.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pm/power.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pm/sleep.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/rwtab.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/skel", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/statetab.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/sysconfig", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/xdg", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/xdg/autostart", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/home", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/lib", + "mode": 41471, + "size": 7, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/lib64", + "mode": 41471, + "size": 9, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/media", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/mnt", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/opt", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/proc", + "mode": 33133, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/root", + "mode": 16744, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/run", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/sbin", + "mode": 41471, + "size": 8, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/srv", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/sys", + "mode": 33133, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/tmp", + "mode": 17407, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/games", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/include", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/debug", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/debug/.dwz", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/debug/bin", + "mode": 41471, + "size": 7, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/usr/lib/debug/lib", + "mode": 41471, + "size": 7, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/usr/lib/debug/lib64", + "mode": 41471, + "size": 9, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/usr/lib/debug/sbin", + "mode": 41471, + "size": 8, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/usr/lib/debug/usr", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/usr/lib/debug/usr/.dwz", + "mode": 41471, + "size": 7, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/usr/lib/debug/usr/bin", + "mode": 33261, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/usr/lib/debug/usr/lib", + "mode": 33261, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/usr/lib/debug/usr/lib64", + "mode": 33261, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/usr/lib/debug/usr/sbin", + "mode": 33261, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/usr/lib/games", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/modules", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/sysimage", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/X11", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/bpf", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/games", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/pm-utils", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/pm-utils/module.d", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/pm-utils/power.d", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/pm-utils/sleep.d", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/bin", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/etc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/games", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/include", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/lib", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/lib64", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/lib64/bpf", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/libexec", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/sbin", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/applications", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/info", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man1", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man1x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man2x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man3", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man3x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man4", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man4x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man5", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man5x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man6", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man6x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man7", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man7x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man8x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man9", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/man9x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/share/man/mann", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/local/src", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/X11", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/X11/fonts", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/aclocal", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/appdata", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/applications", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/augeas", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/augeas/lenses", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/backgrounds", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/bash-completion", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/bash-completion/completions", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/bash-completion/helpers", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/desktop-directories", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/dict", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/empty", + "mode": 16749, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fish", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fish/vendor_completions.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/games", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gnome", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/help", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/icons", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/idl", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/info", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/locale", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man0p", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man1", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man1p", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man1x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man2x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man3", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man3p", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man3x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man4", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man4x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man5", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man5x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man6", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man6x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man7", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man7x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man8x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man9", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/man9x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/mann", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/man/ru", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "mg" + }, + { + "path": "/usr/share/man/ru/man5", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "mg" + }, + { + "path": "/usr/share/metainfo", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/mime-info", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/misc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/omf", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/pixmaps", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/sounds", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/themes", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/wayland-sessions", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/xsessions", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zsh", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zsh/site-functions", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/src", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/src/debug", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/src/kernels", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/tmp", + "mode": 41471, + "size": 10, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/adm", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/cache", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/db", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/empty", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/ftp", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/games", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/lib", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/lib/games", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/lib/misc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/lib/rpm-state", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/local", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/lock", + "mode": 41471, + "size": 11, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/var/log", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/mail", + "mode": 41471, + "size": 10, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/nis", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/opt", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/preserve", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/run", + "mode": 41471, + "size": 6, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/var/spool", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/spool/lpd", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/spool/mail", + "mode": 16893, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "mail", + "flags": "" + }, + { + "path": "/var/tmp", + "mode": 17407, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/yp", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "23c842a484ebcfd5", + "name": "findutils", + "version": "1:4.8.0-7.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv3+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:findutils:findutils:1\\:4.8.0-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:findutils:1\\:4.8.0-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/findutils@4.8.0-7.el9?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=findutils-4.8.0-7.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "findutils", + "version": "4.8.0", + "epoch": 1, + "architecture": "x86_64", + "release": "7.el9", + "sourceRpm": "findutils-4.8.0-7.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Jul 27 04:00:02 1987", + "issuer": "431d51291d0fff53" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Oct 11 15:52:08 1966", + "issuer": "431d5188170fff53" + } + ], + "size": 1756958, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "/bin/find", + "bundled(gnulib)", + "findutils", + "findutils(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libselinux.so.1()(64bit)", + "libselinux.so.1(LIBSELINUX_1.0)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/bin/find", + "mode": 33261, + "size": 291760, + "digest": { + "algorithm": "sha256", + "value": "a12f7a245a3366f9a79e6780a71c769716452dbedf6d0b1d5d854743ff3eb902" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/xargs", + "mode": 33261, + "size": 65616, + "digest": { + "algorithm": "sha256", + "value": "e2c3ecbf697414f8d7ac9e61c296d9c817e2f8fd0eb1ba0eeef7d5e804f8aa6c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/64", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/64/27deac383128303c88b862c7208202b313733d", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ff", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ff/519461dbb422037ae54303d7af28535090ba7d", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/share/doc/findutils", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/findutils/AUTHORS", + "mode": 33188, + "size": 1375, + "digest": { + "algorithm": "sha256", + "value": "a406e80dc71aabaf208eaf4f8514ff99c296bb07e28cffa426c0f71eaf5c09f7" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/findutils/NEWS", + "mode": 33188, + "size": 86220, + "digest": { + "algorithm": "sha256", + "value": "c48bc9776cf09d9c71244d741f5938b578b83ee68800ef786c7f3575266a46cc" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/findutils/README", + "mode": 33188, + "size": 4662, + "digest": { + "algorithm": "sha256", + "value": "9e69d7c33f690071c03fd778e60bbc8dfce80efee098b81c79b3d3018303ffd2" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/findutils/THANKS", + "mode": 33188, + "size": 1539, + "digest": { + "algorithm": "sha256", + "value": "9b1acdf8723ab6183c0f191b4e5076c0a6daf88e80136ac05197369041a96616" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/findutils/TODO", + "mode": 33188, + "size": 2860, + "digest": { + "algorithm": "sha256", + "value": "4ecd8ead14e114067b4edb4c3279dc81c2383e2491f91bb12d8ca377878496d2" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/info/find-maint.info.gz", + "mode": 33188, + "size": 24576, + "digest": { + "algorithm": "sha256", + "value": "8dc95e254c6738d503cf1f0c3fab56487abd49f698a2e5162ed3bba96ae68df7" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/info/find.info-1.gz", + "mode": 33188, + "size": 90410, + "digest": { + "algorithm": "sha256", + "value": "9ae179d3eaef0c964b41e1d3e95e6344ebcab7a4f7b7675dfebd3d4ecca68d74" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/info/find.info-2.gz", + "mode": 33188, + "size": 1904, + "digest": { + "algorithm": "sha256", + "value": "1b8c04a2ddf3b03109a456ba1dee8f26fb602cd585909c92e2d4eadbc6cda6a3" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/info/find.info.gz", + "mode": 33188, + "size": 2509, + "digest": { + "algorithm": "sha256", + "value": "f26a4f7adfe744f46e95c33091593158566156021dbe08f3c30472de32d3703d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/findutils", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/findutils/COPYING", + "mode": 33188, + "size": 35149, + "digest": { + "algorithm": "sha256", + "value": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man1/find.1.gz", + "mode": 33188, + "size": 23131, + "digest": { + "algorithm": "sha256", + "value": "88483971a99b29e2bce2d0ea0ffa4d479faed6300f346e6f464c792fe7b7fe91" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/xargs.1.gz", + "mode": 33188, + "size": 5657, + "digest": { + "algorithm": "sha256", + "value": "ac4fe03dc5178928008219ed89abde58da1f6fdeb5c458b8fc32eaff969b5077" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "af1ef2b90efeccfe", + "name": "fluent-bit", + "version": "25.10.10", + "type": "binary", + "foundBy": "binary-classifier-cataloger", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.10", + "metadataType": "binary-signature", + "metadata": { + "matches": [ + { + "classifier": "fluent-bit-binary", + "location": { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + } + ] + } + }, + { + "id": "2635452dfff4321d", + "name": "fonts-filesystem", + "version": "1:2.0.5-7.el9.1", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:fonts-filesystem:fonts-filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fonts-filesystem:fonts_filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fonts_filesystem:fonts-filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fonts_filesystem:fonts_filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:fonts-filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:fonts_filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fonts:fonts-filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fonts:fonts_filesystem:1\\:2.0.5-7.el9.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/fonts-filesystem@2.0.5-7.el9.1?arch=noarch&distro=rhel-9.7&epoch=1&upstream=fonts-rpm-macros-2.0.5-7.el9.1.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "fonts-filesystem", + "version": "2.0.5", + "epoch": 1, + "architecture": "noarch", + "release": "7.el9.1", + "sourceRpm": "fonts-rpm-macros-2.0.5-7.el9.1.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 17:06:34 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 17:06:34 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 0, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "fontpackages-filesystem", + "fonts-filesystem" + ], + "requires": [ + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [ + { + "path": "/etc/fonts", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/fonts/conf.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fontconfig", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fontconfig/conf.avail", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/fonts", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv3+ and GPLv2+ and LGPLv2+ and BSD", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "gawk", + "version": "5.1.0", + "epoch": null, + "architecture": "x86_64", + "release": "6.el9", + "sourceRpm": "gawk-5.1.0-6.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Feb 17 01:15:26 2022", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Feb 17 01:15:26 2022", + "issuer": "199e2f91fd431d51" + } + ], + "size": 1685726, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "/bin/awk", + "/bin/gawk", + "gawk", + "gawk(abi)", + "gawk(x86-64)" + ], + "requires": [ + "filesystem", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.11)(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libgmp.so.10()(64bit)", + "libm.so.6()(64bit)", + "libm.so.6(GLIBC_2.2.5)(64bit)", + "libm.so.6(GLIBC_2.29)(64bit)", + "libmpfr.so.6()(64bit)", + "libreadline.so.8()(64bit)", + "libsigsegv.so.2()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/etc/profile.d/gawk.csh", + "mode": 33188, + "size": 1107, + "digest": { + "algorithm": "sha256", + "value": "9ba2af9853121df6dd5edff9254a2946e39eab8dc6513348fea28f739ee96648" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/profile.d/gawk.sh", + "mode": 33188, + "size": 757, + "digest": { + "algorithm": "sha256", + "value": "70621a3b586d3d523b020e76977633b444a70013ba50e1ea901a3a07a676f15f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/awk", + "mode": 41471, + "size": 4, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gawk", + "mode": 33261, + "size": 714976, + "digest": { + "algorithm": "sha256", + "value": "b374177d6c91dad7eafe4d89ecfc414aa8e2bafb06b1f94d6f6d1d41dfad10ff" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/00", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/00/88e2aaec60fb0cada960d63884cd284bde2404", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/23", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/23/c5e47042ee6b004cd61d03a46cc0cd51f2fb13", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/25", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/25/78ca61a90ebb976e5c90fbd3b0ef2c99534c38", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/27", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/27/77ec90af5e2c2adbb5cc768c09e8ec798dc600", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3f", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3f/1d67a2f8562df3c3c089ed843875e793fa7e62", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/44", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/44/8d0cd66c19fd6b0a1d4c278b408d8a45e747bd", + "mode": 41471, + "size": 33, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/4e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/4e/782fc33a8ef7bd9135652792771e43690ba58a", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/54", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/54/9c9f48e3c63acc7c814d8b6123b805b0228592", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5d/34cf0c44134183546c95c0a3b8bfe5d6e9dd79", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/61", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/61/041d79b03234dd3d3a4fffb5060e3ebcffedab", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6e/f9ecfdcc9e2ff1b7d11f687ffbb914aa4ecc25", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/88", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/88/36431c525496c34b770c24706792c3badcef05", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/94", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/94/952470ec5c07fe50d493fdd51385bd232570c6", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/98", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/98/a83682c74811a072e7e30aa46f038d56646677", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/fe", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/fe/5e8a59f56ef899bbccffe5d88362551b814670", + "mode": 41471, + "size": 33, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/gawk", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gawk/filefuncs.so", + "mode": 33261, + "size": 41000, + "digest": { + "algorithm": "sha256", + "value": "08daf63964a4da243a342a71cd900b6bbc536d63e65b3fa200cdf30febe56063" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gawk/fnmatch.so", + "mode": 33261, + "size": 15968, + "digest": { + "algorithm": "sha256", + "value": "6fc76e3013bedf78d4bece60f60bcc9bfdbef00c659513337f2398907108d1c8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gawk/fork.so", + "mode": 33261, + "size": 16080, + "digest": { + "algorithm": "sha256", + "value": "ecad486105c51fa598dd4b727e3734d4655f242174d2b31c5e04c1e2f5b43193" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gawk/inplace.so", + "mode": 33261, + "size": 20176, + "digest": { + "algorithm": "sha256", + "value": "7e9fc9a7602dd997b880518d70bc7bc32d6929b96f939b4359c019543a72d1f1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gawk/intdiv.so", + "mode": 33261, + "size": 15992, + "digest": { + "algorithm": "sha256", + "value": "89b8ccda8a2bbba4276f13ecdf6ef8bd9419d73b5c860ad8f02c3d6ee9dd0193" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gawk/ordchr.so", + "mode": 33261, + "size": 16000, + "digest": { + "algorithm": "sha256", + "value": "fe87bf2d1356a8d568a47705a26f59c589011c819fa8a433b50999f76822932f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gawk/readdir.so", + "mode": 33261, + "size": 16000, + "digest": { + "algorithm": "sha256", + "value": "8553215e8ffebdcc353bc16e15ff10abb538d07def13488ad19f1ef80eb8d07d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gawk/readfile.so", + "mode": 33261, + "size": 16080, + "digest": { + "algorithm": "sha256", + "value": "5ce8ed25ccc02ae960b6123cf804cd43bd2d165962e907a0ba311b8785531370" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gawk/revoutput.so", + "mode": 33261, + "size": 15992, + "digest": { + "algorithm": "sha256", + "value": "46dca6dece20b4bb37cb091a82ca6e4ffd32398e2d1b4669327b335ed359dea1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gawk/revtwoway.so", + "mode": 33261, + "size": 16040, + "digest": { + "algorithm": "sha256", + "value": "f1cc9a475e8154da632614e48fb8836b994643947582eb0dc5486a5a105e0b8b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gawk/rwarray.so", + "mode": 33261, + "size": 20128, + "digest": { + "algorithm": "sha256", + "value": "395be1e8e158672cbe30547f78daa93d1b7525a5bb893ae36b66fc9f2c81fa72" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gawk/time.so", + "mode": 33261, + "size": 16008, + "digest": { + "algorithm": "sha256", + "value": "17df1cec822ba1dd53c9c5a4f5ba9c880c6362a68ecf76671b7b9c6fb5947056" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/awk", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/awk/grcat", + "mode": 33261, + "size": 16056, + "digest": { + "algorithm": "sha256", + "value": "01b5deef8969921f03e9f272b9503238c633c2f346806f2ba7f9ae22df6c7782" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/awk/pwcat", + "mode": 33261, + "size": 16048, + "digest": { + "algorithm": "sha256", + "value": "e77e5d5f4347b0c44c70c9320fe5276215bab80bd1f75db796520ecf24da029b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/gawk", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/assert.awk", + "mode": 33188, + "size": 383, + "digest": { + "algorithm": "sha256", + "value": "07f9e0362956d40ea6a92bedd4f292666185d038885387cb00adb5ade1582d93" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/bits2str.awk", + "mode": 33188, + "size": 334, + "digest": { + "algorithm": "sha256", + "value": "d7529387edb12e4054b384e96bc4911cb3b0e544602fb1e9de8a983f5fd46c5a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/cliff_rand.awk", + "mode": 33188, + "size": 307, + "digest": { + "algorithm": "sha256", + "value": "41b20eba1d788cdc7d64c3860315b3bb8613f80b5f7d8f04774c31caef64dd42" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/ctime.awk", + "mode": 33188, + "size": 234, + "digest": { + "algorithm": "sha256", + "value": "cf1b816f600516ec0a4f84901e12c48f44c5309bd6bd7b32f9a17abd026f2b86" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/ftrans.awk", + "mode": 33188, + "size": 315, + "digest": { + "algorithm": "sha256", + "value": "9957afaddfec5f2c6bc4f9cb12c576e6c367c1b681a472e91ced9caff5292722" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/getopt.awk", + "mode": 33188, + "size": 3278, + "digest": { + "algorithm": "sha256", + "value": "0144e3be4c5abc67bdace3b41a03cfea94a778268ca4df7efe5931737306e888" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/gettime.awk", + "mode": 33188, + "size": 2491, + "digest": { + "algorithm": "sha256", + "value": "7baacb670919547d1fc2ec186d6ad937c6f7cc2d03e0b2e8f6802742dc7c6023" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/group.awk", + "mode": 33188, + "size": 1765, + "digest": { + "algorithm": "sha256", + "value": "dcabe4d2e2f93972471e7eade26a7779e0c160c23570d3b32509433756083073" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/have_mpfr.awk", + "mode": 33188, + "size": 221, + "digest": { + "algorithm": "sha256", + "value": "40d45f7e243e4f7faa1335852c5839fa80c60d70eccd94918cee7edbc58fd9a4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/inplace.awk", + "mode": 33188, + "size": 2340, + "digest": { + "algorithm": "sha256", + "value": "c9420b8b4cef25e7f7982800a24d7ecdf2708e9514e8d0f48f471b6bdfec7f1e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/intdiv0.awk", + "mode": 33188, + "size": 462, + "digest": { + "algorithm": "sha256", + "value": "c184f8a175c7226e9c567a8bb91e5e67ed8e239769012ad16f93c48f8e328bfd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/join.awk", + "mode": 33188, + "size": 378, + "digest": { + "algorithm": "sha256", + "value": "9af26157a40c1e1c09dfa73152e07cbff4c4f4b31b7bf8132572270da6dfc052" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/libintl.awk", + "mode": 33188, + "size": 238, + "digest": { + "algorithm": "sha256", + "value": "2b3a65b9053d2f4f08733870ef2cf1b5ee8aeba74dc6b9b1d1610fc0d9ac0eee" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/noassign.awk", + "mode": 33188, + "size": 422, + "digest": { + "algorithm": "sha256", + "value": "7ffc84e6d111aaf56cb0d3756bbcbd73e2510069ee6fc05bc1ea0e412884663e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/ns_passwd.awk", + "mode": 33188, + "size": 1282, + "digest": { + "algorithm": "sha256", + "value": "65670dbe643091de33dd490b71609677c875166d0aa59378a6576f979ba9886a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/ord.awk", + "mode": 33188, + "size": 937, + "digest": { + "algorithm": "sha256", + "value": "e7d37acc67a101dd2e23c19ed3f9dfd5d01ea93af63b2ebc8679976e1ef051ce" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/passwd.awk", + "mode": 33188, + "size": 1199, + "digest": { + "algorithm": "sha256", + "value": "bdaf71595b473e0cfffaa426f451e1cbeae6d8a9047c5e78cf254b33586ac5eb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/processarray.awk", + "mode": 33188, + "size": 355, + "digest": { + "algorithm": "sha256", + "value": "ac1e8e8dee8105c5c1ab2a1b87fcb668885473b7e90b7b0c137275742c704166" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/quicksort.awk", + "mode": 33188, + "size": 1031, + "digest": { + "algorithm": "sha256", + "value": "b769b7a892acedcdb98d18c3cf05544d4d85488a0378aaacba0c6e2ddb71bf35" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/readable.awk", + "mode": 33188, + "size": 489, + "digest": { + "algorithm": "sha256", + "value": "06e27abeb78eff929cb1f44256f195fe2d86ebb62814f731f420df286c8f1094" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/readfile.awk", + "mode": 33188, + "size": 267, + "digest": { + "algorithm": "sha256", + "value": "751d619465eb57c9d6314eb2a97e783ff84ff108cd1c4efeff8f62400dd77609" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/rewind.awk", + "mode": 33188, + "size": 404, + "digest": { + "algorithm": "sha256", + "value": "878279434b70956b26eca128a0939c1a14da97b1626fe402eb76d44485fbc268" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/round.awk", + "mode": 33188, + "size": 661, + "digest": { + "algorithm": "sha256", + "value": "28b705d2e2b01cc3ed450cc42e2ff99b058b55ef5a49cbc483aded7bdfa58aff" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/shellquote.awk", + "mode": 33188, + "size": 472, + "digest": { + "algorithm": "sha256", + "value": "78e7df6e31f55536a4c3853f6d54644877aa892ed7fc6e1d4dc9080284d78565" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/strtonum.awk", + "mode": 33188, + "size": 1454, + "digest": { + "algorithm": "sha256", + "value": "abd27d285278e83655617efbd8e09b5f5271dd6ede37847b0ebd6632be2dde74" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/walkarray.awk", + "mode": 33188, + "size": 214, + "digest": { + "algorithm": "sha256", + "value": "3a7f02f135e91bbf1c1cd498ea0e1489802d58c83bb4d112c0a407593db31dd8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/awk/zerofile.awk", + "mode": 33188, + "size": 424, + "digest": { + "algorithm": "sha256", + "value": "c20a5e00b43fbfb9ea420da93f64422ce13d4aebb3b725e2ac3ba0102f169bee" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gawk", + "mode": 41471, + "size": 14, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/gawk", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/gawk/COPYING", + "mode": 33188, + "size": 35147, + "digest": { + "algorithm": "sha256", + "value": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/gawk/LICENSE.BSD", + "mode": 33188, + "size": 1508, + "digest": { + "algorithm": "sha256", + "value": "fea62a56afb45d77d33fd57599d5936d01bdda60d738e869df795a7392b1b320" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/gawk/LICENSE.GPLv2", + "mode": 33188, + "size": 18092, + "digest": { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/gawk/LICENSE.LGPLv2", + "mode": 33188, + "size": 26530, + "digest": { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "fcfdc07fd546a72e", + "name": "gdbm-libs", + "version": "1:1.23-1.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv3+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:gdbm-libs:gdbm-libs:1\\:1.23-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gdbm-libs:gdbm_libs:1\\:1.23-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gdbm_libs:gdbm-libs:1\\:1.23-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gdbm_libs:gdbm_libs:1\\:1.23-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:gdbm-libs:1\\:1.23-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:gdbm_libs:1\\:1.23-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gdbm:gdbm-libs:1\\:1.23-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gdbm:gdbm_libs:1\\:1.23-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/gdbm-libs@1.23-1.el9?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=gdbm-1.23-1.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "gdbm-libs", + "version": "1.23", + "epoch": 1, + "architecture": "x86_64", + "release": "1.el9", + "sourceRpm": "gdbm-1.23-1.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Jan 11 22:41:02 1943", + "issuer": "431d5136aa0ffc09" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Jun 24 19:22:13 1974", + "issuer": "431d51cb0b100095" + } + ], + "size": 128586, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "gdbm-libs", + "gdbm-libs(x86-64)", + "libgdbm.so.6()(64bit)", + "libgdbm_compat.so.4()(64bit)" + ], + "requires": [ + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libgdbm.so.6()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/10", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/10/cff0f4e0d86a8337f6fa23218acd601fdae1ea", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/19", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/19/cb092f220248476ae8342638e09eb0472c32ac", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libgdbm.so.6", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgdbm.so.6.0.0", + "mode": 33261, + "size": 78136, + "digest": { + "algorithm": "sha256", + "value": "bdc7274699add513c815dae574464f2dd2c5d25ac0365cb840d55faad3551989" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgdbm_compat.so.4", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgdbm_compat.so.4.0.0", + "mode": 33261, + "size": 15256, + "digest": { + "algorithm": "sha256", + "value": "0b6e593bcda737cc2634fbf08b69f7cd12d01bc1db04ff7d95e2cecca0394463" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/gdbm-libs", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/gdbm-libs/COPYING", + "mode": 33188, + "size": 35072, + "digest": { + "algorithm": "sha256", + "value": "690d762f2e8e149ab1e2d6a409a3853b6151a2533b2382fae549a176d6bedecf" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "glib2", + "version": "2.68.4", + "epoch": null, + "architecture": "x86_64", + "release": "18.el9_7", + "sourceRpm": "glib2-2.68.4-18.el9_7.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Sep 14 00:22:55 2025", + "issuer": "431d5108010ffd1e" + } + ], + "size": 13443391, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "bundled(gnulib)", + "bundled(gvdb)", + "bundled(libcharset)", + "bundled(xdgmime)", + "glib2", + "glib2(x86-64)", + "libgio-2.0.so.0()(64bit)", + "libglib-2.0.so.0()(64bit)", + "libgmodule-2.0.so.0()(64bit)", + "libgobject-2.0.so.0()(64bit)", + "libgthread-2.0.so.0()(64bit)" + ], + "requires": [ + "/bin/sh", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.10)(64bit)", + "libc.so.6(GLIBC_2.12)(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.16)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.28)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.32)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.5)(64bit)", + "libc.so.6(GLIBC_2.6)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libc.so.6(GLIBC_2.9)(64bit)", + "libffi.so.8()(64bit)", + "libffi.so.8(LIBFFI_BASE_8.0)(64bit)", + "libgio-2.0.so.0()(64bit)", + "libglib-2.0.so.0()(64bit)", + "libgmodule-2.0.so.0()(64bit)", + "libgnutls.so.30()(64bit)", + "libgobject-2.0.so.0()(64bit)", + "libmount.so.1()(64bit)", + "libmount.so.1(MOUNT_2.19)(64bit)", + "libmount.so.1(MOUNT_2.20)(64bit)", + "libmount.so.1(MOUNT_2.26)(64bit)", + "libmount.so.1(MOUNT_2_40)(64bit)", + "libpcre.so.1()(64bit)", + "libselinux.so.1()(64bit)", + "libselinux.so.1(LIBSELINUX_1.0)(64bit)", + "libz.so.1()(64bit)", + "libz.so.1(ZLIB_1.2.2)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/bin/gapplication", + "mode": 33261, + "size": 23760, + "digest": { + "algorithm": "sha256", + "value": "97f5cf2aebfcb29af00de68077e098b06957a1730154eeab0298a76ad73ffda0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gdbus", + "mode": 33261, + "size": 52728, + "digest": { + "algorithm": "sha256", + "value": "6340348726aba9d85dfdc91574d48d94a21f810803f5bc72a33db106edf22c1c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gio", + "mode": 33261, + "size": 94016, + "digest": { + "algorithm": "sha256", + "value": "1504f592d1a21398522ab3eacafc8fae1726985a54543a725d531368c1f8bd52" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gio-querymodules-64", + "mode": 33261, + "size": 15496, + "digest": { + "algorithm": "sha256", + "value": "968a25d1c83d5e2d6d975689858d586be554e70263952199bd9d3286be7d9c50" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/glib-compile-schemas", + "mode": 33261, + "size": 52704, + "digest": { + "algorithm": "sha256", + "value": "1807e7b02c847294dd8536791843a6a1d8997dac3b741329258431b037f1c736" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gsettings", + "mode": 33261, + "size": 32136, + "digest": { + "algorithm": "sha256", + "value": "c1fb6c8163c88547292c2ab8713903ff491531350d2c08763033c01d6b18318f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/12", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/12/4b286dd3d0153c8dab2daad69a314a11349c2a", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/23", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/23/5f3f59ef6bb979df25c663c1177f17dede938f", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/2e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/2e/2c94ce59aaf783e3b466bfe69554c41c9d3278", + "mode": 41471, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6f", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6f/537495429abbe62ec7714837204f7342a4c88e", + "mode": 41471, + "size": 44, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/8b", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/8b/b404c9f1c44c3bb35ec1711a598d3c3bc2e67a", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/9a", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/9a/23bfdaf94463a810eefb2bb206bd76c4513dca", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/9a/92db88762a519f523012b478d673662cecb2ba", + "mode": 41471, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b8/35f669eff296f9564b80542c30abe84f6d1f32", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c3", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c3/c056197733d571a57e089d866a4cfa44058258", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c8/f9388f331c4ea258483974a3f8e142e2d6a60a", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d9", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d9/eac6a037cc07409096adf29668d9843e9f03fd", + "mode": 41471, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/gio", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gio/modules", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgio-2.0.so.0", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgio-2.0.so.0.6800.4", + "mode": 33261, + "size": 1949176, + "digest": { + "algorithm": "sha256", + "value": "ce99afd8ea679192db041ae8f2a58d3a7e8cb0d8dd922b496ca7c3ad10f5ffb3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libglib-2.0.so.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libglib-2.0.so.0.6800.4", + "mode": 33261, + "size": 1303024, + "digest": { + "algorithm": "sha256", + "value": "8a9f544c29e2d39e26e70621121b12d3be42157b09124f18df53205ea87ba6c2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgmodule-2.0.so.0", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgmodule-2.0.so.0.6800.4", + "mode": 33261, + "size": 19480, + "digest": { + "algorithm": "sha256", + "value": "e9e6029eedc9fd114d0ac05a54e2ed851f4e13093e2a01cc59e1b05fffadb3c5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgobject-2.0.so.0", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgobject-2.0.so.0.6800.4", + "mode": 33261, + "size": 375144, + "digest": { + "algorithm": "sha256", + "value": "a07a109964b6df13008ac0355a31e002805f31b92be6670f7ca15f3f754b9ecd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgthread-2.0.so.0", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgthread-2.0.so.0.6800.4", + "mode": 33261, + "size": 14984, + "digest": { + "algorithm": "sha256", + "value": "33e1f84aa7f1483707971e3adc632e5672b00aa1299bc71bf94eb082df45a25d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/bash-completion", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/bash-completion/completions", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/bash-completion/completions/gapplication", + "mode": 33188, + "size": 1389, + "digest": { + "algorithm": "sha256", + "value": "199885a791120de218784b28d189becea2cdbdd1c297e8a4a92602a969857fe7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/bash-completion/completions/gdbus", + "mode": 33188, + "size": 935, + "digest": { + "algorithm": "sha256", + "value": "819c76693b994a291c175c3d7a394022b7429644794816071ae40b5ca405105e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/bash-completion/completions/gio", + "mode": 33188, + "size": 3830, + "digest": { + "algorithm": "sha256", + "value": "5da96db9ea9295e068a1c6c046b5ee32718489af43a949425b7d8c6cdc2ca493" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/bash-completion/completions/gsettings", + "mode": 33188, + "size": 2829, + "digest": { + "algorithm": "sha256", + "value": "8b0b278b6e20a401e94afb6164f99f73ee49af70e12e6c7c054a48fc8dccb552" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/glib2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/glib2/AUTHORS", + "mode": 33188, + "size": 1347, + "digest": { + "algorithm": "sha256", + "value": "52ca4a84d8dc412ead87bc3223c2ec2ac819938337cabecb2bd1994e979d1171" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/glib2/NEWS", + "mode": 33188, + "size": 515412, + "digest": { + "algorithm": "sha256", + "value": "d9d372c412fac473f5ae7cbb9ccf0f535c203dba5a54d3d49a24c17f66e2fe45" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/glib2/README", + "mode": 33188, + "size": 14, + "digest": { + "algorithm": "sha256", + "value": "3debe734c777df09c3c762cadd0fea1bebdb857c55243d605dc5b09211895bf3" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/glib-2.0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/glib-2.0/schemas", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/glib2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/glib2/COPYING", + "mode": 33188, + "size": 26530, + "digest": { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man1/gapplication.1.gz", + "mode": 33188, + "size": 2417, + "digest": { + "algorithm": "sha256", + "value": "0441a51f97dfcc2b7c116496c773440cddc47313c8f74f58b14519dbb3746321" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/gdbus.1.gz", + "mode": 33188, + "size": 3233, + "digest": { + "algorithm": "sha256", + "value": "d68dfa1b41025de6dba8c6487bffefc75c8db056f0a2985ca8d4dc66559e374c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/gio-querymodules.1.gz", + "mode": 33188, + "size": 727, + "digest": { + "algorithm": "sha256", + "value": "fdf8e8e6db4513926f93afe56d6b840f9d44fa61b7013d31fb4fee8601ed33f9" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/gio.1.gz", + "mode": 33188, + "size": 4657, + "digest": { + "algorithm": "sha256", + "value": "64f71d89f071221fdee2d4da39cb1a25a2d71289b3329bb11be00f01735897ab" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/glib-compile-schemas.1.gz", + "mode": 33188, + "size": 1399, + "digest": { + "algorithm": "sha256", + "value": "7679553a5f28ac225617a53d42299a1857f0c44b065058f8cad05c668f333aa5" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/gsettings.1.gz", + "mode": 33188, + "size": 1506, + "digest": { + "algorithm": "sha256", + "value": "884e964ba1b1e5b415339a7b9cea0557191cb78cdb5a0f1e443f40ddf2785db7" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "glibc", + "version": "2.34", + "epoch": null, + "architecture": "x86_64", + "release": "231.el9_7.2", + "sourceRpm": "glibc-2.34-231.el9_7.2.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed May 25 06:58:07 1960", + "issuer": "431d51c1150fff44" + } + ], + "size": 6461123, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "/lib64/ld-linux-x86-64.so.2", + "/lib64/libanl.so.1", + "/lib64/libc.so.6", + "/lib64/libdl.so.2", + "/lib64/libm.so.6", + "/lib64/libpthread.so.0", + "/lib64/libresolv.so.2", + "/lib64/librt.so.1", + "/lib64/libutil.so.1", + "/sbin/ldconfig", + "/usr/sbin/ldconfig", + "bundled(gnulib)", + "config(glibc)", + "glibc", + "glibc(x86-64)", + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.2.5)(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.34)(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.35)(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.4)(64bit)", + "ldconfig", + "libBrokenLocale.so.1()(64bit)", + "libBrokenLocale.so.1(GLIBC_2.2.5)(64bit)", + "libSegFault.so()(64bit)", + "libanl.so.1()(64bit)", + "libanl.so.1(GLIBC_2.2.5)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.10)(64bit)", + "libc.so.6(GLIBC_2.11)(64bit)", + "libc.so.6(GLIBC_2.12)(64bit)", + "libc.so.6(GLIBC_2.13)(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.16)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.18)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.2.6)(64bit)", + "libc.so.6(GLIBC_2.22)(64bit)", + "libc.so.6(GLIBC_2.23)(64bit)", + "libc.so.6(GLIBC_2.24)(64bit)", + "libc.so.6(GLIBC_2.25)(64bit)", + "libc.so.6(GLIBC_2.26)(64bit)", + "libc.so.6(GLIBC_2.27)(64bit)", + "libc.so.6(GLIBC_2.28)(64bit)", + "libc.so.6(GLIBC_2.29)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.30)(64bit)", + "libc.so.6(GLIBC_2.31)(64bit)", + "libc.so.6(GLIBC_2.32)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.35)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.5)(64bit)", + "libc.so.6(GLIBC_2.6)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libc.so.6(GLIBC_2.9)(64bit)", + "libdl.so.2()(64bit)", + "libdl.so.2(GLIBC_2.2.5)(64bit)", + "libdl.so.2(GLIBC_2.3.3)(64bit)", + "libdl.so.2(GLIBC_2.3.4)(64bit)", + "libm.so.6()(64bit)", + "libm.so.6(GLIBC_2.15)(64bit)", + "libm.so.6(GLIBC_2.18)(64bit)", + "libm.so.6(GLIBC_2.2.5)(64bit)", + "libm.so.6(GLIBC_2.23)(64bit)", + "libm.so.6(GLIBC_2.24)(64bit)", + "libm.so.6(GLIBC_2.25)(64bit)", + "libm.so.6(GLIBC_2.26)(64bit)", + "libm.so.6(GLIBC_2.27)(64bit)", + "libm.so.6(GLIBC_2.28)(64bit)", + "libm.so.6(GLIBC_2.29)(64bit)", + "libm.so.6(GLIBC_2.31)(64bit)", + "libm.so.6(GLIBC_2.32)(64bit)", + "libm.so.6(GLIBC_2.4)(64bit)", + "libmemusage.so()(64bit)", + "libmvec.so.1()(64bit)", + "libmvec.so.1(GLIBC_2.22)(64bit)", + "libnss_compat.so.2()(64bit)", + "libnss_dns.so.2()(64bit)", + "libnss_files.so.2()(64bit)", + "libpcprofile.so()(64bit)", + "libpthread.so.0()(64bit)", + "libpthread.so.0(GLIBC_2.11)(64bit)", + "libpthread.so.0(GLIBC_2.12)(64bit)", + "libpthread.so.0(GLIBC_2.18)(64bit)", + "libpthread.so.0(GLIBC_2.2.5)(64bit)", + "libpthread.so.0(GLIBC_2.2.6)(64bit)", + "libpthread.so.0(GLIBC_2.28)(64bit)", + "libpthread.so.0(GLIBC_2.3.2)(64bit)", + "libpthread.so.0(GLIBC_2.3.3)(64bit)", + "libpthread.so.0(GLIBC_2.3.4)(64bit)", + "libpthread.so.0(GLIBC_2.30)(64bit)", + "libpthread.so.0(GLIBC_2.31)(64bit)", + "libpthread.so.0(GLIBC_2.4)(64bit)", + "libresolv.so.2()(64bit)", + "libresolv.so.2(GLIBC_2.2.5)(64bit)", + "libresolv.so.2(GLIBC_2.3.2)(64bit)", + "libresolv.so.2(GLIBC_2.9)(64bit)", + "librt.so.1()(64bit)", + "librt.so.1(GLIBC_2.2.5)(64bit)", + "librt.so.1(GLIBC_2.3.3)(64bit)", + "librt.so.1(GLIBC_2.3.4)(64bit)", + "librt.so.1(GLIBC_2.4)(64bit)", + "librt.so.1(GLIBC_2.7)(64bit)", + "libthread_db.so.1()(64bit)", + "libthread_db.so.1(GLIBC_2.2.5)(64bit)", + "libthread_db.so.1(GLIBC_2.3)(64bit)", + "libthread_db.so.1(GLIBC_2.3.3)(64bit)", + "libutil.so.1()(64bit)", + "libutil.so.1(GLIBC_2.2.5)(64bit)", + "rtld(GNU_HASH)" + ], + "requires": [ + "(glibc-gconv-extra(x86-64) = 2.34-231.el9_7.2 if redhat-rpm-config)", + "basesystem", + "basesystem", + "config(glibc)", + "glibc-common", + "glibc-langpack", + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.2.5)(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.35)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.28)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libgcc(x86-64)", + "libgcc(x86-64)", + "libm.so.6()(64bit)", + "libm.so.6(GLIBC_2.2.5)(64bit)", + "libm.so.6(GLIBC_2.27)(64bit)", + "libm.so.6(GLIBC_2.29)(64bit)", + "libresolv.so.2()(64bit)", + "rpmlib(BuiltinLuaScripts)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PartialHardlinkSets)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rpmlib(RichDependencies)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/etc/ld.so.cache", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/etc/ld.so.conf", + "mode": 33188, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "239c865e4c0746a01f82b03d38d620853bab2a2ba8e81d6f5606c503e0ea379f" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/ld.so.conf.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/nsswitch.conf", + "mode": 33188, + "size": 2108, + "digest": { + "algorithm": "sha256", + "value": "780582abdc12675cf3c66feb5d5c190a9c77591b72ef427b325c8bb78762d8e1" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/rpc", + "mode": 33188, + "size": 1634, + "digest": { + "algorithm": "sha256", + "value": "3b24a975dcde688434258566813a83ce256a4c73efd7a8a9c3998327b0b4de68" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/03", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/03/d48bc618d4576a6cac075b25a94902023d8e03", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/10", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/10/58cfb0232cbd4ea55d986b3a588217d0881385", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/13", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/13/a2a630796926dc78b33fa91ae5f803cfe8c6c4", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/17", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/17/619d49fdc8fb601636ac108d87a2dd7b7502f0", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/19", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/19/b72a57281dfa11fe28121d8d4144bdcf4853ab", + "mode": 41471, + "size": 33, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/23", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/23/93f43ab79c5dc6b6a5cd3923e34819d7925706", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/26", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/26/8b70022633e9ec4acf495c9e8c48ab1b44e97e", + "mode": 41471, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/36", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/36/58ac35ec0ad992ff235c14915c77223ff0fc2b", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/43", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/43/6c3f251a1d079c37763bd4ff1ff761a9a1e53d", + "mode": 41471, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/4e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/4e/6dcf9b1c5cf192f2fcead1056312f77d4263a3", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/52", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/52/0e28f48185a5ba0ac1ce1ae409f2d1095e1e17", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5c/bfa1be5ecea25c5d04e1a8eb0d3e9fd3edf2a4", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/60", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/60/3399c81f096633b807fe3ccff8163b7cb62444", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/61", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/61/0271f138b82c4539cf92eedc8204749eb04f5b", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6b", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6b/9de0f38e752ddd9201ab9230ec1b8d68029863", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/73", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/73/2303a00b10700cac568b320be5ec9b1c3a9666", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/75", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/75/5c4524c8c21ce14a711e412668697b248b6400", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7c/68e378ae2e1dcca8e59c416de746a5f05a60a3", + "mode": 41471, + "size": 44, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/8f", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/8f/901475e6d3f4a06db11601bf6f4c74d83f2b2a", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/94", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/94/2d4fc94ba8595a05677977109526e8b03f33af", + "mode": 41471, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/94/2d4fc94ba8595a05677977109526e8b03f33af.1", + "mode": 41471, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/94/2d4fc94ba8595a05677977109526e8b03f33af.2", + "mode": 41471, + "size": 47, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ac", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ac/93c81c2baa5d081248b653b1922ddd70c50e62", + "mode": 41471, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/af", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/af/04b5b1bd14b35a5647e7fa2c5e6d0313bf618e", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b4", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b4/dfe578b49b0ddd2dcafe053244c160f57ad376", + "mode": 41471, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/bd", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/bd/cdd232b4df092cd80a7c005e72639a71ee1162", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c2/5df5de63618a3341fed63874cc3293bb459cd9", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c5", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c5/1b64ca7f10967b4292ec1029a87efc6bbfdb5e", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/db", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/db/0bd6e0796cf9d2612194f3a06241e077a5074a", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/dc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/dc/ff4650720b602720192846d3cdfb8d68b40edb", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ed", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ed/f221e87e2e12db23bb284303ea6b766f4a6b28", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ef", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ef/e3927ff8240251e4098b96a9be39943a52fd48", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f2/3402034681f69ce9b1f4137a495ffe8c60135f", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/audit", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/audit/sotruss-lib.so", + "mode": 33261, + "size": 15680, + "digest": { + "algorithm": "sha256", + "value": "b8532209ffbc6571d6f9ac43d5eba4011cb296f48e2019496e8d98c7cbe1904e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gconv", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gconv/ANSI_X3.110.so", + "mode": 33261, + "size": 27824, + "digest": { + "algorithm": "sha256", + "value": "1644c0be67e4481de99e2d9f95c850443c7b030f483753f622ec4fbf99db6760" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gconv/CP1252.so", + "mode": 33261, + "size": 19624, + "digest": { + "algorithm": "sha256", + "value": "563b2c39b815b92da2db23382673650ca68552c6485101b457b1bef8821d48bb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gconv/ISO8859-1.so", + "mode": 33261, + "size": 19632, + "digest": { + "algorithm": "sha256", + "value": "376744f1ba07d1feaffad5cbb2c4bf68e3ff2ff9cd0e0ccfb288405824a48e14" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gconv/ISO8859-15.so", + "mode": 33261, + "size": 19624, + "digest": { + "algorithm": "sha256", + "value": "9a5470d2aff600ca1ea7fed177a456e599239614f48a43e8c3e1d623b1af78d0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gconv/UNICODE.so", + "mode": 33261, + "size": 19640, + "digest": { + "algorithm": "sha256", + "value": "1f6e20b20180e844c8fb780312973b847cc34c607b86480b6790abf50b5023a5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gconv/UTF-16.so", + "mode": 33261, + "size": 19632, + "digest": { + "algorithm": "sha256", + "value": "437fab3ea8ee82f9660d5fd20742af56b720019cf20b10e72754e2f1c0270ef7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gconv/UTF-32.so", + "mode": 33261, + "size": 19632, + "digest": { + "algorithm": "sha256", + "value": "df2bf0182e2017d41c5d284641d9cda62a3c3141bf6280385bad5a604ac67428" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gconv/UTF-7.so", + "mode": 33261, + "size": 27824, + "digest": { + "algorithm": "sha256", + "value": "a3bd3ef13845da8d804473bc6cb04749e1de48a5db46304043ba20d9251614d8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gconv/gconv-modules", + "mode": 33188, + "size": 3808, + "digest": { + "algorithm": "sha256", + "value": "9976193fd6fb671112a0f10486e50ad3bfb79e9a08429544c820365cdd3bfd35" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/usr/lib64/gconv/gconv-modules.cache", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/gconv/gconv-modules.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/ld-linux-x86-64.so.2", + "mode": 33261, + "size": 932736, + "digest": { + "algorithm": "sha256", + "value": "5c3f5bb169dc33a7d4b31e51eb40020e993e35cda989c24a3313c2fe9cdc2376" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libBrokenLocale.so.1", + "mode": 33261, + "size": 15496, + "digest": { + "algorithm": "sha256", + "value": "7edfeb32d0c6e94b6278c8dbc45e44f5a3da9c0aff4a0ba6e0921c84c512c121" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libSegFault.so", + "mode": 33261, + "size": 23872, + "digest": { + "algorithm": "sha256", + "value": "d1977600b89705a3667d947fa34f184a2956c2f0b0b9418339cd730c78127930" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libanl.so.1", + "mode": 33261, + "size": 15464, + "digest": { + "algorithm": "sha256", + "value": "59881a9701e9bc254b407ec15f61234107f3e35ca9904fafbc6a03ef87818e83" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libc.so.6", + "mode": 33261, + "size": 2549264, + "digest": { + "algorithm": "sha256", + "value": "e3b8bd13af7d81fed68c43d2ed3ea54db6e23a44499519d783e77edf8022581c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libc_malloc_debug.so.0", + "mode": 33261, + "size": 54344, + "digest": { + "algorithm": "sha256", + "value": "e34fd1525218ce9f30738a4ac10d1261745d8ccd83f36126eecc59e511d4d71e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libdl.so.2", + "mode": 33261, + "size": 15472, + "digest": { + "algorithm": "sha256", + "value": "4731f911c5ae24b2428705a9b0ad77b5a5902445a55f667d8ad19066616104d1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libm.so.6", + "mode": 33261, + "size": 904728, + "digest": { + "algorithm": "sha256", + "value": "2d3d7de18f6db76e4fb7adb884bb1f9a3dfadd12fcbcd83748da4bbb3ec342df" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libmemusage.so", + "mode": 33261, + "size": 20064, + "digest": { + "algorithm": "sha256", + "value": "3ccec15ee85e4f96294016eb3bbad83dc581646f819a396d1f255c023d38464d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libmvec.so.1", + "mode": 33261, + "size": 176824, + "digest": { + "algorithm": "sha256", + "value": "2ab11542d16a97109f41000260ecb3fe42db527bbf6df141de9cfb443a6eea8e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libnss_compat.so.2", + "mode": 33261, + "size": 45552, + "digest": { + "algorithm": "sha256", + "value": "bdbc0ab86029cc1326e82aa13d5a8d76a63845b8d9b9a43488c9d17e1e27e0d2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libnss_dns.so.2", + "mode": 33261, + "size": 15344, + "digest": { + "algorithm": "sha256", + "value": "7e870759cab5cf5f75e64ba29cfd61918549dbb7ae4575f1272031d741d15b06" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libnss_files.so.2", + "mode": 33261, + "size": 15336, + "digest": { + "algorithm": "sha256", + "value": "33d3c38795fc9591a1be00f562485acdd4b4470388cf14a6d6ac22635c4e3a67" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpcprofile.so", + "mode": 33261, + "size": 15520, + "digest": { + "algorithm": "sha256", + "value": "75d3aebcd4c6a1d25e76e031c2ad722c607e7976f3d9d541195c3319c7580915" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpthread.so.0", + "mode": 33261, + "size": 15480, + "digest": { + "algorithm": "sha256", + "value": "83dc268d2bc39b1bc7ea9bc47f80d2b03d584b97471e1d350ae8570c9e451080" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libresolv.so.2", + "mode": 33261, + "size": 70528, + "digest": { + "algorithm": "sha256", + "value": "f108336535775d00ddac47c7c663e22f38137102e8e674d9ab9a091a43473948" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/librt.so.1", + "mode": 33261, + "size": 15648, + "digest": { + "algorithm": "sha256", + "value": "e7739dc9abc514845ad06d7e1cff374e384f5014d04c5e60c40a1e033f8a95a9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libthread_db.so.1", + "mode": 33261, + "size": 41600, + "digest": { + "algorithm": "sha256", + "value": "7bce176450f85680f3dfe6661359ca884fba6650c414de747be5f997d8e1596e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libutil.so.1", + "mode": 33261, + "size": 15464, + "digest": { + "algorithm": "sha256", + "value": "1da739d3692933ac28b1c4fd1d0f94a0976f3286c0bf8b2e5e5db49ca7e854fd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/getconf", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/getconf/POSIX_V6_LP64_OFF64", + "mode": 33261, + "size": 36080, + "digest": { + "algorithm": "sha256", + "value": "f01154b2747461aa3011213d2a2d018d04bf4241ebc0649822a28b9d863eb370" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/getconf/POSIX_V7_LP64_OFF64", + "mode": 33261, + "size": 36080, + "digest": { + "algorithm": "sha256", + "value": "f01154b2747461aa3011213d2a2d018d04bf4241ebc0649822a28b9d863eb370" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/getconf/XBS5_LP64_OFF64", + "mode": 33261, + "size": 36080, + "digest": { + "algorithm": "sha256", + "value": "f01154b2747461aa3011213d2a2d018d04bf4241ebc0649822a28b9d863eb370" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/iconvconfig", + "mode": 33261, + "size": 32440, + "digest": { + "algorithm": "sha256", + "value": "32a2f84bdc83abe12f1ad68520ccfff38e32f9cf199f8c701601a5faa5d8735e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/ldconfig", + "mode": 33261, + "size": 1172360, + "digest": { + "algorithm": "sha256", + "value": "df210f9db42ec59cecf3a7879141cf6a43d2825b9a4764eb507dce913fd74ca3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/glibc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/glibc/COPYING", + "mode": 33188, + "size": 18092, + "digest": { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/glibc/COPYING.LIB", + "mode": 33188, + "size": 26530, + "digest": { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/glibc/LICENSES", + "mode": 33188, + "size": 18943, + "digest": { + "algorithm": "sha256", + "value": "b33d0bd9f685b46853548814893a6135e74430d12f6d94ab3eba42fc591f83bc" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/var/cache/ldconfig", + "mode": 16832, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/cache/ldconfig/aux-cache", + "mode": 33152, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + } + ] + } + }, + { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "glibc-common", + "version": "2.34", + "epoch": null, + "architecture": "x86_64", + "release": "231.el9_7.2", + "sourceRpm": "glibc-2.34-231.el9_7.2.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Dec 15 05:22:56 2035", + "issuer": "431d5102d40fff43" + } + ], + "size": 1081366, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "glibc-common", + "glibc-common(x86-64)" + ], + "requires": [ + "/bin/sh", + "/usr/bin/bash", + "/usr/bin/sh", + "glibc", + "ld-linux-x86-64.so.2()(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.10)(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.28)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "tzdata" + ], + "files": [ + { + "path": "/usr/bin/catchsegv", + "mode": 33261, + "size": 3289, + "digest": { + "algorithm": "sha256", + "value": "6968647a65cbe670136c5657540debd96b257b168c2688dd8d34669b31e02111" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gencat", + "mode": 33261, + "size": 28104, + "digest": { + "algorithm": "sha256", + "value": "2d4fd18b1b005445e1b63f5bf3ddef52a4cdc7eec37dc01090d6de08e9df8cd0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/getconf", + "mode": 33261, + "size": 36080, + "digest": { + "algorithm": "sha256", + "value": "f01154b2747461aa3011213d2a2d018d04bf4241ebc0649822a28b9d863eb370" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/getent", + "mode": 33261, + "size": 36720, + "digest": { + "algorithm": "sha256", + "value": "3e8afb78f9ec759e5a62dd385aa092844fbbc5f1d01e9c56484bbde799a099b0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/iconv", + "mode": 33261, + "size": 65624, + "digest": { + "algorithm": "sha256", + "value": "9df92fd65adc5a01b5c74c505b6e8bdae87a32df88745f6259941933f773ba29" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/ld.so", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/ldd", + "mode": 33261, + "size": 5446, + "digest": { + "algorithm": "sha256", + "value": "2e332feed7fe0d65afca81d83d07f997917c07d5c1f1fd5564e98330e78aa0b5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/locale", + "mode": 33261, + "size": 60496, + "digest": { + "algorithm": "sha256", + "value": "826d99ca59ea56a0df2a4415176ce2554c6a53ea199700314ddaf1f5b2fe4cfd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/localedef", + "mode": 33261, + "size": 321584, + "digest": { + "algorithm": "sha256", + "value": "6ce825bf92f8a07b4921430a093cd0410a7ded09004c81a10866ec2bf9b764a5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/pldd", + "mode": 33261, + "size": 23936, + "digest": { + "algorithm": "sha256", + "value": "8ce9b7397fb7661f8fbc87dfc2d12b4d44555425d20f6771e90880283084d4cc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/sotruss", + "mode": 33261, + "size": 4282, + "digest": { + "algorithm": "sha256", + "value": "a01e33a22e131e727a069bfe82faeda8f58fede0dd4966f88300fe9ec1fa8496" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/sprof", + "mode": 33261, + "size": 36296, + "digest": { + "algorithm": "sha256", + "value": "97f497f325859d13de6c5d1f1e0489ef6ea892e299da344d1fa7f01286dfd39b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/tzselect", + "mode": 33261, + "size": 15352, + "digest": { + "algorithm": "sha256", + "value": "895808da0dad628436ef6de05465978b7929fe017d186d7d626c2074e5c345b9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/zdump", + "mode": 33261, + "size": 28000, + "digest": { + "algorithm": "sha256", + "value": "5743f6d41afed780f5d47b1211fdf7bba618cf6f9af8698ba8393dd6758e04df" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/21", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/21/203f29f3cdc928433feff87f148ac810d7fefd", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/25", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/25/1acd311c00ccc89f48d5e8b3e8b46e9e673d17", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/33", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/33/32b57d7bfbca02b2b52f0c135878402494cac9", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/45", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/45/1a9a492e3dc21c082694429fc00eb0aedd4872", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/45/bb1da56908b9f8ad85d4d6d61725a4e319fdef", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6d/c989595307c29332de3ac3f093bf66dc8340a9", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6e/d8c87aab2c6dddd3f771ad509515c2827bf14d", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/94/2d4fc94ba8595a05677977109526e8b03f33af.3", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/9f", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/9f/635cc5c04cb9f8993a01811b2655eef2f54c98", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ae", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ae/79cd7468ef7c6acaebce3245e7588e5a452e3d", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/locale", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/C.utf8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/C.utf8/LC_ADDRESS", + "mode": 33188, + "size": 127, + "digest": { + "algorithm": "sha256", + "value": "26e2800affab801cb36d4ff9625a95c3abceeda2b6553a7aecd0cfcf34c98099" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/C.utf8/LC_COLLATE", + "mode": 33188, + "size": 1406, + "digest": { + "algorithm": "sha256", + "value": "47a5f5359a8f324abc39d69a7f6241a2ac0e2fbbeae5b9c3a756e682b75d087b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/C.utf8/LC_CTYPE", + "mode": 33188, + "size": 346132, + "digest": { + "algorithm": "sha256", + "value": "2cb901c95a9fa81466d7878f81aa8eb52620df6f4420a0e219943ee6491c9334" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", + "mode": 33188, + "size": 258, + "digest": { + "algorithm": "sha256", + "value": "38a1d8e5271c86f48910d9c684f64271955335736e71cec35eeac942f90eb091" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/C.utf8/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/C.utf8/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "f9ad02f1d8eba721d4cbd50c365b5c681c39aec008f90bfc2be2dc80bfbaddcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/C.utf8/LC_MONETARY", + "mode": 33188, + "size": 270, + "digest": { + "algorithm": "sha256", + "value": "bfd9e9975443b834582493fe9a8d7aefcd989376789c17470a1e548aee76fd55" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/C.utf8/LC_NAME", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "14507aad9f806112e464b9ca94c93b2e4d759ddc612b5f87922d7cac7170697d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/C.utf8/LC_NUMERIC", + "mode": 33188, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "f5976e6b3e6b24dfe03caad6a5b98d894d8110d8bd15507e690fd60fd3e04ab2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/C.utf8/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/C.utf8/LC_TELEPHONE", + "mode": 33188, + "size": 47, + "digest": { + "algorithm": "sha256", + "value": "f4caf0d12844219b65ba42edc7ec2f5ac1b2fc36a3c88c28887457275daca1ee" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/C.utf8/LC_TIME", + "mode": 33188, + "size": 3360, + "digest": { + "algorithm": "sha256", + "value": "0910b595d1d5d4e52cc0f415bbb1ff07c015d6860d34aae02505dd9973a63154" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/zic", + "mode": 33261, + "size": 61056, + "digest": { + "algorithm": "sha256", + "value": "0f3d1cea614a46ced60f0d43ef21a40bb7d72c6e94a47883504fecf29b12f41b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/i18n", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/i18n/charmaps", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/i18n/locales", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/locale/locale.alias", + "mode": 33188, + "size": 2998, + "digest": { + "algorithm": "sha256", + "value": "68020a80eea5366fbe60c2e812ebdebf4875a1b85a3f2f9dd4413306e41c796f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "glibc-langpack-en", + "version": "2.34", + "epoch": null, + "architecture": "x86_64", + "release": "231.el9_7.2", + "sourceRpm": "glibc-2.34-231.el9_7.2.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Mar 30 21:50:09 1924", + "issuer": "431d5169bf1000a0" + } + ], + "size": 5955802, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "glibc-langpack", + "glibc-langpack-en", + "glibc-langpack-en(x86-64)" + ], + "requires": [ + "glibc", + "glibc-common", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PartialHardlinkSets)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rpmlib(RichDependencies)" + ], + "files": [ + { + "path": "/usr/lib/locale", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AG", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AG/LC_ADDRESS", + "mode": 33188, + "size": 162, + "digest": { + "algorithm": "sha256", + "value": "5978e9281ccc79389007f970fc8ab5d2aea6d44520d177c4771762ca3bb4dd19" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AG/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AG/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AG/LC_IDENTIFICATION", + "mode": 33188, + "size": 385, + "digest": { + "algorithm": "sha256", + "value": "5c2126bf3dc5336ef02b099601ebb73f376a02028f704f545fedcfe06b3f03ad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AG/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AG/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AG/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AG/LC_MONETARY", + "mode": 33188, + "size": 286, + "digest": { + "algorithm": "sha256", + "value": "459e7bdad4cb9088a80be523db455df3ceb6de9996adb2143e10f9f924771b40" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AG/LC_NAME", + "mode": 33188, + "size": 77, + "digest": { + "algorithm": "sha256", + "value": "2d776e660519a0af4e766d36c0698101f73e1aed52c30b14588205ee5d76adf1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AG/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AG/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AG/LC_TELEPHONE", + "mode": 33188, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "116b926988a5c927fdf45e4f447714e7f1c4c590ed01a38f420c72e44ae44646" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AG/LC_TIME", + "mode": 33188, + "size": 3332, + "digest": { + "algorithm": "sha256", + "value": "fc81b0ea5617a8015c1803e5ad4482b7775fa384e39056a193fd8af4fc587009" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU.utf8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU.utf8/LC_ADDRESS", + "mode": 33188, + "size": 154, + "digest": { + "algorithm": "sha256", + "value": "516d74b4d116466da833bfa0b69772028d1d025b34b44c1fda5461de3449c95e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU.utf8/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU.utf8/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU.utf8/LC_IDENTIFICATION", + "mode": 33188, + "size": 360, + "digest": { + "algorithm": "sha256", + "value": "5334b303404cb4d6d372c4f2330e258f1b811135179d87f92e14bc88cbea9719" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU.utf8/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU.utf8/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU.utf8/LC_MONETARY", + "mode": 33188, + "size": 286, + "digest": { + "algorithm": "sha256", + "value": "6e3ae2ce05e3ca1f190b189850b5b13f1e6654e969d847aeb5cf56cd810de14c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU.utf8/LC_NAME", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "710d69ab9ac421f7da9a54bcc5a6cca6ce07f1a3a52840a2fd86879d9417a961" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU.utf8/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU.utf8/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU.utf8/LC_TELEPHONE", + "mode": 33188, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "dc0473765b4eaea165a30bc7503edf05bf8a05216f883b4038bdb8ed2d69c98d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU.utf8/LC_TIME", + "mode": 33188, + "size": 3268, + "digest": { + "algorithm": "sha256", + "value": "51d1e09aa1fdda7f181ed2a5a336b000333dde888f80bb1bb40c216c36bb9cc8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU/LC_ADDRESS", + "mode": 33188, + "size": 159, + "digest": { + "algorithm": "sha256", + "value": "ad7c9c1a9dbde81c1d117f245303c42e11758ec204657765728fc77b75ee4e31" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU/LC_COLLATE", + "mode": 33188, + "size": 21267, + "digest": { + "algorithm": "sha256", + "value": "c2228135bc5d8d23e511af634953113a89e4d50cbd0d8375a60b3da879f457ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU/LC_CTYPE", + "mode": 33188, + "size": 294948, + "digest": { + "algorithm": "sha256", + "value": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU/LC_IDENTIFICATION", + "mode": 33188, + "size": 363, + "digest": { + "algorithm": "sha256", + "value": "5988c4157eb89d3ebb4263815443bb541f25f75897b8f7a52b65b17ef925f14a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU/LC_MEASUREMENT", + "mode": 33188, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "e471915853f417071f841415994bc4a0befb771b3ab2ca07e705b9c9d7aa9569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "092c1b236815302e33b5dafaa68163b77cc7f5fc13618724ef2bf3b99dbb11c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU/LC_MONETARY", + "mode": 33188, + "size": 291, + "digest": { + "algorithm": "sha256", + "value": "af66cf344e56185a2a01ab9c6a5c704cc7c09ddaf71ca2fb59a5eb3570247f13" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU/LC_NAME", + "mode": 33188, + "size": 67, + "digest": { + "algorithm": "sha256", + "value": "4f76a728f941c8c60545a5a351b84e0e8d5fc2cfd2d58b57ef7df68bf9ff0b2c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU/LC_NUMERIC", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "82c765bea6a0c5f953d22b2241ec3bf5b2b5f8566d64301314fc1eb8777ff2c2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU/LC_PAPER", + "mode": 33188, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "7a0be06f05dea974a4ad8b2b2d4a7fa2703bc25e45198fdda5b8f4507c5b881b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU/LC_TELEPHONE", + "mode": 33188, + "size": 58, + "digest": { + "algorithm": "sha256", + "value": "dd878a170db9b554d67b558d603d9b1d8ee9ec1769acd723267b2c65af6b97f1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_AU/LC_TIME", + "mode": 33188, + "size": 3276, + "digest": { + "algorithm": "sha256", + "value": "bf82d3292127f262668eaef86f1cd112889c11218778e6b61449aa740f888e73" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW.utf8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW.utf8/LC_ADDRESS", + "mode": 33188, + "size": 154, + "digest": { + "algorithm": "sha256", + "value": "64324d4177a468f0ae88a84791c150c1df229162e029f582e90665c3e48b6e99" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW.utf8/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW.utf8/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW.utf8/LC_IDENTIFICATION", + "mode": 33188, + "size": 295, + "digest": { + "algorithm": "sha256", + "value": "6e32bd5c935dc5428e51e4662e79d60f2a2bc8e0629e890ff8428deb9a06661f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW.utf8/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW.utf8/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW.utf8/LC_MONETARY", + "mode": 33188, + "size": 286, + "digest": { + "algorithm": "sha256", + "value": "d4b9df2ec1f6da0a70a0ebe19bfd87b6889e4b7f236c47ff4fe1ec5cebd078fd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW.utf8/LC_NAME", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "710d69ab9ac421f7da9a54bcc5a6cca6ce07f1a3a52840a2fd86879d9417a961" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW.utf8/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW.utf8/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW.utf8/LC_TELEPHONE", + "mode": 33188, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "b84e8cfa9c5d06d2e577630db71bc359313bfffb07220b5572f4da7a979d12c7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW.utf8/LC_TIME", + "mode": 33188, + "size": 3196, + "digest": { + "algorithm": "sha256", + "value": "cb557c98fea141e7ae22af68357d162d6f103823dbdc5cbf0a2c8ab16dcf9cd8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW/LC_ADDRESS", + "mode": 33188, + "size": 159, + "digest": { + "algorithm": "sha256", + "value": "b5ce1187470139c1a321b087b50248f6ed4a29e15f2bef2ea6afd02c3696e66d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW/LC_COLLATE", + "mode": 33188, + "size": 21267, + "digest": { + "algorithm": "sha256", + "value": "c2228135bc5d8d23e511af634953113a89e4d50cbd0d8375a60b3da879f457ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW/LC_CTYPE", + "mode": 33188, + "size": 294948, + "digest": { + "algorithm": "sha256", + "value": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW/LC_IDENTIFICATION", + "mode": 33188, + "size": 300, + "digest": { + "algorithm": "sha256", + "value": "25b6bce71e4fe49c8fff65074006ccc6bb07eba77f618149558f35ed3294b8c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW/LC_MEASUREMENT", + "mode": 33188, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "e471915853f417071f841415994bc4a0befb771b3ab2ca07e705b9c9d7aa9569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "092c1b236815302e33b5dafaa68163b77cc7f5fc13618724ef2bf3b99dbb11c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW/LC_MONETARY", + "mode": 33188, + "size": 291, + "digest": { + "algorithm": "sha256", + "value": "6d7d95c6fc1dbf725a5ad7202f0225d8c1a0872fa2a9d71e0e390fabef66a80d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW/LC_NAME", + "mode": 33188, + "size": 67, + "digest": { + "algorithm": "sha256", + "value": "4f76a728f941c8c60545a5a351b84e0e8d5fc2cfd2d58b57ef7df68bf9ff0b2c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW/LC_NUMERIC", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "82c765bea6a0c5f953d22b2241ec3bf5b2b5f8566d64301314fc1eb8777ff2c2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW/LC_PAPER", + "mode": 33188, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "7a0be06f05dea974a4ad8b2b2d4a7fa2703bc25e45198fdda5b8f4507c5b881b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW/LC_TELEPHONE", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "1511760e00244ac5bee008dc6013b344c01047702ea6612e023163bb2331800e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_BW/LC_TIME", + "mode": 33188, + "size": 3204, + "digest": { + "algorithm": "sha256", + "value": "25b3eac7018ba833f187bc03601ede03feb3d58edb992b5742105534055d0df7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA.utf8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA.utf8/LC_ADDRESS", + "mode": 33188, + "size": 150, + "digest": { + "algorithm": "sha256", + "value": "9beb276898ada74bfdb3e58010ad50d848dab826831ffde8172987b15da7609f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA.utf8/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "df5373daa0bc801de7dac8b3bac56bf41f7c33a8103115604bbd4a6d5759988a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA.utf8/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA.utf8/LC_IDENTIFICATION", + "mode": 33188, + "size": 352, + "digest": { + "algorithm": "sha256", + "value": "a0f759b1e390a27af7043b36afdee6ab1a5e0fe3edb0522b95d027c323559a9f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA.utf8/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA.utf8/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "278a4c06b0844aec3784d927e60a27fc477a8f1259e5d4ecfaddff635b9f13f1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA.utf8/LC_MONETARY", + "mode": 33188, + "size": 286, + "digest": { + "algorithm": "sha256", + "value": "113ab7fce8ea21d471f6f99dbff4b194f106b065d16a8d28cc244ab3dcc29298" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA.utf8/LC_NAME", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "710d69ab9ac421f7da9a54bcc5a6cca6ce07f1a3a52840a2fd86879d9417a961" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA.utf8/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA.utf8/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "b4b7da39151376fdb0e8f7c35d0dc2335d2f1149fdb23882143ac1604c3f8a43" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA.utf8/LC_TELEPHONE", + "mode": 33188, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "116b926988a5c927fdf45e4f447714e7f1c4c590ed01a38f420c72e44ae44646" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA.utf8/LC_TIME", + "mode": 33188, + "size": 3268, + "digest": { + "algorithm": "sha256", + "value": "d7452927e255ed08d63ce210fffcff32bae9df2efa0d8400751b9466bd768711" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA/LC_ADDRESS", + "mode": 33188, + "size": 155, + "digest": { + "algorithm": "sha256", + "value": "fecd709136dd8aa0b0922433f514200bde9bb639af593f8a368fa32221118bd7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA/LC_COLLATE", + "mode": 33188, + "size": 21267, + "digest": { + "algorithm": "sha256", + "value": "86ce39ae32705e44d59e0f08ad3eca7e988303700ac14dca60588ea6c395fe00" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA/LC_CTYPE", + "mode": 33188, + "size": 294948, + "digest": { + "algorithm": "sha256", + "value": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA/LC_IDENTIFICATION", + "mode": 33188, + "size": 355, + "digest": { + "algorithm": "sha256", + "value": "4c9872dc999eb8518f51b21464ad5f880c0551d99315595bbe5e924f42cdb9ef" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA/LC_MEASUREMENT", + "mode": 33188, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "e471915853f417071f841415994bc4a0befb771b3ab2ca07e705b9c9d7aa9569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 64, + "digest": { + "algorithm": "sha256", + "value": "d5d24009a728487d62b12d1db7da6851f1d44dfebd102d038ebdfcf047c2a525" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA/LC_MONETARY", + "mode": 33188, + "size": 291, + "digest": { + "algorithm": "sha256", + "value": "a957adbbd6baf3d5a9c9a49df0d7afd2a63552a335a5b80b0e37950cb4b8010e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA/LC_NAME", + "mode": 33188, + "size": 67, + "digest": { + "algorithm": "sha256", + "value": "4f76a728f941c8c60545a5a351b84e0e8d5fc2cfd2d58b57ef7df68bf9ff0b2c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA/LC_NUMERIC", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "82c765bea6a0c5f953d22b2241ec3bf5b2b5f8566d64301314fc1eb8777ff2c2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA/LC_PAPER", + "mode": 33188, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "9178bbf7f3d7895e793966adce6029bb27624950e84c3de39a8fe249a7edc57c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA/LC_TELEPHONE", + "mode": 33188, + "size": 56, + "digest": { + "algorithm": "sha256", + "value": "a52a419ef416e12318ffd938dc5abd44787b7fe7a3cc914dd5862f17fe63dbe2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_CA/LC_TIME", + "mode": 33188, + "size": 3276, + "digest": { + "algorithm": "sha256", + "value": "ae8d5b2abf057f12a8c71a610743521e3c3df976d397eda967853a140254d9ef" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK.utf8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK.utf8/LC_ADDRESS", + "mode": 33188, + "size": 150, + "digest": { + "algorithm": "sha256", + "value": "8797ca35c1a1b0a8830b137326a07bfa876b6ebc04fd4f41dea9345366be0eae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK.utf8/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK.utf8/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK.utf8/LC_IDENTIFICATION", + "mode": 33188, + "size": 364, + "digest": { + "algorithm": "sha256", + "value": "cf27d8073b982c657c1a4935355e5f3b7ceb11d1f4aa75dba946cbe1fc69cca9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK.utf8/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK.utf8/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 63, + "digest": { + "algorithm": "sha256", + "value": "449dd6201f0ceba37162899a31cf7e940fbc6b3cb4e55727df73731214da411b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK.utf8/LC_MONETARY", + "mode": 33188, + "size": 294, + "digest": { + "algorithm": "sha256", + "value": "2869f9f858a6dea39b6760fdd37b83f35a44bd7c3bf549be66b85c9f5b84aca1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK.utf8/LC_NAME", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "710d69ab9ac421f7da9a54bcc5a6cca6ce07f1a3a52840a2fd86879d9417a961" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK.utf8/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "e74bd3fa29aab46175b94c0729a46cefe6568d61e41d03ac62485a88c5bf904e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK.utf8/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK.utf8/LC_TELEPHONE", + "mode": 33188, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "1b322d54185175a6f99c0f200e75f45748a5dc24e81cf9deceeb3b4b08125df9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK.utf8/LC_TIME", + "mode": 33188, + "size": 3180, + "digest": { + "algorithm": "sha256", + "value": "77650f06b37ea464e1521af5d88e085fabd266d1fa6dbe61c6395422ee8e9f00" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK/LC_ADDRESS", + "mode": 33188, + "size": 155, + "digest": { + "algorithm": "sha256", + "value": "c49028ffbcfe8a613e1c3106eda1a5b3e04bcd3df29777f38f4a654c84831b11" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK/LC_COLLATE", + "mode": 33188, + "size": 21267, + "digest": { + "algorithm": "sha256", + "value": "c2228135bc5d8d23e511af634953113a89e4d50cbd0d8375a60b3da879f457ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK/LC_CTYPE", + "mode": 33188, + "size": 294948, + "digest": { + "algorithm": "sha256", + "value": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK/LC_IDENTIFICATION", + "mode": 33188, + "size": 369, + "digest": { + "algorithm": "sha256", + "value": "bbfde7324ac2582b5158a8fac1b1743a4e2d061cea38aacd11e8303b07843c1e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK/LC_MEASUREMENT", + "mode": 33188, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "e471915853f417071f841415994bc4a0befb771b3ab2ca07e705b9c9d7aa9569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 68, + "digest": { + "algorithm": "sha256", + "value": "c8041aabc69941a829c4d685307dfadaf2b75229dfaaf9cd14dc45c4a6b06781" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK/LC_MONETARY", + "mode": 33188, + "size": 299, + "digest": { + "algorithm": "sha256", + "value": "8e95a180d06b5bd2bba38b325ed25248d34e33b7105469df33f9f2cf97be70f7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK/LC_NAME", + "mode": 33188, + "size": 67, + "digest": { + "algorithm": "sha256", + "value": "4f76a728f941c8c60545a5a351b84e0e8d5fc2cfd2d58b57ef7df68bf9ff0b2c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK/LC_NUMERIC", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "39785e9425c73fd1a0b47d9d4610f9c9f8b692a9d02caf7994ddad249bf53f98" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK/LC_PAPER", + "mode": 33188, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "7a0be06f05dea974a4ad8b2b2d4a7fa2703bc25e45198fdda5b8f4507c5b881b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK/LC_TELEPHONE", + "mode": 33188, + "size": 56, + "digest": { + "algorithm": "sha256", + "value": "2cb7fcb60f7531b60b34084774a136579f72b70e9fa4f6de01bac9808b4b3fed" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_DK/LC_TIME", + "mode": 33188, + "size": 3188, + "digest": { + "algorithm": "sha256", + "value": "74aa1c90a38fed0476594f2013385a79dd53e02b157db3384d324cb0dc2ed49b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.iso885915", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.iso885915/LC_ADDRESS", + "mode": 33188, + "size": 164, + "digest": { + "algorithm": "sha256", + "value": "4f94a6e36ab13c81ebcc9e7a5d7f6a7ea171d5107990df0af1cb76475704f0fc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.iso885915/LC_COLLATE", + "mode": 33188, + "size": 22408, + "digest": { + "algorithm": "sha256", + "value": "0fdeeec6c7d3489ec0693a457d3fbd8e01af07cb5ad6cfdc159777e291298c97" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.iso885915/LC_CTYPE", + "mode": 33188, + "size": 295208, + "digest": { + "algorithm": "sha256", + "value": "b1ebddb48ccb5dca8a73bb3f3bb731de3ce8b0ba3e3c347c67ab8c251d834d3f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.iso885915/LC_IDENTIFICATION", + "mode": 33188, + "size": 377, + "digest": { + "algorithm": "sha256", + "value": "512a4fe4f25b06b8f3ec49f398c9ee9ac0213a95e547398d1afd028dd53999b1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.iso885915/LC_MEASUREMENT", + "mode": 33188, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "a1a6dad67e57c0d5614d6b645dcb8edb4a8afed90012486420810087b6a4bde7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.iso885915/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.iso885915/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 63, + "digest": { + "algorithm": "sha256", + "value": "d7c9ce656ce7e1007a62b9922885d2b14588754249d01a2c492bd82e4a122ec0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.iso885915/LC_MONETARY", + "mode": 33188, + "size": 292, + "digest": { + "algorithm": "sha256", + "value": "95e6e76420dfadb08ef4ab7e4f0cb799a32012d2716fffe150661cce3a37ad7c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.iso885915/LC_NAME", + "mode": 33188, + "size": 83, + "digest": { + "algorithm": "sha256", + "value": "ff2e587e65da8c310a5c5185daa5dc054a8e1cbea759f33641d04684411643fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.iso885915/LC_NUMERIC", + "mode": 33188, + "size": 60, + "digest": { + "algorithm": "sha256", + "value": "cf7d9da93c5845e8a870aee4fe9729bc250b129f7a43d248412c33ca722137f5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.iso885915/LC_PAPER", + "mode": 33188, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "ca81b12c9d87f73225573bd671577d39e5f21a2b8a487774f01e6e8b04e32290" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.iso885915/LC_TELEPHONE", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "873bc0fed6082d2b8ddd1788cb60d768e8ceabb906c9e2c79c91cbfa97b8ee40" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.iso885915/LC_TIME", + "mode": 33188, + "size": 3340, + "digest": { + "algorithm": "sha256", + "value": "dfbca84cfa9f63e766ec0b9cc0b77cfe29b023e07394b9bfd9015a171d8050a5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.utf8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.utf8/LC_ADDRESS", + "mode": 33188, + "size": 158, + "digest": { + "algorithm": "sha256", + "value": "2e79e6fa009a80c248f350fdc58299e2f3b849253fbe934905f24e257bb02c60" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.utf8/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.utf8/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.utf8/LC_IDENTIFICATION", + "mode": 33188, + "size": 373, + "digest": { + "algorithm": "sha256", + "value": "51a3b8400e0cc2ff5443f7d77d95c56f9ea47e027f0f85ec7fa5d02058aeac99" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.utf8/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.utf8/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.utf8/LC_MONETARY", + "mode": 33188, + "size": 290, + "digest": { + "algorithm": "sha256", + "value": "f2e9ad7ed04a6eb972c30acb5433f4b530464a8882f57cb9d3391d34633c31a2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.utf8/LC_NAME", + "mode": 33188, + "size": 77, + "digest": { + "algorithm": "sha256", + "value": "2d776e660519a0af4e766d36c0698101f73e1aed52c30b14588205ee5d76adf1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.utf8/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.utf8/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.utf8/LC_TELEPHONE", + "mode": 33188, + "size": 56, + "digest": { + "algorithm": "sha256", + "value": "ddb8c313bd9008bceb65ca9142715400e5d6ad11bdd5079044e21a88996a31b9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB.utf8/LC_TIME", + "mode": 33188, + "size": 3332, + "digest": { + "algorithm": "sha256", + "value": "24545b905165763a1f998fdd5d945dae7bf3364cf9d2dfd4281e34695d2d40ac" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB/LC_ADDRESS", + "mode": 33188, + "size": 163, + "digest": { + "algorithm": "sha256", + "value": "291964c94077552e0b6d15ae3e5c152244c76734e88b5ac10066eae889c81d07" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB/LC_COLLATE", + "mode": 33188, + "size": 21267, + "digest": { + "algorithm": "sha256", + "value": "c2228135bc5d8d23e511af634953113a89e4d50cbd0d8375a60b3da879f457ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB/LC_CTYPE", + "mode": 33188, + "size": 294948, + "digest": { + "algorithm": "sha256", + "value": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB/LC_IDENTIFICATION", + "mode": 33188, + "size": 376, + "digest": { + "algorithm": "sha256", + "value": "20c9f7e0af4824b9e1acc2a929df97e995a799afde8496b90e2f7712e618cd7d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB/LC_MEASUREMENT", + "mode": 33188, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "e471915853f417071f841415994bc4a0befb771b3ab2ca07e705b9c9d7aa9569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "092c1b236815302e33b5dafaa68163b77cc7f5fc13618724ef2bf3b99dbb11c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB/LC_MONETARY", + "mode": 33188, + "size": 291, + "digest": { + "algorithm": "sha256", + "value": "40aed2f7b350ba3a4310a1717205280143ebdc72ef379734924b2973acb8c5ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB/LC_NAME", + "mode": 33188, + "size": 82, + "digest": { + "algorithm": "sha256", + "value": "389ae37e836db8f0dfc79b1f2b8d232c335b39118c831b48c6bb4abf87accb61" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB/LC_NUMERIC", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "82c765bea6a0c5f953d22b2241ec3bf5b2b5f8566d64301314fc1eb8777ff2c2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB/LC_PAPER", + "mode": 33188, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "7a0be06f05dea974a4ad8b2b2d4a7fa2703bc25e45198fdda5b8f4507c5b881b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB/LC_TELEPHONE", + "mode": 33188, + "size": 61, + "digest": { + "algorithm": "sha256", + "value": "45e005598e46ee7b1cd54cfd31a21c60d17f31a5667d581e4cd17e4c506f2d14" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_GB/LC_TIME", + "mode": 33188, + "size": 3340, + "digest": { + "algorithm": "sha256", + "value": "0cb878b7be7f6a99b63cf3100b41879da70f8937daf961f459e42f6e6261fbfb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK.utf8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK.utf8/LC_ADDRESS", + "mode": 33188, + "size": 138, + "digest": { + "algorithm": "sha256", + "value": "f2dc97f9b335d44f0e42781b321385a4a71ec2d12bb950ee9bcf72775149cfad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK.utf8/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK.utf8/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK.utf8/LC_IDENTIFICATION", + "mode": 33188, + "size": 465, + "digest": { + "algorithm": "sha256", + "value": "6594c23c2de52aa17628a61b95b4c041ae7a482bf354da59281d13e2a6ccc6cd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK.utf8/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK.utf8/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK.utf8/LC_MONETARY", + "mode": 33188, + "size": 290, + "digest": { + "algorithm": "sha256", + "value": "f4a5bb46bd61b69dab850b550f5700e35c2755ffcd667cb74549ccf854987ad5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK.utf8/LC_NAME", + "mode": 33188, + "size": 72, + "digest": { + "algorithm": "sha256", + "value": "f3823b4d715e6b888119094a185041e3f8b4165b50408984d104618dc7afeed4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK.utf8/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "5172617c05a37b20bf980ca047b35da4ccc281be9672df40b267dbc0a7d69c09" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK.utf8/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK.utf8/LC_TELEPHONE", + "mode": 33188, + "size": 55, + "digest": { + "algorithm": "sha256", + "value": "6e3c2f01f599ca8f1077f500f68da6acf19737b1c58c2480ce27f7ce2e999f2a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK.utf8/LC_TIME", + "mode": 33188, + "size": 3472, + "digest": { + "algorithm": "sha256", + "value": "cebd2385796377658b8160e4c4cb8ba525d2bc3d968e4daae20ce6cab1afe2c5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK/LC_ADDRESS", + "mode": 33188, + "size": 143, + "digest": { + "algorithm": "sha256", + "value": "85ef03913f22c15ca19e194ebc4a0e36fe2321bb37895d4f09db97b17b79a362" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK/LC_COLLATE", + "mode": 33188, + "size": 21267, + "digest": { + "algorithm": "sha256", + "value": "c2228135bc5d8d23e511af634953113a89e4d50cbd0d8375a60b3da879f457ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK/LC_CTYPE", + "mode": 33188, + "size": 294948, + "digest": { + "algorithm": "sha256", + "value": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK/LC_IDENTIFICATION", + "mode": 33188, + "size": 470, + "digest": { + "algorithm": "sha256", + "value": "69fdb3b1eb3184fc07fe585ebcba517c0f8899dc1734ad8c0afcb87a04157019" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK/LC_MEASUREMENT", + "mode": 33188, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "e471915853f417071f841415994bc4a0befb771b3ab2ca07e705b9c9d7aa9569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "092c1b236815302e33b5dafaa68163b77cc7f5fc13618724ef2bf3b99dbb11c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK/LC_MONETARY", + "mode": 33188, + "size": 295, + "digest": { + "algorithm": "sha256", + "value": "c0137e48e5022922ade0bf1685183f5dbf5d05cd77beb0f0318cd193527648b5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK/LC_NAME", + "mode": 33188, + "size": 77, + "digest": { + "algorithm": "sha256", + "value": "4fdb2bdbbdae73c1a31fe08f7e1bd008754a35bb3fd399c6cb1df3d9bbb32aa4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK/LC_NUMERIC", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "0f5496ab7b0a7d93b66d802ab6410c4ab07efa8e85b71692bb40207cb8a9397f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK/LC_PAPER", + "mode": 33188, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "7a0be06f05dea974a4ad8b2b2d4a7fa2703bc25e45198fdda5b8f4507c5b881b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK/LC_TELEPHONE", + "mode": 33188, + "size": 60, + "digest": { + "algorithm": "sha256", + "value": "677e406878326f8bb70332f80aac524139ecf0eaea0fa47d4a608994b5ee75d8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_HK/LC_TIME", + "mode": 33188, + "size": 3480, + "digest": { + "algorithm": "sha256", + "value": "60d3ed792af65235e691f97a936ecf68d784e5d6b40cde41eea03da7000907e1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE.utf8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE.utf8/LC_ADDRESS", + "mode": 33188, + "size": 154, + "digest": { + "algorithm": "sha256", + "value": "afba6685620272060f18ab4ff8391994dad024229f09c84aa94f66dbfec6d5bf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE.utf8/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE.utf8/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE.utf8/LC_IDENTIFICATION", + "mode": 33188, + "size": 345, + "digest": { + "algorithm": "sha256", + "value": "3982aa6febb1137e50ea814298e9a5cee5bb8a17bab574be346d2b92f1f13cd0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE.utf8/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE.utf8/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE.utf8/LC_MONETARY", + "mode": 33188, + "size": 294, + "digest": { + "algorithm": "sha256", + "value": "a9d8a91b113acd62cb95ff336285f3ef21bc1e95375f4e5de4dab8adab8b1bcc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE.utf8/LC_NAME", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "710d69ab9ac421f7da9a54bcc5a6cca6ce07f1a3a52840a2fd86879d9417a961" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE.utf8/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE.utf8/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE.utf8/LC_TELEPHONE", + "mode": 33188, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "5fa846f4a692d9c1ed30ba5b53f419c4967f1925178aa102da09ce75780a18ca" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE.utf8/LC_TIME", + "mode": 33188, + "size": 3196, + "digest": { + "algorithm": "sha256", + "value": "b50dd0a6bc80f6bc7718b06c9119c1ed0cef013002f606709acc2596a27cf1d5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE/LC_ADDRESS", + "mode": 33188, + "size": 159, + "digest": { + "algorithm": "sha256", + "value": "9578d6f0fc0768b3e09e8118bb369342e3d4b7fa95f05ea226847658c0dead3b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE/LC_COLLATE", + "mode": 33188, + "size": 21267, + "digest": { + "algorithm": "sha256", + "value": "c2228135bc5d8d23e511af634953113a89e4d50cbd0d8375a60b3da879f457ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE/LC_CTYPE", + "mode": 33188, + "size": 294948, + "digest": { + "algorithm": "sha256", + "value": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE/LC_IDENTIFICATION", + "mode": 33188, + "size": 348, + "digest": { + "algorithm": "sha256", + "value": "d8ebe38e45b6d6a5335dc80b1ed15b9b0672fd41d846c49ac506c07622e02ae0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE/LC_MEASUREMENT", + "mode": 33188, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "e471915853f417071f841415994bc4a0befb771b3ab2ca07e705b9c9d7aa9569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "092c1b236815302e33b5dafaa68163b77cc7f5fc13618724ef2bf3b99dbb11c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE/LC_MONETARY", + "mode": 33188, + "size": 299, + "digest": { + "algorithm": "sha256", + "value": "3b551ba69af8f09b18d96849d5d4668573352e05d65c2c4e051cab43a8e7a0bb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE/LC_NAME", + "mode": 33188, + "size": 67, + "digest": { + "algorithm": "sha256", + "value": "4f76a728f941c8c60545a5a351b84e0e8d5fc2cfd2d58b57ef7df68bf9ff0b2c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE/LC_NUMERIC", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "82c765bea6a0c5f953d22b2241ec3bf5b2b5f8566d64301314fc1eb8777ff2c2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE/LC_PAPER", + "mode": 33188, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "7a0be06f05dea974a4ad8b2b2d4a7fa2703bc25e45198fdda5b8f4507c5b881b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE/LC_TELEPHONE", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "601efdc587d6d29de3dc6dc23d308a7bb764b4e0f817276a7d055c37c09600f9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE/LC_TIME", + "mode": 33188, + "size": 3204, + "digest": { + "algorithm": "sha256", + "value": "314cd9b6f0ac4fabb741538d4f23c827e340e3fa313e3d3f5073a0ca6a9a2f9a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE@euro", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE@euro/LC_ADDRESS", + "mode": 33188, + "size": 160, + "digest": { + "algorithm": "sha256", + "value": "7de0f6f4a639779bb70c9371568323f73144150f648940efa4b7c4be4db16d91" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE@euro/LC_COLLATE", + "mode": 33188, + "size": 22408, + "digest": { + "algorithm": "sha256", + "value": "0fdeeec6c7d3489ec0693a457d3fbd8e01af07cb5ad6cfdc159777e291298c97" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE@euro/LC_CTYPE", + "mode": 33188, + "size": 295208, + "digest": { + "algorithm": "sha256", + "value": "b1ebddb48ccb5dca8a73bb3f3bb731de3ce8b0ba3e3c347c67ab8c251d834d3f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE@euro/LC_IDENTIFICATION", + "mode": 33188, + "size": 370, + "digest": { + "algorithm": "sha256", + "value": "51ea5c74ca943af16be679948957027318f0685c4c81bddb47e29ee9032bf9f3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE@euro/LC_MEASUREMENT", + "mode": 33188, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "a1a6dad67e57c0d5614d6b645dcb8edb4a8afed90012486420810087b6a4bde7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE@euro/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE@euro/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 63, + "digest": { + "algorithm": "sha256", + "value": "d7c9ce656ce7e1007a62b9922885d2b14588754249d01a2c492bd82e4a122ec0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE@euro/LC_MONETARY", + "mode": 33188, + "size": 292, + "digest": { + "algorithm": "sha256", + "value": "35a500937035ecfb3117443209a29e6045956d45af1ce8fcdcd4b64d609c049f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE@euro/LC_NAME", + "mode": 33188, + "size": 68, + "digest": { + "algorithm": "sha256", + "value": "a2877b465ad99b3e67c675eb6e73491eec3f1e7c362cf6b6773bd0f312f0c2f5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE@euro/LC_NUMERIC", + "mode": 33188, + "size": 60, + "digest": { + "algorithm": "sha256", + "value": "cf7d9da93c5845e8a870aee4fe9729bc250b129f7a43d248412c33ca722137f5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE@euro/LC_PAPER", + "mode": 33188, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "ca81b12c9d87f73225573bd671577d39e5f21a2b8a487774f01e6e8b04e32290" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE@euro/LC_TELEPHONE", + "mode": 33188, + "size": 58, + "digest": { + "algorithm": "sha256", + "value": "5d95eb5f24c57d2344a46edd509a15b382dd03edc457d299ab89c2b8ef526489" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IE@euro/LC_TIME", + "mode": 33188, + "size": 3204, + "digest": { + "algorithm": "sha256", + "value": "15dd19e0d67c1e8f3906cdcc944c268cc3c3ceb0f558c08f1fe03c2cddeee748" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IL", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IL/LC_ADDRESS", + "mode": 33188, + "size": 154, + "digest": { + "algorithm": "sha256", + "value": "b2b6d1ce3e3bdf8fc22261ac3cb2c7c0a072c4916327e4a2063fad386b5da8a7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IL/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IL/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IL/LC_IDENTIFICATION", + "mode": 33188, + "size": 352, + "digest": { + "algorithm": "sha256", + "value": "858942221aaa1a1f9c9d6672a02cda2067c4e6fbc68dcd6a7627457429d9f77e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IL/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IL/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IL/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IL/LC_MONETARY", + "mode": 33188, + "size": 294, + "digest": { + "algorithm": "sha256", + "value": "58c940021b43f466bd9c693dc7057fb9cf42942062c7139650cbb89ad2e4f336" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IL/LC_NAME", + "mode": 33188, + "size": 77, + "digest": { + "algorithm": "sha256", + "value": "2d776e660519a0af4e766d36c0698101f73e1aed52c30b14588205ee5d76adf1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IL/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IL/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IL/LC_TELEPHONE", + "mode": 33188, + "size": 68, + "digest": { + "algorithm": "sha256", + "value": "e2f5faf52d54076c1e6266ef4c23665704c85258839818e37ee37a9f37c6edfd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IL/LC_TIME", + "mode": 33188, + "size": 3196, + "digest": { + "algorithm": "sha256", + "value": "c0122e62acccf2f67ed1eff86b306f59497c099564822023955864f5eb2150e2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IN", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IN/LC_ADDRESS", + "mode": 33188, + "size": 126, + "digest": { + "algorithm": "sha256", + "value": "b1657d241862c96091ccf9f6664d235b8bfdc12e3fbe2d1fb8017db2841bcf2b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IN/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IN/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IN/LC_IDENTIFICATION", + "mode": 33188, + "size": 456, + "digest": { + "algorithm": "sha256", + "value": "35dbeb9a2bd857f95fba54fb322e6e0a5fa5c7a93e206132bf9960088b399ab3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IN/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IN/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IN/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IN/LC_MONETARY", + "mode": 33188, + "size": 294, + "digest": { + "algorithm": "sha256", + "value": "61a320a6571b954eaa6f39ef9c6f06f19b4121ea638c850f002a9af8a58039f6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IN/LC_NAME", + "mode": 33188, + "size": 72, + "digest": { + "algorithm": "sha256", + "value": "f3823b4d715e6b888119094a185041e3f8b4165b50408984d104618dc7afeed4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IN/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "28696c445198df18662f64fe5300a1b762077efda709fbd85c4d006dbb89cdff" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IN/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IN/LC_TELEPHONE", + "mode": 33188, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "580b6e7771ceea7eb460ef02ab74fe0c9af2506f8e12a9fba38424550db10131" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_IN/LC_TIME", + "mode": 33188, + "size": 3432, + "digest": { + "algorithm": "sha256", + "value": "c9c45b2923c4e065f3c2836a5eb7ca9d5ae55fddf5799004553a8fe30574a3be" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NG", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NG/LC_ADDRESS", + "mode": 33188, + "size": 157, + "digest": { + "algorithm": "sha256", + "value": "317371a6d0e5bec610496599512b78fb29665dbe112e4490000b0e19128a6d46" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NG/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NG/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NG/LC_IDENTIFICATION", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "2f8297c7958830546d126a6f4d25b08e510f7fcea9e02ab7411fe8d966b41dc3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NG/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NG/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NG/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NG/LC_MONETARY", + "mode": 33188, + "size": 294, + "digest": { + "algorithm": "sha256", + "value": "77389baab2204640b3710c73692750a699358516bd656938f4c200192e44ce0b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NG/LC_NAME", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "710d69ab9ac421f7da9a54bcc5a6cca6ce07f1a3a52840a2fd86879d9417a961" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NG/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NG/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NG/LC_TELEPHONE", + "mode": 33188, + "size": 60, + "digest": { + "algorithm": "sha256", + "value": "db478f53f42c264b025f04250d885f182f1f70fdbba458bfc000e3d484528e80" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NG/LC_TIME", + "mode": 33188, + "size": 3196, + "digest": { + "algorithm": "sha256", + "value": "f83e0b2ad02560b99ed3c5ce7cf5cef41f9d23e6a510eee373d8aefada460023" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ.utf8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ.utf8/LC_ADDRESS", + "mode": 33188, + "size": 154, + "digest": { + "algorithm": "sha256", + "value": "67c85262cd9a21211fc91f17da55362c9574e770dbcda7e12636d16687b10767" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ.utf8/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ.utf8/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ.utf8/LC_IDENTIFICATION", + "mode": 33188, + "size": 353, + "digest": { + "algorithm": "sha256", + "value": "573081226607e7e0971c76649d1768c00fa99604311449bd32faaecae6012e28" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ.utf8/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ.utf8/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ.utf8/LC_MONETARY", + "mode": 33188, + "size": 286, + "digest": { + "algorithm": "sha256", + "value": "7a3fb3e7a7c07f722382ed26cbd37ac489328897ef9aaa742f0b455628414a7c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ.utf8/LC_NAME", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "710d69ab9ac421f7da9a54bcc5a6cca6ce07f1a3a52840a2fd86879d9417a961" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ.utf8/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ.utf8/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ.utf8/LC_TELEPHONE", + "mode": 33188, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "b5055638d155060f11adcfd6bc4fdb7ccd07bb0772c6f65c497c859584a31ac0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ.utf8/LC_TIME", + "mode": 33188, + "size": 3268, + "digest": { + "algorithm": "sha256", + "value": "51d1e09aa1fdda7f181ed2a5a336b000333dde888f80bb1bb40c216c36bb9cc8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ/LC_ADDRESS", + "mode": 33188, + "size": 159, + "digest": { + "algorithm": "sha256", + "value": "3cc04632ab4258ad1386a6bc792dfb3a45740df630e83b3982e23769851e96a0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ/LC_COLLATE", + "mode": 33188, + "size": 21267, + "digest": { + "algorithm": "sha256", + "value": "c2228135bc5d8d23e511af634953113a89e4d50cbd0d8375a60b3da879f457ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ/LC_CTYPE", + "mode": 33188, + "size": 294948, + "digest": { + "algorithm": "sha256", + "value": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ/LC_IDENTIFICATION", + "mode": 33188, + "size": 356, + "digest": { + "algorithm": "sha256", + "value": "7abbec363cf20a90b7c25b812660dee897fc6e0c69a5aca7449b6ec48ab1409b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ/LC_MEASUREMENT", + "mode": 33188, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "e471915853f417071f841415994bc4a0befb771b3ab2ca07e705b9c9d7aa9569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "092c1b236815302e33b5dafaa68163b77cc7f5fc13618724ef2bf3b99dbb11c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ/LC_MONETARY", + "mode": 33188, + "size": 291, + "digest": { + "algorithm": "sha256", + "value": "d047a750661932b9ed03ce9ccff640aff34b5ac69e31e6f2200cd782810d2c68" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ/LC_NAME", + "mode": 33188, + "size": 67, + "digest": { + "algorithm": "sha256", + "value": "4f76a728f941c8c60545a5a351b84e0e8d5fc2cfd2d58b57ef7df68bf9ff0b2c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ/LC_NUMERIC", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "82c765bea6a0c5f953d22b2241ec3bf5b2b5f8566d64301314fc1eb8777ff2c2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ/LC_PAPER", + "mode": 33188, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "7a0be06f05dea974a4ad8b2b2d4a7fa2703bc25e45198fdda5b8f4507c5b881b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ/LC_TELEPHONE", + "mode": 33188, + "size": 56, + "digest": { + "algorithm": "sha256", + "value": "034ff6820110188b7ee334d4e38f9eeb321f795ee2294a6256616777ee3a5db0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_NZ/LC_TIME", + "mode": 33188, + "size": 3276, + "digest": { + "algorithm": "sha256", + "value": "bf82d3292127f262668eaef86f1cd112889c11218778e6b61449aa740f888e73" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH.utf8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH.utf8/LC_ADDRESS", + "mode": 33188, + "size": 130, + "digest": { + "algorithm": "sha256", + "value": "d162b7314d73090a42ed3e3e40c890a9c29179a2c78b5eede6ff88ebd82415fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH.utf8/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH.utf8/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH.utf8/LC_IDENTIFICATION", + "mode": 33188, + "size": 468, + "digest": { + "algorithm": "sha256", + "value": "cf13bfc57a37a421c4832454cfdbe7911e02d46d416560a3a853e14e2a19e8dd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH.utf8/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH.utf8/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH.utf8/LC_MONETARY", + "mode": 33188, + "size": 290, + "digest": { + "algorithm": "sha256", + "value": "c1fbe0c7987b4023d4222ba46059f01892bd36bef404ba7fd36174f046e8e3b9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH.utf8/LC_NAME", + "mode": 33188, + "size": 73, + "digest": { + "algorithm": "sha256", + "value": "60e56627dc90cc2e87f82a471c516a6f8775064b0c67fce22ab4586fc7caf2d7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH.utf8/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "5172617c05a37b20bf980ca047b35da4ccc281be9672df40b267dbc0a7d69c09" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH.utf8/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "b4b7da39151376fdb0e8f7c35d0dc2335d2f1149fdb23882143ac1604c3f8a43" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH.utf8/LC_TELEPHONE", + "mode": 33188, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "2f2ca9411835619abacd5a3a4698e1de399dc36bebb6f28b1681b70b2528477c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH.utf8/LC_TIME", + "mode": 33188, + "size": 3480, + "digest": { + "algorithm": "sha256", + "value": "98aceae2484f58615f564e8a3d326ae0c6104bc9327a577b3e74725537de0b18" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH/LC_ADDRESS", + "mode": 33188, + "size": 135, + "digest": { + "algorithm": "sha256", + "value": "af435ccccee9f23a895dcb40577d667c1f5d1b4d81d9811379837ed8bf471352" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH/LC_COLLATE", + "mode": 33188, + "size": 21267, + "digest": { + "algorithm": "sha256", + "value": "c2228135bc5d8d23e511af634953113a89e4d50cbd0d8375a60b3da879f457ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH/LC_CTYPE", + "mode": 33188, + "size": 294948, + "digest": { + "algorithm": "sha256", + "value": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH/LC_IDENTIFICATION", + "mode": 33188, + "size": 473, + "digest": { + "algorithm": "sha256", + "value": "b224f33330d0fd89f42b5ba4723f88e943d21c6bc5cc2471f8accc433f3dc160" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH/LC_MEASUREMENT", + "mode": 33188, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "e471915853f417071f841415994bc4a0befb771b3ab2ca07e705b9c9d7aa9569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "092c1b236815302e33b5dafaa68163b77cc7f5fc13618724ef2bf3b99dbb11c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH/LC_MONETARY", + "mode": 33188, + "size": 295, + "digest": { + "algorithm": "sha256", + "value": "2458bae97e741ecdd15a9b075ef039fed6e2a1b701de434b7a002534d572eefe" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH/LC_NAME", + "mode": 33188, + "size": 78, + "digest": { + "algorithm": "sha256", + "value": "4dd542ea728b2f2f95cb0b6cdc53ede87b3fec7cbf79425e1f9a62d90fd2d948" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH/LC_NUMERIC", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "0f5496ab7b0a7d93b66d802ab6410c4ab07efa8e85b71692bb40207cb8a9397f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH/LC_PAPER", + "mode": 33188, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "9178bbf7f3d7895e793966adce6029bb27624950e84c3de39a8fe249a7edc57c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH/LC_TELEPHONE", + "mode": 33188, + "size": 58, + "digest": { + "algorithm": "sha256", + "value": "01b590c55ec707b5a67641e73bde823094387ce59139541f6a714216744c152c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_PH/LC_TIME", + "mode": 33188, + "size": 3488, + "digest": { + "algorithm": "sha256", + "value": "68c8c2a4797f69746163ba5b79f8b102370baf3dc397db7a2eddac8499daf67b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SC.utf8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SC.utf8/LC_ADDRESS", + "mode": 33188, + "size": 135, + "digest": { + "algorithm": "sha256", + "value": "e9f4cade75a1468cac72ccc9209941841a20683e6479d21894121bb11ac5ea1f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SC.utf8/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SC.utf8/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SC.utf8/LC_IDENTIFICATION", + "mode": 33188, + "size": 326, + "digest": { + "algorithm": "sha256", + "value": "85cc42ca23ece68cfc5978e9c484f6e5be1d00f5c5a0397fb054ee703edde586" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SC.utf8/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SC.utf8/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SC.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SC.utf8/LC_MONETARY", + "mode": 33188, + "size": 290, + "digest": { + "algorithm": "sha256", + "value": "6cce27edfd96ee366dfcdf5985ba52073c1e81a0641cc606f3b2ceb0f853da91" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SC.utf8/LC_NAME", + "mode": 33188, + "size": 77, + "digest": { + "algorithm": "sha256", + "value": "2d776e660519a0af4e766d36c0698101f73e1aed52c30b14588205ee5d76adf1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SC.utf8/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SC.utf8/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SC.utf8/LC_TELEPHONE", + "mode": 33188, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "3977c5cd62d44d646332bfeeea42245b9ee1deb46b89e32eb88a7d603fc23b43" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SC.utf8/LC_TIME", + "mode": 33188, + "size": 3332, + "digest": { + "algorithm": "sha256", + "value": "24545b905165763a1f998fdd5d945dae7bf3364cf9d2dfd4281e34695d2d40ac" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG.utf8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG.utf8/LC_ADDRESS", + "mode": 33188, + "size": 130, + "digest": { + "algorithm": "sha256", + "value": "82ace6e4940d0a3724c810cf34f5361407cdd22fa937be8ca04188cb26891ac9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG.utf8/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG.utf8/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG.utf8/LC_IDENTIFICATION", + "mode": 33188, + "size": 464, + "digest": { + "algorithm": "sha256", + "value": "601e65c2d5013b728988746377f64ebf7e07b5966aa07d7ce201e0e6abf8f216" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG.utf8/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG.utf8/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG.utf8/LC_MONETARY", + "mode": 33188, + "size": 286, + "digest": { + "algorithm": "sha256", + "value": "9bf4afcd8241e6e3c30b8f9718e3689bda5dcf6f36da9aa72fcf9fa59e05ad4b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG.utf8/LC_NAME", + "mode": 33188, + "size": 73, + "digest": { + "algorithm": "sha256", + "value": "60e56627dc90cc2e87f82a471c516a6f8775064b0c67fce22ab4586fc7caf2d7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG.utf8/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "5172617c05a37b20bf980ca047b35da4ccc281be9672df40b267dbc0a7d69c09" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG.utf8/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG.utf8/LC_TELEPHONE", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "d288d087c09405e74f85c7542d093280a92ea18a344642d4f77263582dbc9d22" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG.utf8/LC_TIME", + "mode": 33188, + "size": 3268, + "digest": { + "algorithm": "sha256", + "value": "93a053ac74b7776995f1981a4f89cc4d3d0e8ae1bc367f24c05d39b5d6789a2f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG/LC_ADDRESS", + "mode": 33188, + "size": 135, + "digest": { + "algorithm": "sha256", + "value": "433c5f2842f19de24597d213b1181e2374315c6688230c05e6855533e0001f48" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG/LC_COLLATE", + "mode": 33188, + "size": 21267, + "digest": { + "algorithm": "sha256", + "value": "c2228135bc5d8d23e511af634953113a89e4d50cbd0d8375a60b3da879f457ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG/LC_CTYPE", + "mode": 33188, + "size": 294948, + "digest": { + "algorithm": "sha256", + "value": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG/LC_IDENTIFICATION", + "mode": 33188, + "size": 469, + "digest": { + "algorithm": "sha256", + "value": "adfb5f03ef5d127016ecf68a72276c68eca381b5ddd992019bb4dcfe9ccf464b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG/LC_MEASUREMENT", + "mode": 33188, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "e471915853f417071f841415994bc4a0befb771b3ab2ca07e705b9c9d7aa9569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "092c1b236815302e33b5dafaa68163b77cc7f5fc13618724ef2bf3b99dbb11c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG/LC_MONETARY", + "mode": 33188, + "size": 291, + "digest": { + "algorithm": "sha256", + "value": "ff584067bab43f7a84b44cc7f0d1761c65ba09dbfa97ae6c6e4a9700950a541a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG/LC_NAME", + "mode": 33188, + "size": 78, + "digest": { + "algorithm": "sha256", + "value": "4dd542ea728b2f2f95cb0b6cdc53ede87b3fec7cbf79425e1f9a62d90fd2d948" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG/LC_NUMERIC", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "0f5496ab7b0a7d93b66d802ab6410c4ab07efa8e85b71692bb40207cb8a9397f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG/LC_PAPER", + "mode": 33188, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "7a0be06f05dea974a4ad8b2b2d4a7fa2703bc25e45198fdda5b8f4507c5b881b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG/LC_TELEPHONE", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "8a232d9599e3c135da14f785a3a76150e1a9f1aea40a3eac8c6b64de6567a8ca" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_SG/LC_TIME", + "mode": 33188, + "size": 3276, + "digest": { + "algorithm": "sha256", + "value": "fb76a7e7bca9ddac0c62808564b07a507a80f3aacf7e14a499abd6ea07c586bb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.iso885915", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.iso885915/LC_ADDRESS", + "mode": 33188, + "size": 173, + "digest": { + "algorithm": "sha256", + "value": "fed2012e2dee8bfebe132e5f28c6f511a7305756fa9f92eb43431efeea3267aa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.iso885915/LC_COLLATE", + "mode": 33188, + "size": 22408, + "digest": { + "algorithm": "sha256", + "value": "0fdeeec6c7d3489ec0693a457d3fbd8e01af07cb5ad6cfdc159777e291298c97" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.iso885915/LC_CTYPE", + "mode": 33188, + "size": 295208, + "digest": { + "algorithm": "sha256", + "value": "b1ebddb48ccb5dca8a73bb3f3bb731de3ce8b0ba3e3c347c67ab8c251d834d3f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.iso885915/LC_IDENTIFICATION", + "mode": 33188, + "size": 375, + "digest": { + "algorithm": "sha256", + "value": "5e0c0e0d2d8666722d03d46c7b8f6d2d746e610f5eb26331d74f646a7f9fc268" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.iso885915/LC_MEASUREMENT", + "mode": 33188, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "e1b8ef3d3829b1d9b5d38d6fc04d247884b297cf6e574c69c6dbdf9d84bdf5a3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.iso885915/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.iso885915/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 63, + "digest": { + "algorithm": "sha256", + "value": "d7c9ce656ce7e1007a62b9922885d2b14588754249d01a2c492bd82e4a122ec0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.iso885915/LC_MONETARY", + "mode": 33188, + "size": 292, + "digest": { + "algorithm": "sha256", + "value": "df89655e9ce3ee1151d4efd47108ed8d084c45cd185d979e900ed4da9ddcbd6f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.iso885915/LC_NAME", + "mode": 33188, + "size": 83, + "digest": { + "algorithm": "sha256", + "value": "ff2e587e65da8c310a5c5185daa5dc054a8e1cbea759f33641d04684411643fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.iso885915/LC_NUMERIC", + "mode": 33188, + "size": 60, + "digest": { + "algorithm": "sha256", + "value": "cf7d9da93c5845e8a870aee4fe9729bc250b129f7a43d248412c33ca722137f5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.iso885915/LC_PAPER", + "mode": 33188, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "dddd62f89df122c966c002d59401fb8eeae27940d4e7d39d7d095b0de8661954" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.iso885915/LC_TELEPHONE", + "mode": 33188, + "size": 65, + "digest": { + "algorithm": "sha256", + "value": "0ea01b1a39c5f0b2581572108880f3669484acdac303d63265a1a54c8584ec52" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.iso885915/LC_TIME", + "mode": 33188, + "size": 3292, + "digest": { + "algorithm": "sha256", + "value": "9e1c499a2ad90f84709c23ba502d342332c4236a1f4187ce89475bd61e3fabd5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.utf8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.utf8/LC_ADDRESS", + "mode": 33188, + "size": 167, + "digest": { + "algorithm": "sha256", + "value": "c39329bc8f9fd0a7bd7faa9256cf3b8e39ec91ff989662066f243466269cc164" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.utf8/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.utf8/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION", + "mode": 33188, + "size": 369, + "digest": { + "algorithm": "sha256", + "value": "2dfac9ea94abf72ba888bcbe5ba582a99fbca1b7c6a2598e80b1028d12a71ecf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.utf8/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "c2200fc75f8f268d9e8d71072064f64d94497e5abd58abd5ab1506c3a40dbd1a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.utf8/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.utf8/LC_MONETARY", + "mode": 33188, + "size": 286, + "digest": { + "algorithm": "sha256", + "value": "31d62ce6350e6ead9fd019cb4d0083364a2c587d2f1f7ed5f7e213e7d73fb1ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.utf8/LC_NAME", + "mode": 33188, + "size": 77, + "digest": { + "algorithm": "sha256", + "value": "2d776e660519a0af4e766d36c0698101f73e1aed52c30b14588205ee5d76adf1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.utf8/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.utf8/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "b4b7da39151376fdb0e8f7c35d0dc2335d2f1149fdb23882143ac1604c3f8a43" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.utf8/LC_TELEPHONE", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "30b9a5f08480a634e2f016e1e2af957ae34e7bc849600376b8ac6ce2c9d536a6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US.utf8/LC_TIME", + "mode": 33188, + "size": 3284, + "digest": { + "algorithm": "sha256", + "value": "9bcdb29af2d6244ad5bffc068fe5bec91bb2daf8a7bdebb1faf95b906c665f0c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US/LC_ADDRESS", + "mode": 33188, + "size": 172, + "digest": { + "algorithm": "sha256", + "value": "41d9917d2ae05249d16711596736e9b1d45453f5020876b4444f61772da266a8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US/LC_COLLATE", + "mode": 33188, + "size": 21267, + "digest": { + "algorithm": "sha256", + "value": "c2228135bc5d8d23e511af634953113a89e4d50cbd0d8375a60b3da879f457ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US/LC_CTYPE", + "mode": 33188, + "size": 294948, + "digest": { + "algorithm": "sha256", + "value": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US/LC_IDENTIFICATION", + "mode": 33188, + "size": 374, + "digest": { + "algorithm": "sha256", + "value": "59751eac8c60078e5d919ccc3deef9aaa8d207b496023513352671e3ed334cb1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US/LC_MEASUREMENT", + "mode": 33188, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "2aae1e834b1ba9795f38125f84c06211a201832dfcd1814e5c5c1716d945deb5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "092c1b236815302e33b5dafaa68163b77cc7f5fc13618724ef2bf3b99dbb11c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US/LC_MONETARY", + "mode": 33188, + "size": 291, + "digest": { + "algorithm": "sha256", + "value": "f487ae1faffded41234af617460737e21fd2f96d59d41b3d49e2e6bdc49b60ae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US/LC_NAME", + "mode": 33188, + "size": 82, + "digest": { + "algorithm": "sha256", + "value": "389ae37e836db8f0dfc79b1f2b8d232c335b39118c831b48c6bb4abf87accb61" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US/LC_NUMERIC", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "82c765bea6a0c5f953d22b2241ec3bf5b2b5f8566d64301314fc1eb8777ff2c2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US/LC_PAPER", + "mode": 33188, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "9178bbf7f3d7895e793966adce6029bb27624950e84c3de39a8fe249a7edc57c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US/LC_TELEPHONE", + "mode": 33188, + "size": 64, + "digest": { + "algorithm": "sha256", + "value": "44b30e113bee1acd4f02c811422cb2d9c873c51f85f52087d4d62c532c41025a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_US/LC_TIME", + "mode": 33188, + "size": 3292, + "digest": { + "algorithm": "sha256", + "value": "2fbeb060d70ddcf233e263c7810e143d719cd7e431f0e991166378d6bd16dc68" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA.utf8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA.utf8/LC_ADDRESS", + "mode": 33188, + "size": 159, + "digest": { + "algorithm": "sha256", + "value": "94745c5cd36512e659920b041128048e7fb609a0eb42bf1321b3551b2372150f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA.utf8/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA.utf8/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA.utf8/LC_IDENTIFICATION", + "mode": 33188, + "size": 410, + "digest": { + "algorithm": "sha256", + "value": "932aa6107031d823fda0ffd7d5954fee7f007cbb9f6f512b911080a72b8ea17e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA.utf8/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA.utf8/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA.utf8/LC_MONETARY", + "mode": 33188, + "size": 286, + "digest": { + "algorithm": "sha256", + "value": "d7630e3914cbaadde18d3bf26d806490377ca761ba595d711f6c2ed148df6636" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA.utf8/LC_NAME", + "mode": 33188, + "size": 73, + "digest": { + "algorithm": "sha256", + "value": "58672646ba335323eaf0c16503b1efccbabcf382f768d53fa8cad2292098bc64" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA.utf8/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA.utf8/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA.utf8/LC_TELEPHONE", + "mode": 33188, + "size": 58, + "digest": { + "algorithm": "sha256", + "value": "f338558b3eecbed3ad24bb3dc1244f33b164fe9709b2bddc13f988ea8906b1bd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA.utf8/LC_TIME", + "mode": 33188, + "size": 3196, + "digest": { + "algorithm": "sha256", + "value": "cb557c98fea141e7ae22af68357d162d6f103823dbdc5cbf0a2c8ab16dcf9cd8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA/LC_ADDRESS", + "mode": 33188, + "size": 164, + "digest": { + "algorithm": "sha256", + "value": "7352417bf06b6d7e5073e96fe48ae89cebb3a2dd8dc964a51a20c4e8c0549585" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA/LC_COLLATE", + "mode": 33188, + "size": 21267, + "digest": { + "algorithm": "sha256", + "value": "c2228135bc5d8d23e511af634953113a89e4d50cbd0d8375a60b3da879f457ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA/LC_CTYPE", + "mode": 33188, + "size": 294948, + "digest": { + "algorithm": "sha256", + "value": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA/LC_IDENTIFICATION", + "mode": 33188, + "size": 415, + "digest": { + "algorithm": "sha256", + "value": "f81b56ee7b02f06d292d0d964ddc2c0aab6b92a56b4794e9b80e272a8eb9d05e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA/LC_MEASUREMENT", + "mode": 33188, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "e471915853f417071f841415994bc4a0befb771b3ab2ca07e705b9c9d7aa9569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "092c1b236815302e33b5dafaa68163b77cc7f5fc13618724ef2bf3b99dbb11c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA/LC_MONETARY", + "mode": 33188, + "size": 291, + "digest": { + "algorithm": "sha256", + "value": "7a89a374454abd4b900e1343c46113055873e3522392f7512a896400faa7e2c6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA/LC_NAME", + "mode": 33188, + "size": 78, + "digest": { + "algorithm": "sha256", + "value": "414aae01ed42d09178b5d6e582d661724d31af59acaac55f49fbed6bacce3f7b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA/LC_NUMERIC", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "82c765bea6a0c5f953d22b2241ec3bf5b2b5f8566d64301314fc1eb8777ff2c2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA/LC_PAPER", + "mode": 33188, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "7a0be06f05dea974a4ad8b2b2d4a7fa2703bc25e45198fdda5b8f4507c5b881b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA/LC_TELEPHONE", + "mode": 33188, + "size": 63, + "digest": { + "algorithm": "sha256", + "value": "2eb3d873983762dba78b9d65f27bbd54a1393c22cf0277b3c39a003a00102e69" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZA/LC_TIME", + "mode": 33188, + "size": 3204, + "digest": { + "algorithm": "sha256", + "value": "25b3eac7018ba833f187bc03601ede03feb3d58edb992b5742105534055d0df7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZM", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZM/LC_ADDRESS", + "mode": 33188, + "size": 146, + "digest": { + "algorithm": "sha256", + "value": "7963b9acf9e63e3abb868b73b5712ddacb2071b4332e37043c8e029bd9ae2a97" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZM/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZM/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZM/LC_IDENTIFICATION", + "mode": 33188, + "size": 314, + "digest": { + "algorithm": "sha256", + "value": "a7c4495021cb046b41cd5de0bfbecb1fc3ce4282881062bff818e95d847dbd1a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZM/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZM/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZM/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 61, + "digest": { + "algorithm": "sha256", + "value": "99c935198ae0b0574dd7dbecdd770c2d8967561b16f61666a667e53d4fef6750" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZM/LC_MONETARY", + "mode": 33188, + "size": 286, + "digest": { + "algorithm": "sha256", + "value": "ed93db66eb27d8afef413d439947cb9203e4732b284832da510b6d73238afc46" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZM/LC_NAME", + "mode": 33188, + "size": 77, + "digest": { + "algorithm": "sha256", + "value": "2d776e660519a0af4e766d36c0698101f73e1aed52c30b14588205ee5d76adf1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZM/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZM/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZM/LC_TELEPHONE", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "973b17e6ad3dc2abf01b4f7cbe69a842fbf3d01927ae74158bacd5dbdff7efb7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZM/LC_TIME", + "mode": 33188, + "size": 3332, + "digest": { + "algorithm": "sha256", + "value": "0db65fb9d674d9a37b244487c1a06cb9fa0276cf8a1f8b6043abc8d29c4a5832" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW.utf8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW.utf8/LC_ADDRESS", + "mode": 33188, + "size": 154, + "digest": { + "algorithm": "sha256", + "value": "ad4766639d0a699edee8d19763aae77e0ce14ebb9e86cd7aad4a5f3020d05f9b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW.utf8/LC_COLLATE", + "mode": 33188, + "size": 2586930, + "digest": { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW.utf8/LC_CTYPE", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW.utf8/LC_IDENTIFICATION", + "mode": 33188, + "size": 295, + "digest": { + "algorithm": "sha256", + "value": "038801f691090ea183d1e6b4fda673f54a152037123cf286d410ace422498322" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW.utf8/LC_MEASUREMENT", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW.utf8/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW.utf8/LC_MONETARY", + "mode": 33188, + "size": 286, + "digest": { + "algorithm": "sha256", + "value": "47584a5d4e331a361e0c346fadaae9a24a311f421e69e31611ad40677b857f77" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW.utf8/LC_NAME", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "710d69ab9ac421f7da9a54bcc5a6cca6ce07f1a3a52840a2fd86879d9417a961" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW.utf8/LC_NUMERIC", + "mode": 33188, + "size": 54, + "digest": { + "algorithm": "sha256", + "value": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW.utf8/LC_PAPER", + "mode": 33188, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW.utf8/LC_TELEPHONE", + "mode": 33188, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "62309ee7f6cfb6baec604a05333156829a85e559fc4a2d58d54604e4db968de1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW.utf8/LC_TIME", + "mode": 33188, + "size": 3196, + "digest": { + "algorithm": "sha256", + "value": "cb557c98fea141e7ae22af68357d162d6f103823dbdc5cbf0a2c8ab16dcf9cd8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW/LC_ADDRESS", + "mode": 33188, + "size": 159, + "digest": { + "algorithm": "sha256", + "value": "df62393f2154a95f9c91847df0e922ffb433d4d8287ee72de1b256b7d602fd1b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW/LC_COLLATE", + "mode": 33188, + "size": 21267, + "digest": { + "algorithm": "sha256", + "value": "c2228135bc5d8d23e511af634953113a89e4d50cbd0d8375a60b3da879f457ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW/LC_CTYPE", + "mode": 33188, + "size": 294948, + "digest": { + "algorithm": "sha256", + "value": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW/LC_IDENTIFICATION", + "mode": 33188, + "size": 300, + "digest": { + "algorithm": "sha256", + "value": "efc083175f7acb4e1121f07b78868cd7f66044b343aae14010a505f99bbc2268" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW/LC_MEASUREMENT", + "mode": 33188, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "e471915853f417071f841415994bc4a0befb771b3ab2ca07e705b9c9d7aa9569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW/LC_MESSAGES", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW/LC_MESSAGES/SYS_LC_MESSAGES", + "mode": 33188, + "size": 62, + "digest": { + "algorithm": "sha256", + "value": "092c1b236815302e33b5dafaa68163b77cc7f5fc13618724ef2bf3b99dbb11c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW/LC_MONETARY", + "mode": 33188, + "size": 291, + "digest": { + "algorithm": "sha256", + "value": "6cc16424351d357ca59e0677c64715d7d782577f13cc2db4592a19b9d39cc70f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW/LC_NAME", + "mode": 33188, + "size": 67, + "digest": { + "algorithm": "sha256", + "value": "4f76a728f941c8c60545a5a351b84e0e8d5fc2cfd2d58b57ef7df68bf9ff0b2c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW/LC_NUMERIC", + "mode": 33188, + "size": 59, + "digest": { + "algorithm": "sha256", + "value": "82c765bea6a0c5f953d22b2241ec3bf5b2b5f8566d64301314fc1eb8777ff2c2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW/LC_PAPER", + "mode": 33188, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "7a0be06f05dea974a4ad8b2b2d4a7fa2703bc25e45198fdda5b8f4507c5b881b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW/LC_TELEPHONE", + "mode": 33188, + "size": 57, + "digest": { + "algorithm": "sha256", + "value": "d2f9b2cf1cc9de0b17de99db6cb2ffaa4eb1d19423645805e603e63b0ea808ca" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/locale/en_ZW/LC_TIME", + "mode": 33188, + "size": 3204, + "digest": { + "algorithm": "sha256", + "value": "25b3eac7018ba833f187bc03601ede03feb3d58edb992b5742105534055d0df7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "glibc-minimal-langpack", + "version": "2.34", + "epoch": null, + "architecture": "x86_64", + "release": "231.el9_7.2", + "sourceRpm": "glibc-2.34-231.el9_7.2.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Jan 16 08:02:59 1962", + "issuer": "431d51ad7c0ffe27" + } + ], + "size": 0, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "glibc-langpack", + "glibc-minimal-langpack", + "glibc-minimal-langpack(x86-64)" + ], + "requires": [ + "glibc", + "glibc-common", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [] + } + }, + { + "id": "5530ff7e4715e8b5", + "name": "gmp", + "version": "1:6.2.0-13.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv3+ or GPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:gmp:1\\:6.2.0-13.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gmp:gmp:1\\:6.2.0-13.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/gmp@6.2.0-13.el9?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=gmp-6.2.0-13.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "gmp", + "version": "6.2.0", + "epoch": 1, + "architecture": "x86_64", + "release": "13.el9", + "sourceRpm": "gmp-6.2.0-13.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Jun 25 04:56:07 2030", + "issuer": "431d518d030ffe35" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Jul 18 08:10:50 1933", + "issuer": "431d51c21c0fff57" + } + ], + "size": 816844, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "gmp", + "gmp(x86-64)", + "libgmp.so.10()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b4", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b4/64798210b8e1a622483e81bbd166828096e43f", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/.libgmp.so.10.4.0.hmac", + "mode": 33188, + "size": 65, + "digest": { + "algorithm": "sha256", + "value": "fd921c4a661f25dee6ec4d8de64d92baf7a61ddd3f33694da12f83b43fd534b9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/.libgmp.so.10.hmac", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/fipscheck/libgmp.so.10.4.0.hmac", + "mode": 33188, + "size": 65, + "digest": { + "algorithm": "sha256", + "value": "fd921c4a661f25dee6ec4d8de64d92baf7a61ddd3f33694da12f83b43fd534b9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/fipscheck/libgmp.so.10.hmac", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgmp.so.10", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgmp.so.10.4.0", + "mode": 33261, + "size": 677824, + "digest": { + "algorithm": "sha256", + "value": "b9d1265de01c92a6565272aa3ffa30034fe3656c73c348fc988a2e65389d6782" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/gmp", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/gmp/COPYING", + "mode": 33188, + "size": 35147, + "digest": { + "algorithm": "sha256", + "value": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/gmp/COPYING.LESSERv3", + "mode": 33188, + "size": 7639, + "digest": { + "algorithm": "sha256", + "value": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/gmp/COPYINGv2", + "mode": 33188, + "size": 18092, + "digest": { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/gmp/COPYINGv3", + "mode": 33188, + "size": 35150, + "digest": { + "algorithm": "sha256", + "value": "e6037104443f9a7829b2aa7c5370d0789a7bda3ca65a0b904cdc0c2e285d9195" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv3+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "gnupg2", + "version": "2.3.3", + "epoch": null, + "architecture": "x86_64", + "release": "4.el9", + "sourceRpm": "gnupg2-2.3.3-4.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Apr 28 18:31:14 2023", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Apr 28 18:31:14 2023", + "issuer": "199e2f91fd431d51" + } + ], + "size": 9227533, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "config(gnupg2)", + "dirmngr", + "gnupg", + "gnupg2", + "gnupg2(x86-64)", + "gpg" + ], + "requires": [ + "/usr/bin/sh", + "config(gnupg2)", + "libassuan.so.0()(64bit)", + "libassuan.so.0(LIBASSUAN_1.0)(64bit)", + "libbz2.so.1()(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.25)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.32)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libgcrypt", + "libgcrypt.so.20()(64bit)", + "libgcrypt.so.20(GCRYPT_1.6)(64bit)", + "libgnutls.so.30()(64bit)", + "libgnutls.so.30(GNUTLS_3_4)(64bit)", + "libgpg-error", + "libgpg-error.so.0()(64bit)", + "libgpg-error.so.0(GPG_ERROR_1.0)(64bit)", + "libksba.so.8()(64bit)", + "libksba.so.8(KSBA_0.9)(64bit)", + "liblber.so.2()(64bit)", + "liblber.so.2(OPENLDAP_2.200)(64bit)", + "libldap.so.2()(64bit)", + "libldap.so.2(OPENLDAP_2.200)(64bit)", + "libnpth.so.0()(64bit)", + "libnpth.so.0(NPTH_1.0)(64bit)", + "libreadline.so.8()(64bit)", + "libsqlite3.so.0()(64bit)", + "libz.so.1()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/etc/gnupg", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/dirmngr", + "mode": 33261, + "size": 450512, + "digest": { + "algorithm": "sha256", + "value": "bba4fd4ea202c0d57474a0703900134b1e442971c7b81a2119c1a48bbd64c750" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/dirmngr-client", + "mode": 33261, + "size": 57464, + "digest": { + "algorithm": "sha256", + "value": "da3ec27493d1d28cc1e1d3916a209754005b0e882873ae14a8d3aad115b98e20" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/g13", + "mode": 33261, + "size": 112936, + "digest": { + "algorithm": "sha256", + "value": "7e3482ba95fcd94bc0392c732fc5ef8afc0f67d493d006cc318aede7680ec4e2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gpg", + "mode": 33261, + "size": 1123664, + "digest": { + "algorithm": "sha256", + "value": "88c20ca1458b62385cf987b91cf4f0354a31c2eac7bc1da48321255520406652" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gpg-agent", + "mode": 33261, + "size": 350464, + "digest": { + "algorithm": "sha256", + "value": "db012878c08be000f0406b1a83debcf65ae313580d399b61f10ce74792e529c1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gpg-card", + "mode": 33261, + "size": 174208, + "digest": { + "algorithm": "sha256", + "value": "103b35b82e7fc9a6924d621cf1695a709fcbff1430b7e708b1c76dd3c0d37298" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gpg-connect-agent", + "mode": 33261, + "size": 86776, + "digest": { + "algorithm": "sha256", + "value": "e049b637aa178619761bddfb52f8f531f097e6d70f4cf53312c897f98bd07cc0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gpg-wks-client", + "mode": 33261, + "size": 132648, + "digest": { + "algorithm": "sha256", + "value": "1ebcab7126f7329fe2af9c331766d95d4d66bf633032024e3b2e00392b5fb5f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gpg-wks-server", + "mode": 33261, + "size": 116040, + "digest": { + "algorithm": "sha256", + "value": "04460084c5f70a7cf12cd1205c7055816193f9c1567353371dde856bc7d2bf3c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gpg2", + "mode": 41471, + "size": 3, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gpgconf", + "mode": 33261, + "size": 103408, + "digest": { + "algorithm": "sha256", + "value": "112a23ac806fedacd6084f3ba54eba0f1f79412844e3de265400cee64b987348" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gpgparsemail", + "mode": 33261, + "size": 36176, + "digest": { + "algorithm": "sha256", + "value": "9f040dc684184a0eec5ea42930f7795589bca34f8dc5f7def3248174412a6051" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gpgsplit", + "mode": 33261, + "size": 28160, + "digest": { + "algorithm": "sha256", + "value": "82bed8e53bf3a8b52611e9361a3585609a39fbafd90a7a0c28dbc1c1429fe553" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gpgtar", + "mode": 33261, + "size": 66424, + "digest": { + "algorithm": "sha256", + "value": "7df3103946b96d3888fc36ffd874ff00c6effebfb5361867809b0e59f4181c36" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gpgv", + "mode": 33261, + "size": 302512, + "digest": { + "algorithm": "sha256", + "value": "3a4a2b6c85d77f396f6ff7bdbcb4be58c3c81ecd26fc2f3e43ecb01b1a4ba4d5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gpgv2", + "mode": 41471, + "size": 4, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/watchgnupg", + "mode": 33261, + "size": 23752, + "digest": { + "algorithm": "sha256", + "value": "d8594b5e2e73de2573e250e395cf5eb30de8c6b852fc6b8cb2cb30a47d202596" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/06", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/06/a0ab3842c9e3eba2b9419e53ce5c12f5d28cfd", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/0d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/0d/ce76a991706b6743bdf5c7a60809d8d7a47ceb", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/13", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/13/401057d5cbcf7a3aa77aa80767b26d9b359703", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/1c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/1c/3190be3f7623a27eb0996f732e34605c5a6126", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/1c/67361576bd5401c8a5f9ed710c8a5cafdd4626", + "mode": 41471, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/36", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/36/5a53c4f477f2c6275759525402ca77ab0f9707", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3b", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3b/64e4ffee725b5a37947bccc66a9913d5586b07", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/49", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/49/8b761d2327a11d1d26df63838817361815c486", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/58", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/58/626f6ee007d4f66f3de6847dc7822c7b8c7da9", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/63", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/63/afeeb2fb5171059d6817fd92a2e800a41d11fd", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/71", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/71/dc2ebe87800fef6b74cb7ee125fb549ecbb02e", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7f", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7f/9e8359bcc9c9da14fd86ddaa8c0814e228950c", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/99", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/99/4be18b9614d6e55ba89cd9a58ae2bac7e63dc3", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a0/cf70bdfed6fdab57944da0da7d92a30c7980a5", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b0/a3aa888c8b19c0b55c2ebfc79754146af5597d", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b4", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b4/5c1a93905ae0fc8d51bd60a06ce6250bb05aba", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/bc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/bc/076a82d2c653e9e9056f44395a047969e450e6", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e0/e5ed15c844dfef26794f2059ea13d22b2ce336", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e3", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e3/c8077f0922eee5e85e5f1ab6d1fb370a23d86f", + "mode": 41471, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e7", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e7/844020edc0929eaf82c715eeeab91224cdd9f2", + "mode": 41471, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e9", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e9/1190f9de58a7505540f2c92d74a91f7e6ecf96", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f0/663810a8f835b984ce06ec729bb1860911e6be", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f1", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f1/b0239160766b27646f528583d187d0bd24e16a", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/libexec/dirmngr_ldap", + "mode": 33261, + "size": 40992, + "digest": { + "algorithm": "sha256", + "value": "b6ee806155d883a9a6809a25f6fd05e76ed29a6206c7b19ade7cf8050ebccb90" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/gpg-check-pattern", + "mode": 33261, + "size": 61344, + "digest": { + "algorithm": "sha256", + "value": "6c5199a71deb82996d035c4622891ab1a9e93cde709733e68a03571ff8cb1a4b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/gpg-pair-tool", + "mode": 33261, + "size": 66024, + "digest": { + "algorithm": "sha256", + "value": "a33a4303e9f9a5232c7fa52d5c7d3c74f70e830d2e96d9fd1f9b042f9c025675" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/gpg-preset-passphrase", + "mode": 33261, + "size": 36592, + "digest": { + "algorithm": "sha256", + "value": "69c20fb4a9ccc913661f0e23df84ecbf10c8ea4bfd3d8ae8ddb6b144747edbbc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/gpg-protect-tool", + "mode": 33261, + "size": 86704, + "digest": { + "algorithm": "sha256", + "value": "bc423e2f7d0daf95dc36e7952a788764a512aed6e899a6ff57c63890112374c4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/gpg-wks-client", + "mode": 33261, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "3f1de40f9613d4dcd75a04578bca75cce9225eef0c4bb79e7efd9bcf528ce6d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/keyboxd", + "mode": 33261, + "size": 162032, + "digest": { + "algorithm": "sha256", + "value": "15c1d0a42e84a5094d429b93f37186220a4288173fa2c5bc9a8d2a5b8af6587b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/scdaemon", + "mode": 33261, + "size": 437600, + "digest": { + "algorithm": "sha256", + "value": "46c51066517183a224049cfc8303c3af8c7df759e9036f01d76abbfc7fd79ded" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/addgnupghome", + "mode": 33261, + "size": 3079, + "digest": { + "algorithm": "sha256", + "value": "5a0b0b80fb7121d408fbd732f278ddaa93dd092bd5551b9b42dfffa5ac28199a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/applygnupgdefaults", + "mode": 33261, + "size": 2221, + "digest": { + "algorithm": "sha256", + "value": "27c38fc03c86c8712ecbaf1ff689ef8061c0e9ab9ca5cf9d98a35b0c49a34a33" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/g13-syshelp", + "mode": 33261, + "size": 90720, + "digest": { + "algorithm": "sha256", + "value": "98e57e6a162f9cd1b8f0472277ad359fb16c241e854a9d5d3815b0774326d72f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gnupg", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gnupg/distsigkey.gpg", + "mode": 33188, + "size": 3385, + "digest": { + "algorithm": "sha256", + "value": "7f04a82407e2074d57efbac9487b4f1ef9bc23c2a55a44ab4b1c396050251bef" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gnupg/sks-keyservers.netCA.pem", + "mode": 33188, + "size": 1984, + "digest": { + "algorithm": "sha256", + "value": "0666ee848e03a48f3ea7bb008dbe9d63dfde280af82fb4412a04bf4e24cab36b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/gnupg2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/gnupg2/COPYING", + "mode": 33188, + "size": 35069, + "digest": { + "algorithm": "sha256", + "value": "bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv3+ and LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "gnutls", + "version": "3.8.3", + "epoch": null, + "architecture": "x86_64", + "release": "9.el9", + "sourceRpm": "gnutls-3.8.3-9.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Oct 24 16:06:40 1997", + "issuer": "431d515d950fff7e" + } + ], + "size": 3456709, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "bundled(gnulib)", + "gnutls", + "gnutls(x86-64)", + "libgnutls.so.30()(64bit)", + "libgnutls.so.30(GNUTLS_3_4)(64bit)", + "libgnutls.so.30(GNUTLS_3_6_0)(64bit)", + "libgnutls.so.30(GNUTLS_3_6_10)(64bit)", + "libgnutls.so.30(GNUTLS_3_6_12)(64bit)", + "libgnutls.so.30(GNUTLS_3_6_13)(64bit)", + "libgnutls.so.30(GNUTLS_3_6_14)(64bit)", + "libgnutls.so.30(GNUTLS_3_6_2)(64bit)", + "libgnutls.so.30(GNUTLS_3_6_3)(64bit)", + "libgnutls.so.30(GNUTLS_3_6_4)(64bit)", + "libgnutls.so.30(GNUTLS_3_6_5)(64bit)", + "libgnutls.so.30(GNUTLS_3_6_6)(64bit)", + "libgnutls.so.30(GNUTLS_3_6_8)(64bit)", + "libgnutls.so.30(GNUTLS_3_6_9)(64bit)", + "libgnutls.so.30(GNUTLS_3_7_0)(64bit)", + "libgnutls.so.30(GNUTLS_3_7_2)(64bit)", + "libgnutls.so.30(GNUTLS_3_7_3)(64bit)", + "libgnutls.so.30(GNUTLS_3_7_4)(64bit)", + "libgnutls.so.30(GNUTLS_3_7_5)(64bit)", + "libgnutls.so.30(GNUTLS_3_7_7)(64bit)", + "libgnutls.so.30(GNUTLS_3_8_1)(64bit)", + "libgnutls.so.30(GNUTLS_3_8_2)(64bit)", + "libgnutls.so.30(GNUTLS_FIPS140_3_4)(64bit)", + "libgnutls.so.30(GNUTLS_PRIVATE_3_4)(64bit)" + ], + "requires": [ + "crypto-policies", + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.25)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libhogweed.so.6()(64bit)", + "libhogweed.so.6(HOGWEED_6)(64bit)", + "libidn2.so.0()(64bit)", + "libidn2.so.0(IDN2_0.0.0)(64bit)", + "libnettle.so.8()(64bit)", + "libnettle.so.8(NETTLE_8)(64bit)", + "libp11-kit.so.0()(64bit)", + "libp11-kit.so.0(LIBP11_KIT_1.0)(64bit)", + "libtasn1", + "libtasn1.so.6()(64bit)", + "libtasn1.so.6(LIBTASN1_0_3)(64bit)", + "libunistring.so.2()(64bit)", + "nettle", + "p11-kit-trust", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c0/9dcb3e3030ab01f169a1370ca9a9fdd09e6a70", + "mode": 41471, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/.libgnutls.so.30.37.1.hmac", + "mode": 33188, + "size": 405, + "digest": { + "algorithm": "sha256", + "value": "a9c51246fda5f0075b12d888c918478a7257f53b79ef477474dbb8ff0b853937" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/.libgnutls.so.30.hmac", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgnutls.so.30", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgnutls.so.30.37.1", + "mode": 33261, + "size": 2345648, + "digest": { + "algorithm": "sha256", + "value": "dc8f3f4a34f9ab56be7690b75320f9855286bab6de12117df1bbd7a581ee60a2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/gnutls", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/gnutls/AUTHORS", + "mode": 33188, + "size": 9818, + "digest": { + "algorithm": "sha256", + "value": "a13baf7a36ec910b8c5b752c475aa8e1c0e24a60fd08bdae8506c9cdb53711b1" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/gnutls/NEWS", + "mode": 33188, + "size": 410017, + "digest": { + "algorithm": "sha256", + "value": "f1c48c1f0587d909d08764fc379dcc647935680297a293ba000606811a7a5209" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/gnutls/README.md", + "mode": 33188, + "size": 8231, + "digest": { + "algorithm": "sha256", + "value": "b5bc4c00d2004fd1088ab3f1523576a32c3dcf6612f5ab485479e37f89756e91" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/gnutls/THANKS", + "mode": 33188, + "size": 9615, + "digest": { + "algorithm": "sha256", + "value": "0795315b015c1b92beab235ce9b843e8bae9d89f47a599e5bed8fd578f35a8e3" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/gnutls", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/gnutls/COPYING", + "mode": 33188, + "size": 35149, + "digest": { + "algorithm": "sha256", + "value": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/gnutls/COPYING.LESSER", + "mode": 33188, + "size": 26530, + "digest": { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/gnutls/LICENSE", + "mode": 33188, + "size": 936, + "digest": { + "algorithm": "sha256", + "value": "3e043d77917e48e262301b8f880812fcd82236482630a421d555a38804eee643" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "a940b80fe4b46c8b", + "name": "gobject-introspection", + "version": "1.68.0-11.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv2+ and LGPLv2+ and MIT", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:gobject-introspection:gobject-introspection:1.68.0-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gobject-introspection:gobject_introspection:1.68.0-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gobject_introspection:gobject-introspection:1.68.0-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gobject_introspection:gobject_introspection:1.68.0-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gobject:gobject-introspection:1.68.0-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gobject:gobject_introspection:1.68.0-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:gobject-introspection:1.68.0-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:gobject_introspection:1.68.0-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/gobject-introspection@1.68.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gobject-introspection-1.68.0-11.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "gobject-introspection", + "version": "1.68.0", + "epoch": null, + "architecture": "x86_64", + "release": "11.el9", + "sourceRpm": "gobject-introspection-1.68.0-11.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Nov 4 21:51:48 2022", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Nov 4 21:51:48 2022", + "issuer": "199e2f91fd431d51" + } + ], + "size": 936649, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "gobject-introspection", + "gobject-introspection(x86-64)", + "libgirepository-1.0.so.1()(64bit)" + ], + "requires": [ + "glib2(x86-64)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libffi.so.8()(64bit)", + "libffi.so.8(LIBFFI_BASE_8.0)(64bit)", + "libffi.so.8(LIBFFI_CLOSURE_8.0)(64bit)", + "libgio-2.0.so.0()(64bit)", + "libglib-2.0.so.0()(64bit)", + "libgmodule-2.0.so.0()(64bit)", + "libgobject-2.0.so.0()(64bit)", + "libm.so.6()(64bit)", + "libm.so.6(GLIBC_2.29)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ae", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ae/66182a55bac8572b7c26d5ab705b83d8c198ec", + "mode": 41471, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/girepository-1.0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/DBus-1.0.typelib", + "mode": 33188, + "size": 712, + "digest": { + "algorithm": "sha256", + "value": "0843f4d6a549703df7c07f8e96d3c47752123ecf910c7571d786f5347fa02234" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/DBusGLib-1.0.typelib", + "mode": 33188, + "size": 560, + "digest": { + "algorithm": "sha256", + "value": "2aa3277d88103f0c475700cd56fcadbcd7ddb2a588cff93696efd4922e151807" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/GIRepository-2.0.typelib", + "mode": 33188, + "size": 28216, + "digest": { + "algorithm": "sha256", + "value": "c9a2d028aa8df8bf3bab2c192f2622e6c9c9b10869b7153a69b861776b95662f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/GL-1.0.typelib", + "mode": 33188, + "size": 948, + "digest": { + "algorithm": "sha256", + "value": "e6677facd41cc99b3e3e1a9007d9762b00a446b42206d78dd28ea2653478bc80" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/GLib-2.0.typelib", + "mode": 33188, + "size": 204696, + "digest": { + "algorithm": "sha256", + "value": "fba14550feaa86c2c00a0f36bdb6aa30ae4ad45a103b909929c326804f96117f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/GModule-2.0.typelib", + "mode": 33188, + "size": 1340, + "digest": { + "algorithm": "sha256", + "value": "7bc362f60318f3a313498585ee80c9d70ea64d81e6f913b17a094dd92f2d86c6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/GObject-2.0.typelib", + "mode": 33188, + "size": 59588, + "digest": { + "algorithm": "sha256", + "value": "0b8b1f8589a4664de9d45e3104c84ef1007142f268c86cd74ec3d41dba7ede07" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/Gio-2.0.typelib", + "mode": 33188, + "size": 356860, + "digest": { + "algorithm": "sha256", + "value": "23f713c670592ea3a475a841c2390a686426f6f08575e9d2aa4ab9a9f4d2d63f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/Vulkan-1.0.typelib", + "mode": 33188, + "size": 59380, + "digest": { + "algorithm": "sha256", + "value": "c90a6028c5b4903ca95569cce7068138396c68d86a7d029755efc97c8b7b4640" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/cairo-1.0.typelib", + "mode": 33188, + "size": 14344, + "digest": { + "algorithm": "sha256", + "value": "73a442091999a33cb0927163aaa2052bb2c62dd5a2921e616168ed2e73edf582" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/fontconfig-2.0.typelib", + "mode": 33188, + "size": 348, + "digest": { + "algorithm": "sha256", + "value": "17dd220833e93884c4b261336c9bcd1bd546ed2c10920d578de04138182debec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/freetype2-2.0.typelib", + "mode": 33188, + "size": 420, + "digest": { + "algorithm": "sha256", + "value": "03a385fb9e769b084d5df54aae60bbcfa7ca06b14d5a514f5251a175ddb77b3d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/libxml2-2.0.typelib", + "mode": 33188, + "size": 668, + "digest": { + "algorithm": "sha256", + "value": "428ea3f8b393c44b7682acdcad718d5f6dc87ca6adc6417af06e3f22d8f2aa1b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/win32-1.0.typelib", + "mode": 33188, + "size": 176, + "digest": { + "algorithm": "sha256", + "value": "f58e32852eeba023aa69ffc0a384452a99df362d91c17ebf1c7e6d72baa8b75c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/xfixes-4.0.typelib", + "mode": 33188, + "size": 240, + "digest": { + "algorithm": "sha256", + "value": "e55b4e0489c9aac5c7f055f4a1b40e0f92417e0db7c02d1611d342a3396c0890" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/xft-2.0.typelib", + "mode": 33188, + "size": 464, + "digest": { + "algorithm": "sha256", + "value": "aa4e253474c1084af97eeec58108590488d2b4e82cf9d37c57160c01e6480a6e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/xlib-2.0.typelib", + "mode": 33188, + "size": 836, + "digest": { + "algorithm": "sha256", + "value": "4450fa0426b410db5a219f64b4e0d7f9b0be17ae81b9a6947045aeaacf417f91" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/xrandr-1.3.typelib", + "mode": 33188, + "size": 640, + "digest": { + "algorithm": "sha256", + "value": "860b43fd4ff40bae47b48111ff49d432acf96c0211a95b26df5ae8c32179591e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgirepository-1.0.so.1", + "mode": 41471, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgirepository-1.0.so.1.0.0", + "mode": 33261, + "size": 143200, + "digest": { + "algorithm": "sha256", + "value": "20c154e743cea2df90cec58d41e9b5e26bc10cd1a0cb9f616d81e48cabf4e0fe" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/gobject-introspection", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/gobject-introspection/COPYING", + "mode": 33188, + "size": 552, + "digest": { + "algorithm": "sha256", + "value": "1b3275b028bcaa77e4580a302ae80473abb97139b84a0e48618be34cd65f8aaa" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/gobject-introspection/COPYING.GPL", + "mode": 33188, + "size": 17992, + "digest": { + "algorithm": "sha256", + "value": "32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/gobject-introspection/COPYING.LGPL", + "mode": 33188, + "size": 25292, + "digest": { + "algorithm": "sha256", + "value": "d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "07413682000f3d88", + "name": "gpg-pubkey", + "version": "5a6340b3-6229229e", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "pubkey", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gpg:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gpg:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.7", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "gpg-pubkey", + "version": "5a6340b3", + "epoch": null, + "architecture": "", + "release": "6229229e", + "sourceRpm": "", + "size": 0, + "vendor": "", + "modularityLabel": "", + "provides": [ + "gpg(Red Hat, Inc. (auxiliary key 3) )", + "gpg(5a6340b3)", + "gpg(5054e4a45a6340b3)" + ], + "files": [] + } + }, + { + "id": "a243d3460507af96", + "name": "gpg-pubkey", + "version": "fd431d51-4ae0493b", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "pubkey", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gpg:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gpg:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.7", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "gpg-pubkey", + "version": "fd431d51", + "epoch": null, + "architecture": "", + "release": "4ae0493b", + "sourceRpm": "", + "size": 0, + "vendor": "", + "modularityLabel": "", + "provides": [ + "gpg(Red Hat, Inc. (release key 2) )", + "gpg(fd431d51)", + "gpg(199e2f91fd431d51)" + ], + "files": [] + } + }, + { + "id": "f1b53ce035ee04b6", + "name": "gpgme", + "version": "1.15.1-6.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+ and GPLv3+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:gpgme:1.15.1-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gpgme:gpgme:1.15.1-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/gpgme@1.15.1-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gpgme-1.15.1-6.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "gpgme", + "version": "1.15.1", + "epoch": null, + "architecture": "x86_64", + "release": "6.el9", + "sourceRpm": "gpgme-1.15.1-6.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Feb 21 10:44:05 2022", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Feb 21 10:44:05 2022", + "issuer": "199e2f91fd431d51" + } + ], + "size": 576065, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "gpgme", + "gpgme(x86-64)", + "libgpgme.so.11()(64bit)", + "libgpgme.so.11(GPGME_1.0)(64bit)", + "libgpgme.so.11(GPGME_1.1)(64bit)" + ], + "requires": [ + "gnupg2", + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libassuan.so.0()(64bit)", + "libassuan.so.0(LIBASSUAN_1.0)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libgpg-error.so.0()(64bit)", + "libgpg-error.so.0(GPG_ERROR_1.0)(64bit)", + "libgpgme.so.11()(64bit)", + "libgpgme.so.11(GPGME_1.0)(64bit)", + "libgpgme.so.11(GPGME_1.1)(64bit)", + "libm.so.6()(64bit)", + "libm.so.6(GLIBC_2.29)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/bin/gpgme-json", + "mode": 33261, + "size": 86656, + "digest": { + "algorithm": "sha256", + "value": "70b4e73c0e5da91aa071f364f45893229ae1153d3a25ed01720843d941388063" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7e/2df7a9edcdf1100f91c90ab38bb16abab98aa9", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ed", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ed/825fcc588d1461e10b5509beaa5108e72572d0", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libgpgme.so.11", + "mode": 41471, + "size": 19, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgpgme.so.11.24.1", + "mode": 33261, + "size": 350864, + "digest": { + "algorithm": "sha256", + "value": "0ba972ec6ce71ecb0d07f1a5fa318c2f498eb671327ba444393cb3a1b6b497a4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/gpgme", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/gpgme/COPYING", + "mode": 33188, + "size": 17992, + "digest": { + "algorithm": "sha256", + "value": "32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/gpgme/COPYING.LESSER", + "mode": 33188, + "size": 26536, + "digest": { + "algorithm": "sha256", + "value": "ca0061fc1381a3ab242310e4b3f56389f28e3d460eb2fd822ed7a21c6f030532" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/gpgme/LICENSES", + "mode": 33188, + "size": 1694, + "digest": { + "algorithm": "sha256", + "value": "950fbc07a2b8e34514936ad591544e6857b8e68079c92b78b5f8e997f415208a" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "196df9cad96e380f", + "name": "grep", + "version": "3.6-5.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv3+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:grep:3.6-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:grep:grep:3.6-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/grep@3.6-5.el9?arch=x86_64&distro=rhel-9.7&upstream=grep-3.6-5.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "grep", + "version": "3.6", + "epoch": null, + "architecture": "x86_64", + "release": "5.el9", + "sourceRpm": "grep-3.6-5.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 12:12:20 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 12:12:20 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 857840, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "/bin/egrep", + "/bin/fgrep", + "/bin/grep", + "bundled(gnulib)", + "config(grep)", + "grep", + "grep(x86-64)" + ], + "requires": [ + "/usr/bin/sh", + "config(grep)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.5)(64bit)", + "libpcre.so.1()(64bit)", + "libsigsegv.so.2()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/etc/GREP_COLORS", + "mode": 33188, + "size": 94, + "digest": { + "algorithm": "sha256", + "value": "e94e50735e137e769b40e230f019d5be755571129e0f7669c4570bb45c5c162e" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/profile.d/colorgrep.csh", + "mode": 33188, + "size": 196, + "digest": { + "algorithm": "sha256", + "value": "74d270fe4476fdcba60df7d00c808e11681ac918f335c951cba4f118532a4b8c" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/profile.d/colorgrep.sh", + "mode": 33188, + "size": 201, + "digest": { + "algorithm": "sha256", + "value": "89008d115c5bbd783b985d8cab18e935978c83e362043ffc981063ffed74e1c7" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/usr/bin/egrep", + "mode": 33261, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "50496c34633635bf3fe9c108ae26c26f8871ffc35f741b9e1426897a1e65f263" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/fgrep", + "mode": 33261, + "size": 32, + "digest": { + "algorithm": "sha256", + "value": "a35795589500118708cb879c5678c1daa0dc3c636c7dbad172a6a5918ae91c5b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/grep", + "mode": 33261, + "size": 158176, + "digest": { + "algorithm": "sha256", + "value": "b9ae1630da770fa343c346c97f081ba6a4350f569f27205dc37a8953715564fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/df", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/df/8af191ebae60075335f573b7617e3ef238ce2e", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/libexec/grepconf.sh", + "mode": 33261, + "size": 257, + "digest": { + "algorithm": "sha256", + "value": "b91c10cb140a1593b37fba2dcab5cddf53c8e2c5104980b2ed7a1b42b7aa7d1b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/grep", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/grep/COPYING", + "mode": 33188, + "size": 35149, + "digest": { + "algorithm": "sha256", + "value": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "e2e600817bb6e830", + "name": "json-c", + "version": "0.14-11.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:json-c:json-c:0.14-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:json-c:json_c:0.14-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:json_c:json-c:0.14-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:json_c:json_c:0.14-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:json-c:0.14-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:json_c:0.14-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:json:json-c:0.14-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:json:json_c:0.14-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64&distro=rhel-9.7&upstream=json-c-0.14-11.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "json-c", + "version": "0.14", + "epoch": null, + "architecture": "x86_64", + "release": "11.el9", + "sourceRpm": "json-c-0.14-11.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Nov 25 06:17:53 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Nov 25 06:17:53 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 79282, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "json-c", + "json-c(x86-64)", + "libjson-c.so.5()(64bit)", + "libjson-c.so.5(JSONC_0.14)(64bit)", + "libjson-c.so.5(JSONC_0.15)(64bit)" + ], + "requires": [ + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/29", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/29/53874ba1de297845dad474bd6519ea8a407c30", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libjson-c.so.5", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libjson-c.so.5.0.0", + "mode": 33261, + "size": 75928, + "digest": { + "algorithm": "sha256", + "value": "8aa6483f266303dd0116a85882806382c9e254bceeb17be1c1f8933a1ea9f33e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/json-c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/json-c/AUTHORS", + "mode": 33188, + "size": 1091, + "digest": { + "algorithm": "sha256", + "value": "d9efaaada6d8c2d533cfabaf29bcf27dd987a53166b7e1d447cb2656f47b49ea" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/json-c/COPYING", + "mode": 33188, + "size": 2205, + "digest": { + "algorithm": "sha256", + "value": "74c1e6ca5eba76b54d0ad00d4815c8315c1b3bc45ff99de61d103dc92486284c" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "32dc8d9385f596a8", + "name": "json-glib", + "version": "1.6.6-1.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:json-glib:json-glib:1.6.6-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:json-glib:json_glib:1.6.6-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:json_glib:json-glib:1.6.6-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:json_glib:json_glib:1.6.6-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:json-glib:1.6.6-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:json_glib:1.6.6-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:json:json-glib:1.6.6-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:json:json_glib:1.6.6-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/json-glib@1.6.6-1.el9?arch=x86_64&distro=rhel-9.7&upstream=json-glib-1.6.6-1.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "json-glib", + "version": "1.6.6", + "epoch": null, + "architecture": "x86_64", + "release": "1.el9", + "sourceRpm": "json-glib-1.6.6-1.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 12:36:27 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 12:36:27 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 555868, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "json-glib", + "json-glib(x86-64)", + "libjson-glib-1.0.so.0()(64bit)", + "libjson-glib-1.0.so.0(libjson-glib-1.0.so.0)(64bit)" + ], + "requires": [ + "glib2(x86-64)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libgio-2.0.so.0()(64bit)", + "libglib-2.0.so.0()(64bit)", + "libgobject-2.0.so.0()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7d/1eaaa834bd1f011448ad532f12960c0c4cde25", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/girepository-1.0/Json-1.0.typelib", + "mode": 33188, + "size": 25972, + "digest": { + "algorithm": "sha256", + "value": "7a33c50a8748297d29811226528c592ce323a80d024c898c03bc0c59e8ec169b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libjson-glib-1.0.so.0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libjson-glib-1.0.so.0.600.6", + "mode": 33261, + "size": 183520, + "digest": { + "algorithm": "sha256", + "value": "9ffe45c8c5b88fabf34a007c4b0ccc0322728f5790e43e11785ccdad64557a0e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/json-glib", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/json-glib/COPYING", + "mode": 33188, + "size": 26430, + "digest": { + "algorithm": "sha256", + "value": "a190dc9c8043755d90f8b0a75fa66b9e42d4af4c980bf5ddc633f0124db3cee7" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "4422e914738c17ef", + "name": "keyutils-libs", + "version": "1.6.3-1.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv2+ and LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:keyutils-libs:keyutils-libs:1.6.3-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:keyutils-libs:keyutils_libs:1.6.3-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:keyutils_libs:keyutils-libs:1.6.3-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:keyutils_libs:keyutils_libs:1.6.3-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:keyutils:keyutils-libs:1.6.3-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:keyutils:keyutils_libs:1.6.3-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:keyutils-libs:1.6.3-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:keyutils_libs:1.6.3-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/keyutils-libs@1.6.3-1.el9?arch=x86_64&distro=rhel-9.7&upstream=keyutils-1.6.3-1.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "keyutils-libs", + "version": "1.6.3", + "epoch": null, + "architecture": "x86_64", + "release": "1.el9", + "sourceRpm": "keyutils-1.6.3-1.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Nov 2 01:00:20 2022", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Nov 2 01:00:20 2022", + "issuer": "199e2f91fd431d51" + } + ], + "size": 55267, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "keyutils-libs", + "keyutils-libs(x86-64)", + "libkeyutils.so.1()(64bit)", + "libkeyutils.so.1(KEYUTILS_0.3)(64bit)", + "libkeyutils.so.1(KEYUTILS_1.0)(64bit)", + "libkeyutils.so.1(KEYUTILS_1.10)(64bit)", + "libkeyutils.so.1(KEYUTILS_1.3)(64bit)", + "libkeyutils.so.1(KEYUTILS_1.4)(64bit)", + "libkeyutils.so.1(KEYUTILS_1.5)(64bit)", + "libkeyutils.so.1(KEYUTILS_1.6)(64bit)", + "libkeyutils.so.1(KEYUTILS_1.7)(64bit)", + "libkeyutils.so.1(KEYUTILS_1.8)(64bit)", + "libkeyutils.so.1(KEYUTILS_1.9)(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5f/6459dcec3e266d994b8d4e5b23507c4c0df11e", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libkeyutils.so.1", + "mode": 41471, + "size": 19, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libkeyutils.so.1.10", + "mode": 33261, + "size": 23992, + "digest": { + "algorithm": "sha256", + "value": "b0aaec55115d2ab97e1a70cb4c9a1b036d839d7922e67d3e610cd3ccd58521e3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/keyutils-libs", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/keyutils-libs/LICENCE.LGPL", + "mode": 33188, + "size": 26450, + "digest": { + "algorithm": "sha256", + "value": "0d15593e3a8ad90917f8509b5ac1e4b5e5d196434a68029aa9dc0858a4a4c521" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "b888bcdc2051543e", + "name": "krb5-libs", + "version": "1.21.1-8.el9_6", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:krb5-libs:krb5-libs:1.21.1-8.el9_6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:krb5-libs:krb5_libs:1.21.1-8.el9_6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:krb5_libs:krb5-libs:1.21.1-8.el9_6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:krb5_libs:krb5_libs:1.21.1-8.el9_6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:krb5-libs:1.21.1-8.el9_6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:krb5_libs:1.21.1-8.el9_6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:krb5:krb5-libs:1.21.1-8.el9_6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:krb5:krb5_libs:1.21.1-8.el9_6:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=rhel-9.7&upstream=krb5-1.21.1-8.el9_6.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "krb5-libs", + "version": "1.21.1", + "epoch": null, + "architecture": "x86_64", + "release": "8.el9_6", + "sourceRpm": "krb5-1.21.1-8.el9_6.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Mar 26 00:22:44 1980", + "issuer": "431d5143120ffe2f" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Mar 19 07:03:58 1961", + "issuer": "431d51661810009a" + } + ], + "size": 2503193, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "config(krb5-libs)", + "krb5-libs", + "krb5-libs(x86-64)", + "libgssapi_krb5.so.2()(64bit)", + "libgssapi_krb5.so.2(HIDDEN)(64bit)", + "libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)", + "libgssrpc.so.4()(64bit)", + "libgssrpc.so.4(HIDDEN)(64bit)", + "libgssrpc.so.4(gssrpc_4_MIT)(64bit)", + "libk5crypto.so.3()(64bit)", + "libk5crypto.so.3(HIDDEN)(64bit)", + "libk5crypto.so.3(k5crypto_3_MIT)(64bit)", + "libkdb5.so.10()(64bit)", + "libkdb5.so.10(HIDDEN)(64bit)", + "libkdb5.so.10(kdb5_10_MIT)(64bit)", + "libkrad.so.0()(64bit)", + "libkrad.so.0(HIDDEN)(64bit)", + "libkrad.so.0(krad_0_MIT)(64bit)", + "libkrb5.so.3()(64bit)", + "libkrb5.so.3(HIDDEN)(64bit)", + "libkrb5.so.3(krb5_3_MIT)(64bit)", + "libkrb5support.so.0()(64bit)", + "libkrb5support.so.0(HIDDEN)(64bit)", + "libkrb5support.so.0(krb5support_0_MIT)(64bit)" + ], + "requires": [ + "/bin/sh", + "/etc/crypto-policies/back-ends/krb5.config", + "config(krb5-libs)", + "coreutils", + "gawk", + "grep", + "keyutils-libs", + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.16)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.25)(64bit)", + "libc.so.6(GLIBC_2.27)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libcom_err.so.2()(64bit)", + "libcrypto.so.3()(64bit)", + "libcrypto.so.3(OPENSSL_3.0.0)(64bit)", + "libgssapi_krb5.so.2()(64bit)", + "libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)", + "libgssrpc.so.4()(64bit)", + "libgssrpc.so.4(gssrpc_4_MIT)(64bit)", + "libk5crypto.so.3()(64bit)", + "libk5crypto.so.3(k5crypto_3_MIT)(64bit)", + "libkeyutils.so.1()(64bit)", + "libkeyutils.so.1(KEYUTILS_0.3)(64bit)", + "libkeyutils.so.1(KEYUTILS_1.0)(64bit)", + "libkeyutils.so.1(KEYUTILS_1.5)(64bit)", + "libkrb5.so.3()(64bit)", + "libkrb5.so.3(krb5_3_MIT)(64bit)", + "libkrb5support.so.0()(64bit)", + "libkrb5support.so.0(krb5support_0_MIT)(64bit)", + "libresolv.so.2()(64bit)", + "libresolv.so.2(GLIBC_2.9)(64bit)", + "libselinux.so.1()(64bit)", + "libselinux.so.1(LIBSELINUX_1.0)(64bit)", + "libssl.so.3()(64bit)", + "libssl.so.3(OPENSSL_3.0.0)(64bit)", + "libverto.so.1()(64bit)", + "openssl-libs", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)", + "sed" + ], + "files": [ + { + "path": "/etc/gss", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/gss/mech.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/krb5.conf", + "mode": 33188, + "size": 880, + "digest": { + "algorithm": "sha256", + "value": "87fa5619a6494774d5ea569df972a95691974cfed439f1e0f0e8dcb54cac5cb4" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/krb5.conf.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/krb5.conf.d/crypto-policies", + "mode": 41471, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmn" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/12", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/12/39e197c0bf3870b4530017d100ad94db68e715", + "mode": 41471, + "size": 43, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/20", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/20/77fb1f7ad1594458172276b93a09e8a89c29a6", + "mode": 41471, + "size": 43, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5a", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5a/a1f85b6c0b1ed9ef17c254f4430845b7e65b04", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/62", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/62/00ad7b7acd8765e9074f3c2cfb08aec3436539", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/79", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/79/4efa23e1ee878d570ce1c5fb16261c29b68753", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/8c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/8c/10e404e02b5ee0e96f10167654ba1ebbe5555d", + "mode": 41471, + "size": 47, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a6", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a6/e30d16ccb4d9bce6258f26968771f9a06876c5", + "mode": 41471, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c0/657d12f77deec8b9d573bec5f7daae5a548033", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d6", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d6/84ead9ecaa99a181907222cc63aff5d309a661", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/krb5", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/krb5/plugins", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/krb5/plugins/authdata", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/krb5/plugins/kdb", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/krb5/plugins/libkrb5", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/krb5/plugins/preauth", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/krb5/plugins/preauth/spake.so", + "mode": 33261, + "size": 90496, + "digest": { + "algorithm": "sha256", + "value": "178de7b6dae35770616b6a7d7501681813bf42a38fbad7c58a20b7df0bec3824" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/krb5/plugins/tls", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/krb5/plugins/tls/k5tls.so", + "mode": 33261, + "size": 23752, + "digest": { + "algorithm": "sha256", + "value": "fdf92bb3901e721908772b7981abe5646e43233c5ed73e7ac6598e75e80b0734" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgssapi_krb5.so.2", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgssapi_krb5.so.2.2", + "mode": 33261, + "size": 358464, + "digest": { + "algorithm": "sha256", + "value": "82e569d3d5a8b53efc1818912cd391752b4bc0f425399a323818884d6f2f6783" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgssrpc.so.4", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgssrpc.so.4.2", + "mode": 33261, + "size": 142176, + "digest": { + "algorithm": "sha256", + "value": "26b095804e484decf7f5311731111c5333abb0e6ec891f07efd5a6c6057a7ea7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libk5crypto.so.3", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libk5crypto.so.3.1", + "mode": 33261, + "size": 99016, + "digest": { + "algorithm": "sha256", + "value": "188823b6e7bdf0ea2f455bb6f84ca33610ca7f657a585632790325b21461dd93" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libkdb5.so.10", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libkdb5.so.10.0", + "mode": 33261, + "size": 90936, + "digest": { + "algorithm": "sha256", + "value": "a6fd5fccfaf480ec863329af3ff9bb1f42cdcb01528f0184ac7c97ae0e558d4d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libkrad.so.0", + "mode": 41471, + "size": 14, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libkrad.so.0.0", + "mode": 33261, + "size": 48568, + "digest": { + "algorithm": "sha256", + "value": "3fdad8aa5aa7543e7b67155edd0cb65ca779a178db0453a7282d9d4aeecc6fbf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libkrb5.so.3", + "mode": 41471, + "size": 14, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libkrb5.so.3.3", + "mode": 33261, + "size": 906320, + "digest": { + "algorithm": "sha256", + "value": "68b134bf28e83fff5b2b5e5712d7c97c37066aa0e8046f6404f75fa19ed6cb1c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libkrb5support.so.0", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libkrb5support.so.0.1", + "mode": 33261, + "size": 66192, + "digest": { + "algorithm": "sha256", + "value": "2878776878909e50f19257646d0ec09e1adc75046209efff67f663912e6e6602" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/krb5-libs", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/krb5-libs/NOTICE", + "mode": 33188, + "size": 64121, + "digest": { + "algorithm": "sha256", + "value": "0d5373486138cb176c063db98274b4c4ab6ef3518c4191360736384b780306c2" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/krb5-libs/README", + "mode": 33188, + "size": 13024, + "digest": { + "algorithm": "sha256", + "value": "8f61caf687d0ec6fa67fe96187f581fd80bf71faf1463929d0017faa5d29f1cc" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/krb5-libs", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/krb5-libs/LICENSE", + "mode": 33188, + "size": 64121, + "digest": { + "algorithm": "sha256", + "value": "0d5373486138cb176c063db98274b4c4ab6ef3518c4191360736384b780306c2" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man5/.k5identity.5.gz", + "mode": 33188, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "38df17b9e89d0628fcb53e9f1685ebfee9696029f48d16af80f712d9769c55d9" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man5/.k5login.5.gz", + "mode": 33188, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "0a3338871b1c4f66d601587582d58e46eb5ce5d00fa47496547744e687f35584" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man5/k5identity.5.gz", + "mode": 33188, + "size": 1206, + "digest": { + "algorithm": "sha256", + "value": "a11b4eefceb2e5ebb980ab9bf27003a4a14a3198d3886b2f733ba26e581948a0" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man5/k5login.5.gz", + "mode": 33188, + "size": 1176, + "digest": { + "algorithm": "sha256", + "value": "10837088cbd4c58ce91dcbef16ba755e71bfc6df7f2d97323f0b93e9afe048b1" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man5/krb5.conf.5.gz", + "mode": 33188, + "size": 14934, + "digest": { + "algorithm": "sha256", + "value": "1321aa05e7688ea76ce979cdead0f02a6a1d332f24c9a7df0f53bee30c675aa2" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/kerberos.7.gz", + "mode": 33188, + "size": 3367, + "digest": { + "algorithm": "sha256", + "value": "06b401f61c72c02d37d8584572696df5fe8891686727f40d2636ca5f44435bc6" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/var/kerberos", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/kerberos/krb5", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/kerberos/krb5/user", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "df5d3ce64e6dc98c", + "name": "langpacks-core-en", + "version": "3.0-16.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:langpacks-core-en:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks-core-en:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks_core_en:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks_core_en:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks-core:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks-core:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks_core:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks_core:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:langpacks-core-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:langpacks_core_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/langpacks-core-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&upstream=langpacks-3.0-16.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "langpacks-core-en", + "version": "3.0", + "epoch": null, + "architecture": "noarch", + "release": "16.el9", + "sourceRpm": "langpacks-3.0-16.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Nov 25 06:36:43 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Nov 25 06:36:43 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 398, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "langpacks-core-en", + "metainfo()", + "metainfo(org.fedoraproject.LangPack-Core-en.metainfo.xml)" + ], + "requires": [ + "langpacks-core-font-en", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [ + { + "path": "/usr/share/metainfo/org.fedoraproject.LangPack-Core-en.metainfo.xml", + "mode": 33188, + "size": 398, + "digest": { + "algorithm": "sha256", + "value": "d0ba061c715c73b91d2be66ab40adfab510ed4e69cf5d40970733e211de38ce6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "d73e936743b685e7", + "name": "langpacks-core-font-en", + "version": "3.0-16.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:langpacks-core-font-en:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks-core-font-en:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks_core_font_en:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks_core_font_en:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks-core-font:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks-core-font:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks_core_font:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks_core_font:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks-core:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks-core:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks_core:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks_core:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:langpacks-core-font-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:langpacks_core_font_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/langpacks-core-font-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&upstream=langpacks-3.0-16.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "langpacks-core-font-en", + "version": "3.0", + "epoch": null, + "architecture": "noarch", + "release": "16.el9", + "sourceRpm": "langpacks-3.0-16.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Nov 25 06:37:08 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Nov 25 06:37:08 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 351, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "font(:lang=en)", + "langpacks-core-font-en", + "metainfo()", + "metainfo(org.fedoraproject.LangPack-Core-Font-en.metainfo.xml)" + ], + "requires": [ + "dejavu-sans-fonts", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [ + { + "path": "/usr/share/metainfo/org.fedoraproject.LangPack-Core-Font-en.metainfo.xml", + "mode": 33188, + "size": 351, + "digest": { + "algorithm": "sha256", + "value": "be64c7e7cca4e95d49d067a22b0bc30622349d798696271a15759b7008f08fde" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "27488b456777ffc1", + "name": "langpacks-en", + "version": "3.0-16.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:langpacks-en:langpacks-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks-en:langpacks_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks_en:langpacks-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks_en:langpacks_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks:langpacks-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:langpacks:langpacks_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:langpacks-en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:langpacks_en:3.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/langpacks-en@3.0-16.el9?arch=noarch&distro=rhel-9.7&upstream=langpacks-3.0-16.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "langpacks-en", + "version": "3.0", + "epoch": null, + "architecture": "noarch", + "release": "16.el9", + "sourceRpm": "langpacks-3.0-16.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Nov 25 06:36:34 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Nov 25 06:36:34 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 400, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "langpacks-en", + "metainfo()", + "metainfo(org.fedoraproject.LangPack-en.metainfo.xml)" + ], + "requires": [ + "langpacks-core-en", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [ + { + "path": "/usr/share/metainfo/org.fedoraproject.LangPack-en.metainfo.xml", + "mode": 33188, + "size": 400, + "digest": { + "algorithm": "sha256", + "value": "3d8d5f74443d23b5a2d5f36ffa1937389d8960cdc748a1a1a88d061fd0e6e13b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "efaae8c603855dcd", + "name": "libacl", + "version": "2.3.1-4.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libacl:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libacl@2.3.1-4.el9?arch=x86_64&distro=rhel-9.7&upstream=acl-2.3.1-4.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libacl", + "version": "2.3.1", + "epoch": null, + "architecture": "x86_64", + "release": "4.el9", + "sourceRpm": "acl-2.3.1-4.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Apr 16 05:48:59 1923", + "issuer": "431d513ff6100097" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Jul 11 06:46:36 1959", + "issuer": "431d5193400ffe22" + } + ], + "size": 40554, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libacl", + "libacl(x86-64)", + "libacl.so.1()(64bit)", + "libacl.so.1(ACL_1.0)(64bit)", + "libacl.so.1(ACL_1.1)(64bit)", + "libacl.so.1(ACL_1.2)(64bit)" + ], + "requires": [ + "libattr.so.1()(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/8f", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/8f/9fad14a09c1b986a33688357d1513656346734", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libacl.so.1", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libacl.so.1.1.2301", + "mode": 33261, + "size": 40496, + "digest": { + "algorithm": "sha256", + "value": "4894d693ef1fd6acbd95a8ef1873716b6086523084fceca0b16f430acb2d67c7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libarchive", + "version": "3.5.3", + "epoch": null, + "architecture": "x86_64", + "release": "6.el9_6", + "sourceRpm": "libarchive-3.5.3-6.el9_6.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Sep 27 18:15:16 2018", + "issuer": "431d515bb50fff59" + } + ], + "size": 906150, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libarchive", + "libarchive(x86-64)", + "libarchive.so.13()(64bit)" + ], + "requires": [ + "libacl.so.1()(64bit)", + "libacl.so.1(ACL_1.0)(64bit)", + "libbz2.so.1()(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.6)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libcrypto.so.3()(64bit)", + "libcrypto.so.3(OPENSSL_3.0.0)(64bit)", + "liblz4.so.1()(64bit)", + "liblzma.so.5()(64bit)", + "liblzma.so.5(XZ_5.0)(64bit)", + "liblzma.so.5(XZ_5.2)(64bit)", + "libxml2.so.2()(64bit)", + "libxml2.so.2(LIBXML2_2.4.30)(64bit)", + "libxml2.so.2(LIBXML2_2.5.0)(64bit)", + "libxml2.so.2(LIBXML2_2.5.2)(64bit)", + "libxml2.so.2(LIBXML2_2.6.0)(64bit)", + "libxml2.so.2(LIBXML2_2.6.5)(64bit)", + "libz.so.1()(64bit)", + "libzstd.so.1()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e9", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e9/d4a85392d2de9424fe1a0c94985ceef185db82", + "mode": 41471, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libarchive.so.13", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libarchive.so.13.5.3", + "mode": 33261, + "size": 840832, + "digest": { + "algorithm": "sha256", + "value": "0370762f3d8750f029a50990bee15b28b5c2550cf956e02803b5a0f011d2c846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/libarchive", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/libarchive/NEWS", + "mode": 33188, + "size": 32596, + "digest": { + "algorithm": "sha256", + "value": "a2b619bb37a6bdc592c11974f4924677612195c6da72132081f24cb73e13ffaf" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/libarchive/README.md", + "mode": 33188, + "size": 10102, + "digest": { + "algorithm": "sha256", + "value": "8ea8f1b994736b8319f72d290ea18edee9da1ec8095c42cc44292ce961965fe4" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/libarchive", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libarchive/COPYING", + "mode": 33188, + "size": 3086, + "digest": { + "algorithm": "sha256", + "value": "b2cdf763345de2de34cebf54394df3c61a105c3b71288603c251f2fa638200ba" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man5/cpio.5.gz", + "mode": 33188, + "size": 5158, + "digest": { + "algorithm": "sha256", + "value": "f177a7abcd66002543952ebb68b4140ba7663a45e5fd293f3961a5a65d74153a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man5/mtree.5.gz", + "mode": 33188, + "size": 3269, + "digest": { + "algorithm": "sha256", + "value": "c05389faebf77678f2127fdab130a7f6770038a1fe412e4a4bdee4694a7a9320" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man5/tar.5.gz", + "mode": 33188, + "size": 11045, + "digest": { + "algorithm": "sha256", + "value": "3ab252b6067ddacc4a57d2dcd5bcde3223a3af3c324b2a87fe0bcd7364ff6c70" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "a799ab1600e49872", + "name": "libassuan", + "version": "2.5.5-3.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+ and GPLv3+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libassuan:libassuan:2.5.5-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libassuan:2.5.5-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libassuan@2.5.5-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libassuan-2.5.5-3.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libassuan", + "version": "2.5.5", + "epoch": null, + "architecture": "x86_64", + "release": "3.el9", + "sourceRpm": "libassuan-2.5.5-3.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 12:42:34 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 12:42:34 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 171165, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libassuan", + "libassuan(x86-64)", + "libassuan.so.0()(64bit)", + "libassuan.so.0(LIBASSUAN_1.0)(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libgpg-error.so.0()(64bit)", + "libgpg-error.so.0(GPG_ERROR_1.0)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/fd", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/fd/bc372db8a4df85644517159d8bc8bd75b9b2c7", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libassuan.so.0", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libassuan.so.0.8.5", + "mode": 33261, + "size": 86944, + "digest": { + "algorithm": "sha256", + "value": "2802ab456d7ce9730af980620dc280917270b33efb514af96ed9fafd4f7237d9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libassuan", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libassuan/COPYING", + "mode": 33188, + "size": 35068, + "digest": { + "algorithm": "sha256", + "value": "fc82ca8b6fdb18d4e3e85cfd8ab58d1bcd3f1b29abe782895abd91d64763f8e7" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libassuan/COPYING.LIB", + "mode": 33188, + "size": 26527, + "digest": { + "algorithm": "sha256", + "value": "a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "304e2047f10e5c4f", + "name": "libattr", + "version": "2.5.1-3.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libattr:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libattr@2.5.1-3.el9?arch=x86_64&distro=rhel-9.7&upstream=attr-2.5.1-3.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libattr", + "version": "2.5.1", + "epoch": null, + "architecture": "x86_64", + "release": "3.el9", + "sourceRpm": "attr-2.5.1-3.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Nov 21 00:53:09 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Nov 21 00:53:09 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 29429, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "config(libattr)", + "libattr", + "libattr(x86-64)", + "libattr.so.1()(64bit)", + "libattr.so.1(ATTR_1.0)(64bit)", + "libattr.so.1(ATTR_1.1)(64bit)", + "libattr.so.1(ATTR_1.2)(64bit)", + "libattr.so.1(ATTR_1.3)(64bit)" + ], + "requires": [ + "config(libattr)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/etc/xattr.conf", + "mode": 33188, + "size": 817, + "digest": { + "algorithm": "sha256", + "value": "b159c32d33b2ef8a2edac38d0a1bb1254376ee9fef939af190e0535f1f4d06a0" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e6", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e6/7f1fc89e8ac6a35f6fda914bcf6144b9ccb99c", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libattr.so.1", + "mode": 41471, + "size": 19, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libattr.so.1.1.2501", + "mode": 33261, + "size": 28552, + "digest": { + "algorithm": "sha256", + "value": "944c2763b2c727d3126e9f60edac6189d9ac072cb91538eda0f4cc55bc24a5a0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libblkid", + "version": "2.37.4", + "epoch": null, + "architecture": "x86_64", + "release": "21.el9", + "sourceRpm": "util-linux-2.37.4-21.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Jul 22 15:35:19 2033", + "issuer": "431d5194de100083" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Nov 24 01:36:15 1953", + "issuer": "431d5156b00ffe39" + } + ], + "size": 229849, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libblkid", + "libblkid(x86-64)", + "libblkid.so.1()(64bit)", + "libblkid.so.1(BLKID_1.0)(64bit)", + "libblkid.so.1(BLKID_2.15)(64bit)", + "libblkid.so.1(BLKID_2.17)(64bit)", + "libblkid.so.1(BLKID_2.18)(64bit)", + "libblkid.so.1(BLKID_2.20)(64bit)", + "libblkid.so.1(BLKID_2.21)(64bit)", + "libblkid.so.1(BLKID_2.23)(64bit)", + "libblkid.so.1(BLKID_2.25)(64bit)", + "libblkid.so.1(BLKID_2.30)(64bit)", + "libblkid.so.1(BLKID_2_31)(64bit)", + "libblkid.so.1(BLKID_2_36)(64bit)", + "libblkid.so.1(BLKID_2_37)(64bit)" + ], + "requires": [ + "/bin/sh", + "coreutils", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.28)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libuuid", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/af/397acad6bb8610006e8589147544a5b2fffc3f", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libblkid.so.1", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libblkid.so.1.1.0", + "mode": 33261, + "size": 229432, + "digest": { + "algorithm": "sha256", + "value": "cced98d63ab6db38442f52670a605af3dd36f1caafe19f86e1fd2ee850655206" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/libblkid", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/libblkid/COPYING", + "mode": 33188, + "size": 361, + "digest": { + "algorithm": "sha256", + "value": "f03b01c1251bc3bfee959aea99ed7906a0b08a2ff132d55a1ece18ee573a52a1" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "b3389bc8d420d9cb", + "name": "libcap", + "version": "2.48-10.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD or GPLv2", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libcap:libcap:2.48-10.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libcap:2.48-10.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=rhel-9.7&upstream=libcap-2.48-10.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libcap", + "version": "2.48", + "epoch": null, + "architecture": "x86_64", + "release": "10.el9", + "sourceRpm": "libcap-2.48-10.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Sep 10 08:55:08 2008", + "issuer": "431d5121e7100093" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Jul 11 11:10:15 1957", + "issuer": "431d51654c0fff64" + } + ], + "size": 177447, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libcap", + "libcap(x86-64)", + "libcap.so.2()(64bit)", + "libpsx.so.2()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.32)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libc.so.6(GLIBC_2.9)(64bit)", + "libcap.so.2()(64bit)", + "libgcc_s.so.1()(64bit)", + "libgcc_s.so.1(GCC_3.0)(64bit)", + "libgcc_s.so.1(GCC_3.3.1)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/0e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/0e/87973ee43ae1f801ed9685efdf22ce399cd0fe", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/2e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/2e/84de23632772e7e7167f7c2e2177a9892a64c0", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/54", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/54/35bc8dbaa6b8c741148d97a8fafb365bbc3d51", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a8/45647da62f1011a0117b1112590a062709c283", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c9", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c9/96eefdc986c57cc66a76f9417541aadce09571", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d7", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d7/18736baafdab45376ad036ac1a73ad9eddbced", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ed", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ed/0dbd3aa56fd59bafa4b5c159fa1e09e02b2623", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libcap.so.2", + "mode": 41471, + "size": 14, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libcap.so.2.48", + "mode": 33261, + "size": 36296, + "digest": { + "algorithm": "sha256", + "value": "29a6c106d86e91a4f3c6cbbe4645a2e08fc792522849ae21dcb1e605fa17144a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpsx.so.2", + "mode": 41471, + "size": 14, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpsx.so.2.48", + "mode": 33261, + "size": 19472, + "digest": { + "algorithm": "sha256", + "value": "8c94570f7cb8f2a90cd349009861fd26c98bd7da7ef189f18360ef44c154594e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/security/pam_cap.so", + "mode": 33261, + "size": 15136, + "digest": { + "algorithm": "sha256", + "value": "6bb873cae41c79e835c80198f456151d80e6f85d5886726ede088e5508db5307" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/capsh", + "mode": 33261, + "size": 31960, + "digest": { + "algorithm": "sha256", + "value": "a919dce6901fcc23b1379e94c4e0ddeb160c28c805a44b13b9e7d5a64c080f8b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/getcap", + "mode": 33261, + "size": 15488, + "digest": { + "algorithm": "sha256", + "value": "91059a58403b474157208979a029c3d47c12155a741200672c12b24a6ed44a37" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/getpcaps", + "mode": 33261, + "size": 15480, + "digest": { + "algorithm": "sha256", + "value": "452e8c8b360c1c245307cf1b826f61e539862814c3be5de1624c9913f5175c09" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/setcap", + "mode": 33261, + "size": 15488, + "digest": { + "algorithm": "sha256", + "value": "6ed2c35ad6d405cc7060467f52ae68db70a2b219b5840193f3eb43a6dc636293" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/libcap", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/libcap/capability.notes", + "mode": 33188, + "size": 2519, + "digest": { + "algorithm": "sha256", + "value": "1da6f6022ce14b9877f4f5929aafa5d4f1cb88b8a87e5c3eeb3d6f0371a7beb9" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/libcap", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libcap/License", + "mode": 33188, + "size": 20240, + "digest": { + "algorithm": "sha256", + "value": "088cabde4662b4121258d298b0b2967bc1abffa134457ed9bc4a359685ab92bc" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man1/capsh.1.gz", + "mode": 33188, + "size": 3055, + "digest": { + "algorithm": "sha256", + "value": "3e489de2e396b085e2ee341e1f1ba702fab493e6c5706520c6629fcd2fd7beff" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/getcap.8.gz", + "mode": 33188, + "size": 551, + "digest": { + "algorithm": "sha256", + "value": "8504a853a37e47cd61a3f0dca3eb3c10a64df63c7f185bcc98b9fd3f34a26b38" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/getpcaps.8.gz", + "mode": 33188, + "size": 611, + "digest": { + "algorithm": "sha256", + "value": "cb777f28334500ac5b37bdfb0325b2bbe12c1f08953686c9a94eaa6366dbfb02" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/setcap.8.gz", + "mode": 33188, + "size": 901, + "digest": { + "algorithm": "sha256", + "value": "c0e7af5d94de223a697069acd7013f4a456cd51f0139c63d3300b2071ab77fca" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "a3aa75d8273e1cac", + "name": "libcap-ng", + "version": "0.8.2-7.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libcap-ng:libcap-ng:0.8.2-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libcap-ng:libcap_ng:0.8.2-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libcap_ng:libcap-ng:0.8.2-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libcap_ng:libcap_ng:0.8.2-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libcap:libcap-ng:0.8.2-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libcap:libcap_ng:0.8.2-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libcap-ng:0.8.2-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libcap_ng:0.8.2-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libcap-ng@0.8.2-7.el9?arch=x86_64&distro=rhel-9.7&upstream=libcap-ng-0.8.2-7.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libcap-ng", + "version": "0.8.2", + "epoch": null, + "architecture": "x86_64", + "release": "7.el9", + "sourceRpm": "libcap-ng-0.8.2-7.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Feb 15 16:02:01 2022", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Feb 15 16:02:01 2022", + "issuer": "199e2f91fd431d51" + } + ], + "size": 75196, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libcap-ng", + "libcap-ng(x86-64)", + "libcap-ng.so.0()(64bit)", + "libdrop_ambient.so.0()(64bit)" + ], + "requires": [ + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/29", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/29/c012ed2dfe804628f974d605c8eb8d125d32f1", + "mode": 41471, + "size": 46, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/fd", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/fd/ca0a301667e15db99d726152b57feeb35e4dbe", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libcap-ng.so.0", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libcap-ng.so.0.0.0", + "mode": 33261, + "size": 32528, + "digest": { + "algorithm": "sha256", + "value": "0f03248a4184699f298d006c36cad963dba065d451ed8dc187aceb7c1e3fff81" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libdrop_ambient.so.0", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libdrop_ambient.so.0.0.0", + "mode": 33261, + "size": 15632, + "digest": { + "algorithm": "sha256", + "value": "37552076c61781047d691ace88972921141f471ca1c76f223b48331d6350c70f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libcap-ng", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libcap-ng/COPYING.LIB", + "mode": 33188, + "size": 26542, + "digest": { + "algorithm": "sha256", + "value": "f18a0811fa0e220ccbc42f661545e77f0388631e209585ed582a1c693029c6aa" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "cf7d0f71948121ea", + "name": "libcom_err", + "version": "1.46.5-8.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libcom-err:libcom-err:1.46.5-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libcom-err:libcom_err:1.46.5-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libcom_err:libcom-err:1.46.5-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libcom_err:libcom_err:1.46.5-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libcom:libcom-err:1.46.5-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libcom:libcom_err:1.46.5-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libcom-err:1.46.5-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libcom_err:1.46.5-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libcom_err@1.46.5-8.el9?arch=x86_64&distro=rhel-9.7&upstream=e2fsprogs-1.46.5-8.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libcom_err", + "version": "1.46.5", + "epoch": null, + "architecture": "x86_64", + "release": "8.el9", + "sourceRpm": "e2fsprogs-1.46.5-8.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Dec 7 05:45:07 1985", + "issuer": "431d51bf850ffe22" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Oct 13 08:29:14 1911", + "issuer": "431d511ae50fff6e" + } + ], + "size": 68401, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libcom_err", + "libcom_err(x86-64)", + "libcom_err.so.2()(64bit)" + ], + "requires": [ + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d1", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d1/7ed2a188ef3186f9a9fcddb62959c83d3ad2de", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libcom_err.so.2", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libcom_err.so.2.1", + "mode": 33261, + "size": 23760, + "digest": { + "algorithm": "sha256", + "value": "e21a880da89989009a63efb976c7c9c50980724b168099b310939aad5a16057f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libcom_err", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libcom_err/NOTICE", + "mode": 33188, + "size": 44585, + "digest": { + "algorithm": "sha256", + "value": "5da5ef153e559c1d990d4c3eedbedd4442db892d37eae1f35fff069de8ec9020" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libcurl-minimal", + "version": "7.76.1", + "epoch": null, + "architecture": "x86_64", + "release": "34.el9", + "sourceRpm": "curl-7.76.1-34.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Jun 14 10:07:35 1955", + "issuer": "431d51d14c0ffe2e" + } + ], + "size": 518166, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libcurl", + "libcurl(x86-64)", + "libcurl-minimal", + "libcurl-minimal(x86-64)", + "libcurl.so.4()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libcom_err.so.2()(64bit)", + "libcrypto.so.3()(64bit)", + "libcrypto.so.3(OPENSSL_3.0.0)(64bit)", + "libgssapi_krb5.so.2()(64bit)", + "libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)", + "libk5crypto.so.3()(64bit)", + "libkrb5.so.3()(64bit)", + "libnghttp2.so.14()(64bit)", + "libssl.so.3()(64bit)", + "libssl.so.3(OPENSSL_3.0.0)(64bit)", + "libz.so.1()(64bit)", + "openssl-libs(x86-64)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/56", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/56/f4b5dc4a47ffb587e40313bee98522ad623cd3", + "mode": 41471, + "size": 46, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libcurl.so.4", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libcurl.so.4.7.0", + "mode": 33261, + "size": 517016, + "digest": { + "algorithm": "sha256", + "value": "455008f34e03dfe048eb134380c9ad2c61f4f9ed4e6033760427ef6ae37a92b9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libcurl-minimal", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libcurl-minimal/COPYING", + "mode": 33188, + "size": 1088, + "digest": { + "algorithm": "sha256", + "value": "6fd1a1c008b5ef4c4741dd188c3f8af6944c14c25afa881eb064f98fb98358e7" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "5cff8fae12ce3677", + "name": "libdnf", + "version": "0.69.0-16.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libdnf:libdnf:0.69.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libdnf:0.69.0-16.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libdnf@0.69.0-16.el9?arch=x86_64&distro=rhel-9.7&upstream=libdnf-0.69.0-16.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libdnf", + "version": "0.69.0", + "epoch": null, + "architecture": "x86_64", + "release": "16.el9", + "sourceRpm": "libdnf-0.69.0-16.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Dec 2 04:26:57 1912", + "issuer": "431d51e80410008c" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun May 29 00:47:30 1927", + "issuer": "431d513a100ffe22" + } + ], + "size": 2147301, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libdnf", + "libdnf(x86-64)", + "libdnf.so.2()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.16)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.27)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.32)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libgcc_s.so.1()(64bit)", + "libgcc_s.so.1(GCC_3.0)(64bit)", + "libgcc_s.so.1(GCC_3.3.1)(64bit)", + "libgio-2.0.so.0()(64bit)", + "libglib-2.0.so.0()(64bit)", + "libgobject-2.0.so.0()(64bit)", + "libgpgme.so.11()(64bit)", + "libgpgme.so.11(GPGME_1.0)(64bit)", + "libgpgme.so.11(GPGME_1.1)(64bit)", + "libjson-c.so.5()(64bit)", + "libjson-c.so.5(JSONC_0.14)(64bit)", + "libmodulemd(x86-64)", + "libmodulemd.so.2()(64bit)", + "librepo(x86-64)", + "librepo.so.0()(64bit)", + "librhsm.so.0()(64bit)", + "librpm.so.9()(64bit)", + "librpmio.so.9()(64bit)", + "libselinux.so.1()(64bit)", + "libselinux.so.1(LIBSELINUX_1.0)(64bit)", + "libsmartcols.so.1()(64bit)", + "libsmartcols.so.1(SMARTCOLS_2.25)(64bit)", + "libsmartcols.so.1(SMARTCOLS_2.28)(64bit)", + "libsmartcols.so.1(SMARTCOLS_2.29)(64bit)", + "libsmartcols.so.1(SMARTCOLS_2.30)(64bit)", + "libsolv(x86-64)", + "libsolv.so.1()(64bit)", + "libsolv.so.1(SOLV_1.0)(64bit)", + "libsolv.so.1(SOLV_1.1)(64bit)", + "libsolvext.so.1()(64bit)", + "libsolvext.so.1(SOLV_1.0)(64bit)", + "libsqlite3.so.0()(64bit)", + "libstdc++.so.6()(64bit)", + "libstdc++.so.6(CXXABI_1.3)(64bit)", + "libstdc++.so.6(CXXABI_1.3.5)(64bit)", + "libstdc++.so.6(CXXABI_1.3.8)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.11)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.14)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.15)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.18)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.20)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.21)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.26)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.29)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.9)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7c/72cceef62023228db76a2f0961d2491b82ac20", + "mode": 41471, + "size": 33, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libdnf", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libdnf.so.2", + "mode": 33261, + "size": 1673224, + "digest": { + "algorithm": "sha256", + "value": "a7da408ef9d424047efa4b59f7e69272b93fb6979b956d286939fcb6292bb837" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libdnf/plugins", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libdnf/plugins/README", + "mode": 33188, + "size": 194, + "digest": { + "algorithm": "sha256", + "value": "73532ee155af95978529b5d896ed657ac8823a3ab32959bdde9719b35e6a7ae6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/libdnf", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/libdnf/AUTHORS", + "mode": 33188, + "size": 1125, + "digest": { + "algorithm": "sha256", + "value": "31d97c50072e6fa08fbfd81d27f7a4640be7b69ba11f74d6497e2d2b47ab2efb" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/libdnf/README.md", + "mode": 33188, + "size": 4252, + "digest": { + "algorithm": "sha256", + "value": "568c897e8db9ba48829b56c74ec080a43a67a9000b8c604df98c98bfb9fd4388" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/libdnf", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libdnf/COPYING", + "mode": 33188, + "size": 26530, + "digest": { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "0299e311fe243bca", + "name": "libevent", + "version": "2.1.12-8.el9_4", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD and ISC", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libevent:libevent:2.1.12-8.el9_4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libevent:2.1.12-8.el9_4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libevent@2.1.12-8.el9_4?arch=x86_64&distro=rhel-9.7&upstream=libevent-2.1.12-8.el9_4.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libevent", + "version": "2.1.12", + "epoch": null, + "architecture": "x86_64", + "release": "8.el9_4", + "sourceRpm": "libevent-2.1.12-8.el9_4.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Aug 9 14:41:18 1980", + "issuer": "431d5146130fff68" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Apr 15 20:21:20 1991", + "issuer": "431d51cba6100086" + } + ], + "size": 928090, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libevent", + "libevent(x86-64)", + "libevent-2.1.so.7()(64bit)", + "libevent_core-2.1.so.7()(64bit)", + "libevent_extra-2.1.so.7()(64bit)", + "libevent_openssl-2.1.so.7()(64bit)", + "libevent_pthreads-2.1.so.7()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.10)(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.25)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libc.so.6(GLIBC_2.9)(64bit)", + "libcrypto.so.3()(64bit)", + "libcrypto.so.3(OPENSSL_3.0.0)(64bit)", + "libssl.so.3()(64bit)", + "libssl.so.3(OPENSSL_3.0.0)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/16", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/16/cee243fdce95e18affadb10a67510e2880d3de", + "mode": 41471, + "size": 43, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/64", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/64/816153822a146af7610553e3c1444de334d260", + "mode": 41471, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6c/1576dc5f58c677eb0cd43b1aa3bb8d71ac75fc", + "mode": 41471, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/9c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/9c/4f6e0ca1b234612d0ba7b19a24c085f0dce103", + "mode": 41471, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a7", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a7/c52336e9e9147ad6457691cfe0051009db930e", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libevent-2.1.so.7", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libevent-2.1.so.7.0.1", + "mode": 33261, + "size": 365360, + "digest": { + "algorithm": "sha256", + "value": "bb9471ece95b9eed40f0a6b30d90305f8586573ef511945d0852aab8cd544c6f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libevent_core-2.1.so.7", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libevent_core-2.1.so.7.0.1", + "mode": 33261, + "size": 231848, + "digest": { + "algorithm": "sha256", + "value": "62e6a6c76d6478a2c2aa9548c5e8ee62d51fb2b9c3f59fdf773f3a8d7cab6b38" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libevent_extra-2.1.so.7", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libevent_extra-2.1.so.7.0.1", + "mode": 33261, + "size": 157248, + "digest": { + "algorithm": "sha256", + "value": "55995d6af18cb176d702d4f5ac0cc88816d91121b213425d688ddfe4520877d5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libevent_openssl-2.1.so.7", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libevent_openssl-2.1.so.7.0.1", + "mode": 33261, + "size": 36216, + "digest": { + "algorithm": "sha256", + "value": "639f118b45454cf12f92f9cb4ef1ffce8ac016729fb7c6089328859d54b25394" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libevent_pthreads-2.1.so.7", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libevent_pthreads-2.1.so.7.0.1", + "mode": 33261, + "size": 15296, + "digest": { + "algorithm": "sha256", + "value": "65bdebb29d7a1b9b3704d9e0a626d372548dcbae9e606282ece94ed4149c4569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libevent", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libevent/LICENSE", + "mode": 33188, + "size": 4528, + "digest": { + "algorithm": "sha256", + "value": "ff02effc9b331edcdac387d198691bfa3e575e7d244ad10cb826aa51ef085670" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "090027c7d7254e53", + "name": "libffi", + "version": "3.4.2-8.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libffi:libffi:3.4.2-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libffi:3.4.2-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libffi@3.4.2-8.el9?arch=x86_64&distro=rhel-9.7&upstream=libffi-3.4.2-8.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libffi", + "version": "3.4.2", + "epoch": null, + "architecture": "x86_64", + "release": "8.el9", + "sourceRpm": "libffi-3.4.2-8.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Apr 17 16:08:23 2023", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Apr 17 16:08:23 2023", + "issuer": "199e2f91fd431d51" + } + ], + "size": 65761, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libffi", + "libffi(x86-64)", + "libffi.so.8()(64bit)", + "libffi.so.8(LIBFFI_BASE_8.0)(64bit)", + "libffi.so.8(LIBFFI_CLOSURE_8.0)(64bit)", + "libffi.so.8(LIBFFI_COMPLEX_8.0)(64bit)", + "libffi.so.8(LIBFFI_GO_CLOSURE_8.0)(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.27)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5d/a92e5182a7fbe7c2997228ecbfb8d8603174b3", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libffi.so.8", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libffi.so.8.1.0", + "mode": 33261, + "size": 44784, + "digest": { + "algorithm": "sha256", + "value": "c575bec3faae030f61b7dd26a40480e60e6f0060e2b4d3a6f3cacd6da9fc01ff" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libffi", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libffi/LICENSE", + "mode": 33188, + "size": 1132, + "digest": { + "algorithm": "sha256", + "value": "a61d06e8f7be57928e71e800eb9273b05cb8868c484108afe41e4305bb320dde" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libgcc", + "version": "11.5.0", + "epoch": null, + "architecture": "x86_64", + "release": "11.el9", + "sourceRpm": "gcc-11.5.0-11.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 30 14:14:33 2030", + "issuer": "431d51ffd40ffd12" + } + ], + "size": 207028, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libgcc", + "libgcc(x86-64)", + "libgcc_s.so.1()(64bit)", + "libgcc_s.so.1(GCC_3.0)(64bit)", + "libgcc_s.so.1(GCC_3.3)(64bit)", + "libgcc_s.so.1(GCC_3.3.1)(64bit)", + "libgcc_s.so.1(GCC_3.4)(64bit)", + "libgcc_s.so.1(GCC_3.4.2)(64bit)", + "libgcc_s.so.1(GCC_3.4.4)(64bit)", + "libgcc_s.so.1(GCC_4.0.0)(64bit)", + "libgcc_s.so.1(GCC_4.2.0)(64bit)", + "libgcc_s.so.1(GCC_4.3.0)(64bit)", + "libgcc_s.so.1(GCC_4.7.0)(64bit)", + "libgcc_s.so.1(GCC_4.8.0)(64bit)", + "libgcc_s.so.1(GCC_7.0.0)(64bit)" + ], + "requires": [ + "libc.so.6(GLIBC_2.35)(64bit)", + "rpmlib(BuiltinLuaScripts)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [ + { + "path": "/lib64/libgcc_s-11-20240719.so.1", + "mode": 33261, + "size": 116408, + "digest": { + "algorithm": "sha256", + "value": "479b7e606457239009cff27bc79bd82eb7dbe0fe83f0df037721b102b823173c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/lib64/libgcc_s.so.1", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ed", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ed/e8a5646fe3c81b6ca3c539513666dd0812d390", + "mode": 41471, + "size": 43, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/share/licenses/libgcc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libgcc/COPYING", + "mode": 33188, + "size": 18002, + "digest": { + "algorithm": "sha256", + "value": "231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libgcc/COPYING.LIB", + "mode": 33188, + "size": 26440, + "digest": { + "algorithm": "sha256", + "value": "32434afcc8666ba060e111d715bfdb6c2d5dd8a35fa4d3ab8ad67d8f850d2f2b" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libgcc/COPYING.RUNTIME", + "mode": 33188, + "size": 3324, + "digest": { + "algorithm": "sha256", + "value": "9d6b43ce4d8de0c878bf16b54d8e7a10d9bd42b75178153e3af6a815bdc90f74" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libgcc/COPYING3", + "mode": 33188, + "size": 35147, + "digest": { + "algorithm": "sha256", + "value": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libgcc/COPYING3.LIB", + "mode": 33188, + "size": 7639, + "digest": { + "algorithm": "sha256", + "value": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "bdcb3bee3b1ed812", + "name": "libgcrypt", + "version": "1.10.0-11.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libgcrypt:libgcrypt:1.10.0-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libgcrypt:1.10.0-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=libgcrypt-1.10.0-11.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libgcrypt", + "version": "1.10.0", + "epoch": null, + "architecture": "x86_64", + "release": "11.el9", + "sourceRpm": "libgcrypt-1.10.0-11.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Sep 19 05:24:30 1955", + "issuer": "431d511e8a0fff76" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Sep 27 06:36:15 1904", + "issuer": "431d51bf9e0ffc0b" + } + ], + "size": 1398394, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libgcrypt", + "libgcrypt(x86-64)", + "libgcrypt.so.20()(64bit)", + "libgcrypt.so.20(GCRYPT_1.6)(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.25)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libgpg-error.so.0()(64bit)", + "libgpg-error.so.0(GPG_ERROR_1.0)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/etc/gcrypt", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/71", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/71/a633941f56ebc0558f1786d8d7c19d964290f7", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libgcrypt.so.20", + "mode": 41471, + "size": 19, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgcrypt.so.20.4.0", + "mode": 33261, + "size": 1304856, + "digest": { + "algorithm": "sha256", + "value": "ad3532c2f6a3bb7bf5d4cf3b5014e3db23a99ae4d7876882ccf56e898af6e81d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libgcrypt", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libgcrypt/COPYING.LIB", + "mode": 33188, + "size": 26536, + "digest": { + "algorithm": "sha256", + "value": "ca0061fc1381a3ab242310e4b3f56389f28e3d460eb2fd822ed7a21c6f030532" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "102fca6f01ef28cf", + "name": "libgpg-error", + "version": "1.42-5.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libgpg-error:libgpg-error:1.42-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libgpg-error:libgpg_error:1.42-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libgpg_error:libgpg-error:1.42-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libgpg_error:libgpg_error:1.42-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libgpg:libgpg-error:1.42-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libgpg:libgpg_error:1.42-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libgpg-error:1.42-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libgpg_error:1.42-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libgpg-error@1.42-5.el9?arch=x86_64&distro=rhel-9.7&upstream=libgpg-error-1.42-5.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libgpg-error", + "version": "1.42", + "epoch": null, + "architecture": "x86_64", + "release": "5.el9", + "sourceRpm": "libgpg-error-1.42-5.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Dec 14 14:47:16 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Dec 14 14:47:16 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 837088, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libgpg-error", + "libgpg-error(x86-64)", + "libgpg-error.so.0()(64bit)", + "libgpg-error.so.0(GPG_ERROR_1.0)(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libgpg-error.so.0()(64bit)", + "libgpg-error.so.0(GPG_ERROR_1.0)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/bin/gpg-error", + "mode": 33261, + "size": 36992, + "digest": { + "algorithm": "sha256", + "value": "5804e22c791634c44d17cb8cd342e7951bed5397eeb809f7f15b2674830529c4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/9d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/9d/27198f0ca61c66cd921675219dffc0bad16a1a", + "mode": 41471, + "size": 44, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/9e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/9e/3ca81b5f610e5f36c55158220044e8eb654fad", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libgpg-error.so.0", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libgpg-error.so.0.32.0", + "mode": 33261, + "size": 153600, + "digest": { + "algorithm": "sha256", + "value": "7c35a3105985309405449a6f609cab1b0971fd65d44d70c4780106c12673ba08" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/libgpg-error", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/libgpg-error/errorref.txt", + "mode": 33188, + "size": 38982, + "digest": { + "algorithm": "sha256", + "value": "feddde721e0488a9ea06eed9d12628ed156ca7645fcbc50f6405f16d858ef908" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libgpg-error", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libgpg-error/COPYING", + "mode": 33188, + "size": 18002, + "digest": { + "algorithm": "sha256", + "value": "231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libgpg-error/COPYING.LIB", + "mode": 33188, + "size": 26527, + "digest": { + "algorithm": "sha256", + "value": "a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "6a3c1818891dac67", + "name": "libidn2", + "version": "2.3.0-7.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "(GPLv2+ or LGPLv3+) and GPLv3+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libidn2:libidn2:2.3.0-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libidn2:2.3.0-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libidn2@2.3.0-7.el9?arch=x86_64&distro=rhel-9.7&upstream=libidn2-2.3.0-7.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libidn2", + "version": "2.3.0", + "epoch": null, + "architecture": "x86_64", + "release": "7.el9", + "sourceRpm": "libidn2-2.3.0-7.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 12:58:09 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 12:58:09 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 253460, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "bundled(gnulib)", + "libidn2", + "libidn2(x86-64)", + "libidn2.so.0()(64bit)", + "libidn2.so.0(IDN2_0.0.0)(64bit)", + "libidn2.so.0(IDN2_2.1.0)(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libunistring.so.2()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/95", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/95/8c50fc94ecb196b24f3619762e7ec3f28a5b40", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libidn2.so.0", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libidn2.so.0.3.7", + "mode": 33261, + "size": 130952, + "digest": { + "algorithm": "sha256", + "value": "dc245bad13edbcd52b6f654a3de2ddcb017c92590e0b7b473b8a69a3db3a2b9c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libidn2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libidn2/COPYING", + "mode": 33188, + "size": 1555, + "digest": { + "algorithm": "sha256", + "value": "73483f797a83373fca1b968c11785b98c4fc4803cdc7d3210811ca8b075d6d76" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libidn2/COPYING.LESSERv3", + "mode": 33188, + "size": 7651, + "digest": { + "algorithm": "sha256", + "value": "da7eabb7bafdf7d3ae5e9f223aa5bdc1eece45ac569dc21b3b037520b4464768" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libidn2/COPYING.unicode", + "mode": 33188, + "size": 8782, + "digest": { + "algorithm": "sha256", + "value": "01d621eef165cf4d3d3dbb737aa0699178d94c6f18cf87e9dde6db3ca7790f46" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libidn2/COPYINGv2", + "mode": 33188, + "size": 18092, + "digest": { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "b0dd457df676ceac", + "name": "libksba", + "version": "1.5.1-7.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "(LGPLv3+ or GPLv2+) and GPLv3+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libksba:libksba:1.5.1-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libksba:1.5.1-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libksba@1.5.1-7.el9?arch=x86_64&distro=rhel-9.7&upstream=libksba-1.5.1-7.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libksba", + "version": "1.5.1", + "epoch": null, + "architecture": "x86_64", + "release": "7.el9", + "sourceRpm": "libksba-1.5.1-7.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Sep 22 09:56:13 1917", + "issuer": "431d51e64e0ffe22" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Jun 6 13:20:44 1967", + "issuer": "431d512fe9100082" + } + ], + "size": 394486, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libksba", + "libksba(x86-64)", + "libksba.so.8()(64bit)", + "libksba.so.8(KSBA_0.9)(64bit)", + "libksba.so.8(KSBA_PRIVATE_TESTS)(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libgpg-error.so.0()(64bit)", + "libgpg-error.so.0(GPG_ERROR_1.0)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7f", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7f/a6d381de5ee955f4e2e81ebd0526eff15004bf", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libksba.so.8", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libksba.so.8.13.1", + "mode": 33261, + "size": 268760, + "digest": { + "algorithm": "sha256", + "value": "081792cc346461618b8723abc84afe792870d36452f47a3c2e7acab017c1021b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libksba", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libksba/COPYING", + "mode": 33188, + "size": 198, + "digest": { + "algorithm": "sha256", + "value": "6197b98c6bf69838c624809c509d84333de1bc847155168c0e84527446a27076" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libksba/COPYING.GPLv2", + "mode": 33188, + "size": 18092, + "digest": { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libksba/COPYING.GPLv3", + "mode": 33188, + "size": 35064, + "digest": { + "algorithm": "sha256", + "value": "0abbff814cd00e2b0b6d08395af2b419c1a92026c4b4adacbb65ccda45fa58cf" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libksba/COPYING.LGPLv3", + "mode": 33188, + "size": 7651, + "digest": { + "algorithm": "sha256", + "value": "da7eabb7bafdf7d3ae5e9f223aa5bdc1eece45ac569dc21b3b037520b4464768" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "b47dd00953817b05", + "name": "libmodulemd", + "version": "2.13.0-2.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libmodulemd:libmodulemd:2.13.0-2.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libmodulemd:2.13.0-2.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libmodulemd@2.13.0-2.el9?arch=x86_64&distro=rhel-9.7&upstream=libmodulemd-2.13.0-2.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libmodulemd", + "version": "2.13.0", + "epoch": null, + "architecture": "x86_64", + "release": "2.el9", + "sourceRpm": "libmodulemd-2.13.0-2.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 13:04:55 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 13:04:55 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 733911, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libmodulemd", + "libmodulemd(x86-64)", + "libmodulemd.so.2()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.28)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libgcc_s.so.1()(64bit)", + "libgcc_s.so.1(GCC_3.0)(64bit)", + "libgcc_s.so.1(GCC_3.3.1)(64bit)", + "libglib-2.0.so.0()(64bit)", + "libgobject-2.0.so.0()(64bit)", + "libmagic.so.1()(64bit)", + "libmodulemd.so.2()(64bit)", + "librpmio.so.9()(64bit)", + "libyaml-0.so.2()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/bin/modulemd-validator", + "mode": 33261, + "size": 29056, + "digest": { + "algorithm": "sha256", + "value": "b9f45047a342934d5aee3d2d068d5c158328200069855057af25f5e582c57e2e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/2a", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/2a/979739e8e87c899b7d1129d7469d77c3a87dd1", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/2c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/2c/73d592a7ba687e84a03200a6d654d0b93a9129", + "mode": 41471, + "size": 43, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/girepository-1.0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/Modulemd-2.0.typelib", + "mode": 33188, + "size": 53304, + "digest": { + "algorithm": "sha256", + "value": "b2efe05bbd9a1fccb5399815baa12ae9fb7f5776b30ea63517abda946089f4a0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libmodulemd.so.2", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libmodulemd.so.2.13.0", + "mode": 33261, + "size": 634720, + "digest": { + "algorithm": "sha256", + "value": "55d52f9d60881e172cfdea50c658d4890e2d5fd0cc9bc5bc69b3955514f0ff0d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libmodulemd", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libmodulemd/COPYING", + "mode": 33188, + "size": 1101, + "digest": { + "algorithm": "sha256", + "value": "40afccd95484d483800c17dd18a734518ba36e832841579a1f21dc94fb73bbdf" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libmount", + "version": "2.37.4", + "epoch": null, + "architecture": "x86_64", + "release": "21.el9", + "sourceRpm": "util-linux-2.37.4-21.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Nov 23 10:37:31 2026", + "issuer": "431d51a1350ffc0e" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat May 29 01:33:16 2010", + "issuer": "431d51ad600ffd1e" + } + ], + "size": 318437, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libmount", + "libmount(x86-64)", + "libmount.so.1()(64bit)", + "libmount.so.1(MOUNT_2.19)(64bit)", + "libmount.so.1(MOUNT_2.20)(64bit)", + "libmount.so.1(MOUNT_2.21)(64bit)", + "libmount.so.1(MOUNT_2.22)(64bit)", + "libmount.so.1(MOUNT_2.23)(64bit)", + "libmount.so.1(MOUNT_2.24)(64bit)", + "libmount.so.1(MOUNT_2.25)(64bit)", + "libmount.so.1(MOUNT_2.26)(64bit)", + "libmount.so.1(MOUNT_2.28)(64bit)", + "libmount.so.1(MOUNT_2.30)(64bit)", + "libmount.so.1(MOUNT_2.33)(64bit)", + "libmount.so.1(MOUNT_2.34)(64bit)", + "libmount.so.1(MOUNT_2_35)(64bit)", + "libmount.so.1(MOUNT_2_37)(64bit)", + "libmount.so.1(MOUNT_2_40)(64bit)" + ], + "requires": [ + "libblkid", + "libblkid.so.1()(64bit)", + "libblkid.so.1(BLKID_1.0)(64bit)", + "libblkid.so.1(BLKID_2.15)(64bit)", + "libblkid.so.1(BLKID_2.17)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.28)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libc.so.6(GLIBC_2.9)(64bit)", + "libselinux.so.1()(64bit)", + "libselinux.so.1(LIBSELINUX_1.0)(64bit)", + "libuuid", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c5", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c5/e77c2c14c2cef015d269969eb8cbdc2a65d72f", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libmount.so.1", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libmount.so.1.1.0", + "mode": 33261, + "size": 291496, + "digest": { + "algorithm": "sha256", + "value": "7b81c8c9169422ad2d4270b63d1fa817479edf0575ed1fa35178f0382e04e7fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libmount", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libmount/COPYING", + "mode": 33188, + "size": 355, + "digest": { + "algorithm": "sha256", + "value": "5f12c2408a84be40fbff8ad7e281aa4e884fb92ee3f9a61aedf886a9503d3500" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libmount/COPYING.LGPL-2.1-or-later", + "mode": 33188, + "size": 26530, + "digest": { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "8f40faa2a3bf3018", + "name": "libnghttp2", + "version": "1.43.0-6.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libnghttp2:libnghttp2:1.43.0-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libnghttp2:1.43.0-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=nghttp2-1.43.0-6.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libnghttp2", + "version": "1.43.0", + "epoch": null, + "architecture": "x86_64", + "release": "6.el9", + "sourceRpm": "nghttp2-1.43.0-6.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Nov 30 18:54:58 1949", + "issuer": "431d51c7d70ffd10" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu May 21 07:20:50 1970", + "issuer": "431d5118ca0fff75" + } + ], + "size": 169892, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libnghttp2", + "libnghttp2(x86-64)", + "libnghttp2.so.14()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6e/ded9daba30af8034bf45c5d1e33342c5ad74c9", + "mode": 41471, + "size": 43, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libnghttp2.so.14", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libnghttp2.so.14.20.1", + "mode": 33261, + "size": 168672, + "digest": { + "algorithm": "sha256", + "value": "04be3e1e30dc721889595dfc826aefb82d84994218b1e433f81f7e727c39791c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libnghttp2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libnghttp2/COPYING", + "mode": 33188, + "size": 1156, + "digest": { + "algorithm": "sha256", + "value": "6b94f3abc1aabd0c72a7c7d92a77f79dda7c8a0cb3df839a97890b4116a2de2a" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "bd201f1503e17989", + "name": "libpeas", + "version": "1.30.0-4.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libpeas:libpeas:1.30.0-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libpeas:1.30.0-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libpeas@1.30.0-4.el9?arch=x86_64&distro=rhel-9.7&upstream=libpeas-1.30.0-4.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libpeas", + "version": "1.30.0", + "epoch": null, + "architecture": "x86_64", + "release": "4.el9", + "sourceRpm": "libpeas-1.30.0-4.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 13:20:03 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 13:20:03 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 370454, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libpeas", + "libpeas(x86-64)", + "libpeas-1.0.so.0()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libgio-2.0.so.0()(64bit)", + "libgirepository-1.0.so.1()(64bit)", + "libglib-2.0.so.0()(64bit)", + "libgmodule-2.0.so.0()(64bit)", + "libgobject-2.0.so.0()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f7", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f7/4a1b1ab6b1d30f9dd3e86baa485d6ea8705b4f", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/girepository-1.0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/girepository-1.0/Peas-1.0.typelib", + "mode": 33188, + "size": 9364, + "digest": { + "algorithm": "sha256", + "value": "f565f6faf06dd6ab0d48b8222c9a57f8afd8fb3acac9b63bd72955c05854702b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpeas-1.0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpeas-1.0.so.0", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpeas-1.0.so.0.3000.0", + "mode": 33261, + "size": 98720, + "digest": { + "algorithm": "sha256", + "value": "f8b1dc530521545628192a831eaf36cc36499bd1ac28c8241bc6f2d114753df9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpeas-1.0/loaders", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libpeas", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libpeas/COPYING", + "mode": 33188, + "size": 26521, + "digest": { + "algorithm": "sha256", + "value": "592987e8510228d546540b84a22444bde98e48d03078d3b2eefcd889bec5ce8c" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "32c854c70c4b9bc6", + "name": "librepo", + "version": "1.14.5-3.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:librepo:librepo:1.14.5-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:librepo:1.14.5-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/librepo@1.14.5-3.el9?arch=x86_64&distro=rhel-9.7&upstream=librepo-1.14.5-3.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "librepo", + "version": "1.14.5", + "epoch": null, + "architecture": "x86_64", + "release": "3.el9", + "sourceRpm": "librepo-1.14.5-3.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Oct 1 05:21:13 1947", + "issuer": "431d517a0310009e" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Nov 25 16:31:43 2013", + "issuer": "431d51ff58100097" + } + ], + "size": 224508, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "librepo", + "librepo(x86-64)", + "librepo.so.0()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libcrypto.so.3()(64bit)", + "libcrypto.so.3(OPENSSL_3.0.0)(64bit)", + "libcurl(x86-64)", + "libcurl.so.4()(64bit)", + "libgcc_s.so.1()(64bit)", + "libgcc_s.so.1(GCC_3.0)(64bit)", + "libgcc_s.so.1(GCC_3.3.1)(64bit)", + "libglib-2.0.so.0()(64bit)", + "libgpgme.so.11()(64bit)", + "libgpgme.so.11(GPGME_1.0)(64bit)", + "libgpgme.so.11(GPGME_1.1)(64bit)", + "libselinux.so.1()(64bit)", + "libselinux.so.1(LIBSELINUX_1.0)(64bit)", + "libxml2.so.2()(64bit)", + "libxml2.so.2(LIBXML2_2.4.30)(64bit)", + "libxml2.so.2(LIBXML2_2.6.0)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/92", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/92/4805cbf263cc7afd3e1c40efa2cba3aee4587d", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/librepo.so.0", + "mode": 33261, + "size": 193824, + "digest": { + "algorithm": "sha256", + "value": "3702d466122ae54e25448209571edaa4588e2b77e5c301102d99240e4a4f339b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/librepo", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/librepo/README.md", + "mode": 33188, + "size": 4120, + "digest": { + "algorithm": "sha256", + "value": "126179a488975283a8ce48cd771b2816ada6771ac9f7b853ceb09fd31665e2b9" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/librepo", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/librepo/COPYING", + "mode": 33188, + "size": 26530, + "digest": { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "53232b1db4311718", + "name": "libreport-filesystem", + "version": "2.15.2-6.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libreport-filesystem:libreport-filesystem:2.15.2-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libreport-filesystem:libreport_filesystem:2.15.2-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libreport_filesystem:libreport-filesystem:2.15.2-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libreport_filesystem:libreport_filesystem:2.15.2-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libreport:libreport-filesystem:2.15.2-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libreport:libreport_filesystem:2.15.2-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libreport-filesystem:2.15.2-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libreport_filesystem:2.15.2-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libreport-filesystem@2.15.2-6.el9?arch=noarch&distro=rhel-9.7&upstream=libreport-2.15.2-6.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libreport-filesystem", + "version": "2.15.2", + "epoch": null, + "architecture": "noarch", + "release": "6.el9", + "sourceRpm": "libreport-2.15.2-6.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Jan 18 09:07:21 2022", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Jan 18 09:07:21 2022", + "issuer": "199e2f91fd431d51" + } + ], + "size": 0, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libreport-filesystem" + ], + "requires": [ + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [ + { + "path": "/etc/libreport", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/libreport/events", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/libreport/events.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/libreport/plugins", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/libreport/workflows.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/libreport", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/libreport/conf.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/libreport/conf.d/plugins", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/libreport/events", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/libreport/workflows", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "3bba3fa15b959901", + "name": "librhsm", + "version": "0.0.3-9.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:librhsm:librhsm:0.0.3-9.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:librhsm:0.0.3-9.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/librhsm@0.0.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=librhsm-0.0.3-9.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "librhsm", + "version": "0.0.3", + "epoch": null, + "architecture": "x86_64", + "release": "9.el9", + "sourceRpm": "librhsm-0.0.3-9.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Sep 16 04:16:54 1976", + "issuer": "431d5174500fff50" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Oct 14 01:21:48 1938", + "issuer": "431d514bb80fff77" + } + ], + "size": 79578, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "librhsm", + "librhsm(x86-64)", + "librhsm.so.0()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libcrypto.so.3()(64bit)", + "libcrypto.so.3(OPENSSL_3.0.0)(64bit)", + "libgcc_s.so.1()(64bit)", + "libgcc_s.so.1(GCC_3.0)(64bit)", + "libgcc_s.so.1(GCC_3.3.1)(64bit)", + "libgio-2.0.so.0()(64bit)", + "libglib-2.0.so.0()(64bit)", + "libgobject-2.0.so.0()(64bit)", + "libjson-glib-1.0.so.0()(64bit)", + "libjson-glib-1.0.so.0(libjson-glib-1.0.so.0)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/54", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/54/8c13b867427e592c2ef1468844f8cba5ec910d", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/librhsm.so.0", + "mode": 33261, + "size": 52864, + "digest": { + "algorithm": "sha256", + "value": "a5e26140e65f99559e39b6d532399de433af5e0eac6020301f98cdf2a1323977" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/librhsm", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/librhsm/COPYING", + "mode": 33188, + "size": 26530, + "digest": { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "ccc2461d41d72dde", + "name": "libselinux", + "version": "3.6-3.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Public Domain", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libselinux:libselinux:3.6-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libselinux:3.6-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libselinux@3.6-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libselinux-3.6-3.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libselinux", + "version": "3.6", + "epoch": null, + "architecture": "x86_64", + "release": "3.el9", + "sourceRpm": "libselinux-3.6-3.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Aug 17 14:56:14 1961", + "issuer": "431d5173e50ffe20" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Aug 5 16:27:22 1995", + "issuer": "431d51de8d10008c" + } + ], + "size": 176845, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libselinux", + "libselinux(x86-64)", + "libselinux.so.1()(64bit)", + "libselinux.so.1(LIBSELINUX_1.0)(64bit)", + "libselinux.so.1(LIBSELINUX_3.4)(64bit)", + "libselinux.so.1(LIBSELINUX_3.5)(64bit)" + ], + "requires": [ + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.26)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.30)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libpcre2-8.so.0()(64bit)", + "libsepol(x86-64)", + "pcre2", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/run/setrans", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/44", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/44/4caa5b1e6f2e1674a2927df3a29852d12b6c50", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/tmpfiles.d/libselinux.conf", + "mode": 33188, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libselinux.so.1", + "mode": 33261, + "size": 175744, + "digest": { + "algorithm": "sha256", + "value": "540225279c84a9ff7c668625b1987aa7f3be24215eb9480c0be73f47818df14c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libselinux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libselinux/LICENSE", + "mode": 33188, + "size": 1034, + "digest": { + "algorithm": "sha256", + "value": "86657b4c0fe868d7cbd977cb04c63b6c667e08fa51595a7bc846ad4bed8fc364" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "1d43a3fb8f185afb", + "name": "libsemanage", + "version": "3.6-5.el9_6", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libsemanage:libsemanage:3.6-5.el9_6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libsemanage:3.6-5.el9_6:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libsemanage@3.6-5.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libsemanage-3.6-5.el9_6.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libsemanage", + "version": "3.6", + "epoch": null, + "architecture": "x86_64", + "release": "5.el9_6", + "sourceRpm": "libsemanage-3.6-5.el9_6.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Oct 5 19:02:22 2015", + "issuer": "431d51f71e0fff53" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Jun 16 16:00:47 1922", + "issuer": "431d51e6ea10009c" + } + ], + "size": 307182, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "config(libsemanage)", + "libsemanage", + "libsemanage(x86-64)", + "libsemanage.so.2()(64bit)", + "libsemanage.so.2(LIBSEMANAGE_1.0)(64bit)", + "libsemanage.so.2(LIBSEMANAGE_1.1)(64bit)", + "libsemanage.so.2(LIBSEMANAGE_3.4)(64bit)" + ], + "requires": [ + "audit-libs", + "bzip2-libs", + "config(libsemanage)", + "libaudit.so.1()(64bit)", + "libbz2.so.1()(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libselinux(x86-64)", + "libselinux.so.1()(64bit)", + "libselinux.so.1(LIBSELINUX_1.0)(64bit)", + "libsepol.so.2()(64bit)", + "libsepol.so.2(LIBSEPOL_1.0)(64bit)", + "libsepol.so.2(LIBSEPOL_1.1)(64bit)", + "libsepol.so.2(LIBSEPOL_3.0)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/etc/selinux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/selinux/semanage.conf", + "mode": 33188, + "size": 2668, + "digest": { + "algorithm": "sha256", + "value": "8ba0df9a109dd136f1e8827343806ced9a0652c670c2572b4dd8642c67c27734" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/8a", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/8a/4df84a877ea17cf38cffc2014573aa67adfd50", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libsemanage.so.2", + "mode": 33261, + "size": 273096, + "digest": { + "algorithm": "sha256", + "value": "f2a08e1895cf389d80fda8b76380b2d6135930d1b31789fb678711f97dbc553c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/selinux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libsemanage", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libsemanage/LICENSE", + "mode": 33188, + "size": 26432, + "digest": { + "algorithm": "sha256", + "value": "6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man5/semanage.conf.5.gz", + "mode": 33188, + "size": 2100, + "digest": { + "algorithm": "sha256", + "value": "4dc05ad657fe57eccd803bbb48cfb8f8709c580b7516b335765eae58f2b46c36" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/ru/man5/semanage.conf.5.gz", + "mode": 33188, + "size": 2848, + "digest": { + "algorithm": "sha256", + "value": "3e66d6385e45e9085de1095632a5facf1004ce796b50e9f011d1ed2c80c946fd" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/var/lib/selinux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/lib/selinux/tmp", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "cecb06c03b371de6", + "name": "libsepol", + "version": "3.6-3.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libsepol:libsepol:3.6-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libsepol:3.6-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libsepol@3.6-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libsepol-3.6-3.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libsepol", + "version": "3.6", + "epoch": null, + "architecture": "x86_64", + "release": "3.el9", + "sourceRpm": "libsepol-3.6-3.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon May 28 21:39:49 1906", + "issuer": "431d51d51d0fff78" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Jan 9 04:22:29 1987", + "issuer": "431d5117c00ffd12" + } + ], + "size": 829131, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libsepol", + "libsepol(x86-64)", + "libsepol.so.2()(64bit)", + "libsepol.so.2(LIBSEPOL_1.0)(64bit)", + "libsepol.so.2(LIBSEPOL_1.1)(64bit)", + "libsepol.so.2(LIBSEPOL_3.0)(64bit)", + "libsepol.so.2(LIBSEPOL_3.4)(64bit)", + "libsepol.so.2(LIBSEPOL_3.6)(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.26)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/2f", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/2f/2f975641a943449472b8ace49066234b664aee", + "mode": 41471, + "size": 35, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libsepol.so.2", + "mode": 33261, + "size": 802664, + "digest": { + "algorithm": "sha256", + "value": "3b432f1a220b54f86e576e3a4b580e7ed99b1fc73e6cde52b21157c2c2271665" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libsepol", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libsepol/LICENSE", + "mode": 33188, + "size": 26432, + "digest": { + "algorithm": "sha256", + "value": "6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "2baa82c983b30582", + "name": "libsigsegv", + "version": "2.13-4.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libsigsegv:libsigsegv:2.13-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libsigsegv:2.13-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libsigsegv@2.13-4.el9?arch=x86_64&distro=rhel-9.7&upstream=libsigsegv-2.13-4.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libsigsegv", + "version": "2.13", + "epoch": null, + "architecture": "x86_64", + "release": "4.el9", + "sourceRpm": "libsigsegv-2.13-4.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 13:30:55 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 13:30:55 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 50338, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libsigsegv", + "libsigsegv(x86-64)", + "libsigsegv.so.2()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/aa", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/aa/50ef8ad2312df1077d9000206fa7796e568b7f", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libsigsegv.so.2", + "mode": 41471, + "size": 19, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libsigsegv.so.2.0.6", + "mode": 33261, + "size": 20192, + "digest": { + "algorithm": "sha256", + "value": "ed87f1cc009a33dec708be009dee5f66ac26f2b5e1638d8ff2c460e8c34f3375" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libsigsegv", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libsigsegv/COPYING", + "mode": 33188, + "size": 18154, + "digest": { + "algorithm": "sha256", + "value": "8f2983e9a940367f48999881c14775db725ee643bce1e2f1ba195eb629a33cde" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libsmartcols", + "version": "2.37.4", + "epoch": null, + "architecture": "x86_64", + "release": "21.el9", + "sourceRpm": "util-linux-2.37.4-21.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Dec 26 11:16:31 1966", + "issuer": "431d51f4bd0fff79" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Oct 4 16:06:47 1953", + "issuer": "431d5141fd0ffd14" + } + ], + "size": 134899, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libsmartcols", + "libsmartcols(x86-64)", + "libsmartcols.so.1()(64bit)", + "libsmartcols.so.1(SMARTCOLS_2.25)(64bit)", + "libsmartcols.so.1(SMARTCOLS_2.27)(64bit)", + "libsmartcols.so.1(SMARTCOLS_2.28)(64bit)", + "libsmartcols.so.1(SMARTCOLS_2.29)(64bit)", + "libsmartcols.so.1(SMARTCOLS_2.30)(64bit)", + "libsmartcols.so.1(SMARTCOLS_2.31)(64bit)", + "libsmartcols.so.1(SMARTCOLS_2.33)(64bit)", + "libsmartcols.so.1(SMARTCOLS_2.34)(64bit)", + "libsmartcols.so.1(SMARTCOLS_2.35)(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/87", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/87/b8e53f1c8e17f42aff8a66fa22838fde9aaa5f", + "mode": 41471, + "size": 43, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libsmartcols.so.1", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libsmartcols.so.1.1.0", + "mode": 33261, + "size": 107944, + "digest": { + "algorithm": "sha256", + "value": "03bf745caba1ab8438e6b8c3b1a45940a6908f95ab94f48415b6f56c85db20cf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libsmartcols", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libsmartcols/COPYING", + "mode": 33188, + "size": 361, + "digest": { + "algorithm": "sha256", + "value": "f03b01c1251bc3bfee959aea99ed7906a0b08a2ff132d55a1ece18ee573a52a1" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libsmartcols/COPYING.LGPL-2.1-or-later", + "mode": 33188, + "size": 26530, + "digest": { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "79ba35edcc44da5f", + "name": "libsolv", + "version": "0.7.24-3.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libsolv:libsolv:0.7.24-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libsolv:0.7.24-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libsolv@0.7.24-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libsolv-0.7.24-3.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libsolv", + "version": "0.7.24", + "epoch": null, + "architecture": "x86_64", + "release": "3.el9", + "sourceRpm": "libsolv-0.7.24-3.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Jul 30 01:07:50 1911", + "issuer": "431d51841f10008f" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Apr 9 10:28:24 1970", + "issuer": "431d51c1140ffe3e" + } + ], + "size": 917082, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libsolv", + "libsolv(x86-64)", + "libsolv.so.1()(64bit)", + "libsolv.so.1(SOLV_1.0)(64bit)", + "libsolv.so.1(SOLV_1.1)(64bit)", + "libsolv.so.1(SOLV_1.2)(64bit)", + "libsolv.so.1(SOLV_1.3)(64bit)", + "libsolvext.so.1()(64bit)", + "libsolvext.so.1(SOLV_1.0)(64bit)" + ], + "requires": [ + "libbz2.so.1()(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.28)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libcrypto.so.3()(64bit)", + "libcrypto.so.3(OPENSSL_3.0.0)(64bit)", + "liblzma.so.5()(64bit)", + "liblzma.so.5(XZ_5.0)(64bit)", + "librpm.so.9()(64bit)", + "librpmio.so.9()(64bit)", + "libsolv.so.1()(64bit)", + "libsolv.so.1(SOLV_1.0)(64bit)", + "libsolv.so.1(SOLV_1.1)(64bit)", + "libsolv.so.1(SOLV_1.3)(64bit)", + "libxml2.so.2()(64bit)", + "libxml2.so.2(LIBXML2_2.4.30)(64bit)", + "libxml2.so.2(LIBXML2_2.6.0)(64bit)", + "libz.so.1()(64bit)", + "libz.so.1(ZLIB_1.2.3.3)(64bit)", + "libzstd.so.1()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b0/62ba7d2dfbf11d99ea6f89e7d8d728e695d48c", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c2/351ecd0899d17f0d7c017d1e18dade19186ccc", + "mode": 41471, + "size": 34, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libsolv.so.1", + "mode": 33261, + "size": 639960, + "digest": { + "algorithm": "sha256", + "value": "073f24f7025c724f73f34a4657a56144ed6ecb2dd2a2a711d44302f92f4738a5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libsolvext.so.1", + "mode": 33261, + "size": 274536, + "digest": { + "algorithm": "sha256", + "value": "5b399a58080823e1a335fea1e445adb5c4b862bd6421840d5273e64f85463962" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libsolv", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libsolv/LICENSE.BSD", + "mode": 33188, + "size": 1381, + "digest": { + "algorithm": "sha256", + "value": "57f15acfb29fbef7749779e096a5885c60b716633e34484a21bb717554c0198f" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libstdc++", + "version": "11.5.0", + "epoch": null, + "architecture": "x86_64", + "release": "11.el9", + "sourceRpm": "gcc-11.5.0-11.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat May 11 01:02:54 2024", + "issuer": "431d5148c90fff53" + } + ], + "size": 2585745, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libstdc++", + "libstdc++(x86-64)", + "libstdc++.so.6()(64bit)", + "libstdc++.so.6(CXXABI_1.3)(64bit)", + "libstdc++.so.6(CXXABI_1.3.1)(64bit)", + "libstdc++.so.6(CXXABI_1.3.10)(64bit)", + "libstdc++.so.6(CXXABI_1.3.11)(64bit)", + "libstdc++.so.6(CXXABI_1.3.12)(64bit)", + "libstdc++.so.6(CXXABI_1.3.13)(64bit)", + "libstdc++.so.6(CXXABI_1.3.2)(64bit)", + "libstdc++.so.6(CXXABI_1.3.3)(64bit)", + "libstdc++.so.6(CXXABI_1.3.4)(64bit)", + "libstdc++.so.6(CXXABI_1.3.5)(64bit)", + "libstdc++.so.6(CXXABI_1.3.6)(64bit)", + "libstdc++.so.6(CXXABI_1.3.7)(64bit)", + "libstdc++.so.6(CXXABI_1.3.8)(64bit)", + "libstdc++.so.6(CXXABI_1.3.9)(64bit)", + "libstdc++.so.6(CXXABI_FLOAT128)(64bit)", + "libstdc++.so.6(CXXABI_TM_1)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.1)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.10)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.11)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.12)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.13)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.14)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.15)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.16)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.17)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.18)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.19)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.2)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.20)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.21)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.22)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.23)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.24)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.25)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.26)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.27)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.28)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.29)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.3)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.4)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.5)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.6)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.7)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.8)(64bit)", + "libstdc++.so.6(GLIBCXX_3.4.9)(64bit)" + ], + "requires": [ + "glibc", + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.16)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.18)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.32)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.6)(64bit)", + "libgcc_s.so.1()(64bit)", + "libgcc_s.so.1(GCC_3.0)(64bit)", + "libgcc_s.so.1(GCC_3.3)(64bit)", + "libgcc_s.so.1(GCC_4.2.0)(64bit)", + "libm.so.6()(64bit)", + "libm.so.6(GLIBC_2.2.5)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PartialHardlinkSets)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/82", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/82/8914dc8c7f5b2b66517df043be77ab739fbc22", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libstdc++.so.6", + "mode": 41471, + "size": 19, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libstdc++.so.6.0.29", + "mode": 33261, + "size": 2314704, + "digest": { + "algorithm": "sha256", + "value": "643060c81562d0c1bd8a0ec3888068cf5577d6ce8fa7d4aba5c509f7bb258bd9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx/__init__.py", + "mode": 33188, + "size": 1, + "digest": { + "algorithm": "sha256", + "value": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx/__pycache__", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx/__pycache__/__init__.cpython-39.opt-1.pyc", + "mode": 33188, + "size": 137, + "digest": { + "algorithm": "sha256", + "value": "0b55ea2691d26305fe18eeb3ce8f454b429400c73d236730a3f882448e9b84c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx/__pycache__/__init__.cpython-39.pyc", + "mode": 33188, + "size": 137, + "digest": { + "algorithm": "sha256", + "value": "0b55ea2691d26305fe18eeb3ce8f454b429400c73d236730a3f882448e9b84c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx/v6", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/__init__.py", + "mode": 33188, + "size": 1149, + "digest": { + "algorithm": "sha256", + "value": "2cafc1b79bcd4efab8233623bd93c7e1e1a6c29fcf80d5b7787ea9dbfe80dcda" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/__pycache__", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/__pycache__/__init__.cpython-39.opt-1.pyc", + "mode": 33188, + "size": 585, + "digest": { + "algorithm": "sha256", + "value": "84280c44fc615f742d769887602e8fac7ef4214d914fa7de04d333af7dc3a2c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/__pycache__/__init__.cpython-39.pyc", + "mode": 33188, + "size": 585, + "digest": { + "algorithm": "sha256", + "value": "84280c44fc615f742d769887602e8fac7ef4214d914fa7de04d333af7dc3a2c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/__pycache__/printers.cpython-39.opt-1.pyc", + "mode": 33188, + "size": 89656, + "digest": { + "algorithm": "sha256", + "value": "f86431757b85d352cf151ee3561cc0a709041919b5dd59f34f32be4a58632199" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/__pycache__/printers.cpython-39.pyc", + "mode": 33188, + "size": 89656, + "digest": { + "algorithm": "sha256", + "value": "f86431757b85d352cf151ee3561cc0a709041919b5dd59f34f32be4a58632199" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/__pycache__/xmethods.cpython-39.opt-1.pyc", + "mode": 33188, + "size": 35278, + "digest": { + "algorithm": "sha256", + "value": "fb597ed2c0c3453940eef336e47afbc92e7f13f3287ad1a9bdcc91d090631128" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/__pycache__/xmethods.cpython-39.pyc", + "mode": 33188, + "size": 35278, + "digest": { + "algorithm": "sha256", + "value": "fb597ed2c0c3453940eef336e47afbc92e7f13f3287ad1a9bdcc91d090631128" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/printers.py", + "mode": 33188, + "size": 112117, + "digest": { + "algorithm": "sha256", + "value": "26feccb2e10bea3e4cf01462ce1801eded90e3b0ab478f33aceea55acfe5cda3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/xmethods.py", + "mode": 33188, + "size": 28943, + "digest": { + "algorithm": "sha256", + "value": "ac13a5d60975756f3a6827e5c97521079b482114346c34b58ffd2d25e38762eb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gdb", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gdb/auto-load", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gdb/auto-load/usr", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gdb/auto-load/usr/lib64", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gdb/auto-load/usr/lib64/__pycache__", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gdb/auto-load/usr/lib64/__pycache__/libstdc++.so.6.0.29-gdb.cpython-39.opt-1.pyc", + "mode": 33188, + "size": 733, + "digest": { + "algorithm": "sha256", + "value": "40044a0eba476cb704f1c8ac09916d222ab5b8b0f3ccf34d0907fc1f912ecfa5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gdb/auto-load/usr/lib64/__pycache__/libstdc++.so.6.0.29-gdb.cpython-39.pyc", + "mode": 33188, + "size": 733, + "digest": { + "algorithm": "sha256", + "value": "40044a0eba476cb704f1c8ac09916d222ab5b8b0f3ccf34d0907fc1f912ecfa5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/gdb/auto-load/usr/lib64/libstdc++.so.6.0.29-gdb.py", + "mode": 33188, + "size": 2382, + "digest": { + "algorithm": "sha256", + "value": "930bba9ae3997868e991cab461ce9b9684c137eace1b5f2dbd957e03429105c5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv3+ and LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libtasn1", + "version": "4.16.0", + "epoch": null, + "architecture": "x86_64", + "release": "9.el9", + "sourceRpm": "libtasn1-4.16.0-9.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Dec 2 04:18:08 1928", + "issuer": "431d51ef4d0ffd11" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Apr 22 11:39:40 2010", + "issuer": "431d5162cf0ffd17" + } + ], + "size": 183364, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "bundled(gnulib)", + "libtasn1", + "libtasn1(x86-64)", + "libtasn1.so.6()(64bit)", + "libtasn1.so.6(LIBTASN1_0_3)(64bit)", + "libtasn1.so.6(LIBTASN1_4_16_0)(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/fb", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/fb/5d0ca43f62013acbdc74303fd2955202eb4a0c", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libtasn1.so.6", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libtasn1.so.6.6.0", + "mode": 33261, + "size": 94128, + "digest": { + "algorithm": "sha256", + "value": "f1e7a272c3ebc0068992ea6c098cd8ccbc79818762e67cce26647e3fb04b24dd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/libtasn1", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/libtasn1/AUTHORS", + "mode": 33188, + "size": 456, + "digest": { + "algorithm": "sha256", + "value": "949894e3b1d3952cbe5e2b16fcdcd2192d967e5da20d1f71bd8f434f6ccec2b1" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/libtasn1/NEWS", + "mode": 33188, + "size": 23701, + "digest": { + "algorithm": "sha256", + "value": "cd659d7c4dab21bbaecb9aa4c2908018a30b88e33b3bcc556484b177c2a78341" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/libtasn1/README.md", + "mode": 33188, + "size": 2741, + "digest": { + "algorithm": "sha256", + "value": "48572667217bbe68ab05d2188c09e45e569c04d3d16a0db4bddb42dcb1ae349b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/libtasn1", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libtasn1/COPYING", + "mode": 33188, + "size": 35147, + "digest": { + "algorithm": "sha256", + "value": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libtasn1/COPYING.LESSER", + "mode": 33188, + "size": 26530, + "digest": { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libtasn1/LICENSE", + "mode": 33188, + "size": 605, + "digest": { + "algorithm": "sha256", + "value": "7446831f659f7ebfd8d497acc7f05dfa8e31c6cb6ba1b45df33d4895ab80f5a6" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "923f2a036f9ecf65", + "name": "libtool-ltdl", + "version": "2.4.6-46.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libtool-ltdl:libtool-ltdl:2.4.6-46.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libtool-ltdl:libtool_ltdl:2.4.6-46.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libtool_ltdl:libtool-ltdl:2.4.6-46.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libtool_ltdl:libtool_ltdl:2.4.6-46.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libtool:libtool-ltdl:2.4.6-46.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:libtool:libtool_ltdl:2.4.6-46.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libtool-ltdl:2.4.6-46.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libtool_ltdl:2.4.6-46.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libtool-ltdl@2.4.6-46.el9?arch=x86_64&distro=rhel-9.7&upstream=libtool-2.4.6-46.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libtool-ltdl", + "version": "2.4.6", + "epoch": null, + "architecture": "x86_64", + "release": "46.el9", + "sourceRpm": "libtool-2.4.6-46.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Feb 13 17:33:53 1989", + "issuer": "431d5191af0fff6f" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Jul 9 02:19:04 1909", + "issuer": "431d51faa70fff5f" + } + ], + "size": 71568, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libltdl.so.7()(64bit)", + "libtool-libs", + "libtool-ltdl", + "libtool-ltdl(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f6", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f6/d9e48de308735adfd3ba95e01484b8f2bca8ad", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libltdl.so.7", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libltdl.so.7.3.1", + "mode": 33261, + "size": 44984, + "digest": { + "algorithm": "sha256", + "value": "0109357682ea87d4b4f479117555f863a0b3d2959100fc31a27252fffc5b5306" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libtool-ltdl", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libtool-ltdl/COPYING.LIB", + "mode": 33188, + "size": 26530, + "digest": { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "e1c9803b20913af1", + "name": "libunistring", + "version": "0.9.10-15.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv2+ or LGPLv3+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libunistring:libunistring:0.9.10-15.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libunistring:0.9.10-15.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libunistring@0.9.10-15.el9?arch=x86_64&distro=rhel-9.7&upstream=libunistring-0.9.10-15.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libunistring", + "version": "0.9.10", + "epoch": null, + "architecture": "x86_64", + "release": "15.el9", + "sourceRpm": "libunistring-0.9.10-15.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 13:39:56 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 13:39:56 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 1643051, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "bundled(gnulib)", + "libunistring", + "libunistring(x86-64)", + "libunistring.so.2()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/15", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/15/e34cdfafa3547f9c700489b842ceb86f6fb73e", + "mode": 41471, + "size": 43, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libunistring.so.2", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libunistring.so.2.1.0", + "mode": 33261, + "size": 1591920, + "digest": { + "algorithm": "sha256", + "value": "70b4c4050c4319fb109a3cf5745f9a6ab2e5862c6bc809aea0e4cb94c87978ef" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libunistring", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libunistring/COPYING", + "mode": 33188, + "size": 35147, + "digest": { + "algorithm": "sha256", + "value": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libunistring/COPYING.LIB", + "mode": 33188, + "size": 7639, + "digest": { + "algorithm": "sha256", + "value": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "2f1e24780cfea663", + "name": "libusbx", + "version": "1.0.26-1.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libusbx:libusbx:1.0.26-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libusbx:1.0.26-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libusbx@1.0.26-1.el9?arch=x86_64&distro=rhel-9.7&upstream=libusbx-1.0.26-1.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libusbx", + "version": "1.0.26", + "epoch": null, + "architecture": "x86_64", + "release": "1.el9", + "sourceRpm": "libusbx-1.0.26-1.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Apr 27 16:16:35 2022", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Apr 27 16:16:35 2022", + "issuer": "199e2f91fd431d51" + } + ], + "size": 169790, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libusb-1.0.so.0()(64bit)", + "libusb1", + "libusbx", + "libusbx(x86-64)" + ], + "requires": [ + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libudev.so.1()(64bit)", + "libudev.so.1(LIBUDEV_183)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/4c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/4c/9b198da1757c7a5b392aa5b87abc1826fecd14", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libusb-1.0.so.0", + "mode": 41471, + "size": 19, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libusb-1.0.so.0.3.0", + "mode": 33261, + "size": 124512, + "digest": { + "algorithm": "sha256", + "value": "09b5033698a18d0a8c10869482ebb4b6a978d8066d3f62e73c62def304a3ceeb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libusbx", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libusbx/COPYING", + "mode": 33188, + "size": 26436, + "digest": { + "algorithm": "sha256", + "value": "5df07007198989c622f5d41de8d703e7bef3d0e79d62e24332ee739a452af62a" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libuuid", + "version": "2.37.4", + "epoch": null, + "architecture": "x86_64", + "release": "21.el9", + "sourceRpm": "util-linux-2.37.4-21.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Oct 21 16:46:47 1925", + "issuer": "431d515e200ffc0b" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Apr 24 04:48:54 2021", + "issuer": "431d5129550fff6f" + } + ], + "size": 38109, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libuuid", + "libuuid(x86-64)", + "libuuid.so.1()(64bit)", + "libuuid.so.1(UUIDD_PRIVATE)(64bit)", + "libuuid.so.1(UUID_1.0)(64bit)", + "libuuid.so.1(UUID_2.20)(64bit)", + "libuuid.so.1(UUID_2.31)(64bit)", + "libuuid.so.1(UUID_2.36)(64bit)" + ], + "requires": [ + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.25)(64bit)", + "libc.so.6(GLIBC_2.28)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ae", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ae/02d73c5e47cd864ed3dd4d620be4fc04322d96", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libuuid.so.1", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libuuid.so.1.3.0", + "mode": 33261, + "size": 36440, + "digest": { + "algorithm": "sha256", + "value": "529d3f74689adfa49e416bdd75385f06733568724ebaf8411a5e0de140d8621a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libuuid", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libuuid/COPYING", + "mode": 33188, + "size": 224, + "digest": { + "algorithm": "sha256", + "value": "5068749ee9c2f2c545af4a4de9fde3c39dc8d90af47cc0b3a42700116f9b7e71" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libuuid/COPYING.BSD-3-Clause", + "mode": 33188, + "size": 1391, + "digest": { + "algorithm": "sha256", + "value": "9b718a9460fed5952466421235bc79eb49d4e9eacc920d7a9dd6285ab8fd6c6d" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "ec9dd0ac24b8d8c2", + "name": "libverto", + "version": "0.3.2-3.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libverto:libverto:0.3.2-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libverto:0.3.2-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libverto@0.3.2-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libverto-0.3.2-3.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libverto", + "version": "0.3.2", + "epoch": null, + "architecture": "x86_64", + "release": "3.el9", + "sourceRpm": "libverto-0.3.2-3.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 13:45:54 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 13:45:54 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 30365, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libverto", + "libverto(x86-64)", + "libverto.so.1()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/8b", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/8b/57fc54f83e2d9aa549b0cc6759210b44a583af", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libverto.so.1", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libverto.so.1.0.0", + "mode": 33261, + "size": 28472, + "digest": { + "algorithm": "sha256", + "value": "958431bde9ce05c76a54d56ed3a89fae93704e62d7e5c697ed9816c256611efc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libverto", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libverto/COPYING", + "mode": 33188, + "size": 1054, + "digest": { + "algorithm": "sha256", + "value": "ee2f49235ed5947ace182dcb3aba92655aeafab4f3a33c98a9c6d75a6a238480" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "726407ce9205c669", + "name": "libxcrypt", + "version": "4.4.18-3.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+ and BSD and Public Domain", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libxcrypt:libxcrypt:4.4.18-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libxcrypt:4.4.18-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libxcrypt@4.4.18-3.el9?arch=x86_64&distro=rhel-9.7&upstream=libxcrypt-4.4.18-3.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libxcrypt", + "version": "4.4.18", + "epoch": null, + "architecture": "x86_64", + "release": "3.el9", + "sourceRpm": "libxcrypt-4.4.18-3.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 13:46:55 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 13:46:55 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 270692, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libcrypt", + "libcrypt(x86-64)", + "libcrypt-nss", + "libcrypt-nss(x86-64)", + "libcrypt.so.2()(64bit)", + "libcrypt.so.2(XCRYPT_2.0)(64bit)", + "libcrypt.so.2(XCRYPT_4.3)(64bit)", + "libcrypt.so.2(XCRYPT_4.4)(64bit)", + "libxcrypt", + "libxcrypt(x86-64)", + "libxcrypt-common" + ], + "requires": [ + "glibc(x86-64)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.25)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6c/e4e5eb200e61d07398af52f8bcb316cf8466e0", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/fipscheck", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/fipscheck/libcrypt.so.2.0.0.hmac", + "mode": 33188, + "size": 65, + "digest": { + "algorithm": "sha256", + "value": "bdba59b24107da95ade6c1a6c359861baec8182ae70e871424578ef9c61cd389" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/fipscheck/libcrypt.so.2.hmac", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libcrypt.so.2", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libcrypt.so.2.0.0", + "mode": 33261, + "size": 201808, + "digest": { + "algorithm": "sha256", + "value": "67847e804cdd224fc438207e6919a69ce03cdede0fa3f3467fbd09b554640667" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libxcrypt", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libxcrypt/AUTHORS", + "mode": 33188, + "size": 1850, + "digest": { + "algorithm": "sha256", + "value": "6d1e45c055b6d9e9bf4e9521419eb3dee4ca42a02dd4d824beaaad476dacfdca" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libxcrypt/COPYING.LIB", + "mode": 33188, + "size": 26530, + "digest": { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libxcrypt/LICENSING", + "mode": 33188, + "size": 5534, + "digest": { + "algorithm": "sha256", + "value": "f8198fcc4f002bf54512bac2e68e1e3f04af7d105f4f4f98d7d22cb110e04715" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libxml2", + "version": "2.9.13", + "epoch": null, + "architecture": "x86_64", + "release": "14.el9_7", + "sourceRpm": "libxml2-2.9.13-14.el9_7.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Sep 22 19:57:53 1926", + "issuer": "431d517a3f0ffb05" + } + ], + "size": 1959268, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libxml2", + "libxml2(x86-64)", + "libxml2.so.2()(64bit)", + "libxml2.so.2(LIBXML2_2.4.30)(64bit)", + "libxml2.so.2(LIBXML2_2.5.0)(64bit)", + "libxml2.so.2(LIBXML2_2.5.2)(64bit)", + "libxml2.so.2(LIBXML2_2.5.4)(64bit)", + "libxml2.so.2(LIBXML2_2.5.5)(64bit)", + "libxml2.so.2(LIBXML2_2.5.6)(64bit)", + "libxml2.so.2(LIBXML2_2.5.7)(64bit)", + "libxml2.so.2(LIBXML2_2.5.8)(64bit)", + "libxml2.so.2(LIBXML2_2.5.9)(64bit)", + "libxml2.so.2(LIBXML2_2.6.0)(64bit)", + "libxml2.so.2(LIBXML2_2.6.1)(64bit)", + "libxml2.so.2(LIBXML2_2.6.10)(64bit)", + "libxml2.so.2(LIBXML2_2.6.11)(64bit)", + "libxml2.so.2(LIBXML2_2.6.12)(64bit)", + "libxml2.so.2(LIBXML2_2.6.14)(64bit)", + "libxml2.so.2(LIBXML2_2.6.15)(64bit)", + "libxml2.so.2(LIBXML2_2.6.16)(64bit)", + "libxml2.so.2(LIBXML2_2.6.17)(64bit)", + "libxml2.so.2(LIBXML2_2.6.18)(64bit)", + "libxml2.so.2(LIBXML2_2.6.19)(64bit)", + "libxml2.so.2(LIBXML2_2.6.2)(64bit)", + "libxml2.so.2(LIBXML2_2.6.20)(64bit)", + "libxml2.so.2(LIBXML2_2.6.21)(64bit)", + "libxml2.so.2(LIBXML2_2.6.23)(64bit)", + "libxml2.so.2(LIBXML2_2.6.24)(64bit)", + "libxml2.so.2(LIBXML2_2.6.25)(64bit)", + "libxml2.so.2(LIBXML2_2.6.27)(64bit)", + "libxml2.so.2(LIBXML2_2.6.28)(64bit)", + "libxml2.so.2(LIBXML2_2.6.29)(64bit)", + "libxml2.so.2(LIBXML2_2.6.3)(64bit)", + "libxml2.so.2(LIBXML2_2.6.32)(64bit)", + "libxml2.so.2(LIBXML2_2.6.5)(64bit)", + "libxml2.so.2(LIBXML2_2.6.6)(64bit)", + "libxml2.so.2(LIBXML2_2.6.7)(64bit)", + "libxml2.so.2(LIBXML2_2.6.8)(64bit)", + "libxml2.so.2(LIBXML2_2.7.0)(64bit)", + "libxml2.so.2(LIBXML2_2.7.3)(64bit)", + "libxml2.so.2(LIBXML2_2.7.4)(64bit)", + "libxml2.so.2(LIBXML2_2.8.0)(64bit)", + "libxml2.so.2(LIBXML2_2.9.0)(64bit)", + "libxml2.so.2(LIBXML2_2.9.1)(64bit)", + "libxml2.so.2(LIBXML2_2.9.11)(64bit)", + "libxml2.so.2(LIBXML2_2.9.8)(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.28)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "liblzma.so.5()(64bit)", + "liblzma.so.5(XZ_5.0)(64bit)", + "libm.so.6()(64bit)", + "libm.so.6(GLIBC_2.2.5)(64bit)", + "libm.so.6(GLIBC_2.29)(64bit)", + "libxml2.so.2()(64bit)", + "libxml2.so.2(LIBXML2_2.4.30)(64bit)", + "libxml2.so.2(LIBXML2_2.5.0)(64bit)", + "libxml2.so.2(LIBXML2_2.5.2)(64bit)", + "libxml2.so.2(LIBXML2_2.5.6)(64bit)", + "libxml2.so.2(LIBXML2_2.5.7)(64bit)", + "libxml2.so.2(LIBXML2_2.5.8)(64bit)", + "libxml2.so.2(LIBXML2_2.6.0)(64bit)", + "libxml2.so.2(LIBXML2_2.6.18)(64bit)", + "libxml2.so.2(LIBXML2_2.6.20)(64bit)", + "libxml2.so.2(LIBXML2_2.6.21)(64bit)", + "libxml2.so.2(LIBXML2_2.6.3)(64bit)", + "libxml2.so.2(LIBXML2_2.6.8)(64bit)", + "libxml2.so.2(LIBXML2_2.9.0)(64bit)", + "libz.so.1()(64bit)", + "libz.so.1(ZLIB_1.2.2.3)(64bit)", + "libz.so.1(ZLIB_1.2.3.3)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/bin/xmlcatalog", + "mode": 33261, + "size": 23704, + "digest": { + "algorithm": "sha256", + "value": "59edd482ec6b1015f014afb2dfbfbffe906ca8e3b6b3968f3276794b6d0af500" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/xmllint", + "mode": 33261, + "size": 82496, + "digest": { + "algorithm": "sha256", + "value": "d81629a128f77765908733a1a0eda0cf97353cd81e19a3269c4e56ce16c23b55" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3c/c18b6cc8c3e22d5e630ab414926bc92440c068", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3f", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3f/b6935dc371762966291aff2e8437a5b28fc55e", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/9a", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/9a/9e58af686cb218965d70c8c2130e7c8f95e956", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libxml2.so.2", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libxml2.so.2.9.13", + "mode": 33261, + "size": 1644712, + "digest": { + "algorithm": "sha256", + "value": "8eb25143b2fa588a7b9f4af0a8f44d580501d59ee5d7e2f20d726b2aaffab1a9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/libxml2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/libxml2/NEWS", + "mode": 33188, + "size": 183812, + "digest": { + "algorithm": "sha256", + "value": "847ddd05b336af3cb92cd69e855383c2f3b1cc5c0707afa5b081c50529a70671" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/libxml2/README.md", + "mode": 33188, + "size": 3744, + "digest": { + "algorithm": "sha256", + "value": "163a54f9593b6a7ef39caca031a9b9899dd60b3bb943527e71d699fabf5564ea" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/libxml2/TODO", + "mode": 33188, + "size": 11356, + "digest": { + "algorithm": "sha256", + "value": "8cbe077cd85d513ca3f3a8a51c3ccae43f6485b043aa1253954d0bddf5f9c817" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/libxml2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libxml2/Copyright", + "mode": 33188, + "size": 1289, + "digest": { + "algorithm": "sha256", + "value": "c5c63674f8a83c4d2e385d96d1c670a03cb871ba2927755467017317878574bd" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man1/xmlcatalog.1.gz", + "mode": 33188, + "size": 2762, + "digest": { + "algorithm": "sha256", + "value": "f37b82271f7f80e11f65c99ed88e5ff50297567dfcf5ddb65ddcaadcb53cca1a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/xmllint.1.gz", + "mode": 33188, + "size": 4431, + "digest": { + "algorithm": "sha256", + "value": "f5ac9d9ca2c53d99fe5e9f42c9958fd50857464c030f886ba0355685f37a1b95" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man3/libxml.3.gz", + "mode": 33188, + "size": 849, + "digest": { + "algorithm": "sha256", + "value": "05fb55e53f1c4006b2c7819b4aa82a72366e8721066e26db7f172834e370633d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "a495c2a7de1ac993", + "name": "libyaml", + "version": "0.2.5-7.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libyaml:libyaml:0.2.5-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libyaml:0.2.5-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libyaml@0.2.5-7.el9?arch=x86_64&distro=rhel-9.7&upstream=libyaml-0.2.5-7.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libyaml", + "version": "0.2.5", + "epoch": null, + "architecture": "x86_64", + "release": "7.el9", + "sourceRpm": "libyaml-0.2.5-7.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 13:49:51 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 13:49:51 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 138283, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libyaml", + "libyaml(x86-64)", + "libyaml-0.so.2()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b6", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b6/3afab9bfe8a249975629245ed1b47e4d425648", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libyaml-0.so.2", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libyaml-0.so.2.0.9", + "mode": 33261, + "size": 136048, + "digest": { + "algorithm": "sha256", + "value": "65b0fa7db95791f0b54442efde3dda6c81704eb0c0134e9371cfc76bd349f67c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libyaml", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libyaml/License", + "mode": 33188, + "size": 1101, + "digest": { + "algorithm": "sha256", + "value": "c40112449f254b9753045925248313e9270efa36d226b22d82d4cc6c43c57f29" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "88eb82cde1f0760c", + "name": "libzstd", + "version": "1.5.5-1.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD and GPLv2", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:libzstd:libzstd:1.5.5-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:libzstd:1.5.5-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/libzstd@1.5.5-1.el9?arch=x86_64&distro=rhel-9.7&upstream=zstd-1.5.5-1.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "libzstd", + "version": "1.5.5", + "epoch": null, + "architecture": "x86_64", + "release": "1.el9", + "sourceRpm": "zstd-1.5.5-1.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Aug 21 00:18:15 1936", + "issuer": "431d51af450ffc0e" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Sep 29 02:46:34 2029", + "issuer": "431d510f970ffb05" + } + ], + "size": 773894, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libzstd", + "libzstd(x86-64)", + "libzstd.so.1()(64bit)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/cd", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/cd/d7cc7da1ed3cde1a97fcb2584324ae48d56e7a", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libzstd.so.1", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libzstd.so.1.5.5", + "mode": 33261, + "size": 754200, + "digest": { + "algorithm": "sha256", + "value": "dc1ccdc94eea889670d6258a70ae51be922be6a4740eb44eee4f1baf012136b7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libzstd", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/libzstd/COPYING", + "mode": 33188, + "size": 18091, + "digest": { + "algorithm": "sha256", + "value": "f9c375a1be4a41f7b70301dd83c91cb89e41567478859b77eef375a52d782505" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/libzstd/LICENSE", + "mode": 33188, + "size": 1549, + "digest": { + "algorithm": "sha256", + "value": "7055266497633c9025b777c78eb7235af13922117480ed5c674677adc381c9d8" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "b9930935983f5330", + "name": "lua-libs", + "version": "5.4.4-4.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:lua-libs:lua-libs:5.4.4-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lua-libs:lua_libs:5.4.4-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lua_libs:lua-libs:5.4.4-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lua_libs:lua_libs:5.4.4-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:lua-libs:5.4.4-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:lua_libs:5.4.4-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lua:lua-libs:5.4.4-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lua:lua_libs:5.4.4-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/lua-libs@5.4.4-4.el9?arch=x86_64&distro=rhel-9.7&upstream=lua-5.4.4-4.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "lua-libs", + "version": "5.4.4", + "epoch": null, + "architecture": "x86_64", + "release": "4.el9", + "sourceRpm": "lua-5.4.4-4.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Apr 18 08:01:12 2023", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Apr 18 08:01:12 2023", + "issuer": "199e2f91fd431d51" + } + ], + "size": 287331, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "liblua-5.4.so()(64bit)", + "lua(abi)", + "lua-libs", + "lua-libs(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.11)(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libm.so.6()(64bit)", + "libm.so.6(GLIBC_2.2.5)(64bit)", + "libm.so.6(GLIBC_2.29)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/bb", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/bb/065a225d359af78d6cae687214feac86c97d9c", + "mode": 41471, + "size": 35, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/liblua-5.4.so", + "mode": 33261, + "size": 287296, + "digest": { + "algorithm": "sha256", + "value": "a51bea6a192c1ae861b20f871fca5e3ea4751b9ad31ca448d9799965d4b208fc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/lua", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/lua/5.4", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/lua", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/lua/5.4", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "0fc14552c6652ab5", + "name": "lz4-libs", + "version": "1.9.3-5.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv2+ and BSD", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:lz4-libs:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lz4-libs:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lz4_libs:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lz4_libs:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lz4:lz4-libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lz4:lz4_libs:1.9.3-5.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/lz4-libs@1.9.3-5.el9?arch=x86_64&distro=rhel-9.7&upstream=lz4-1.9.3-5.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "lz4-libs", + "version": "1.9.3", + "epoch": null, + "architecture": "x86_64", + "release": "5.el9", + "sourceRpm": "lz4-1.9.3-5.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 14:03:28 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 14:03:28 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 145483, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "liblz4.so.1()(64bit)", + "lz4-libs", + "lz4-libs(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/4d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/4d/32cb5fa39c86b05cc10cc380f3a8a0d6d9d648", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/liblz4.so.1", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/liblz4.so.1.9.3", + "mode": 33261, + "size": 144120, + "digest": { + "algorithm": "sha256", + "value": "cd2cd6b9b4ddc0fda8eb8bd2597566f50efd4848ce24f071c88385bae200e166" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "9564ca1ffe7fce37", + "name": "microdnf", + "version": "3.9.1-3.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:microdnf:microdnf:3.9.1-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:microdnf:3.9.1-3.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/microdnf@3.9.1-3.el9?arch=x86_64&distro=rhel-9.7&upstream=microdnf-3.9.1-3.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "microdnf", + "version": "3.9.1", + "epoch": null, + "architecture": "x86_64", + "release": "3.el9", + "sourceRpm": "microdnf-3.9.1-3.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Jan 6 16:30:12 2023", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Jan 6 16:30:12 2023", + "issuer": "199e2f91fd431d51" + } + ], + "size": 125966, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "microdnf", + "microdnf(x86-64)" + ], + "requires": [ + "dnf-data", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libdnf(x86-64)", + "libdnf.so.2()(64bit)", + "libgcc_s.so.1()(64bit)", + "libgcc_s.so.1(GCC_3.0)(64bit)", + "libgcc_s.so.1(GCC_3.3.1)(64bit)", + "libgio-2.0.so.0()(64bit)", + "libglib-2.0.so.0()(64bit)", + "libgobject-2.0.so.0()(64bit)", + "libpeas-1.0.so.0()(64bit)", + "librpmio.so.9()(64bit)", + "libsmartcols.so.1()(64bit)", + "libsmartcols.so.1(SMARTCOLS_2.25)(64bit)", + "libsmartcols.so.1(SMARTCOLS_2.29)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/bin/microdnf", + "mode": 33261, + "size": 104904, + "digest": { + "algorithm": "sha256", + "value": "725a49a7f9f827c96e9166259cbfb217fdc02a0e842707a7f8e42e764b1b82df" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/55", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/55/2f096a2acc66350bf0a883d85fe08b1de8c09b", + "mode": 41471, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/share/licenses/microdnf", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/microdnf/COPYING", + "mode": 33188, + "size": 18092, + "digest": { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "9606bf2c1d407bed", + "name": "mpfr", + "version": "4.1.0-7.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv3+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:mpfr:4.1.0-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:mpfr:mpfr:4.1.0-7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/mpfr@4.1.0-7.el9?arch=x86_64&distro=rhel-9.7&upstream=mpfr-4.1.0-7.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "mpfr", + "version": "4.1.0", + "epoch": null, + "architecture": "x86_64", + "release": "7.el9", + "sourceRpm": "mpfr-4.1.0-7.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 14:13:37 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 14:13:37 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 802539, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libmpfr.so.6()(64bit)", + "mpfr", + "mpfr(x86-64)", + "mpfr3" + ], + "requires": [ + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libgmp.so.10()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b3", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b3/e45f041571b21e84fbea475e777c9e6d816fd5", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libmpfr.so.6", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libmpfr.so.6.1.0", + "mode": 33261, + "size": 726864, + "digest": { + "algorithm": "sha256", + "value": "737d4ad1015f97e0bfa59cc62d79e2a5fe7ac62148fd7f2826977de75f2f9ba4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/mpfr", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/mpfr/COPYING", + "mode": 33188, + "size": 35149, + "digest": { + "algorithm": "sha256", + "value": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/mpfr/COPYING.LESSER", + "mode": 33188, + "size": 7652, + "digest": { + "algorithm": "sha256", + "value": "e3a994d82e644b03a792a930f574002658412f62407f5fee083f2555c5f23118" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "ncurses-base", + "version": "6.2", + "epoch": null, + "architecture": "noarch", + "release": "12.20210508.el9", + "sourceRpm": "ncurses-6.2-12.20210508.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Dec 3 04:52:40 1905", + "issuer": "431d5186370ffc09" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Apr 14 08:45:53 1922", + "issuer": "431d51a8ad0fff4d" + } + ], + "size": 307293, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "ncurses-base" + ], + "requires": [ + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PartialHardlinkSets)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [ + { + "path": "/etc/terminfo", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/ncurses-base", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/ncurses-base/README", + "mode": 33188, + "size": 10293, + "digest": { + "algorithm": "sha256", + "value": "07794ece2a1bbeb5f3760c201700436d9d88f77e902dc809dc44474345d7bfcb" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/ncurses-base", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/ncurses-base/COPYING", + "mode": 33188, + "size": 1447, + "digest": { + "algorithm": "sha256", + "value": "87a4c4442337b8968ef956031c406b74f9cb7149b7ba87311bdaba534816201c" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/tabset", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/tabset/std", + "mode": 33188, + "size": 135, + "digest": { + "algorithm": "sha256", + "value": "fbadb5f608b355fe481c0c7d9c6265b2372bfa35250662f81f68d46540080770" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/tabset/stdcrt", + "mode": 33188, + "size": 95, + "digest": { + "algorithm": "sha256", + "value": "cf6c37b18ceea7c306f7e3a5e604a03b0dfb9c22ec99163e4b52f885ce063145" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/tabset/vt100", + "mode": 33188, + "size": 160, + "digest": { + "algorithm": "sha256", + "value": "075251754239d9973945d82b95c18cd90997acd2017393e70c8832e9297de056" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/tabset/vt300", + "mode": 33188, + "size": 64, + "digest": { + "algorithm": "sha256", + "value": "61f8388cad6a381feb819bc6a8d299d06a853d15e1f4bfdfd6b6f40069ad4956" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/A", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/A/Apple_Terminal", + "mode": 33188, + "size": 1992, + "digest": { + "algorithm": "sha256", + "value": "e0c164ffe1cd8dbbb8162f5f0925424c401fd2871c8e4556f6a67b2f95a1ac7c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/E", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/E/Eterm", + "mode": 33188, + "size": 2224, + "digest": { + "algorithm": "sha256", + "value": "9c6c23dd46de071e5f5ee24cb2144f82e46365c9011bd8574bf210f0c8245043" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/E/Eterm-256color", + "mode": 33188, + "size": 2464, + "digest": { + "algorithm": "sha256", + "value": "6954921767095f6869584f352abe93a025c0a7b8babe3b100082f622e9f2e7c7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/E/Eterm-88color", + "mode": 33188, + "size": 2394, + "digest": { + "algorithm": "sha256", + "value": "7c9db2ec3a75e199ea30cb5daf86fcc90c9a96a1ae30e941556b4b55bb8cc71c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/E/Eterm-color", + "mode": 33188, + "size": 2224, + "digest": { + "algorithm": "sha256", + "value": "9c6c23dd46de071e5f5ee24cb2144f82e46365c9011bd8574bf210f0c8245043" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/a", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/a/alacritty", + "mode": 33188, + "size": 3653, + "digest": { + "algorithm": "sha256", + "value": "d92bacc079ad7110ea07f405850bc5cb07e33a7b721bb609065e10a1b465d4c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/a/ansi", + "mode": 33188, + "size": 1481, + "digest": { + "algorithm": "sha256", + "value": "93ec8cb9beb0c898ebc7dda0f670de31addb605be9005735228680d592cff657" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/a/ansi80x25", + "mode": 33188, + "size": 1502, + "digest": { + "algorithm": "sha256", + "value": "acd69b88fbc9045037b562dd67c876e88cc5d2616af20b9ca6c41d33ee335606" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/a/ansis", + "mode": 33188, + "size": 1502, + "digest": { + "algorithm": "sha256", + "value": "acd69b88fbc9045037b562dd67c876e88cc5d2616af20b9ca6c41d33ee335606" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/a/aterm", + "mode": 33188, + "size": 2192, + "digest": { + "algorithm": "sha256", + "value": "ec91b6e46b961cf52e1138691886a2de4ba2807eedd3502e5f11da197bc7cf9e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/b", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/b/bterm", + "mode": 33188, + "size": 1155, + "digest": { + "algorithm": "sha256", + "value": "b5166019760429c4d6150180f1c2dd81136488e21c36b564e605c9dc7366f1db" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/c/cons25", + "mode": 33188, + "size": 1502, + "digest": { + "algorithm": "sha256", + "value": "acd69b88fbc9045037b562dd67c876e88cc5d2616af20b9ca6c41d33ee335606" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/c/cygwin", + "mode": 33188, + "size": 1518, + "digest": { + "algorithm": "sha256", + "value": "3e04bfdcc0764f4e28655701864845752cd3f77d0c52390637ebe588f91665cf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/d/dumb", + "mode": 33188, + "size": 308, + "digest": { + "algorithm": "sha256", + "value": "123c85a2812a517d967db5f31660db0e6aded4a0b95ed943c5ab435368e7a25c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/e/eterm", + "mode": 33188, + "size": 842, + "digest": { + "algorithm": "sha256", + "value": "c79a54efd731abe696b0373d814c9a67839eb74229cb0f63ec436b43871b8a2a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/e/eterm-color", + "mode": 33188, + "size": 1249, + "digest": { + "algorithm": "sha256", + "value": "718af703c538849e5b13ca124dc0416a60e05f1eed5208f6d72836c51c108f31" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/g", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/g/gnome", + "mode": 33188, + "size": 3029, + "digest": { + "algorithm": "sha256", + "value": "9054b3a9afffd27c0fb4748f1181703168c8f0d0ce4dd0fa83af850a8672c2ab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/g/gnome-256color", + "mode": 33188, + "size": 3299, + "digest": { + "algorithm": "sha256", + "value": "7c411676c7c6aa80510f711598786df0ef9ad986bbe9496b71d41da73734dab4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/h", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/h/hurd", + "mode": 33188, + "size": 1580, + "digest": { + "algorithm": "sha256", + "value": "10aecfba156ec90c243267284da1f9d43b8e68813e58690c5870ae8d2a5ac9e9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/j", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/j/jfbterm", + "mode": 33188, + "size": 1616, + "digest": { + "algorithm": "sha256", + "value": "4598cafe3bdb6a266fbe58846482e57cece634382a0b002f95780a72df37c86e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/k", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/k/kitty", + "mode": 33188, + "size": 3142, + "digest": { + "algorithm": "sha256", + "value": "bccaa15c12d7fcf33aea0d7205588141d32c63834fca2d87e25fa07e57927f00" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/k/kon", + "mode": 33188, + "size": 1616, + "digest": { + "algorithm": "sha256", + "value": "4598cafe3bdb6a266fbe58846482e57cece634382a0b002f95780a72df37c86e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/k/kon2", + "mode": 33188, + "size": 1616, + "digest": { + "algorithm": "sha256", + "value": "4598cafe3bdb6a266fbe58846482e57cece634382a0b002f95780a72df37c86e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/k/konsole", + "mode": 33188, + "size": 3134, + "digest": { + "algorithm": "sha256", + "value": "f0300abc7f4b5f3ddb541c68c563171b4de742c9f1be1e0e06979ad50493b08e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/k/konsole-256color", + "mode": 33188, + "size": 3302, + "digest": { + "algorithm": "sha256", + "value": "ffccaf526a120f9c52c7fbff5ac0c60a1ec1d803c562a3bb62c5ecb3ff41adae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/l", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/l/linux", + "mode": 33188, + "size": 1728, + "digest": { + "algorithm": "sha256", + "value": "3eacc0f9dcd8aac29a7935eb1f78be5c51b24a5dd38065789bb326015c9a9836" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/m", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/m/mach", + "mode": 33188, + "size": 617, + "digest": { + "algorithm": "sha256", + "value": "ecd31c58040e5908eb434514e67620b2e4be538655126f427155760b273c7e9b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/m/mach-bold", + "mode": 33188, + "size": 652, + "digest": { + "algorithm": "sha256", + "value": "4e4400e3ad4df2dbbf90920860c540cd72552ca71a24b556a0b6ba62fa091b84" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/m/mach-color", + "mode": 33188, + "size": 1095, + "digest": { + "algorithm": "sha256", + "value": "5caa825bd606e26c8b6c55a3206eccfea525e788f74da5e7cb48cc713db52239" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/m/mach-gnu", + "mode": 33188, + "size": 1056, + "digest": { + "algorithm": "sha256", + "value": "99372cd399478be723230692595362004df345dee6c4145e4d109113a2357717" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/m/mach-gnu-color", + "mode": 33188, + "size": 1318, + "digest": { + "algorithm": "sha256", + "value": "e1c62541670d0e10fe46daabce8ce95d9fd77115a68106e5eb2c2a7647e40a13" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/m/mlterm", + "mode": 33188, + "size": 3126, + "digest": { + "algorithm": "sha256", + "value": "1334887ef2b3ca487e445ed9a0b03b3ec6750ed1617d8cad6416045a69d32cdf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/m/mrxvt", + "mode": 33188, + "size": 3044, + "digest": { + "algorithm": "sha256", + "value": "28e3b5820b9762eadf7201f9877f8e010fdeaf74a60ed12e94d3f39c24cc8d3f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/n", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/n/nsterm", + "mode": 33188, + "size": 1992, + "digest": { + "algorithm": "sha256", + "value": "e0c164ffe1cd8dbbb8162f5f0925424c401fd2871c8e4556f6a67b2f95a1ac7c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/n/nsterm-256color", + "mode": 33188, + "size": 1992, + "digest": { + "algorithm": "sha256", + "value": "e0c164ffe1cd8dbbb8162f5f0925424c401fd2871c8e4556f6a67b2f95a1ac7c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/n/nxterm", + "mode": 33188, + "size": 1551, + "digest": { + "algorithm": "sha256", + "value": "f74fe619914bfe650f6071bbbaf242c439de8a2f0ecefe9e80870216dfb844b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/p", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/p/pcansi", + "mode": 33188, + "size": 1198, + "digest": { + "algorithm": "sha256", + "value": "ecda9662049c96ee0a574f40cfb8950b0198b508b5b72a3de05774eb3cb3f34e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/p/putty", + "mode": 33188, + "size": 2387, + "digest": { + "algorithm": "sha256", + "value": "61c517a78fe0e43e1dc0c46211e2c21caff28dde5faec6dcac1854f406a8f198" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/p/putty-256color", + "mode": 33188, + "size": 2465, + "digest": { + "algorithm": "sha256", + "value": "f300b4599e56d79862ae9b2564b9a1c6b80b1e97377caff9cf5c0d3c321da1cf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/r", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/r/rxvt", + "mode": 33188, + "size": 2222, + "digest": { + "algorithm": "sha256", + "value": "fd66cf403b6a6dc0a9fb1644f5e90a6c045e121a2039086bc105995dee951cca" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/r/rxvt-16color", + "mode": 33188, + "size": 2494, + "digest": { + "algorithm": "sha256", + "value": "6ab73ad1b0b5fc6e7d8bba94dd640dd1ac0af130977ec0343722f844b1dc731f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/r/rxvt-256color", + "mode": 33188, + "size": 2460, + "digest": { + "algorithm": "sha256", + "value": "04d0d3eff9bad452bb14b3758c4550d2541804c47418dd8962738c8b0af56900" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/r/rxvt-88color", + "mode": 33188, + "size": 2428, + "digest": { + "algorithm": "sha256", + "value": "970530f4391f38cdd940ba3260e3be762b0106ce9e6566e44bce78eb83ebf667" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/r/rxvt-basic", + "mode": 33188, + "size": 2137, + "digest": { + "algorithm": "sha256", + "value": "8d7df7d5b30ab517c857ec8dd8bc19353536e19a8b4dab9b32dab7515ccc67fc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/r/rxvt-color", + "mode": 33188, + "size": 2226, + "digest": { + "algorithm": "sha256", + "value": "dba804770a9c6832dd1ac4f2fd209f8053aa5d01a89f60b9e2428c59e3500fc0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/r/rxvt-cygwin", + "mode": 33188, + "size": 2248, + "digest": { + "algorithm": "sha256", + "value": "524b0193a04a4f2d50d19846e47a36aac33161331e929820a5b229c73d0db700" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/r/rxvt-cygwin-native", + "mode": 33188, + "size": 2266, + "digest": { + "algorithm": "sha256", + "value": "bc25e9fefa0e94ecc6892a987c7e8ed4331475e35049a134e5e3903d681a0b52" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/r/rxvt-unicode", + "mode": 33188, + "size": 2208, + "digest": { + "algorithm": "sha256", + "value": "063264a85fd735a13028390c8d43cf38b5214417c6e48908eabb85bcdb9b7495" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/r/rxvt-unicode-256color", + "mode": 33188, + "size": 2234, + "digest": { + "algorithm": "sha256", + "value": "d713e450e914420493252afbde977cd3165ea649dfe5c33b0f518ec83b1afba1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/r/rxvt-xpm", + "mode": 33188, + "size": 2224, + "digest": { + "algorithm": "sha256", + "value": "331dd75bad5d1a9dffd4fd1ad254edfca32780ace51a22b1d8d657aebf03663f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen", + "mode": 33188, + "size": 1601, + "digest": { + "algorithm": "sha256", + "value": "8c9f1ec5d39d497e23943171bbba511c07192392a673ec642b0f805e1496c242" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen-16color", + "mode": 33188, + "size": 1877, + "digest": { + "algorithm": "sha256", + "value": "04e2d2a20905a85daf8c652e6cb359a4c43c0df0da42079fa250a40860b501bb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen-256color", + "mode": 33188, + "size": 1747, + "digest": { + "algorithm": "sha256", + "value": "cbac29ca9641403d7c2e377f4c54c52f24e811f98d47c71b599707e00ad91f0c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.Eterm", + "mode": 33188, + "size": 2255, + "digest": { + "algorithm": "sha256", + "value": "0cdc69a1a9d76f90782c9033fdaca7867d761dde7ae2cbd1277d8b1a2e84a859" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.gnome", + "mode": 33188, + "size": 3118, + "digest": { + "algorithm": "sha256", + "value": "a3eaa12685b0c5dc1c1fd813d9413b35ee0559658b738a7518d5ef82048fdd90" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.konsole", + "mode": 33188, + "size": 3152, + "digest": { + "algorithm": "sha256", + "value": "3589347d84695a08fa10f5468540eace3b8d5efe0473cfad05823fb42a7f4200" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.konsole-256color", + "mode": 33188, + "size": 3310, + "digest": { + "algorithm": "sha256", + "value": "a6a490ec343cba7c36539dadfa3662f014c19b567bdf0bdd49524757ea5555e3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.linux", + "mode": 33188, + "size": 1754, + "digest": { + "algorithm": "sha256", + "value": "f4cd95e072ac92d217e69b93d9da8209d6532bd67428b5f90395a02ba686d26b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.linux-s", + "mode": 33188, + "size": 1754, + "digest": { + "algorithm": "sha256", + "value": "f4cd95e072ac92d217e69b93d9da8209d6532bd67428b5f90395a02ba686d26b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.mlterm", + "mode": 33188, + "size": 3120, + "digest": { + "algorithm": "sha256", + "value": "f127db567ddf4fa0dc0aaf3d15dec44e876efb748ac6db252e2e9c716c925746" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.mlterm-256color", + "mode": 33188, + "size": 3290, + "digest": { + "algorithm": "sha256", + "value": "82996e7e225aafe638618c97025a9c7452ae8d1f29d5e677d1bccde3571b3956" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.mrxvt", + "mode": 33188, + "size": 3125, + "digest": { + "algorithm": "sha256", + "value": "8f9718e189abece10bf6d2371ed0fdfb9cd2b62485edcddfcde5e40c6905bb1e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.putty", + "mode": 33188, + "size": 2387, + "digest": { + "algorithm": "sha256", + "value": "79112ae95d9610b54e5f6e756cfc0dd95e8f126ac8f2b924df9818158c934b72" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.putty-256color", + "mode": 33188, + "size": 2479, + "digest": { + "algorithm": "sha256", + "value": "1c06f6fa536cb53c00337c19062698ac20c1ec07bb7925a9cf4fe5f833554dff" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.rxvt", + "mode": 33188, + "size": 2251, + "digest": { + "algorithm": "sha256", + "value": "8983e116d7c302b9764918d14a3a1f48efc0475da61bc1d9d094cfc111d470fd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.teraterm", + "mode": 33188, + "size": 1700, + "digest": { + "algorithm": "sha256", + "value": "e4167086215b313305bc5b19412c50ccc1bf794079b5ff459517a47574f625aa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.vte", + "mode": 33188, + "size": 3260, + "digest": { + "algorithm": "sha256", + "value": "a8304c19e96ef295020a0aad7f50e3fca43d1687ec4f1e238cbf2ac641b4a9b9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.vte-256color", + "mode": 33188, + "size": 3412, + "digest": { + "algorithm": "sha256", + "value": "eb2a1590196eb9238e5d89b6c4e0fec0a4fe8cb4e45747a781fb7c84b35a8002" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.xterm-256color", + "mode": 33188, + "size": 3575, + "digest": { + "algorithm": "sha256", + "value": "41464ca875edb94074f7f757d03c337daf45c3ef98258c6ab5113352b45c9599" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.xterm-new", + "mode": 33188, + "size": 3679, + "digest": { + "algorithm": "sha256", + "value": "50f7c84aeed647a706370427fb6833f9b069455f0479c5bceee310b1a603c1c3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.xterm-r6", + "mode": 33188, + "size": 1607, + "digest": { + "algorithm": "sha256", + "value": "d7b2d447bde520f07fb34eafaa5a52475c6a573cd25ffece947538111a082697" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/screen.xterm-xfree86", + "mode": 33188, + "size": 3679, + "digest": { + "algorithm": "sha256", + "value": "50f7c84aeed647a706370427fb6833f9b069455f0479c5bceee310b1a603c1c3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/st", + "mode": 33188, + "size": 2577, + "digest": { + "algorithm": "sha256", + "value": "04ec866bf3b2f7747f021870d7f3cfcc32b2c00933ed56da5f2c53276f98cc6d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/st-16color", + "mode": 33188, + "size": 2739, + "digest": { + "algorithm": "sha256", + "value": "9233dae204dcccbe231489b90e5a73b6960237cbdc66e5095a796687bbc98cad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/st-256color", + "mode": 33188, + "size": 2699, + "digest": { + "algorithm": "sha256", + "value": "1a0830080f6101ea005cad2f2dc14d7be90d6dd31bd2ef978717908b1f248732" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/stterm", + "mode": 33188, + "size": 2577, + "digest": { + "algorithm": "sha256", + "value": "04ec866bf3b2f7747f021870d7f3cfcc32b2c00933ed56da5f2c53276f98cc6d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/stterm-16color", + "mode": 33188, + "size": 2739, + "digest": { + "algorithm": "sha256", + "value": "9233dae204dcccbe231489b90e5a73b6960237cbdc66e5095a796687bbc98cad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/stterm-256color", + "mode": 33188, + "size": 2699, + "digest": { + "algorithm": "sha256", + "value": "1a0830080f6101ea005cad2f2dc14d7be90d6dd31bd2ef978717908b1f248732" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/sun", + "mode": 33188, + "size": 1004, + "digest": { + "algorithm": "sha256", + "value": "02e392161cb23f49a8fb1ba2f1a6583e013c0c26672f58c5eaca828db3b19914" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/sun1", + "mode": 33188, + "size": 1004, + "digest": { + "algorithm": "sha256", + "value": "02e392161cb23f49a8fb1ba2f1a6583e013c0c26672f58c5eaca828db3b19914" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/s/sun2", + "mode": 33188, + "size": 1004, + "digest": { + "algorithm": "sha256", + "value": "02e392161cb23f49a8fb1ba2f1a6583e013c0c26672f58c5eaca828db3b19914" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/t", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/t/teraterm", + "mode": 33188, + "size": 1683, + "digest": { + "algorithm": "sha256", + "value": "4e45171106372b30d13e11934d5cd217aef45dfc0f2c065b4b0b1f7d9d2cbf9e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/t/teraterm2.3", + "mode": 33188, + "size": 1592, + "digest": { + "algorithm": "sha256", + "value": "6598b360cd87b5c3e3f99a5b0b4d462c59e754bad79968febc84c77b7acc3bdc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/t/tmux", + "mode": 33188, + "size": 3101, + "digest": { + "algorithm": "sha256", + "value": "dfca8c55e27b29092119c636df3f294f91899c773cd88fd045211f33e4374b4e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/t/tmux-256color", + "mode": 33188, + "size": 3245, + "digest": { + "algorithm": "sha256", + "value": "0be91123144f84d33761a08e98ae0bef4fbf25ab73dac895d20f5baefa1e5f69" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/t/tmux-direct", + "mode": 33188, + "size": 3406, + "digest": { + "algorithm": "sha256", + "value": "a60c23f2642905644aba59b21d70a0d86ac8b3efb66a500e316dee0c77dfd01a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/v", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/v/vs100", + "mode": 33188, + "size": 1525, + "digest": { + "algorithm": "sha256", + "value": "2b1249158a7053eee58242625f79b29f35da721cbcf695a327521cfed3bec117" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/v/vt100", + "mode": 33188, + "size": 1190, + "digest": { + "algorithm": "sha256", + "value": "44fe1bfcc36f3a7669a387b623a44c360f9e150868f9924920182b44bcbbdba6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/v/vt100-am", + "mode": 33188, + "size": 1190, + "digest": { + "algorithm": "sha256", + "value": "44fe1bfcc36f3a7669a387b623a44c360f9e150868f9924920182b44bcbbdba6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/v/vt100-nav", + "mode": 33188, + "size": 1055, + "digest": { + "algorithm": "sha256", + "value": "e509a4ee7373ff884ef9b5b293fdffa88182711d6b0448fe99d2cbeb1939114a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/v/vt102", + "mode": 33188, + "size": 1184, + "digest": { + "algorithm": "sha256", + "value": "60e451f57c0308b79004ebc6189b49417b4ac11d783154072cae803a11af7d3f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/v/vt200", + "mode": 33188, + "size": 1391, + "digest": { + "algorithm": "sha256", + "value": "9454527a74b80c5d3f8489137b9cf0cbb38c6d2a700c0ac5894164409e10f3ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/v/vt220", + "mode": 33188, + "size": 1391, + "digest": { + "algorithm": "sha256", + "value": "9454527a74b80c5d3f8489137b9cf0cbb38c6d2a700c0ac5894164409e10f3ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/v/vt52", + "mode": 33188, + "size": 839, + "digest": { + "algorithm": "sha256", + "value": "e18f7a08c5e49f850f5673c1a393da8fce302dcbb960c546bb341ae858c953c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/v/vte", + "mode": 33188, + "size": 3254, + "digest": { + "algorithm": "sha256", + "value": "a59d832325bcaf79ee1e96dbabc05f82d576a3817e6295d151e8796a342ceb35" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/v/vte-256color", + "mode": 33188, + "size": 3504, + "digest": { + "algorithm": "sha256", + "value": "332a40dd7766bd6368ce500ecdff89b8ffec1022bd3d3e11e87ae4d68c95ff7d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/v/vwmterm", + "mode": 33188, + "size": 1302, + "digest": { + "algorithm": "sha256", + "value": "eae3fe39004992478d09bdb5063c6609f8c6f5119053de8fca645002b993b535" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/w", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/w/wsvt25", + "mode": 33188, + "size": 1597, + "digest": { + "algorithm": "sha256", + "value": "28d3410e6b83a3b78a41f108098ac8772a3af3ee2b627b9f9bb4b19b363a5be3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/w/wsvt25m", + "mode": 33188, + "size": 1607, + "digest": { + "algorithm": "sha256", + "value": "18c85db3b0ef0ab15b7eb8dc4ac6ea14a37d851628220c8bb61e2edfa4f81683" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xfce", + "mode": 33188, + "size": 2995, + "digest": { + "algorithm": "sha256", + "value": "390a5f18914c8c867a62637326b7a0f00ec72c746fe282efe55fa36746241c84" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm", + "mode": 33188, + "size": 3720, + "digest": { + "algorithm": "sha256", + "value": "e423b4b00aa50e3161ae0b0fca7c6019389a837bcdc29075dd40452aaff21579" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-1002", + "mode": 33188, + "size": 3701, + "digest": { + "algorithm": "sha256", + "value": "6daca159799eeebe2100543a42e2931777a978e59fb2bcc17d1693c146c5670f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-1003", + "mode": 33188, + "size": 3699, + "digest": { + "algorithm": "sha256", + "value": "35fa2e56262f3e1c790fc56846544b5385fc608a357989ef656b86c4f18aa042" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-1005", + "mode": 33188, + "size": 3714, + "digest": { + "algorithm": "sha256", + "value": "eff2d7f9eeaa5c20b0fabae9ce1a4637a15f2a1c3f732cf5f95fa98d19fd793b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-1006", + "mode": 33188, + "size": 3700, + "digest": { + "algorithm": "sha256", + "value": "57afd1b3d2629e6ac46123b3eeb12b80e8b5aff415a9f18613f86d2871336e31" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-16color", + "mode": 33188, + "size": 3958, + "digest": { + "algorithm": "sha256", + "value": "262a09a0f9ea8f8ea53ef151ed0283e25544897a1dea89307ffd5e5c863570a7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-24", + "mode": 33188, + "size": 1525, + "digest": { + "algorithm": "sha256", + "value": "2b1249158a7053eee58242625f79b29f35da721cbcf695a327521cfed3bec117" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-256color", + "mode": 33188, + "size": 3814, + "digest": { + "algorithm": "sha256", + "value": "680743a3e8a460e35683ba59e97b3579f6e25d5a104507040d256e703575de9b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-88color", + "mode": 33188, + "size": 3782, + "digest": { + "algorithm": "sha256", + "value": "e096ba9743b994565fc98ce40ff37cc8a7fd30d0a48e83f58bf5fb3a6e8cde8d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-8bit", + "mode": 33188, + "size": 1913, + "digest": { + "algorithm": "sha256", + "value": "999ec07a74a5587da0966f9a361e587143aeab35212cbab6ad4a03451ef797d1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-basic", + "mode": 33188, + "size": 1828, + "digest": { + "algorithm": "sha256", + "value": "5d54cb15056ae0a673ef75dcce8cc6966dbe74579808ea81180e84965871dca0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-bold", + "mode": 33188, + "size": 1592, + "digest": { + "algorithm": "sha256", + "value": "4296a878469b6bc5bab5acbce875e43bc501ab57a62d8d29cd34a424ba1e9de4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-color", + "mode": 33188, + "size": 1551, + "digest": { + "algorithm": "sha256", + "value": "f74fe619914bfe650f6071bbbaf242c439de8a2f0ecefe9e80870216dfb844b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-direct", + "mode": 33188, + "size": 3773, + "digest": { + "algorithm": "sha256", + "value": "63a281b88bfa1d525432c712c68887f2b6a321bcf5c1600451d116f5f89babcf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-direct16", + "mode": 33188, + "size": 3843, + "digest": { + "algorithm": "sha256", + "value": "767604eb2e2a242db60555bb2e4f801a045a3b03ec02f6aa318c321f7d29110d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-direct2", + "mode": 33188, + "size": 3763, + "digest": { + "algorithm": "sha256", + "value": "420b7a15d5023a4030742ccd48639de223cfbaeb675d4af7fc5882e822dfded8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-direct256", + "mode": 33188, + "size": 3901, + "digest": { + "algorithm": "sha256", + "value": "b80042a930fd54d642f2f4d194894c2b4344acaba4eb6032f30acb5d8b2d0a0c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-hp", + "mode": 33188, + "size": 2344, + "digest": { + "algorithm": "sha256", + "value": "f11650d98fd186dbeb717ec72a72c9a450a42ee0387d20f5408f75364f04c62b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-mono", + "mode": 33188, + "size": 1489, + "digest": { + "algorithm": "sha256", + "value": "3024be4c36be53d6468fa1e48a0f584a410a17e26c3c6e7826c815b4ef56c595" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-new", + "mode": 33188, + "size": 3714, + "digest": { + "algorithm": "sha256", + "value": "7ba565ab3d4132d6cb3ee77d4f3a82f74755294b40f155f5fb0f96138dd77e7d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-nic", + "mode": 33188, + "size": 3728, + "digest": { + "algorithm": "sha256", + "value": "d1ac522553500494c979be8912645b1b6036fb3803898e19d86b032f82ec98bc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-noapp", + "mode": 33188, + "size": 3676, + "digest": { + "algorithm": "sha256", + "value": "e4e0c9f4c27f51504e5eb67aa1ce121c663a759b1e2102338c20ecf6259794d7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-old", + "mode": 33188, + "size": 1493, + "digest": { + "algorithm": "sha256", + "value": "927b8821c947b96b020ca7341dffb57bdfa2986fcaecd5fdbf2ca2369eacc285" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-pcolor", + "mode": 33188, + "size": 1658, + "digest": { + "algorithm": "sha256", + "value": "1fc3a8c307a46818870ad4313246f62c439ca3ef704a947c09471e8cf335e2fe" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-r5", + "mode": 33188, + "size": 1301, + "digest": { + "algorithm": "sha256", + "value": "82098ec067be6189e91e8264278bb85fe3b7bfdeaa3754be301313be140522ca" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-r6", + "mode": 33188, + "size": 1491, + "digest": { + "algorithm": "sha256", + "value": "ee12fe6d2d8e1d0b83d1042fe8a38f1aed6fd73e2c7316e6db5ec5b061b09ef8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-sco", + "mode": 33188, + "size": 2520, + "digest": { + "algorithm": "sha256", + "value": "da57c8f3d66ce45f68d8c28dd360201c6e6918bb5da6947a80949129f5a93940" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-sun", + "mode": 33188, + "size": 2596, + "digest": { + "algorithm": "sha256", + "value": "12a8b1c0907e5a1cd1aa1b8c8815dc85477c7f953113d127a2dfca5eaf04c90d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-utf8", + "mode": 33188, + "size": 3737, + "digest": { + "algorithm": "sha256", + "value": "f00daefe425aeec94b657249dd6575b48a58b1a3db5feca318003799e9eac188" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-vt220", + "mode": 33188, + "size": 2406, + "digest": { + "algorithm": "sha256", + "value": "84a21605f8740519373ad315139195949c76cf63abd5a00f4315545c6b7f44be" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-vt52", + "mode": 33188, + "size": 537, + "digest": { + "algorithm": "sha256", + "value": "b3113c9b349f1fa3ab9d141a67742a14edde60e06a98c6c9adf4aaaf15afbb65" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-x10mouse", + "mode": 33188, + "size": 3696, + "digest": { + "algorithm": "sha256", + "value": "781b3399f614a9a456f266132e6da69a48a8974a2fef418ee0e546a001edc889" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-x11hilite", + "mode": 33188, + "size": 3724, + "digest": { + "algorithm": "sha256", + "value": "bc1edd65d8437128d901c1e4534872b9a5cdfc0b1e959c7f90191f20d0b10037" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-x11mouse", + "mode": 33188, + "size": 3708, + "digest": { + "algorithm": "sha256", + "value": "9b8944e971bc60997823a6660c79de5fd47f259ebd427b971353f53ff2083ca7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-xf86-v32", + "mode": 33188, + "size": 2006, + "digest": { + "algorithm": "sha256", + "value": "bf8cbc70b73992ca93b22f411bae2f71d613a69a9f0b59f0f9c2d5be12f982d8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-xf86-v33", + "mode": 33188, + "size": 1996, + "digest": { + "algorithm": "sha256", + "value": "d4127e626af189a2d56cc45e1c60e4e6ac32b4d55b9c417129bcc8369c347515" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-xf86-v333", + "mode": 33188, + "size": 2006, + "digest": { + "algorithm": "sha256", + "value": "24a1f8a18d96d544cef7c4427bee3f4b73fe12156e902ea214cf49d6807b3bb5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-xf86-v40", + "mode": 33188, + "size": 2212, + "digest": { + "algorithm": "sha256", + "value": "7da82a4679f772e87f3ca2b93740ee0d0e20f61a263bbfea31199566eab29536" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-xf86-v43", + "mode": 33188, + "size": 2226, + "digest": { + "algorithm": "sha256", + "value": "0507f61ded223aa930b87d22255974423d73fdd860ea588d4fd0b895e5d9d2ea" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-xf86-v44", + "mode": 33188, + "size": 2260, + "digest": { + "algorithm": "sha256", + "value": "1111271420d735b74ecb175e9fcb79847e6c0e298c3abfb2224747502a854adf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-xfree86", + "mode": 33188, + "size": 2240, + "digest": { + "algorithm": "sha256", + "value": "0827497deddd4ec9e9515dd9530e6b0bf92762553d1c4eedbca3459c1931775e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterm-xi", + "mode": 33188, + "size": 1986, + "digest": { + "algorithm": "sha256", + "value": "d89c9fe77fa62d5df516089d11422ede4b78c167cf061e17a183b663f022c051" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/terminfo/x/xterms", + "mode": 33188, + "size": 1525, + "digest": { + "algorithm": "sha256", + "value": "2b1249158a7053eee58242625f79b29f35da721cbcf695a327521cfed3bec117" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "ncurses-libs", + "version": "6.2", + "epoch": null, + "architecture": "x86_64", + "release": "12.20210508.el9", + "sourceRpm": "ncurses-6.2-12.20210508.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Jul 26 00:09:30 1942", + "issuer": "431d516d33100098" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Nov 4 03:52:43 1962", + "issuer": "431d51a4b80fff50" + } + ], + "size": 994415, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libform.so.6()(64bit)", + "libformw.so.6()(64bit)", + "libmenu.so.6()(64bit)", + "libmenuw.so.6()(64bit)", + "libncurses.so.6()(64bit)", + "libncursesw.so.6()(64bit)", + "libpanel.so.6()(64bit)", + "libpanelw.so.6()(64bit)", + "libtic.so.6()(64bit)", + "libtinfo.so.6()(64bit)", + "ncurses-libs", + "ncurses-libs(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.16)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libncurses.so.6()(64bit)", + "libncursesw.so.6()(64bit)", + "libtinfo.so.6()(64bit)", + "ncurses-base", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/29", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/29/13deb58b918ca11b8d02883677b9a0701f67b6", + "mode": 41471, + "size": 35, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/29/5406d5cdfd8cf4706b30d88f79adb7989b7f82", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/30", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/30/611bd6c4ce0a2a0401f8b311a5d651ed98b932", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/40", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/40/4b32531269880e3db0796ba25a608fb9b7475c", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6e/80d0895edeab1052d6333379a06bf6e6f19bbc", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/76", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/76/01d1f038062ea8fb86edeb26740902b16f7f00", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7c/8e5d16967af09af159943e9b2055977ee05fd3", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b0/95fe5cbd685a4cb4ade25d142ba1420a6885fc", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c8/99010b8f2cf4c337222050feb8159dbf96bc79", + "mode": 41471, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d3", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d3/34da16cb3192b4bab0dc37148892d3ea999b21", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f8/8552d4951d0b3422a5d13fbda36319bedd9243", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f9", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f9/99de754fd266dda7733969a4535c6273dacd36", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libform.so.6", + "mode": 41471, + "size": 14, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libform.so.6.2", + "mode": 33261, + "size": 75664, + "digest": { + "algorithm": "sha256", + "value": "4ed3ae67b980e0d0d15c16359295dbbd644e9f9d8ebaa841100d76713fbf995b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libformw.so.6", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libformw.so.6.2", + "mode": 33261, + "size": 84024, + "digest": { + "algorithm": "sha256", + "value": "977d21efa2c28e36821eddf3870647c5d53c0ffeffd12ba9048773e85f858bc2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libmenu.so.6", + "mode": 41471, + "size": 14, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libmenu.so.6.2", + "mode": 33261, + "size": 40816, + "digest": { + "algorithm": "sha256", + "value": "34513df5ec6d91e250f8a286f20065b28a785191b1e9fedaf2ce6bfe512cdebf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libmenuw.so.6", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libmenuw.so.6.2", + "mode": 33261, + "size": 40864, + "digest": { + "algorithm": "sha256", + "value": "f5f6ac15283f0c5dc949db6fe0a2c1081d348e670a4508cced0a3788e67b6f5d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libncurses.so.6", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libncurses.so.6.2", + "mode": 33261, + "size": 183176, + "digest": { + "algorithm": "sha256", + "value": "5167c013b62e1c1d80af8fcfc89259a71d9510729407994a0fef2009f31a9c7d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libncursesw.so.6", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libncursesw.so.6.2", + "mode": 33261, + "size": 262200, + "digest": { + "algorithm": "sha256", + "value": "a884db5dbd02cbf96325bdef4452111ecf35c657aba7543d9f9a4dad17692592" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpanel.so.6", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpanel.so.6.2", + "mode": 33261, + "size": 19376, + "digest": { + "algorithm": "sha256", + "value": "2c7538c00c9b18da60d7a1d7370557e36486597a513af8d7918d82dad73711a1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpanelw.so.6", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpanelw.so.6.2", + "mode": 33261, + "size": 19376, + "digest": { + "algorithm": "sha256", + "value": "a2629dcf273b9741a5bd67855fa276a0d532dd9453815246a8d3f42a229219d8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libtic.so.6", + "mode": 41471, + "size": 13, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libtic.so.6.2", + "mode": 33261, + "size": 73224, + "digest": { + "algorithm": "sha256", + "value": "169fd0998038aa0987f25827f8ce0fe9ee9ea82846958237c22f57bf0137209f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libtinfo.so.6", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libtinfo.so.6.2", + "mode": 33261, + "size": 195088, + "digest": { + "algorithm": "sha256", + "value": "7f6e6b4b437315880fb459256f663fe1cf96ffd437f9bdcdddc5c5104b89c3ff" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "d95be7a40dea16b9", + "name": "nettle", + "version": "3.10.1-1.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv3+ or GPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:nettle:nettle:3.10.1-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:nettle:3.10.1-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/nettle@3.10.1-1.el9?arch=x86_64&distro=rhel-9.7&upstream=nettle-3.10.1-1.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "nettle", + "version": "3.10.1", + "epoch": null, + "architecture": "x86_64", + "release": "1.el9", + "sourceRpm": "nettle-3.10.1-1.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Dec 29 01:52:19 1967", + "issuer": "431d5155330fff6e" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Mar 10 10:22:11 1958", + "issuer": "431d51af2110009c" + } + ], + "size": 1169592, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libhogweed.so.6()(64bit)", + "libhogweed.so.6(HOGWEED_6)(64bit)", + "libhogweed.so.6(HOGWEED_INTERNAL_6_10)(64bit)", + "libnettle.so.8()(64bit)", + "libnettle.so.8(NETTLE_8)(64bit)", + "libnettle.so.8(NETTLE_INTERNAL_8_10)(64bit)", + "nettle", + "nettle(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.25)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libnettle.so.8()(64bit)", + "libnettle.so.8(NETTLE_8)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/03", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/03/c000457a8368ccffe133042c63659411c4a341", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/06", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/06/150b774d790b81bfd1fbb65118248ca5a4aaeb", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/.libhogweed.so.6.10.hmac", + "mode": 33188, + "size": 65, + "digest": { + "algorithm": "sha256", + "value": "68415d666e8e68c53314e166e58224b00d7e509642ae3a639892317d21bf7bdf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/.libhogweed.so.6.hmac", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/.libnettle.so.8.10.hmac", + "mode": 33188, + "size": 65, + "digest": { + "algorithm": "sha256", + "value": "de1a92dfae5ba529c92fdcf4c9eeb9e679fd25519cd43b83db042f37fdee3262" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/.libnettle.so.8.hmac", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libhogweed.so.6", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libhogweed.so.6.10", + "mode": 33261, + "size": 630288, + "digest": { + "algorithm": "sha256", + "value": "14f31299ff681777715ecc787249d1033acd9032ea5870406014b7a13d9a8ea6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libnettle.so.8", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libnettle.so.8.10", + "mode": 33261, + "size": 361456, + "digest": { + "algorithm": "sha256", + "value": "d39fc751ef9f42edf10567fea505c55ef70dd2ebda3602c181cafd2fadc52e76" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/nettle", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/nettle/AUTHORS", + "mode": 33188, + "size": 4267, + "digest": { + "algorithm": "sha256", + "value": "6fd91e60caa0c33dd22888b710fcfa36532bbbef00d85c78de385dcd97f7b9ee" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/nettle/NEWS", + "mode": 33188, + "size": 70101, + "digest": { + "algorithm": "sha256", + "value": "a903faa402c389ef025f85eefbd860abca64fbe78d12b3a25a38e2aed351ca2b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/nettle/README", + "mode": 33188, + "size": 2437, + "digest": { + "algorithm": "sha256", + "value": "02cb98d7b68bd895fe26752c5f10d7eb23623dff90238998e019c26994c6739b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/info/nettle.info.gz", + "mode": 33188, + "size": 75021, + "digest": { + "algorithm": "sha256", + "value": "fc2a6c6468b27431d68e356f7ed60af36ca75dbf4cbc5cf965e832a927f7ada4" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/nettle", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/nettle/COPYING.LESSERv3", + "mode": 33188, + "size": 7639, + "digest": { + "algorithm": "sha256", + "value": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/nettle/COPYINGv2", + "mode": 33188, + "size": 18092, + "digest": { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "e8d4429184219587", + "name": "npth", + "version": "1.6-8.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:npth:1.6-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:npth:npth:1.6-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/npth@1.6-8.el9?arch=x86_64&distro=rhel-9.7&upstream=npth-1.6-8.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "npth", + "version": "1.6", + "epoch": null, + "architecture": "x86_64", + "release": "8.el9", + "sourceRpm": "npth-1.6-8.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 14:30:47 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 14:30:47 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 50619, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libnpth.so.0()(64bit)", + "libnpth.so.0(NPTH_1.0)(64bit)", + "npth", + "npth(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.32)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/95", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/95/bfc2157abb9519b0171da1a94d02f60c0bf00a", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libnpth.so.0", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libnpth.so.0.1.2", + "mode": 33261, + "size": 24040, + "digest": { + "algorithm": "sha256", + "value": "a90bc7657c5f2a4aeee8e6068c4e7318e856d5870e59203cc0f38e0d3e27ed78" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/npth", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/npth/COPYING.LIB", + "mode": 33188, + "size": 26525, + "digest": { + "algorithm": "sha256", + "value": "ce64d5f7b49ea6d80fdb6d4cdee6839d1a94274f7493dc797c3b55b65ec8e9ed" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "OLDAP-2.8", + "spdxExpression": "OLDAP-2.8", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "openldap", + "version": "2.6.8", + "epoch": null, + "architecture": "x86_64", + "release": "4.el9", + "sourceRpm": "openldap-2.6.8-4.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Jul 14 21:15:34 2026", + "issuer": "431d51ab010ffe23" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Sep 5 09:49:18 1933", + "issuer": "431d518049100085" + } + ], + "size": 1087273, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "config(openldap)", + "liblber.so.2()(64bit)", + "liblber.so.2(OPENLDAP_2.200)(64bit)", + "libldap.so.2()(64bit)", + "libldap.so.2(OPENLDAP_2.200)(64bit)", + "libslapi.so.2()(64bit)", + "openldap", + "openldap(x86-64)" + ], + "requires": [ + "config(openldap)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.22)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libcrypto.so.3()(64bit)", + "libcrypto.so.3(OPENSSL_3.0.0)(64bit)", + "libevent-2.1.so.7()(64bit)", + "liblber.so.2()(64bit)", + "liblber.so.2(OPENLDAP_2.200)(64bit)", + "libltdl.so.7()(64bit)", + "libsasl2.so.3()(64bit)", + "libssl.so.3()(64bit)", + "libssl.so.3(OPENSSL_3.0.0)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)", + "shadow-utils" + ], + "files": [ + { + "path": "/etc/openldap", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/openldap/certs", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/openldap/ldap.conf", + "mode": 33188, + "size": 900, + "digest": { + "algorithm": "sha256", + "value": "3bea281bbd267ed31c02249d9ce4c7659d764c6c36b0f0c81a39e4c810236eb2" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/06", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/06/7319a096c30186f826c60d9511bbfa8e757534", + "mode": 41471, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/0e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/0e/6238f8e85bdab2aa5eb6af638940fc43002ae5", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/22", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/22/bb3db52f15fedd684d9184775a13beec72a25a", + "mode": 41471, + "size": 47, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/24", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/24/2cb796619a8f7be99c6a586fede078525e7d11", + "mode": 41471, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/25", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/25/d2426729f16a80b3ace84ac0c8078c66c5c513", + "mode": 41471, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/32", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/32/7031f66bc45eeeacdbd795b3aea5b730f49e87", + "mode": 41471, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/37", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/37/b5b5650e53690c2c7ec0c6296d383a705095c3", + "mode": 41471, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3c/62d67c3229af398b76284fc62006eef7208c0d", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3d/b0b10e2c352aaf28a65e7f6eaf1db6bd380f1b", + "mode": 41471, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3e/24592b63a9f423d24516e355619ee33a1e9986", + "mode": 41471, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3f", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3f/f58accf0075b54a17de4a79f806069634bc409", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/3f/f58accf0075b54a17de4a79f806069634bc409.1", + "mode": 41471, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/41", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/41/a44f09d7d5160fa878c23affc9018d1e9051d7", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/45", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/45/1d4ce0fecae1a2283986ec6c50fa597d84b5b5", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/4a", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/4a/74f68147aa161dad035f0a31b5188136565060", + "mode": 41471, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/55", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/55/914bcc1557fde63b12ce61a059d1f144ae5e1d", + "mode": 41471, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/58", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/58/eba432c2e42d7bf7b2bb7df6128eb6d7f78f90", + "mode": 41471, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/59", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/59/1b9e8b549cee20b46f3cc02937e9a56bee7f68", + "mode": 41471, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5f", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5f/40d7d373f8bdb2f795bbb8340852b5db7fccbe", + "mode": 41471, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/68", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/68/0e4b1542e42246b65a962a87dd70fa241abc65", + "mode": 41471, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6b", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6b/c1b713d10b6b362577e6134e3e4d1b74e655e2", + "mode": 41471, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6f", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/6f/da84f94014e6bd9a45cc7a664bac2e7a2b62d3", + "mode": 41471, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/80", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/80/4a43c3a6399f7d9c04af2638b559f6c0a9df68", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/80/b8ee8d8bf02d12af22f0cb06d61a91583a22ae", + "mode": 41471, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/81", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/81/994b93eaac616faf4eaf9889e1616b18599c9f", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/85", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/85/379ef1ee52197a6bef2c454f4b49ada7179ff6", + "mode": 41471, + "size": 56, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/88", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/88/a76ed1ef1b41361c129ca4bd1adec3e6d95e72", + "mode": 41471, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/96", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/96/210f301ddc6e812c86d5a6d42bd11cee535902", + "mode": 41471, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a0/f7b0de3629068e3ef037e6988dc01156534724", + "mode": 41471, + "size": 51, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b2/cab7fa758ee42270799a444c76319c0712696c", + "mode": 41471, + "size": 49, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b9", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/b9/e87d831dfb3b80f76815e84adc0e6d07bb7bff", + "mode": 41471, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/bc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/bc/3bf3984d2bc76ba099ce97f744ee313df544ba", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/bf", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/bf/70e4d68c7f61c8ac10a966f0a76d1eb5e24732", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c7", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c7/5b46ed5c9ba87c43bae29156194d15b3b69581", + "mode": 41471, + "size": 53, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/cb", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/cb/b050a1c63616e4814665db57b258f20627a599", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/cd", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/cd/42bc33e8e3681cc42378a8ba6c1655f5ddcfb0", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d2/448c35d289836ff7511b56a4b96a89e60a6bde", + "mode": 41471, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d8", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d8/83b1753e8a1af3f993748dca141731d11a2ae0", + "mode": 41471, + "size": 47, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e6", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e6/a81b3dac47a7362996a161e8de823f831a98b8", + "mode": 41471, + "size": 48, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f4", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f4/743ace1aa6c5ad33766cde3975d539c5001675", + "mode": 41471, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f5", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f5/25856cdbf7581f5e7608279c8c7d2147137492", + "mode": 41471, + "size": 52, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/fe", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/fe/be290c7d50bdc7d651aa4d1cb7a5f0c5712fb5", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/liblber.so.2", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/liblber.so.2.0.200", + "mode": 33261, + "size": 70392, + "digest": { + "algorithm": "sha256", + "value": "cd4dbbf1476eb6dca1416018e12a6aaea0fba10595fe8209d22f67b07b5eb280" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libldap.so.2", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libldap.so.2.0.200", + "mode": 33261, + "size": 417720, + "digest": { + "algorithm": "sha256", + "value": "eb1f24b4e29e3d4400220b7be5bbdd23e6207ebe9a39bf5798b2bef268c1d03f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libldap_r.so.2", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libldap_r.so.2.0.200", + "mode": 33261, + "size": 417728, + "digest": { + "algorithm": "sha256", + "value": "52306b17c10badd3df615a0b37d84f3e8b369dd744008f0e8aa6466cb3314c0b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libslapi.so.2", + "mode": 41471, + "size": 19, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libslapi.so.2.0.200", + "mode": 33261, + "size": 144304, + "digest": { + "algorithm": "sha256", + "value": "df9f0e4780d61d1db2d01b9b6475685031956d1cf4bd194f9d58065741fbc4d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/openldap", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/openldap", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/openldap/ANNOUNCEMENT", + "mode": 33188, + "size": 3274, + "digest": { + "algorithm": "sha256", + "value": "bab2a80eab7ad580f678d677fb9a6ef2aa8608af0dda0c0b360a4ed288cbb10d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/openldap/CHANGES", + "mode": 33188, + "size": 14015, + "digest": { + "algorithm": "sha256", + "value": "8266a11815b7f36f069fc10e31e40adeb6c11c48167c3b09c453931bf290c206" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/openldap/README", + "mode": 33188, + "size": 3511, + "digest": { + "algorithm": "sha256", + "value": "5bf8efa8807f8d11f2040fda7d691e175494364b865bd31ef264d5cf05d64616" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/openldap", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/openldap/COPYRIGHT", + "mode": 33188, + "size": 2345, + "digest": { + "algorithm": "sha256", + "value": "128ecc86259c874aee293aa67409932d7eeb38f3fad07805c8f275c3a5af5c08" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/openldap/LICENSE", + "mode": 33188, + "size": 2214, + "digest": { + "algorithm": "sha256", + "value": "310fe25c858a9515fc8c8d7d1f24a67c9496f84a91e0a0e41ea9975b1371e569" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man5/ldap.conf.5.gz", + "mode": 33188, + "size": 6221, + "digest": { + "algorithm": "sha256", + "value": "6a4798b91dac99b776f00a21cf1c88ca5c81b30944a4978505824770c927c50f" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man5/ldif.5.gz", + "mode": 33188, + "size": 2545, + "digest": { + "algorithm": "sha256", + "value": "19d7126dab4ec06a2fe5d8a8e40f9a50fbf07d5aafe716b99f099901b82fe04c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "openssl", + "version": "3.5.1", + "epoch": 1, + "architecture": "x86_64", + "release": "4.el9_7", + "sourceRpm": "openssl-3.5.1-4.el9_7.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Jun 16 02:33:41 1962", + "issuer": "431d5111ad0ffd1a" + } + ], + "size": 2263368, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "openssl", + "openssl(x86-64)" + ], + "requires": [ + "/usr/bin/bash", + "/usr/bin/sh", + "coreutils", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libcrypto.so.3()(64bit)", + "libcrypto.so.3(OPENSSL_3.0.0)(64bit)", + "libcrypto.so.3(OPENSSL_3.0.3)(64bit)", + "libcrypto.so.3(OPENSSL_3.0.9)(64bit)", + "libcrypto.so.3(OPENSSL_3.2.0)(64bit)", + "libcrypto.so.3(OPENSSL_3.3.0)(64bit)", + "libcrypto.so.3(OPENSSL_3.4.0)(64bit)", + "libcrypto.so.3(OPENSSL_3.5.0)(64bit)", + "libssl.so.3()(64bit)", + "libssl.so.3(OPENSSL_3.0.0)(64bit)", + "libssl.so.3(OPENSSL_3.2.0)(64bit)", + "libssl.so.3(OPENSSL_3.4.0)(64bit)", + "openssl-libs(x86-64)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/bin/make-dummy-cert", + "mode": 33261, + "size": 614, + "digest": { + "algorithm": "sha256", + "value": "cfd4277160871e6446e2b6d61f2f66d76ee5598584d2323376fbed1f57a00127" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/openssl", + "mode": 33261, + "size": 1118440, + "digest": { + "algorithm": "sha256", + "value": "567921353e959d24997de445494075b780c7faacc1583c18a23f85d09c88bdc7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/renew-dummy-cert", + "mode": 33261, + "size": 729, + "digest": { + "algorithm": "sha256", + "value": "628d284ecb0d1abc737d58e771d1f7cab172c31df228699305eac299517fb5be" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/95", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/95/4c36096fc1604810d58e3c7e3237edab9b407f", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/share/doc/openssl", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/openssl/NEWS.md", + "mode": 33188, + "size": 91845, + "digest": { + "algorithm": "sha256", + "value": "2fba7a5c465ae545e821fd2db834e7b2de003f92efc906c565e0a5951f54a528" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/openssl/README.md", + "mode": 33188, + "size": 8137, + "digest": { + "algorithm": "sha256", + "value": "2bfd51ec120e0795439788274b5f447bb8559818fc4927e4712e73ac54c01c3f" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/openssl", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/openssl/LICENSE.txt", + "mode": 33188, + "size": 10175, + "digest": { + "algorithm": "sha256", + "value": "7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man1/asn1parse.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/c_rehash.1ossl.gz", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/ca.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/ciphers.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/cmp.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/cms.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/crl.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/crl2pkcs7.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/dgst.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/dhparam.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/dsa.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/dsaparam.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/ec.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/ecparam.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/enc.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/engine.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/errstr.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/gendsa.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/genpkey.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/genrsa.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/info.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/kdf.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/mac.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/nseq.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/ocsp.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-asn1parse.1ossl.gz", + "mode": 33188, + "size": 4679, + "digest": { + "algorithm": "sha256", + "value": "a0ce52a56454788bb16f91438d1da5930a12cfb05f0d98ec8a478b1fd46f97f1" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-ca.1ossl.gz", + "mode": 33188, + "size": 12533, + "digest": { + "algorithm": "sha256", + "value": "ba2ec3503896097f38b550a5ba98d2f24de17c37ac37f07530f0c735892867fc" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-ciphers.1ossl.gz", + "mode": 33188, + "size": 10223, + "digest": { + "algorithm": "sha256", + "value": "decbce1c3f5f5c92b1bb549e0b98d55becc3045e6feef229de85d06e670a6745" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-cmds.1ossl.gz", + "mode": 33188, + "size": 2913, + "digest": { + "algorithm": "sha256", + "value": "13f16cfcc1bfaa56786364f493f0714698268d989c8fdf7fd95f29ad184b495b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-cmp.1ossl.gz", + "mode": 33188, + "size": 18704, + "digest": { + "algorithm": "sha256", + "value": "2f8ca4481eb39bc817ad6b4bf36bf24363cffaee2c1c8321d4d57ba9c6e7458f" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-cms.1ossl.gz", + "mode": 33188, + "size": 11921, + "digest": { + "algorithm": "sha256", + "value": "4194e79cbeb99d9fceb15e3de46cef1528ccae1df8f7862b55d6f089246f6c9c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-crl.1ossl.gz", + "mode": 33188, + "size": 3537, + "digest": { + "algorithm": "sha256", + "value": "fdd71e29cf0152ac836b6756758431043734ada293fdfdc804fa52cc0fa8e3aa" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-crl2pkcs7.1ossl.gz", + "mode": 33188, + "size": 3076, + "digest": { + "algorithm": "sha256", + "value": "a4dbb658690bb84737bc4a92fb21509b4c57430b41edc8eed8d92e6c1fcf97c5" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-dgst.1ossl.gz", + "mode": 33188, + "size": 5278, + "digest": { + "algorithm": "sha256", + "value": "8dd74cd63a0c5884fc0ec7736640833ec9d5db7a02f563ba3bf581647c93fe3d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-dhparam.1ossl.gz", + "mode": 33188, + "size": 3635, + "digest": { + "algorithm": "sha256", + "value": "81e04af17f3ae310ca7af40e0ffe07d6d7eb89c7314242048a3c835adfff8970" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-dsa.1ossl.gz", + "mode": 33188, + "size": 3918, + "digest": { + "algorithm": "sha256", + "value": "7bb37e19c8a14f910e178e995d649ca298b34ae7b4fbcf60be5c0d9f68dbc75f" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-dsaparam.1ossl.gz", + "mode": 33188, + "size": 3274, + "digest": { + "algorithm": "sha256", + "value": "06ddd4843711d7017c3f0ed234fc746f187c68546b03d1c056806512e2865046" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-ec.1ossl.gz", + "mode": 33188, + "size": 4242, + "digest": { + "algorithm": "sha256", + "value": "f0af081ed85d16c96bda05cad016339c55e3493fc23bb2b913070e9a7cf29f57" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-ecparam.1ossl.gz", + "mode": 33188, + "size": 3882, + "digest": { + "algorithm": "sha256", + "value": "5d365cdcb2c292a88817920f5d74ef84952a431916b4fa1c21f9144971996d50" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-enc.1ossl.gz", + "mode": 33188, + "size": 7957, + "digest": { + "algorithm": "sha256", + "value": "b28610d86402ade133bb158254e18ef53a2fc16fb91fb88af3f811d8f48c5965" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-engine.1ossl.gz", + "mode": 33188, + "size": 3179, + "digest": { + "algorithm": "sha256", + "value": "28d2b002772754cafc485a4abd007b026237ed83943eabaa7214204ba635511a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-errstr.1ossl.gz", + "mode": 33188, + "size": 2325, + "digest": { + "algorithm": "sha256", + "value": "fd5de1e719e6a5c1f0a842fb9e2b54da97052ac5a7a4ae04cb1cdea8dc26ed63" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-fipsinstall.1ossl.gz", + "mode": 33188, + "size": 2119, + "digest": { + "algorithm": "sha256", + "value": "b0b014056355dc74fbc32293e78117e9dda84fdd2cdbedeb0cb0b852954791c1" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-format-options.1ossl.gz", + "mode": 33188, + "size": 3745, + "digest": { + "algorithm": "sha256", + "value": "0e7a10d5666f6f422a880740aae6ead06949daa307f09f69ef45914240c29e5f" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-gendsa.1ossl.gz", + "mode": 33188, + "size": 3090, + "digest": { + "algorithm": "sha256", + "value": "7dde50ca4c466ed84c8c49bfdeed956a1cca12a5b4b43febfff6d183abd7e902" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-genpkey.1ossl.gz", + "mode": 33188, + "size": 7094, + "digest": { + "algorithm": "sha256", + "value": "07647ebe6696c6683eac90b54f7594b9867ba1e2051387ef0f9a7d9dc3413c84" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-genrsa.1ossl.gz", + "mode": 33188, + "size": 3562, + "digest": { + "algorithm": "sha256", + "value": "c5307f47abdfae08b700c74c51fa2fc019e26525ec51fd272f4692fe25e636db" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-info.1ossl.gz", + "mode": 33188, + "size": 2663, + "digest": { + "algorithm": "sha256", + "value": "5e6fabb6c0b47b22c56df6561b6630d9f8d2b5c25ad3c8258a91166869cedbc2" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-kdf.1ossl.gz", + "mode": 33188, + "size": 4035, + "digest": { + "algorithm": "sha256", + "value": "86a04ed1bea44a9bd91fe29fe9d8bbf95562d1ad77ed7d1477d4e4cfa9bd4338" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-list.1ossl.gz", + "mode": 33188, + "size": 4576, + "digest": { + "algorithm": "sha256", + "value": "1a8253f01fec01da21ef4b6cb8b5883b9813d460f4d3e116f71af4c67a804c7f" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-mac.1ossl.gz", + "mode": 33188, + "size": 3699, + "digest": { + "algorithm": "sha256", + "value": "fd4a4af26c70e9bc7fc0adc2f6deb8b7e6a125dad0707161b3fad2fa7988061f" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-namedisplay-options.1ossl.gz", + "mode": 33188, + "size": 4294, + "digest": { + "algorithm": "sha256", + "value": "85daeaf62c824aeffa192e7692c2da898f7aaab20a2be1cc2ddf405b016df1a5" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-nseq.1ossl.gz", + "mode": 33188, + "size": 2699, + "digest": { + "algorithm": "sha256", + "value": "36ea2ef3b47fe1ce058c5a7a5614ef38f14916be27ce1e34d994da0c0d0e8b25" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-ocsp.1ossl.gz", + "mode": 33188, + "size": 9006, + "digest": { + "algorithm": "sha256", + "value": "1fefc553c8bee4da5510e37d74bbd5443574c86f1adfe26521c0d27c91411501" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-passphrase-options.1ossl.gz", + "mode": 33188, + "size": 2910, + "digest": { + "algorithm": "sha256", + "value": "1215642ca56ea98fb3554110717940611d283a35330c8e49ff62be79c2985817" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-passwd.1ossl.gz", + "mode": 33188, + "size": 3067, + "digest": { + "algorithm": "sha256", + "value": "61d6c8029652cf292f9accc9ac5d7e4f9cce3837a9511bdbeae34f51fa546b1c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-pkcs12.1ossl.gz", + "mode": 33188, + "size": 7809, + "digest": { + "algorithm": "sha256", + "value": "49c779c26e8d7517dfa1b81fc1b10fd3fbbe4ae27aa59d9bdd1c3e0440e405d3" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-pkcs7.1ossl.gz", + "mode": 33188, + "size": 3010, + "digest": { + "algorithm": "sha256", + "value": "50d47c97bc0bf527c3ddec527652f2eb5bf8349290d405a9986e095726c97eb8" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-pkcs8.1ossl.gz", + "mode": 33188, + "size": 5526, + "digest": { + "algorithm": "sha256", + "value": "2a52af3f158efa66f17fd476964df90b15d54e629e9653c5a6bc5b16b216803a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-pkey.1ossl.gz", + "mode": 33188, + "size": 4292, + "digest": { + "algorithm": "sha256", + "value": "347c59ed82070116d3b03ba3046652e1a3c2b50e2ff7d49f84d750f77071f220" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-pkeyparam.1ossl.gz", + "mode": 33188, + "size": 2854, + "digest": { + "algorithm": "sha256", + "value": "6d7165ea0da2945dd3f41666a8e10c61ba702d7f327aa505c6a66ee71b402741" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-pkeyutl.1ossl.gz", + "mode": 33188, + "size": 10192, + "digest": { + "algorithm": "sha256", + "value": "8f2b44c96ccbb55fcaa2cf701583c2597e6985ca6c87f8a1d2bbec28761b2dac" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-prime.1ossl.gz", + "mode": 33188, + "size": 2539, + "digest": { + "algorithm": "sha256", + "value": "0e88b29c9fa4fb46f94d9785eb7d70dd6bff2454f731507ce5cce1add8aabe31" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-rand.1ossl.gz", + "mode": 33188, + "size": 3013, + "digest": { + "algorithm": "sha256", + "value": "144b244ca66e06d4289caa9a303a3e2c1416170752cb86b26fd62aa0918687ac" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-rehash.1ossl.gz", + "mode": 33188, + "size": 3896, + "digest": { + "algorithm": "sha256", + "value": "79ee52d8d208a25b2e6dfe0ed187a9f0426a3b30eb889db486f946583a43307b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-req.1ossl.gz", + "mode": 33188, + "size": 11887, + "digest": { + "algorithm": "sha256", + "value": "fd9dce94f8ce2ba477b45017159c9a011451f6f6a2b7d3df91b7baf126f5b12d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-rsa.1ossl.gz", + "mode": 33188, + "size": 3988, + "digest": { + "algorithm": "sha256", + "value": "73a6f08cf45c8d6774dcc875a93ba1f080787ef38f8069453722b6375fc3a588" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-rsautl.1ossl.gz", + "mode": 33188, + "size": 4569, + "digest": { + "algorithm": "sha256", + "value": "94c3519d73257b23bb2ceb5f9db07a7dd1116607c3fd2e9c29239ea3c3c100b8" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-s_client.1ossl.gz", + "mode": 33188, + "size": 15303, + "digest": { + "algorithm": "sha256", + "value": "4cc184b090c5e3af8ca56a7e07bc6ab4cf3c9cabf41e2dafa39c1decc73518cf" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-s_server.1ossl.gz", + "mode": 33188, + "size": 12910, + "digest": { + "algorithm": "sha256", + "value": "b1ca021f127e7a0524de68efea2eb44d812eda8b0409ec626c15d65a600462ed" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-s_time.1ossl.gz", + "mode": 33188, + "size": 4702, + "digest": { + "algorithm": "sha256", + "value": "41f43614f21ef62aded42c8d9770bcb165b18f476a165517ebc2c109c9f2a72e" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-sess_id.1ossl.gz", + "mode": 33188, + "size": 3633, + "digest": { + "algorithm": "sha256", + "value": "7df302ef19413c9ff1c598ae1fb5257f4a1a1325ca77237f2d2ad54ad7add7ea" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-skeyutl.1ossl.gz", + "mode": 33188, + "size": 2773, + "digest": { + "algorithm": "sha256", + "value": "365383a274ab6e42dbb3231ee21037e61899411df15839210f276741300a2444" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-smime.1ossl.gz", + "mode": 33188, + "size": 8060, + "digest": { + "algorithm": "sha256", + "value": "5155022d88a491a02922a8d482dc86663be3a1d33a25566609c11ead5edc6f67" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-speed.1ossl.gz", + "mode": 33188, + "size": 3919, + "digest": { + "algorithm": "sha256", + "value": "6366b32f05ec4bb47f148dbf727aa350bf65a935fe88d6a02eb21ecbfce412e5" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-spkac.1ossl.gz", + "mode": 33188, + "size": 3848, + "digest": { + "algorithm": "sha256", + "value": "d7b36531335a31df1bc55ad230536ac6e725f883a9e5f0d251a78098dc326e8b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-srp.1ossl.gz", + "mode": 33188, + "size": 3087, + "digest": { + "algorithm": "sha256", + "value": "2876181cac05b7dd7f1e87ecbc0fb6a1eba864302f71358921931d50687f77c0" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-storeutl.1ossl.gz", + "mode": 33188, + "size": 3567, + "digest": { + "algorithm": "sha256", + "value": "cc06c20175fbe82118bce61d10b8cfe3bd50b227f8f63343bd9c0bbf1a162fc3" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-ts.1ossl.gz", + "mode": 33188, + "size": 9224, + "digest": { + "algorithm": "sha256", + "value": "b6adb937bdb7edac7bc24fc250f4ad1530b4e42f86d27715e0f8c5687de9a3d3" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-verification-options.1ossl.gz", + "mode": 33188, + "size": 11303, + "digest": { + "algorithm": "sha256", + "value": "b649be7a88f76256a0c77f7cec4547fb3fdaeab205232e89ab379c39ddc7fc59" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-verify.1ossl.gz", + "mode": 33188, + "size": 4317, + "digest": { + "algorithm": "sha256", + "value": "65c5178be1d6a4b480d07f1685eb89bf86210de69466e47718bf9f394ada57c9" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-version.1ossl.gz", + "mode": 33188, + "size": 2946, + "digest": { + "algorithm": "sha256", + "value": "802b7ad6000cdc7aa8d023b2787bb9ab589a1e9fad7d306d45041d4983e1265e" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl-x509.1ossl.gz", + "mode": 33188, + "size": 10222, + "digest": { + "algorithm": "sha256", + "value": "6c5646bc4c3ac256d99e8bf91f45691c175c8cd073d802aa2d4d18fc49209f4a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/openssl.1ossl.gz", + "mode": 33188, + "size": 9598, + "digest": { + "algorithm": "sha256", + "value": "a6c0a4615b2e1095feae2e550939d82c5dcb3ba9f06238861b9937c457649e9c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/passwd.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/pkcs12.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/pkcs7.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/pkcs8.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/pkey.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/pkeyparam.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/pkeyutl.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/prime.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/rand.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/rehash.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/req.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/rsa.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/rsautl.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/s_client.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/s_server.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/s_time.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/sess_id.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/smime.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/speed.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/spkac.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/srp.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/storeutl.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/ts.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/verify.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/version.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/x509.1ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man5/fips_config.5ossl.gz", + "mode": 33188, + "size": 2375, + "digest": { + "algorithm": "sha256", + "value": "15a810d87d38173692c0e9878afed1ff4e4eb6e2ac8b3d12409560a4ae0f3f1a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man5/openssl.cnf.5.gz", + "mode": 33188, + "size": 9681, + "digest": { + "algorithm": "sha256", + "value": "d80417a1e70f6dd7f75bb236c2791b8d51689af0579c96374c659edd31e33ccf" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man5/x509v3_config.5ossl.gz", + "mode": 33188, + "size": 8861, + "digest": { + "algorithm": "sha256", + "value": "c7a73764eb27b51ff855e31ffda6a5e5aafc611b73320e49f1a70a7da2c2186b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ossl.gz", + "mode": 33188, + "size": 3329, + "digest": { + "algorithm": "sha256", + "value": "9adb66a06899ddd4211ecbe7d75260c88949eaf35095416aa288cd4cd7173f3e" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ossl.gz", + "mode": 33188, + "size": 2321, + "digest": { + "algorithm": "sha256", + "value": "678519b9df1ac01a19a7e6581d663f1455e65f90b68376fcbebe346bfd29c323" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_CIPHER-AES.7ossl.gz", + "mode": 33188, + "size": 3373, + "digest": { + "algorithm": "sha256", + "value": "6f821d9bc04c2757f4891deead2c80de75b67742c880a3af4cd9c4f88a62fb4b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_CIPHER-ARIA.7ossl.gz", + "mode": 33188, + "size": 2681, + "digest": { + "algorithm": "sha256", + "value": "3f6fc3b6e06f7c200eb9317d1f1407d2ee436253ae2ef528ed0fd5769b2d284a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ossl.gz", + "mode": 33188, + "size": 2324, + "digest": { + "algorithm": "sha256", + "value": "1c4aae9fa2168d02e5d90df893d68ef952c0e82ad870ce05575d435a26b916d7" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ossl.gz", + "mode": 33188, + "size": 2614, + "digest": { + "algorithm": "sha256", + "value": "f17c13a80923d19bedc06495a8ef59d8f10d344397546a43fe2169dd69c871b4" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_CIPHER-CAST.7ossl.gz", + "mode": 33188, + "size": 2459, + "digest": { + "algorithm": "sha256", + "value": "03e245655f99153556b77fa9bd2df96c72b9dab778df5cb46d8694a8938b5544" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ossl.gz", + "mode": 33188, + "size": 2301, + "digest": { + "algorithm": "sha256", + "value": "cff71dd921119b1342e447655c464655137e5a42ebef9c10538e98e76ed5cf12" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_CIPHER-DES.7ossl.gz", + "mode": 33188, + "size": 2630, + "digest": { + "algorithm": "sha256", + "value": "e0be8aa305dd7e8fccb93290303cd6d3b7ea3183b8027211d160267d1b744401" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_CIPHER-IDEA.7ossl.gz", + "mode": 33188, + "size": 2360, + "digest": { + "algorithm": "sha256", + "value": "5c46103011da292b4a6e34c6bef0a22568a23a962b173c4b3e6e039971d8db6c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_CIPHER-NULL.7ossl.gz", + "mode": 33188, + "size": 2661, + "digest": { + "algorithm": "sha256", + "value": "44b36b5606ea1c14e71f9b33cfdab4879d4f164b55b1a966ad70166441af670b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_CIPHER-RC2.7ossl.gz", + "mode": 33188, + "size": 2410, + "digest": { + "algorithm": "sha256", + "value": "7dd4485467748b7af90c78d59180b7c7acc03f115932d1bec93b4c9f387ba136" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_CIPHER-RC4.7ossl.gz", + "mode": 33188, + "size": 2316, + "digest": { + "algorithm": "sha256", + "value": "660051e40ee4c8985b0505c2f3073369a88bd634034ea36062f0a4575b6551b1" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_CIPHER-RC5.7ossl.gz", + "mode": 33188, + "size": 2386, + "digest": { + "algorithm": "sha256", + "value": "2cafd301ce673d38122d8ddd8775e76542a1b779183d67ff9c87ffeb7acb3cce" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_CIPHER-SEED.7ossl.gz", + "mode": 33188, + "size": 2370, + "digest": { + "algorithm": "sha256", + "value": "c8c8c516d120379f5df27486fb040e03995d2581315ee9399d1e5d1070210b7d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_CIPHER-SM4.7ossl.gz", + "mode": 33188, + "size": 2603, + "digest": { + "algorithm": "sha256", + "value": "b44a653ae2e95be0dd0815eb7a9a4d2b245ecea96864ae621227214bace31f89" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-ARGON2.7ossl.gz", + "mode": 33188, + "size": 4599, + "digest": { + "algorithm": "sha256", + "value": "a31936a669a89e4666142441799ac4cbb9c486e24e03e090e82c8ae2800bb225" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-HKDF.7ossl.gz", + "mode": 33188, + "size": 4256, + "digest": { + "algorithm": "sha256", + "value": "6feade2f08a1729ee453218a840aba964ca0b8c057ebf3f6049d81a591c4553b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-HMAC-DRBG.7ossl.gz", + "mode": 33188, + "size": 2762, + "digest": { + "algorithm": "sha256", + "value": "220c8b5e07859cc46dcf348356ff2ac8bff3cbd913510f9d828587179fd76830" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-KB.7ossl.gz", + "mode": 33188, + "size": 4353, + "digest": { + "algorithm": "sha256", + "value": "76932a79463d97d55da1dfa1d3dd8c4ef9b3604ea7c2a88e287edcf689a4bed3" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ossl.gz", + "mode": 33188, + "size": 3364, + "digest": { + "algorithm": "sha256", + "value": "c29d3a76446f8e45ed16ebe710105603a744aea7044cda78a63711dd4186302c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-PBKDF1.7ossl.gz", + "mode": 33188, + "size": 2945, + "digest": { + "algorithm": "sha256", + "value": "63801430e465921063d23c381a4464468788b25c71cbce83f42729b4e819c7d1" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-PBKDF2.7ossl.gz", + "mode": 33188, + "size": 3352, + "digest": { + "algorithm": "sha256", + "value": "7eba1878f7907f682e8c788f94ff2367f5f1b33b95732e9af5ab690a5ee7b66d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ossl.gz", + "mode": 33188, + "size": 3056, + "digest": { + "algorithm": "sha256", + "value": "cee684f8a03551be0e8feecea5cab5864df87249ea8c934e16360dbaa7b1f95a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-PVKKDF.7ossl.gz", + "mode": 33188, + "size": 2740, + "digest": { + "algorithm": "sha256", + "value": "a67ead799c7250a2b7a6beb2991087069f10d6fe412e959b5616e4f43ce7a7a1" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-SCRYPT.7ossl.gz", + "mode": 33188, + "size": 4116, + "digest": { + "algorithm": "sha256", + "value": "befaced50aaa9046b50a854aeba5e360a158d436f31192c582cfbc56cb0a8092" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-SS.7ossl.gz", + "mode": 33188, + "size": 4035, + "digest": { + "algorithm": "sha256", + "value": "6d2079f83ea2444b9c51a838a6c7d2360d4f7f4b3f6bedd98d170b9b2317a90d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-SSHKDF.7ossl.gz", + "mode": 33188, + "size": 4212, + "digest": { + "algorithm": "sha256", + "value": "addc220d360ab59a647cd93a24645eb911eb98907e96dfbe8eea36ee3305a06f" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ossl.gz", + "mode": 33188, + "size": 4082, + "digest": { + "algorithm": "sha256", + "value": "b01bc5ff37d1b6f9e8242a21211b49169e8913c8f695be1a4a47e37f8e5f993d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ossl.gz", + "mode": 33188, + "size": 3840, + "digest": { + "algorithm": "sha256", + "value": "2e96af999fdf51a20d7b9e8edb3ce29068dea80780598c35053c3c862c0c78cb" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ossl.gz", + "mode": 33188, + "size": 4224, + "digest": { + "algorithm": "sha256", + "value": "1935b45f189c789f26081199a8d53e9a95d031c16cc124ae292560ed39106fe8" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ossl.gz", + "mode": 33188, + "size": 2289, + "digest": { + "algorithm": "sha256", + "value": "36d5129a6881951f1946ea58e6db3d5a274a0df7ad7035ed725400b8d22e4f10" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KDF-X963.7ossl.gz", + "mode": 33188, + "size": 3686, + "digest": { + "algorithm": "sha256", + "value": "ba4ffacc7f9b15f91ee6d5261a0a25c2928e0f229e8eb518523c28964b359cbf" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEM-EC.7ossl.gz", + "mode": 33188, + "size": 3059, + "digest": { + "algorithm": "sha256", + "value": "e61ac1db45e16725c0d74be6fd4a0ab6f6e93ee9a747f0365776c1a754bce567" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEM-ML-KEM-1024.7ossl.gz", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEM-ML-KEM-512.7ossl.gz", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEM-ML-KEM-768.7ossl.gz", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEM-ML-KEM.7ossl.gz", + "mode": 33188, + "size": 2572, + "digest": { + "algorithm": "sha256", + "value": "2ba7c1295bd15944469f28a33760bede10cf4e125ea0af8221846a1ef05f2f5a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEM-RSA.7ossl.gz", + "mode": 33188, + "size": 2838, + "digest": { + "algorithm": "sha256", + "value": "e9e3831822de6d7c96c73632073d7d1d8a05f87c5d2fdf6c3a6af472522d41fa" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEM-X25519.7ossl.gz", + "mode": 33188, + "size": 3019, + "digest": { + "algorithm": "sha256", + "value": "2ed8fbe186d68899ef9f41b9ade76661ece11ba48a4f2b48631a8cd63ca90563" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEM-X448.7ossl.gz", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYEXCH-DH.7ossl.gz", + "mode": 33188, + "size": 3764, + "digest": { + "algorithm": "sha256", + "value": "f36a5b1e05fad760f8e239f70bf6a677699574257816ad2b56136bb919d4fe48" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ossl.gz", + "mode": 33188, + "size": 3800, + "digest": { + "algorithm": "sha256", + "value": "1f30ae0ee56e852c82586f6aa624a67dae144bfe291f6413caf4c9191a1da510" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ossl.gz", + "mode": 33188, + "size": 2511, + "digest": { + "algorithm": "sha256", + "value": "9a6b8e0fae2f3239a3b2bf49df6aa1353ca1184e754cd3d18a63c1158e6c671e" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYEXCH-X448.7ossl.gz", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-CMAC.7ossl.gz", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-DH.7ossl.gz", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-DHX.7ossl.gz", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-DSA.7ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-EC.7ossl.gz", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-ED25519.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-ED448.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-HMAC.7ossl.gz", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-ML-DSA.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-ML-KEM-1024.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-ML-KEM-512.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-ML-KEM-768.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-ML-KEM.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-Poly1305.7ossl.gz", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-RSA.7ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-SLH-DSA.7ossl.gz", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-SM2.7ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-Siphash.7ossl.gz", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-X25519.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_KEYMGMT-X448.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MAC-BLAKE2.7ossl.gz", + "mode": 33188, + "size": 2988, + "digest": { + "algorithm": "sha256", + "value": "94b0f6ae9b71afc540c7908c257996e58db2dba9da300ff73d2f8f36b8b08dc4" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MAC-BLAKE2BMAC.7ossl.gz", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MAC-BLAKE2SMAC.7ossl.gz", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MAC-CMAC.7ossl.gz", + "mode": 33188, + "size": 3206, + "digest": { + "algorithm": "sha256", + "value": "482488d48d3f2c917be66ac7285c95f68dad873324e4c63585e9eb09999fb97c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MAC-GMAC.7ossl.gz", + "mode": 33188, + "size": 2819, + "digest": { + "algorithm": "sha256", + "value": "64d6e1ae2b9a05e07b5cd532b3732c9ba66f5fe02eddbd7c0978f12777bf77e6" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MAC-HMAC.7ossl.gz", + "mode": 33188, + "size": 3227, + "digest": { + "algorithm": "sha256", + "value": "39ef21f034a42744a8a99e300c6e1fe899a5aaea863d9acac97dcb81a7e10c3e" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MAC-KMAC.7ossl.gz", + "mode": 33188, + "size": 3946, + "digest": { + "algorithm": "sha256", + "value": "7a3b285ed2fa6600aba01173112dab6619edeb4018de57afaa8858884159debf" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MAC-KMAC128.7ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MAC-KMAC256.7ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MAC-Poly1305.7ossl.gz", + "mode": 33188, + "size": 2667, + "digest": { + "algorithm": "sha256", + "value": "815903fe49540243343dc4dae324c98cf191354ab1f41e589f13250831af2591" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MAC-Siphash.7ossl.gz", + "mode": 33188, + "size": 2686, + "digest": { + "algorithm": "sha256", + "value": "22a7bae909eb8c5ee692ce145a614cd24149c4e5f7f18a9442d31455e7dfc4ea" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-BLAKE2.7ossl.gz", + "mode": 33188, + "size": 2779, + "digest": { + "algorithm": "sha256", + "value": "5a4f65756cb704d395f250b280f1917aa8670dba484472381885628ee65bba0b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-KECCAK-KMAC.7ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-KECCAK.7ossl.gz", + "mode": 33188, + "size": 2317, + "digest": { + "algorithm": "sha256", + "value": "67c856a70f86af1ac78280cb6cf7b2a54af2a0c8cf84cb3403c7a055ec2645df" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-MD2.7ossl.gz", + "mode": 33188, + "size": 2227, + "digest": { + "algorithm": "sha256", + "value": "c47ca5f289ee3976ca6da76384bc1c78fc431bdfa0372ec8cebfe92807e33c75" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-MD4.7ossl.gz", + "mode": 33188, + "size": 2228, + "digest": { + "algorithm": "sha256", + "value": "40b5e13d50905d7c9acd7e9d36d2789812b90d2871eadd3d110dfd53de079e64" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ossl.gz", + "mode": 33188, + "size": 2652, + "digest": { + "algorithm": "sha256", + "value": "54f85786ad5135b0a1e495934b8dea95148fcd33fe3d573d2fbbb5c537b5d662" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-MD5.7ossl.gz", + "mode": 33188, + "size": 2224, + "digest": { + "algorithm": "sha256", + "value": "8a2eba35eb1a35bf521ced91fea40a074d810a096d2e1d6735e96d60b0af382e" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-MDC2.7ossl.gz", + "mode": 33188, + "size": 2469, + "digest": { + "algorithm": "sha256", + "value": "e972ba9f44b5e47d6e879239dd51ab7fb9452eb4cacb950e5c2c821398f6d6fa" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-NULL.7ossl.gz", + "mode": 33188, + "size": 2305, + "digest": { + "algorithm": "sha256", + "value": "6b888d8866df01c656bf5b6f801d930bd8f6fcfd3bf335f04c3e29ecf874d754" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-RIPEMD160.7ossl.gz", + "mode": 33188, + "size": 2303, + "digest": { + "algorithm": "sha256", + "value": "e5dddbee5c549b16fe6c74dccaa11f5187d4914dc50d66414cbb997794540a17" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-SHA1.7ossl.gz", + "mode": 33188, + "size": 2647, + "digest": { + "algorithm": "sha256", + "value": "f9a8b8034ad4ec80c5d888eee2c0e41b9bad8b164bead41a5149766e814c1353" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-SHA2.7ossl.gz", + "mode": 33188, + "size": 2473, + "digest": { + "algorithm": "sha256", + "value": "58a2105a502493d7d5ec13e49d4318848f0e55ebe33aa219287fe33872c722f9" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-SHA3.7ossl.gz", + "mode": 33188, + "size": 2339, + "digest": { + "algorithm": "sha256", + "value": "3057ff8d3c1aa31b87065feff4d52e5113c9495b1f9d7e1682a04ec763036cbb" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-SHAKE.7ossl.gz", + "mode": 33188, + "size": 3135, + "digest": { + "algorithm": "sha256", + "value": "13db6eeb0883668e0df6a97fecc195999b1dc201e45ab074b921cb64609c1a2a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-SM3.7ossl.gz", + "mode": 33188, + "size": 2226, + "digest": { + "algorithm": "sha256", + "value": "73c375e85808bad375e6270767eeeafbe53c3eb8f73c48ca678fb8b457e0e88a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ossl.gz", + "mode": 33188, + "size": 2235, + "digest": { + "algorithm": "sha256", + "value": "25f5026878d44caccf615b259eecf2041d805858cae483a7f81fd9005a870a8f" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_MD-common.7ossl.gz", + "mode": 33188, + "size": 2516, + "digest": { + "algorithm": "sha256", + "value": "9018eee6bf69fada25a66de5333c28d19136b8dc1dc3e9427bf347ecc9bf5c57" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-CMAC.7ossl.gz", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-DH.7ossl.gz", + "mode": 33188, + "size": 6046, + "digest": { + "algorithm": "sha256", + "value": "eb0d58b8983f36dee2eadfbde585e9c96da892e5c0716028f03d45bc0c1ee338" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-DHX.7ossl.gz", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-DSA.7ossl.gz", + "mode": 33188, + "size": 3678, + "digest": { + "algorithm": "sha256", + "value": "40205f1717dbe4478e7c1f916f93c4fc0760fa295b1c580364adf5c38c1e06cd" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-EC.7ossl.gz", + "mode": 33188, + "size": 6376, + "digest": { + "algorithm": "sha256", + "value": "b4115aa6c5d2c232c7f8b506e6636b58a1f1f0688d1c4651f49b82f25129b7cb" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-ED25519.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-ED448.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-FFC.7ossl.gz", + "mode": 33188, + "size": 4816, + "digest": { + "algorithm": "sha256", + "value": "ff6f56ab05f2549d8be2b60e51c640f3ef6d9115787dab3fde63023875ded470" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-HMAC.7ossl.gz", + "mode": 33188, + "size": 2969, + "digest": { + "algorithm": "sha256", + "value": "37a85ff053b85cb11ca6375ae0b39dc0746dd42820d0362c0ebb7886d21983a9" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-ML-DSA-44.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-ML-DSA-65.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-ML-DSA-87.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-ML-DSA.7ossl.gz", + "mode": 33188, + "size": 5748, + "digest": { + "algorithm": "sha256", + "value": "799556567884a8916eb610bc13080b3a5e400db5194966913580bf85b175c686" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-ML-KEM-1024.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-ML-KEM-512.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-ML-KEM-768.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-ML-KEM.7ossl.gz", + "mode": 33188, + "size": 5996, + "digest": { + "algorithm": "sha256", + "value": "15c97da5cd2ee75fa69e576ab4c6da28dd2e64bf7247bae23ab5b539c735464d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-Poly1305.7ossl.gz", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-RSA.7ossl.gz", + "mode": 33188, + "size": 5310, + "digest": { + "algorithm": "sha256", + "value": "7f6dde005bd8676338aa6993e687fd734a328a64ba87abc8a86ac17985a3e39e" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-128f.7ossl.gz", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-128s.7ossl.gz", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-192f.7ossl.gz", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-192s.7ossl.gz", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-256f.7ossl.gz", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-256s.7ossl.gz", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-128f.7ossl.gz", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-128s.7ossl.gz", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-192f.7ossl.gz", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-192s.7ossl.gz", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-256f.7ossl.gz", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-256s.7ossl.gz", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-SLH-DSA.7ossl.gz", + "mode": 33188, + "size": 4112, + "digest": { + "algorithm": "sha256", + "value": "41ab32541a8ba6a0eb4438a8c2a333c5d3635ab1d1c50eb9e992c8c7890f8cbb" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-SM2.7ossl.gz", + "mode": 33188, + "size": 3350, + "digest": { + "algorithm": "sha256", + "value": "18683281bde52c6383972d29f2f9f41b7e51c111faf1decf164583a91ced9cde" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-Siphash.7ossl.gz", + "mode": 41471, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-X25519.7ossl.gz", + "mode": 33188, + "size": 3485, + "digest": { + "algorithm": "sha256", + "value": "c44e89ca5e665bf45ce7ca95ab2a7b82890d1264ec9437bd14c55beb1db2a422" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_PKEY-X448.7ossl.gz", + "mode": 41471, + "size": 24, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_RAND-CRNG-TEST.7ossl.gz", + "mode": 33188, + "size": 2895, + "digest": { + "algorithm": "sha256", + "value": "cc5263874eacc2f69afab4e742df56787ed0bbe6ad70cdca61189d642f7fb0b6" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ossl.gz", + "mode": 33188, + "size": 3402, + "digest": { + "algorithm": "sha256", + "value": "d5dcc7c74787dabc25cb173014befed9ea57f0a88dc501979f5b7b950d49765b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ossl.gz", + "mode": 33188, + "size": 3733, + "digest": { + "algorithm": "sha256", + "value": "0259fbf7534f2ea1a218bce2a22f6bd36844472d2d005996096034d319158896" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ossl.gz", + "mode": 33188, + "size": 3751, + "digest": { + "algorithm": "sha256", + "value": "5e9e3f48db77000183bb65d84f4ec7bbfbf5bce78704645496ea64ecb3d5766e" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_RAND-JITTER.7ossl.gz", + "mode": 33188, + "size": 3163, + "digest": { + "algorithm": "sha256", + "value": "2d564e37e863790cc9458e1648c85b8378d6e0a9ad93d710d3f0a49c3ea0edd9" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ossl.gz", + "mode": 33188, + "size": 2880, + "digest": { + "algorithm": "sha256", + "value": "78ed0e17531af03d68d54e7788ecb5b2cfe3e484d66113faa2132228716daf82" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ossl.gz", + "mode": 33188, + "size": 3550, + "digest": { + "algorithm": "sha256", + "value": "6365df34ca70b738dbc19bac83a265955c0ec8bbfca32d3d036460e548d148de" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_RAND.7ossl.gz", + "mode": 33188, + "size": 6428, + "digest": { + "algorithm": "sha256", + "value": "1150df4ca1c2206ca30b5a4a28e1150b07badecb6d4819d6a1f3ce3366201d2f" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-CMAC.7ossl.gz", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ossl.gz", + "mode": 33188, + "size": 3884, + "digest": { + "algorithm": "sha256", + "value": "fe879790d45d1bf76d440079aa73c36d0727ad1c302b1012d4d4f1ed01b9b291" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ossl.gz", + "mode": 33188, + "size": 3635, + "digest": { + "algorithm": "sha256", + "value": "aa23c62df9303e39d1276a8489dcd99f1890f044bb42a33f0b03ca7088cf236c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ossl.gz", + "mode": 33188, + "size": 4314, + "digest": { + "algorithm": "sha256", + "value": "6b47aa8bf2955db526004dd8eeb512563061cb4b9d518c540171089b2915786b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-ED448.7ossl.gz", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ossl.gz", + "mode": 33188, + "size": 2504, + "digest": { + "algorithm": "sha256", + "value": "95e2223f981cd7365f5cdd5459faef4d661f0f9497a9ec5f0d6c1dcdc9682b8a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA-44.7ossl.gz", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA-65.7ossl.gz", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA-87.7ossl.gz", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ossl.gz", + "mode": 33188, + "size": 3966, + "digest": { + "algorithm": "sha256", + "value": "5a04a083fff068a1a54a3a2bb2810943f82dd5c7aa2cb4ca1eb7884349e3cfbe" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-Poly1305.7ossl.gz", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ossl.gz", + "mode": 33188, + "size": 4883, + "digest": { + "algorithm": "sha256", + "value": "e7c24c0f8f7593c8c0f2d85b60cd0cdf33e78f9e6ba6414a53df06ae4eb16277" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-128f.7ossl.gz", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-128s.7ossl.gz", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-192f.7ossl.gz", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-192s.7ossl.gz", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-256f.7ossl.gz", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-256s.7ossl.gz", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-128f.7ossl.gz", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-128s.7ossl.gz", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-192f.7ossl.gz", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-192s.7ossl.gz", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-256f.7ossl.gz", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-256s.7ossl.gz", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ossl.gz", + "mode": 33188, + "size": 3892, + "digest": { + "algorithm": "sha256", + "value": "efa7726fe98300fc2b5eba273b626d7e36cd30a688eac5fc4833e94705a0c93b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/EVP_SIGNATURE-Siphash.7ossl.gz", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/Ed25519.7ossl.gz", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/Ed448.7ossl.gz", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/OPENSSL_API_COMPAT.7ossl.gz", + "mode": 41471, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/OPENSSL_NO_DEPRECATED.7ossl.gz", + "mode": 41471, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ossl.gz", + "mode": 33188, + "size": 8262, + "digest": { + "algorithm": "sha256", + "value": "5e1fee30b775716756f7f35ef3fa8ea2ce9181b7bd09638c2457b40961d3cbfb" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/OSSL_PROVIDER-base.7ossl.gz", + "mode": 33188, + "size": 3208, + "digest": { + "algorithm": "sha256", + "value": "75ce22e58e16f3676d8048d80988c9e04164280940c134a22406c196cb8397f5" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/OSSL_PROVIDER-default.7ossl.gz", + "mode": 33188, + "size": 5220, + "digest": { + "algorithm": "sha256", + "value": "5634d71e60866269838a5d76079d2b334e70bd5d7fd46b99291dea8b6ba2d1ca" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ossl.gz", + "mode": 33188, + "size": 3049, + "digest": { + "algorithm": "sha256", + "value": "06c925a915991c880ed7a7a02237c15e9f836155a5d31d52ebbd04a15822da08" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/OSSL_PROVIDER-null.7ossl.gz", + "mode": 33188, + "size": 2236, + "digest": { + "algorithm": "sha256", + "value": "6f1eb27a9bda8f1c2995c6d049cb351536931594c6bf1e0630b09e14332963ee" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/OSSL_STORE-winstore.7ossl.gz", + "mode": 33188, + "size": 2823, + "digest": { + "algorithm": "sha256", + "value": "13b5944e85181062fd4a534b0d7f36f81d338f0eaf86745616178e608547fca9" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/RAND.7ossl.gz", + "mode": 33188, + "size": 3548, + "digest": { + "algorithm": "sha256", + "value": "9a7b237d5484cd1511f2eaf54f3b86b1038fad924d179a0261bffd2c336d0291" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/RSA-PSS.7ossl.gz", + "mode": 33188, + "size": 2673, + "digest": { + "algorithm": "sha256", + "value": "ee7e644c043ce90a627f9674b744d88a1adfc1f3881d07e09d4c2b498dc3050a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/RSA.7ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/SM2.7ossl.gz", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/X25519.7ossl.gz", + "mode": 33188, + "size": 2712, + "digest": { + "algorithm": "sha256", + "value": "6a35d5639f030ce4a971216a70e04b265c1e9766032a2045876bbc680470c841" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/X448.7ossl.gz", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/bio.7ossl.gz", + "mode": 33188, + "size": 3430, + "digest": { + "algorithm": "sha256", + "value": "2256cd5b5747dfd314c8ef649d77d7f0c687536f19aec0f9011dee25ec1c064c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/crypto.7ossl.gz", + "mode": 41471, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ct.7ossl.gz", + "mode": 33188, + "size": 2541, + "digest": { + "algorithm": "sha256", + "value": "11d22a2651b8066d55c4097519b8fa31ffc85e8a560c9dbbf7c888544153da1d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/des_modes.7ossl.gz", + "mode": 33188, + "size": 3873, + "digest": { + "algorithm": "sha256", + "value": "7d9153f3059a6980686573193bff3d6261ca162190b27d6af5b947d76398671f" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/evp.7ossl.gz", + "mode": 33188, + "size": 3528, + "digest": { + "algorithm": "sha256", + "value": "0a76b75e6e34ae1195b5983fdc5a91a37037450b62a5433cb059ccf3ecd43bdd" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/fips_module.7ossl.gz", + "mode": 33188, + "size": 9756, + "digest": { + "algorithm": "sha256", + "value": "020fab93e995d03b95189a11d40e81a4422d295db9c3396083f4e95861e436ae" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/life_cycle-cipher.7ossl.gz", + "mode": 33188, + "size": 3326, + "digest": { + "algorithm": "sha256", + "value": "c13bcd281901af42ebe19fa5ddbea78185d0efb5c73628d25cc0fa03f95444a9" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/life_cycle-digest.7ossl.gz", + "mode": 33188, + "size": 3217, + "digest": { + "algorithm": "sha256", + "value": "f735bc4ffb52b870581bbfa5813b14ac278694c19611e65d21ef7390759af50d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/life_cycle-kdf.7ossl.gz", + "mode": 33188, + "size": 2740, + "digest": { + "algorithm": "sha256", + "value": "f59a36ed427968aecedb7d0325b2b0753cb90793d6c36f6286fd471479cb9a40" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/life_cycle-mac.7ossl.gz", + "mode": 33188, + "size": 2822, + "digest": { + "algorithm": "sha256", + "value": "fb65415767b528fd9707e5048e7e3349e66058e8cd511b8d7934fe44b1fd4743" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/life_cycle-pkey.7ossl.gz", + "mode": 33188, + "size": 3695, + "digest": { + "algorithm": "sha256", + "value": "5b489671bbd1fe2aece3a1eb7a7a830188db05d0d1cd0d465a9d1444b6202e07" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/life_cycle-rand.7ossl.gz", + "mode": 33188, + "size": 2796, + "digest": { + "algorithm": "sha256", + "value": "4ddff0ef7c386842680f163aa46afc4ee4b1cc628534835341a0a4457b060252" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/migration_guide.7ossl.gz", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/openssl-core.h.7ossl.gz", + "mode": 33188, + "size": 2375, + "digest": { + "algorithm": "sha256", + "value": "a0ca28b82dd85492206f6e397c01b6bcc186b0b626db4b98efe95c47221d2bef" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/openssl-core_dispatch.h.7ossl.gz", + "mode": 33188, + "size": 2415, + "digest": { + "algorithm": "sha256", + "value": "1db039e4c77f5f1737481298a6ad81f50fed41b7b69e1c3cb1b1a82aad51de0e" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/openssl-core_names.h.7ossl.gz", + "mode": 33188, + "size": 2516, + "digest": { + "algorithm": "sha256", + "value": "7cac2f3cc5a889d0c368abac794c451a27a0c90efe8a85e940e9ea46c64ab4a7" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/openssl-env.7ossl.gz", + "mode": 33188, + "size": 4494, + "digest": { + "algorithm": "sha256", + "value": "15e2f195fcc9a9da18e513f6e414147f4bf0dc9b27b61de13fdc62315d7e9c96" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/openssl-glossary.7ossl.gz", + "mode": 33188, + "size": 4559, + "digest": { + "algorithm": "sha256", + "value": "5a56b5edd88416097bce26a92f31448e28e08e3e23a3e1d3f80bd8e1cffbba61" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/openssl-qlog.7ossl.gz", + "mode": 33188, + "size": 4830, + "digest": { + "algorithm": "sha256", + "value": "1de6e247881905868cda2bee686da11e2fe0c67375c2670a7412eb9e852fd8b0" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/openssl-quic-concurrency.7ossl.gz", + "mode": 33188, + "size": 6011, + "digest": { + "algorithm": "sha256", + "value": "54d7d935831ed4f1f8dcb8b50ac4fadb458492c16cb9209978c001a19a1d5501" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/openssl-quic.7ossl.gz", + "mode": 33188, + "size": 12363, + "digest": { + "algorithm": "sha256", + "value": "86ac52650a21a5ed93c2075c744171fb448ac4aadab51298dc38d1157a613971" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/openssl-threads.7ossl.gz", + "mode": 33188, + "size": 3871, + "digest": { + "algorithm": "sha256", + "value": "ad0782bc2b97d5eb164307e8c278f7d5064f4bd30a4b182803dc619bb509565e" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/openssl_user_macros.7ossl.gz", + "mode": 33188, + "size": 3110, + "digest": { + "algorithm": "sha256", + "value": "98b6f19211cf4ec8e937bd3e84e795fcb0c82f23141d3abc5f3d6e30ebf63f30" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl-guide-introduction.7ossl.gz", + "mode": 33188, + "size": 3791, + "digest": { + "algorithm": "sha256", + "value": "58b9b4fd3306f54579797fe9b3404b49a501bc985076d1bf57b11dce9e487973" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl-guide-libcrypto-introduction.7ossl.gz", + "mode": 33188, + "size": 7292, + "digest": { + "algorithm": "sha256", + "value": "c02386a18012d0dd8ebd6eed739e25516fedd000532f843fd24d6326120e8e2c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl-guide-libraries-introduction.7ossl.gz", + "mode": 33188, + "size": 7341, + "digest": { + "algorithm": "sha256", + "value": "11895eb4691400975a03ef5b2828a233a418cdd17675d27e8dcf65993d9614b0" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl-guide-libssl-introduction.7ossl.gz", + "mode": 33188, + "size": 3789, + "digest": { + "algorithm": "sha256", + "value": "71f8479fa3655690a01218f3b68e5311a55749a14f339566d0b7d91d8068b53b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl-guide-migration.7ossl.gz", + "mode": 33188, + "size": 26980, + "digest": { + "algorithm": "sha256", + "value": "1a77c395329528a07988f504fc59ce0e0799d2f0469cd941d8a7e35b48b81a6c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl-guide-quic-client-block.7ossl.gz", + "mode": 33188, + "size": 8020, + "digest": { + "algorithm": "sha256", + "value": "4763b0fd4136950e01479bbe8760ebf00c2b96e95e788ea91224bd3db7c136f7" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl-guide-quic-client-non-block.7ossl.gz", + "mode": 33188, + "size": 9062, + "digest": { + "algorithm": "sha256", + "value": "af5a966bbf726386772879b40bdf11a3be4ce5b28d65ee37f1af800b1e73d2f2" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl-guide-quic-introduction.7ossl.gz", + "mode": 33188, + "size": 5479, + "digest": { + "algorithm": "sha256", + "value": "2b7874c08565763002478362fe83955be43155ab0d8ce31ce4a5b86a06b01789" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl-guide-quic-multi-stream.7ossl.gz", + "mode": 33188, + "size": 8231, + "digest": { + "algorithm": "sha256", + "value": "e6bf5243f928ac1e5024380ebeea8a3dd6ef9570ee88595cac42889efe78ea72" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl-guide-quic-server-block.7ossl.gz", + "mode": 33188, + "size": 6239, + "digest": { + "algorithm": "sha256", + "value": "44e1b008149d71f66e129c0ab092bafebdaf4ac444558bac3d2f2132965a3769" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl-guide-quic-server-non-block.7ossl.gz", + "mode": 33188, + "size": 7640, + "digest": { + "algorithm": "sha256", + "value": "5134015cfcc302ad4b548be43fce0c07947401535e638b973b38f15d405f3ab2" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl-guide-tls-client-block.7ossl.gz", + "mode": 33188, + "size": 10420, + "digest": { + "algorithm": "sha256", + "value": "c6a2090730762fac75b257a545fa3dced6e75be8303269ac0696ce58a883f47d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl-guide-tls-client-non-block.7ossl.gz", + "mode": 33188, + "size": 7835, + "digest": { + "algorithm": "sha256", + "value": "28410b61c2b970d20bc764f5abeae9a37d1eb8f2c1a7d46eb857ce278abcc7e0" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl-guide-tls-introduction.7ossl.gz", + "mode": 33188, + "size": 8187, + "digest": { + "algorithm": "sha256", + "value": "6bb4d4c2d4dc5d52b9754a262d2872be9b11156391431c238b510de7e797be62" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl-guide-tls-server-block.7ossl.gz", + "mode": 33188, + "size": 7159, + "digest": { + "algorithm": "sha256", + "value": "7807df01a66dc902145ef198014df925c21a6a39b7d773f0739f7f6a4174bb05" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl_store-file.7ossl.gz", + "mode": 33188, + "size": 2903, + "digest": { + "algorithm": "sha256", + "value": "7b6f1097befa944653d94d5e56310eb54ff1aca43587b2234ae406a49469137a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ossl_store.7ossl.gz", + "mode": 33188, + "size": 3030, + "digest": { + "algorithm": "sha256", + "value": "f31e0262ac1704c7fe3ba04f0afde26bdf7184abe396946374d9f08e8664cd81" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/passphrase-encoding.7ossl.gz", + "mode": 33188, + "size": 4835, + "digest": { + "algorithm": "sha256", + "value": "4e62afbc88c4a4def0aebfd7ee39019f8138fa07ebe823b0fe416151d55f22b9" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/property.7ossl.gz", + "mode": 33188, + "size": 4383, + "digest": { + "algorithm": "sha256", + "value": "271dcb89afc8604fa7bc07d54e802718889b30dd9d7ae7453693489add058c8c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-asym_cipher.7ossl.gz", + "mode": 33188, + "size": 5719, + "digest": { + "algorithm": "sha256", + "value": "e84fed2c876fb58311e6222289b5dc3d48b984c96f6a06979af8f13689ad1b8f" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-base.7ossl.gz", + "mode": 33188, + "size": 13497, + "digest": { + "algorithm": "sha256", + "value": "6d81d8a87df7066c1708d2949785beae4c0413675895ee9dcc57ed354b1c27c4" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-cipher.7ossl.gz", + "mode": 33188, + "size": 5821, + "digest": { + "algorithm": "sha256", + "value": "ecb6f6166b1b89149185c868145530830864b5a4895ff60effc25c9d553ea183" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-decoder.7ossl.gz", + "mode": 33188, + "size": 5795, + "digest": { + "algorithm": "sha256", + "value": "948ae40cb4108897e0e6a318d0093ef6131ba2c14dbcae54b64d87ff88509cee" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-digest.7ossl.gz", + "mode": 33188, + "size": 5526, + "digest": { + "algorithm": "sha256", + "value": "f749d6c6f93e362523ffd44025ec2210abbdfde3aba18777c7b704c6f6682df9" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-encoder.7ossl.gz", + "mode": 33188, + "size": 6109, + "digest": { + "algorithm": "sha256", + "value": "4a05eed4b3ff9cd8a1d209f417d60db1f1ec1cd6ae404d4b72b741cca8465036" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-kdf.7ossl.gz", + "mode": 33188, + "size": 6210, + "digest": { + "algorithm": "sha256", + "value": "897d92ab8281d249cd641efa69c308844ba027f636dfae1e53954ed64c44bd15" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-kem.7ossl.gz", + "mode": 33188, + "size": 5056, + "digest": { + "algorithm": "sha256", + "value": "b12b54cf732e7c0cd687ae71052b9f9174da0508f504e6fc8d994a3a5b29577c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-keyexch.7ossl.gz", + "mode": 33188, + "size": 5434, + "digest": { + "algorithm": "sha256", + "value": "af8d7802d1f7ab5ac8f9f427e19603274138a346e77d993bbca771ddf83e14dc" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-keymgmt.7ossl.gz", + "mode": 33188, + "size": 8384, + "digest": { + "algorithm": "sha256", + "value": "07180dc901461cc192ba2850e63cf745b166d35c3b081f2d262d5414098c461d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-mac.7ossl.gz", + "mode": 33188, + "size": 5394, + "digest": { + "algorithm": "sha256", + "value": "df27f247c67cc68bc59a824696bf3ebe29d67178f8d25239846d1d5d4fe526da" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-object.7ossl.gz", + "mode": 33188, + "size": 4052, + "digest": { + "algorithm": "sha256", + "value": "1c24a0f260f4c76386cf6f9526ad2a16713ea61830a5ee1efbd96afc28d0129e" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-rand.7ossl.gz", + "mode": 33188, + "size": 6379, + "digest": { + "algorithm": "sha256", + "value": "fc8dc315b18912235b729b50877149c6c9d13caa8e7fc5ef03aad52e1f736085" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-signature.7ossl.gz", + "mode": 33188, + "size": 8877, + "digest": { + "algorithm": "sha256", + "value": "91a46ad91428eb1b168c4930e43beaed4018ffa81f6c3a47933355c75d33d945" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-skeymgmt.7ossl.gz", + "mode": 33188, + "size": 4503, + "digest": { + "algorithm": "sha256", + "value": "74ad115441e7b953dd94f2da033f77857770397b4c5da64b4ec74ee96e790108" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider-storemgmt.7ossl.gz", + "mode": 33188, + "size": 5200, + "digest": { + "algorithm": "sha256", + "value": "6a4a17abd97359423c43b8f6477e5d796625306c29515af42bee32fb21590282" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/provider.7ossl.gz", + "mode": 33188, + "size": 5140, + "digest": { + "algorithm": "sha256", + "value": "c2fdede907af8ea7f09fea83a579d523b19a4cf75acb6ba0fe3b3588aa7b8131" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/proxy-certificates.7ossl.gz", + "mode": 33188, + "size": 5998, + "digest": { + "algorithm": "sha256", + "value": "d0b141855efc0cd70db908af40ca55b3e6c71919d8807c918196fb5ef27502a1" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/ssl.7ossl.gz", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man7/x509.7ossl.gz", + "mode": 33188, + "size": 2765, + "digest": { + "algorithm": "sha256", + "value": "21773cae697cf5d36cb055b634850dab6bc9afb274a21f6d8d36d6e79df866a6" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "3f743355082e9e4b", + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ASL 2.0", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "openssl-fips-provider", + "version": "3.0.7", + "epoch": null, + "architecture": "x86_64", + "release": "8.el9", + "sourceRpm": "openssl-fips-provider-3.0.7-8.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Mar 3 11:38:31 1948", + "issuer": "431d51d0f40fff59" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Apr 28 01:24:32 1932", + "issuer": "431d515db60fff7b" + } + ], + "size": 251, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "fips-provider-so", + "openssl-fips-provider", + "openssl-fips-provider(x86-64)" + ], + "requires": [ + "openssl-fips-provider-so", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [ + { + "path": "/usr/share/doc/openssl-fips-provider", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/openssl-fips-provider/README.md", + "mode": 33188, + "size": 251, + "digest": { + "algorithm": "sha256", + "value": "752bf68e811026a9249b09b74c1fd1286d589c0a197d74281467e6696350a65d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "039e508ce9d5da38", + "name": "openssl-fips-provider-so", + "version": "3.0.7-8.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ASL 2.0", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "openssl-fips-provider-so", + "version": "3.0.7", + "epoch": null, + "architecture": "x86_64", + "release": "8.el9", + "sourceRpm": "openssl-fips-provider-3.0.7-8.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Oct 30 15:51:35 1967", + "issuer": "431d51a4b30fff5b" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Nov 28 16:33:04 2036", + "issuer": "431d51c55b100086" + } + ], + "size": 1337154, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "openssl-fips-provider-so", + "openssl-fips-provider-so(x86-64)" + ], + "requires": [ + "coreutils", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5b", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5b/65fef681f0542a356702b4f8a3466b4b8e3d01", + "mode": 41471, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/ossl-modules/fips.so", + "mode": 33261, + "size": 1337112, + "digest": { + "algorithm": "sha256", + "value": "c197b6ddf74532f477bcb34e25b6e109491765d577b9fe1a4c4759239b6aae06" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "openssl-libs", + "version": "3.5.1", + "epoch": 1, + "architecture": "x86_64", + "release": "4.el9_7", + "sourceRpm": "openssl-3.5.1-4.el9_7.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Apr 17 20:14:05 1912", + "issuer": "431d5187890fff59" + } + ], + "size": 7470331, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "config(openssl-libs)", + "libcrypto.so.3()(64bit)", + "libcrypto.so.3(OPENSSL_3.0.0)(64bit)", + "libcrypto.so.3(OPENSSL_3.0.1)(64bit)", + "libcrypto.so.3(OPENSSL_3.0.3)(64bit)", + "libcrypto.so.3(OPENSSL_3.0.8)(64bit)", + "libcrypto.so.3(OPENSSL_3.0.9)(64bit)", + "libcrypto.so.3(OPENSSL_3.1.0)(64bit)", + "libcrypto.so.3(OPENSSL_3.2.0)(64bit)", + "libcrypto.so.3(OPENSSL_3.3.0)(64bit)", + "libcrypto.so.3(OPENSSL_3.4.0)(64bit)", + "libcrypto.so.3(OPENSSL_3.5.0)(64bit)", + "libssl.so.3()(64bit)", + "libssl.so.3(OPENSSL_3.0.0)(64bit)", + "libssl.so.3(OPENSSL_3.2.0)(64bit)", + "libssl.so.3(OPENSSL_3.3.0)(64bit)", + "libssl.so.3(OPENSSL_3.4.0)(64bit)", + "libssl.so.3(OPENSSL_3.5.0)(64bit)", + "openssl-libs", + "openssl-libs(x86-64)" + ], + "requires": [ + "ca-certificates", + "config(openssl-libs)", + "crypto-policies", + "fips-provider-so", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.12)(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.16)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.25)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libcrypto.so.3()(64bit)", + "libcrypto.so.3(OPENSSL_3.0.0)(64bit)", + "libcrypto.so.3(OPENSSL_3.0.1)(64bit)", + "libcrypto.so.3(OPENSSL_3.0.3)(64bit)", + "libcrypto.so.3(OPENSSL_3.2.0)(64bit)", + "libcrypto.so.3(OPENSSL_3.3.0)(64bit)", + "libcrypto.so.3(OPENSSL_3.4.0)(64bit)", + "libz.so.1()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/etc/pki/tls", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/tls/certs", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/tls/ct_log_list.cnf", + "mode": 33188, + "size": 412, + "digest": { + "algorithm": "sha256", + "value": "f1c1803d13d1d0b755b13b23c28bd4e20e07baf9f2b744c9337ba5866aa0ec3b" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/pki/tls/fips_local.cnf", + "mode": 41471, + "size": 50, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "c" + }, + { + "path": "/etc/pki/tls/misc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/tls/openssl.cnf", + "mode": 33188, + "size": 12412, + "digest": { + "algorithm": "sha256", + "value": "34108f65c3c759083f6b2d8ff8c509e3504aa78e5180b197827d90827ddc663f" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/pki/tls/openssl.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/tls/private", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/09", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/09/a6d6011423098ff36947cbaa447cb3f51a0f84", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/4c", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/4c/2b02dfa2af11dbb03543deeaf21bae3504c49b", + "mode": 41471, + "size": 47, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/85", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/85/2d7cb95edd6d32762cf9bf387167d1cbb737d5", + "mode": 41471, + "size": 44, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/85/90e47fcd041a362bc199b7a67c588025148fd8", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a4", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a4/6e20a1b32ac521a980a97229acdd9b0293ccf5", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a6", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a6/8ceced501e2dbfc88a4dc6581e01f9be8f4bef", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e7", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e7/a186db8fd8387547cf03d94ba500825a811d83", + "mode": 41471, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/engines-3", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/engines-3/afalg.so", + "mode": 33261, + "size": 23928, + "digest": { + "algorithm": "sha256", + "value": "54eafc93c9df8c45a2fd558969f12dbb805b2dacbf424fbce915abebfb441575" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/engines-3/capi.so", + "mode": 33261, + "size": 14880, + "digest": { + "algorithm": "sha256", + "value": "bae170b889544162be76613fcfc2d8115ab0aeac72f9419d3016c567bd28089f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/engines-3/loader_attic.so", + "mode": 33261, + "size": 53312, + "digest": { + "algorithm": "sha256", + "value": "15280e86932817dd875496788a9bca4f96a0b2cfe1c32deec3ec41aff17ca25c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/engines-3/padlock.so", + "mode": 33261, + "size": 27992, + "digest": { + "algorithm": "sha256", + "value": "01c52ed53ca72f536ec290b68c2a86717fa48e1e34393399cc623fb183e488ea" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libcrypto.so.3", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libcrypto.so.3.5.1", + "mode": 33261, + "size": 6146520, + "digest": { + "algorithm": "sha256", + "value": "449d65e825fef0087c0c6351b8dd58895ce519e599fd57a1236cba42ccbb19c6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libssl.so.3", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libssl.so.3.5.1", + "mode": 33261, + "size": 1039984, + "digest": { + "algorithm": "sha256", + "value": "a8a5b51a76acfca3aee2429f2114f47ae2f9d0e4fc912673ef82d3d18eb0c22e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/ossl-modules/legacy.so", + "mode": 33261, + "size": 140344, + "digest": { + "algorithm": "sha256", + "value": "1e4dd1d9a0a9780f300331ba5d4351f9bc9cbd89130d1d6797e84bcc170c10f0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/openssl-libs", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/openssl-libs/LICENSE.txt", + "mode": 33188, + "size": 10175, + "digest": { + "algorithm": "sha256", + "value": "7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "39edf0f240a77402", + "name": "p11-kit", + "version": "0.25.3-3.el9_5", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:p11-kit:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p11-kit:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p11_kit:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p11_kit:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p11:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p11:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&upstream=p11-kit-0.25.3-3.el9_5.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "p11-kit", + "version": "0.25.3", + "epoch": null, + "architecture": "x86_64", + "release": "3.el9_5", + "sourceRpm": "p11-kit-0.25.3-3.el9_5.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Dec 15 05:45:27 1992", + "issuer": "431d51c44b100094" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Sep 7 18:03:41 1919", + "issuer": "431d51405710008d" + } + ], + "size": 2530659, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libp11-kit.so.0()(64bit)", + "libp11-kit.so.0(LIBP11_KIT_1.0)(64bit)", + "p11-kit", + "p11-kit(x86-64)" + ], + "requires": [ + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.16)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.26)(64bit)", + "libc.so.6(GLIBC_2.28)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.6)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libffi.so.8()(64bit)", + "libffi.so.8(LIBFFI_BASE_8.0)(64bit)", + "libffi.so.8(LIBFFI_CLOSURE_8.0)(64bit)", + "libp11-kit.so.0()(64bit)", + "libp11-kit.so.0(LIBP11_KIT_1.0)(64bit)", + "libtasn1.so.6()(64bit)", + "libtasn1.so.6(LIBTASN1_0_3)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/etc/pkcs11", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pkcs11/modules", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/p11-kit", + "mode": 33261, + "size": 192832, + "digest": { + "algorithm": "sha256", + "value": "d543651b76dc84c8179e1de487101a4906be24767cfcb8136835fafbd7b79a8a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5e/3922d3309ad22f02a3e794623175a3b01ae865", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/74", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/74/7467558e2d1e046977c1fbf81deea05aa92ccb", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/d2/9e83cd18b0b119d5fb42b2237dbfeae4f3d330", + "mode": 41471, + "size": 46, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libp11-kit.so.0", + "mode": 41471, + "size": 19, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libp11-kit.so.0.3.1", + "mode": 33261, + "size": 1714240, + "digest": { + "algorithm": "sha256", + "value": "9eec2de8301813279c4ade5b8705229d75eebd3d55d28bf42141d61a43055be0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/p11-kit-proxy.so", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/p11-kit", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/p11-kit/p11-kit-remote", + "mode": 33261, + "size": 15784, + "digest": { + "algorithm": "sha256", + "value": "0cdd6b349a22932ae1021cae38105908711ecd6ae77c0054838033a5d7bedec7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/bash-completion/completions/p11-kit", + "mode": 33188, + "size": 674, + "digest": { + "algorithm": "sha256", + "value": "eb0648a5487f28baa01ac6247de2fc187a25745159bf017054b04e1ce8cc6411" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/p11-kit", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/p11-kit/COPYING", + "mode": 33188, + "size": 1447, + "digest": { + "algorithm": "sha256", + "value": "2e1ba993904df807a10c3eda1e5c272338edc35674b679773a8b3ad460731054" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/p11-kit", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/p11-kit/modules", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "546bedf3e2fa6b85", + "name": "p11-kit-trust", + "version": "0.25.3-3.el9_5", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:p11-kit-trust:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p11-kit-trust:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p11_kit_trust:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p11_kit_trust:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p11-kit:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p11-kit:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p11_kit:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p11_kit:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p11:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p11:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&upstream=p11-kit-0.25.3-3.el9_5.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "p11-kit-trust", + "version": "0.25.3", + "epoch": null, + "architecture": "x86_64", + "release": "3.el9_5", + "sourceRpm": "p11-kit-0.25.3-3.el9_5.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Jul 29 00:58:35 1936", + "issuer": "431d516d230fff4d" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Apr 23 11:10:21 1932", + "issuer": "431d51ea26100087" + } + ], + "size": 478116, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "p11-kit-trust", + "p11-kit-trust(x86-64)" + ], + "requires": [ + "/bin/sh", + "/bin/sh", + "/usr/bin/bash", + "/usr/sbin/alternatives", + "/usr/sbin/alternatives", + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.16)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.26)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.6)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libp11-kit.so.0()(64bit)", + "libp11-kit.so.0(LIBP11_KIT_1.0)(64bit)", + "libtasn1.so.6()(64bit)", + "libtasn1.so.6(LIBTASN1_0_3)(64bit)", + "p11-kit(x86-64)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/bin/trust", + "mode": 33261, + "size": 226368, + "digest": { + "algorithm": "sha256", + "value": "577085f236a406b2115922ac26e739fc88189affee2d255681b34b64684807a8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/00", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/00/d506deb0852d5f1cbc18611413084b58bfba70", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/4b", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/4b/69a9245240a70ba93a25757d3143b2834bc36e", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libnssckbi.so", + "mode": 32768, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/usr/lib64/pkcs11", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/pkcs11/p11-kit-trust.so", + "mode": 33261, + "size": 248448, + "digest": { + "algorithm": "sha256", + "value": "f3cf20976d79dc24c45caa5fc941b954680f634a7fd7fb5101c94025de77f23c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/libexec/p11-kit/trust-extract-compat", + "mode": 33261, + "size": 275, + "digest": { + "algorithm": "sha256", + "value": "e3b9b63689b120e461687c7febc6ab0c3d33d6acd6f943c46113c9ed284b49ac" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/bash-completion/completions/trust", + "mode": 33188, + "size": 2053, + "digest": { + "algorithm": "sha256", + "value": "c4304c6b8c8af29909280a836e26cc6072f6d6994bab6a23efefc4fd7655f03a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/p11-kit/modules/p11-kit-trust.module", + "mode": 33188, + "size": 902, + "digest": { + "algorithm": "sha256", + "value": "c9bcaa8b0366e2bef1e89fb6af4f084932d53c76da846100824015f89ff75b31" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "eed46dd832bd62c9", + "name": "pcre", + "version": "8.44-4.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:pcre:8.44-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:pcre:pcre:8.44-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/pcre@8.44-4.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre-8.44-4.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "pcre", + "version": "8.44", + "epoch": null, + "architecture": "x86_64", + "release": "4.el9", + "sourceRpm": "pcre-8.44-4.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Dec 5 05:09:31 1951", + "issuer": "431d51a46710008f" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue Sep 6 20:22:09 1955", + "issuer": "431d5118f60fff47" + } + ], + "size": 537728, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libpcre.so.1()(64bit)", + "libpcreposix.so.0()(64bit)", + "pcre", + "pcre(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libpcre.so.1()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ab", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ab/992db9f04fdd8344f6fe83055d4ed3011d2e9b", + "mode": 41471, + "size": 43, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e2", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e2/82eabe4c3090ea1572b2d816d3229718a2add7", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libpcre.so.1", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpcre.so.1.2.12", + "mode": 33261, + "size": 488664, + "digest": { + "algorithm": "sha256", + "value": "853849dc5e7393ec3451683443d164b12783019e1b68bc64b49c64812886364d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpcreposix.so.0", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpcreposix.so.0.0.7", + "mode": 33261, + "size": 15352, + "digest": { + "algorithm": "sha256", + "value": "a829890434a50682fa95b2278d8daf3037a6bb195c4ad31d7c14901168ba6a7d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/pcre", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/pcre/COPYING", + "mode": 33188, + "size": 95, + "digest": { + "algorithm": "sha256", + "value": "17abe1dbb92b21ab173cf9757dd57b0b15cd8d863b2ccdef635fdbef03077fb0" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/pcre/LICENCE", + "mode": 33188, + "size": 3182, + "digest": { + "algorithm": "sha256", + "value": "0dd9c13864dbb9ee4d77a1557e96be29b2d719fb6584192ee36611aae264c4a3" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "pcre2", + "version": "10.40", + "epoch": null, + "architecture": "x86_64", + "release": "6.el9", + "sourceRpm": "pcre2-10.40-6.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Sep 8 00:02:24 2024", + "issuer": "431d51e2a70ffc0d" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed May 7 08:44:40 2031", + "issuer": "431d513e910ffe2e" + } + ], + "size": 652298, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "bundled(sljit)", + "libpcre2-8.so.0()(64bit)", + "libpcre2-posix.so.3()(64bit)", + "pcre2", + "pcre2(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libpcre2-8.so.0()(64bit)", + "pcre2-syntax", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/48", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/48/1282542036ac05da5dbbe987bb1feae7f7eb4a", + "mode": 41471, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/76", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/76/2e199f8f08725f767cb3c3167faae14327659f", + "mode": 41471, + "size": 45, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libpcre2-8.so.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpcre2-8.so.0.11.0", + "mode": 33261, + "size": 636848, + "digest": { + "algorithm": "sha256", + "value": "9a7c5324aa19b789ec6451fac312238ba8b266886e37f2dcad51b612deaae96c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpcre2-posix.so.3", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpcre2-posix.so.3.0.2", + "mode": 33261, + "size": 15320, + "digest": { + "algorithm": "sha256", + "value": "cd07b910ec2713c62bd756ca1b5b1b33822fe53b0c22b57bb21a7277c6d38664" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "pcre2-syntax", + "version": "10.40", + "epoch": null, + "architecture": "noarch", + "release": "6.el9", + "sourceRpm": "pcre2-10.40-6.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Jun 18 19:50:38 1998", + "issuer": "431d512d370ffe3f" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Aug 29 02:52:17 1976", + "issuer": "431d51a05b0ffc0f" + } + ], + "size": 234324, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "pcre2-syntax" + ], + "requires": [ + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [ + { + "path": "/usr/share/licenses/pcre2-syntax", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/pcre2-syntax/COPYING", + "mode": 33188, + "size": 97, + "digest": { + "algorithm": "sha256", + "value": "99272c55f3dcfa07a8a7e15a5c1a33096e4727de74241d65fa049fccfdd59507" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/pcre2-syntax/LICENCE", + "mode": 33188, + "size": 3477, + "digest": { + "algorithm": "sha256", + "value": "87d884eceb7fc54611470ce9f74280d28612b0c877adfc767e9676892a638987" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "81dc18ef79d2b2cb", + "name": "popt", + "version": "1.18-8.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:popt:1.18-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:popt:popt:1.18-8.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/popt@1.18-8.el9?arch=x86_64&distro=rhel-9.7&upstream=popt-1.18-8.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "popt", + "version": "1.18", + "epoch": null, + "architecture": "x86_64", + "release": "8.el9", + "sourceRpm": "popt-1.18-8.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 15:01:35 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 15:01:35 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 130360, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libpopt.so.0()(64bit)", + "libpopt.so.0(LIBPOPT_0)(64bit)", + "popt", + "popt(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.27)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/etc/popt.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/19", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/19/e11263645dffdb2cbcdcff0d731276c7f90e98", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libpopt.so.0", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libpopt.so.0.0.1", + "mode": 33261, + "size": 58368, + "digest": { + "algorithm": "sha256", + "value": "5e9f3f8a88255fcb88220f7af51a96fb7328a2ea73154dd306277271571acffd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/popt", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/popt/COPYING", + "mode": 33188, + "size": 1277, + "digest": { + "algorithm": "sha256", + "value": "518d4f2a05064cb9a8ec0ea02e86408af4feed6916f78ef42171465db8b383c5" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "86bb1c48d046cf90", + "name": "readline", + "version": "8.1-4.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv3+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:readline:readline:8.1-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:readline:8.1-4.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/readline@8.1-4.el9?arch=x86_64&distro=rhel-9.7&upstream=readline-8.1-4.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "readline", + "version": "8.1", + "epoch": null, + "architecture": "x86_64", + "release": "4.el9", + "sourceRpm": "readline-8.1-4.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 15:14:45 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 15:14:46 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 492844, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libhistory.so.8()(64bit)", + "libreadline.so.8()(64bit)", + "readline", + "readline(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.11)(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libtinfo.so.6()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/74", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/74/3e24d7e4d98b9a5b3ac5dbc431fa83abd4084c", + "mode": 41471, + "size": 40, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/dc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/dc/1a424145905fb4f65a39f58b9b1a54cced2aa1", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libhistory.so.8", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libhistory.so.8.1", + "mode": 33261, + "size": 53400, + "digest": { + "algorithm": "sha256", + "value": "1624092f4c9c1b6dba385d4a2acf707f02620f4ea6e4de478887f9dbae31c66a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libreadline.so.8", + "mode": 41471, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libreadline.so.8.1", + "mode": 33261, + "size": 358128, + "digest": { + "algorithm": "sha256", + "value": "cd005d15fd3c6546b1ce73e629e516a421c9b0776cb7a0609f45c5c2f8d395bb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/readline", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/readline/COPYING", + "mode": 33188, + "size": 35147, + "digest": { + "algorithm": "sha256", + "value": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/readline/USAGE", + "mode": 33188, + "size": 2025, + "digest": { + "algorithm": "sha256", + "value": "0759c74d61889b687f33cb03899630d8ecc09c5ebe7cedd2dd2e17eeef193f93" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "734e3b82978b46ed", + "name": "redhat-release", + "version": "9.7-0.7.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv2", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat-release:redhat-release:9.7-0.7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat-release:redhat_release:9.7-0.7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat_release:redhat-release:9.7-0.7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat_release:redhat_release:9.7-0.7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:redhat-release:9.7-0.7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:redhat_release:9.7-0.7.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/redhat-release@9.7-0.7.el9?arch=x86_64&distro=rhel-9.7&upstream=redhat-release-9.7-0.7.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "redhat-release", + "version": "9.7", + "epoch": null, + "architecture": "x86_64", + "release": "0.7.el9", + "sourceRpm": "redhat-release-9.7-0.7.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Aug 10 07:28:06 2034", + "issuer": "431d511ec00ffe24" + } + ], + "size": 75786, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "base-module(platform:el9)", + "config(redhat-release)", + "redhat-release", + "redhat-release(x86-64)", + "redhat-release-client", + "redhat-release-computenode", + "redhat-release-server", + "redhat-release-workstation", + "system-release", + "system-release(releasever)", + "system-release(releasever_major)", + "system-release(releasever_minor)" + ], + "requires": [ + "config(redhat-release)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [ + { + "path": "/etc/dnf/protected.d/redhat-release.conf", + "mode": 33188, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "942298c770f9afd8303dffda64d89fb57c8d06e8a37fcc285951682afc5a88b7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/issue", + "mode": 33188, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "188029a4a5fc320b6157195899bf6d424610d385949a857a811d992602fa48c9" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/issue.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/issue.net", + "mode": 33188, + "size": 22, + "digest": { + "algorithm": "sha256", + "value": "17657f4ee63966a9c7687e97028b9ca514f6e9bcbefec4b7f4e81ac861eb3483" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/os-release", + "mode": 41471, + "size": 21, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "c" + }, + { + "path": "/etc/pki/product-default", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/product-default/479.pem", + "mode": 33188, + "size": 2171, + "digest": { + "algorithm": "sha256", + "value": "fa4cf63de35ddc6f097442d33226c5ae7ca2c90496af26d9db3d84133a7f855c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/rpm-gpg", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/rpm-gpg/ISV-Container-signing-key", + "mode": 33188, + "size": 1923, + "digest": { + "algorithm": "sha256", + "value": "ce344c927483de60ed60bf4956aaee0dfa7e9433e0f43c58ce64378d761bf724" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/rpm-gpg/RPM-GPG-KEY-PQC-redhat-release", + "mode": 33188, + "size": 16886, + "digest": { + "algorithm": "sha256", + "value": "c876fba00febd04b3cef2a1815031775dcad550e5a8276b4d8474aa0b67239ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mode": 33188, + "size": 1669, + "digest": { + "algorithm": "sha256", + "value": "3f8644b35db4197e7689d0a034bdef2039d92e330e6b22217abfa6b86a1fc0fa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mode": 33188, + "size": 3682, + "digest": { + "algorithm": "sha256", + "value": "0db3dc1b6228f29d60f37c5ad91d9f4cd3547895e8ebedb242469b1c0a0cdf08" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/swid/CA/redhat.com", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/pki/swid/CA/redhat.com/redhatcodesignca.cert", + "mode": 33188, + "size": 7346, + "digest": { + "algorithm": "sha256", + "value": "b0cf509b823e9b89c43bc373229f87d3cfee4264c35c6ac82b58e5251c3e8c39" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/redhat-release", + "mode": 33188, + "size": 44, + "digest": { + "algorithm": "sha256", + "value": "7305823adb43789c44b57edeaf463a39acbdd12646d60140f2b251c28f2a966c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/swid/swidtags.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/swid/swidtags.d/redhat.com", + "mode": 41471, + "size": 35, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/system-release", + "mode": 41471, + "size": 14, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/system-release-cpe", + "mode": 33188, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "ab138ea78c1167ddf9cd17736d43f89283e66c20ed4ff63183bfd2989bc7259a" + }, + "userName": "root", + "groupName": "root", + "flags": "c" + }, + { + "path": "/etc/yum.repos.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/os-release", + "mode": 33188, + "size": 617, + "digest": { + "algorithm": "sha256", + "value": "a4f4ab7d5b06a1a2bfafea65c7e27b45e9d79c54756d297856f6d380d3934442" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/macros.d/macros.dist", + "mode": 33188, + "size": 392, + "digest": { + "algorithm": "sha256", + "value": "5aeba8391625e61164053c0b44aa9e13f636987fe1962fecce23c8fc49fbc763" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/swidtag/redhat.com", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/swidtag/redhat.com/com.redhat.RHEL-9-x86_64.swidtag", + "mode": 33188, + "size": 6796, + "digest": { + "algorithm": "sha256", + "value": "d6edae22d91b9a245159ebd816e61b855571c620cf56e68cbf6d0b177cf0cf06" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/swidtag/redhat.com/com.redhat.RHEL-9.7-x86_64.swidtag", + "mode": 33188, + "size": 6492, + "digest": { + "algorithm": "sha256", + "value": "1d004d3a5edd36b8efc6b61635112f69016dd9f29e60f2a00bd74521a5f7b4b2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/sysctl.d/50-redhat.conf", + "mode": 33188, + "size": 203, + "digest": { + "algorithm": "sha256", + "value": "cff0531af9151667207f590615894598494081fb3d6c4db0728fecfb41fbce92" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/systemd/system-preset/85-display-manager.preset", + "mode": 33188, + "size": 284, + "digest": { + "algorithm": "sha256", + "value": "037ee720a5c511d7b257216cc81b55b5ebeb09775426288f2d46d614594d9e56" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/systemd/system-preset/90-default.preset", + "mode": 33188, + "size": 7340, + "digest": { + "algorithm": "sha256", + "value": "e627a4caddb0968721f934b58785d883ea01a977144750f9d39ad838e922f19a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/systemd/system-preset/99-default-disable.preset", + "mode": 33188, + "size": 10, + "digest": { + "algorithm": "sha256", + "value": "3127b197b9eae62eb84eeed69b0413419612238332006183e36a3fba89578378" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/systemd/user-preset/90-default-user.preset", + "mode": 33188, + "size": 1003, + "digest": { + "algorithm": "sha256", + "value": "ba8ff51494b993c5dd3fe73b82cb12abd2ff2212303c0929d879c990d2d85ec1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/systemd/user-preset/99-default-disable.preset", + "mode": 33188, + "size": 10, + "digest": { + "algorithm": "sha256", + "value": "3127b197b9eae62eb84eeed69b0413419612238332006183e36a3fba89578378" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/redhat-release/GPL", + "mode": 33188, + "size": 18092, + "digest": { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/redhat-release/GPL-source-offer", + "mode": 33188, + "size": 655, + "digest": { + "algorithm": "sha256", + "value": "025c99694c7fa9dd8a6a9cc0d450dbd36427cdff856771499718a421ab217482" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "f180d99433c6c3a0", + "name": "rootfiles", + "version": "8.1-35.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Public Domain", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:rootfiles:rootfiles:8.1-35.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:rootfiles:8.1-35.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/rootfiles@8.1-35.el9?arch=noarch&distro=rhel-9.7&upstream=rootfiles-8.1-35.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "rootfiles", + "version": "8.1", + "epoch": null, + "architecture": "noarch", + "release": "35.el9", + "sourceRpm": "rootfiles-8.1-35.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Mar 31 10:09:05 1916", + "issuer": "431d511bec0ffd11" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Wed Jun 18 08:54:47 1924", + "issuer": "431d5140740ffe37" + } + ], + "size": 1216, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "rootfiles" + ], + "requires": [ + "/bin/sh", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [ + { + "path": "/root/.bash_logout", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/root/.bash_profile", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/root/.bashrc", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/root/.cshrc", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/root/.tcshrc", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/usr/lib/tmpfiles.d/rootfiles.conf", + "mode": 33188, + "size": 399, + "digest": { + "algorithm": "sha256", + "value": "b2858a8e0ae109193e28d96f7fd8a8cfa1b42aad1766f5932814321dd821b7c8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/rootfiles", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/rootfiles/.bash_logout", + "mode": 33188, + "size": 18, + "digest": { + "algorithm": "sha256", + "value": "2584c4ba8b0d2a52d94023f420b7e356a1b1a3f2291ad5eba06683d58c48570d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/rootfiles/.bash_profile", + "mode": 33188, + "size": 141, + "digest": { + "algorithm": "sha256", + "value": "28bc81aadfd6e6639675760dc11dddd4ed1fcbd08f423224a93c09802552b87e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/rootfiles/.bashrc", + "mode": 33188, + "size": 429, + "digest": { + "algorithm": "sha256", + "value": "7e5d5df65ced1e47aee7b016d405ace4298fd9134d6caef45e1c835078c79aec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/rootfiles/.cshrc", + "mode": 33188, + "size": 100, + "digest": { + "algorithm": "sha256", + "value": "4e9418cde048f912e4aadb76ba55045b5d9af0e0565f7091bfc752154451eca9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/rootfiles/.tcshrc", + "mode": 33188, + "size": 129, + "digest": { + "algorithm": "sha256", + "value": "1bb91935e2cee1d5d2ab7e8d92125acbfac12d9bf3f1c7922aa4ce77ae7ea131" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "6fc4f99cb27a629a", + "name": "rpm", + "version": "4.16.1.3-39.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:rpm:4.16.1.3-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:rpm:rpm:4.16.1.3-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/rpm@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&upstream=rpm-4.16.1.3-39.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "rpm", + "version": "4.16.1.3", + "epoch": null, + "architecture": "x86_64", + "release": "39.el9", + "sourceRpm": "rpm-4.16.1.3-39.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Mar 29 20:15:34 1986", + "issuer": "431d51cd940fff7e" + } + ], + "size": 2750478, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "config(rpm)", + "rpm", + "rpm(x86-64)" + ], + "requires": [ + "/bin/sh", + "/bin/sh", + "/usr/bin/sh", + "config(rpm)", + "coreutils", + "curl", + "libarchive.so.13()(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libpopt.so.0()(64bit)", + "libpopt.so.0(LIBPOPT_0)(64bit)", + "librpm.so.9()(64bit)", + "librpmio.so.9()(64bit)", + "popt(x86-64)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/etc/rpm", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/rpm", + "mode": 33261, + "size": 24200, + "digest": { + "algorithm": "sha256", + "value": "4a07f33c47a60ec3c1ceaea8b3d8455f2ff24931f9910aa7c524c2b87749d407" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/rpm2archive", + "mode": 33261, + "size": 23880, + "digest": { + "algorithm": "sha256", + "value": "5657992744d9b4c57748a77f2fea99c773186d74debb393127567923cfdaeeca" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/rpm2cpio", + "mode": 33261, + "size": 15480, + "digest": { + "algorithm": "sha256", + "value": "2611d94df5ed29e72bd8f51feeaa527cfd2b04f07ed96adf1c11c75f5c86bbe4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/rpmdb", + "mode": 33261, + "size": 20216, + "digest": { + "algorithm": "sha256", + "value": "e024162a018ebbec2d2e6aed8a70e6b939135332016ffd29884091e0dce76213" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/rpmkeys", + "mode": 33261, + "size": 15968, + "digest": { + "algorithm": "sha256", + "value": "4cc743d879ac8fa5d9c4e13a43eb24ab130516e776c52ab669a426692f867820" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/rpmquery", + "mode": 41471, + "size": 3, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/rpmverify", + "mode": 41471, + "size": 3, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/19", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/19/c0f53d8891e9c97f2416e2c338276a09010fda", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/2d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/2d/9d73581010c0309a0aa157dc0b32cee6759268", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5a", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5a/8f81f0ebb048e7bd331b550036fed9fe5aeb2a", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/83", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/83/0883f597a115b4be402d41615cc2dfd62f037a", + "mode": 41471, + "size": 31, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a0/59b5115740f7e2681861fd7cffa9fa9d9473e3", + "mode": 41471, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/rpm", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/fileattrs", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/lua", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/macros", + "mode": 33188, + "size": 44796, + "digest": { + "algorithm": "sha256", + "value": "84f8073df8232bdda2963c03d69ec1f9148d309bda00d9758f9c6009890132f0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/macros.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/aarch64-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/aarch64-linux/macros", + "mode": 33188, + "size": 3428, + "digest": { + "algorithm": "sha256", + "value": "e9979f1f0d907ebe964a265951636df49fd37a0b76c04af7e7f75123af12284a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/alpha-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/alpha-linux/macros", + "mode": 33188, + "size": 3427, + "digest": { + "algorithm": "sha256", + "value": "fcb9be52ae9e388a39b0710ef536709a3328ed2ad44eea2e9cd6a94c856ab545" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/alphaev5-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/alphaev5-linux/macros", + "mode": 33188, + "size": 3438, + "digest": { + "algorithm": "sha256", + "value": "2e7480507b2fcd088552c2f56c3329923ebe288454f208df803996d51715558e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/alphaev56-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/alphaev56-linux/macros", + "mode": 33188, + "size": 3439, + "digest": { + "algorithm": "sha256", + "value": "344a1274a6a0445aed33fb710249aa640300546f07495cc043c9c5d1a0c80552" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/alphaev6-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/alphaev6-linux/macros", + "mode": 33188, + "size": 3438, + "digest": { + "algorithm": "sha256", + "value": "be6c8cb0b6e43d1dfb197d3a525fd975bdd82cd51498a5a43dbe8c8c0ac553a2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/alphaev67-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/alphaev67-linux/macros", + "mode": 33188, + "size": 3439, + "digest": { + "algorithm": "sha256", + "value": "c5ecf912a5b732420be13c0f7cb6b0ad7dfb3ac4942d67b1cd63f1f68b6ec180" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/alphapca56-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/alphapca56-linux/macros", + "mode": 33188, + "size": 3440, + "digest": { + "algorithm": "sha256", + "value": "27650482eb4bb98ff95b3126bd6f4c656ba070ae00bc0a44ecd69b3a73505109" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/amd64-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/amd64-linux/macros", + "mode": 33188, + "size": 3424, + "digest": { + "algorithm": "sha256", + "value": "92db1b683d4178016d645ee5a912e572ddaa62d281caec616677c75da1d115e7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv3l-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv3l-linux/macros", + "mode": 33188, + "size": 3430, + "digest": { + "algorithm": "sha256", + "value": "cfa832717aa4a424f70afd5cc1ec5fd00362a252f8c868fc6cd923047bc9e333" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv4b-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv4b-linux/macros", + "mode": 33188, + "size": 3430, + "digest": { + "algorithm": "sha256", + "value": "e4b4302c5e3675ccc30bc4f472e689829ea9690f609de124852767ce16808ee2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv4l-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv4l-linux/macros", + "mode": 33188, + "size": 3430, + "digest": { + "algorithm": "sha256", + "value": "cdd7b657577a08213e6a043d6cef2d2f843d3d1d57f65dcec2a5464f11bc21cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv5tejl-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv5tejl-linux/macros", + "mode": 33188, + "size": 3435, + "digest": { + "algorithm": "sha256", + "value": "eac04b909005f33327381ddda9fd8b35818edc2111a7c04946fe64183f37daff" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv5tel-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv5tel-linux/macros", + "mode": 33188, + "size": 3434, + "digest": { + "algorithm": "sha256", + "value": "bbe8af9dc2d3fc81ba53ff0a0efea4741d26746c9ef85ee6511e2b15546dc6cf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv5tl-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv5tl-linux/macros", + "mode": 33188, + "size": 3432, + "digest": { + "algorithm": "sha256", + "value": "e85a4f638200896b97eaecf0b89f4bcf5ed38a570d26553e98f25f200912afde" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv6hl-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv6hl-linux/macros", + "mode": 33188, + "size": 3458, + "digest": { + "algorithm": "sha256", + "value": "c595b2cfc088d9808bb9e447d555b8f85aff9adf170a1d1b1a64ca60d61cb7e8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv6l-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv6l-linux/macros", + "mode": 33188, + "size": 3430, + "digest": { + "algorithm": "sha256", + "value": "3c38ebe1a1d94d2963c4b1001e41bf717c5ba9ccae65bb2f8aa745862515e4ae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv7hl-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv7hl-linux/macros", + "mode": 33188, + "size": 3466, + "digest": { + "algorithm": "sha256", + "value": "1a1c0b1b020cb3d8931f83727485371b317cc91ca13e3d5b38d675516b9bb109" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv7hnl-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv7hnl-linux/macros", + "mode": 33188, + "size": 3461, + "digest": { + "algorithm": "sha256", + "value": "5a7f304fcf688f776d7e5348a12b156f0a8604b72b27fe0a55c4f0e9f9a2b385" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv7l-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv7l-linux/macros", + "mode": 33188, + "size": 3430, + "digest": { + "algorithm": "sha256", + "value": "0a9e22bb32d414a09fc5405cc36825bb3079e46e1e9eb96254d7c2646e9f7bcc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv8hl-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv8hl-linux/macros", + "mode": 33188, + "size": 3462, + "digest": { + "algorithm": "sha256", + "value": "60109d6da0ca8240fff89d78aa6062eade7f24fbaa1ce79f8737817606883653" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv8l-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/armv8l-linux/macros", + "mode": 33188, + "size": 3432, + "digest": { + "algorithm": "sha256", + "value": "3a78b8f99c930d30a77330f508aa7788d1dd2de38e42691355699a15a0fcc469" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/athlon-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/athlon-linux/macros", + "mode": 33188, + "size": 3430, + "digest": { + "algorithm": "sha256", + "value": "b56fb31a5b4abd30095b763125d65080b8da884dd345c1a99364abd83ab639a9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/geode-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/geode-linux/macros", + "mode": 33188, + "size": 3434, + "digest": { + "algorithm": "sha256", + "value": "7385479124a71b3a6b8513903ccf551e59938bf223b3804a7e9dfaef482d0773" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/i386-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/i386-linux/macros", + "mode": 33188, + "size": 3440, + "digest": { + "algorithm": "sha256", + "value": "96b3be805f7dfa90c0f423e51775a1e3084cefb7d725376722481e48d618387c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/i486-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/i486-linux/macros", + "mode": 33188, + "size": 3428, + "digest": { + "algorithm": "sha256", + "value": "47523d6c86ccf10cb22ab2a07f165509c78d41b9e0fec95948e5175304ae414c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/i586-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/i586-linux/macros", + "mode": 33188, + "size": 3428, + "digest": { + "algorithm": "sha256", + "value": "d527a1a88ec214db33a457c1ea639cb06983972632b5b93ac6ec3bbf992e11eb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/i686-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/i686-linux/macros", + "mode": 33188, + "size": 3428, + "digest": { + "algorithm": "sha256", + "value": "527d29d008bdf883e5b2393ff56bad61a5df3c174b38c7e9c48f6155789adcb7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ia32e-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ia32e-linux/macros", + "mode": 33188, + "size": 3424, + "digest": { + "algorithm": "sha256", + "value": "92db1b683d4178016d645ee5a912e572ddaa62d281caec616677c75da1d115e7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ia64-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ia64-linux/macros", + "mode": 33188, + "size": 3415, + "digest": { + "algorithm": "sha256", + "value": "7e0e58ad423cab85dc8069017dc23f52d3c228451276044b93e3344e74656e13" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/m68k-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/m68k-linux/macros", + "mode": 33188, + "size": 3466, + "digest": { + "algorithm": "sha256", + "value": "1860ff9d0b8aef32aff71a21fec705494bed6604bdf4f17a1fe25e83988b2059" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mips-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mips-linux/macros", + "mode": 33188, + "size": 3417, + "digest": { + "algorithm": "sha256", + "value": "0d2d6747650470793bc16576fcef2e6374f10e25434e26b9c521fb53bdc14dd0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mips64-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mips64-linux/macros", + "mode": 33188, + "size": 3425, + "digest": { + "algorithm": "sha256", + "value": "e9880366106224efe768d2f78ccfb7edce79537b1e66e95f3a29490e11591e35" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mips64el-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mips64el-linux/macros", + "mode": 33188, + "size": 3429, + "digest": { + "algorithm": "sha256", + "value": "5185dd10bf849735cbe826eff2c21f647c146b1920763e94f4fa0be1c4cace33" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mips64r6-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mips64r6-linux/macros", + "mode": 33188, + "size": 3431, + "digest": { + "algorithm": "sha256", + "value": "6498ce5ad885ac61b7a50adfb9475110bf4eec8bf4e89c921d66f2937620bbca" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mips64r6el-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mips64r6el-linux/macros", + "mode": 33188, + "size": 3435, + "digest": { + "algorithm": "sha256", + "value": "c9a1015920f5777ece70cbdf73aee3efe2ac46a1b52fb0bc58141948a2889827" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mipsel-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mipsel-linux/macros", + "mode": 33188, + "size": 3421, + "digest": { + "algorithm": "sha256", + "value": "bb286398caf5a1ccc57432d5ead5ffe3bd893f309225379f80fbe7e4b5cbe647" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mipsr6-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mipsr6-linux/macros", + "mode": 33188, + "size": 3423, + "digest": { + "algorithm": "sha256", + "value": "d7fb42f30e4bfbedcb3eb7969eb37d773e2911368a68f6570336cd8f0e7c9ad9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mipsr6el-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/mipsr6el-linux/macros", + "mode": 33188, + "size": 3427, + "digest": { + "algorithm": "sha256", + "value": "201ed9ce13d524ce184761201e0c64aa1611d360ef17e299c2324818cd14ee31" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/noarch-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/noarch-linux/macros", + "mode": 33188, + "size": 3332, + "digest": { + "algorithm": "sha256", + "value": "d353f17840c886992e03bd579bc27ccec781b1d640c74ffff2523936b0f8184d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/pentium3-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/pentium3-linux/macros", + "mode": 33188, + "size": 3432, + "digest": { + "algorithm": "sha256", + "value": "c0732b433a4d16783498d5fa7c3217d341ed73247182b87b76e76117c9493559" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/pentium4-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/pentium4-linux/macros", + "mode": 33188, + "size": 3432, + "digest": { + "algorithm": "sha256", + "value": "4344a74a9046dc612088e8d168d97d9e43d12a023e78a40f158f3f58e8130947" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc-linux/macros", + "mode": 33188, + "size": 3414, + "digest": { + "algorithm": "sha256", + "value": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc32dy4-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc32dy4-linux/macros", + "mode": 33188, + "size": 3414, + "digest": { + "algorithm": "sha256", + "value": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc64-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc64-linux/macros", + "mode": 33188, + "size": 3422, + "digest": { + "algorithm": "sha256", + "value": "c101aa4377bec072c2f4165356c65190e341ffae135a05554f7f168dba151530" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc64iseries-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc64iseries-linux/macros", + "mode": 33188, + "size": 3411, + "digest": { + "algorithm": "sha256", + "value": "cdea48e7cf9f9427a9b9b1b8ddf604f6443864222a8abc8acbbe8ebea020f9b5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc64le-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc64le-linux/macros", + "mode": 33188, + "size": 3426, + "digest": { + "algorithm": "sha256", + "value": "cd127be1c73cf78b66619cb6bc91c153ee77b1c37efe950250766f0b25ef1dbd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc64p7-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc64p7-linux/macros", + "mode": 33188, + "size": 3449, + "digest": { + "algorithm": "sha256", + "value": "0e6a26819f8ba99a8af658a1dd28e418f48a261363c2e7e0a3b1b6dcca08ca63" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc64pseries-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc64pseries-linux/macros", + "mode": 33188, + "size": 3411, + "digest": { + "algorithm": "sha256", + "value": "cdea48e7cf9f9427a9b9b1b8ddf604f6443864222a8abc8acbbe8ebea020f9b5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc8260-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc8260-linux/macros", + "mode": 33188, + "size": 3414, + "digest": { + "algorithm": "sha256", + "value": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc8560-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppc8560-linux/macros", + "mode": 33188, + "size": 3414, + "digest": { + "algorithm": "sha256", + "value": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppciseries-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppciseries-linux/macros", + "mode": 33188, + "size": 3414, + "digest": { + "algorithm": "sha256", + "value": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppcpseries-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/ppcpseries-linux/macros", + "mode": 33188, + "size": 3414, + "digest": { + "algorithm": "sha256", + "value": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/riscv64-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/riscv64-linux/macros", + "mode": 33188, + "size": 3428, + "digest": { + "algorithm": "sha256", + "value": "8459c664f1b74307f8997a51a866994de2f9878535ad03e0b33d2555ca8a6a82" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/s390-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/s390-linux/macros", + "mode": 33188, + "size": 3417, + "digest": { + "algorithm": "sha256", + "value": "907abae595f1ad1c0454ecd5701143f0ddef5d9e3cae4cd59e4ffea503e48383" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/s390x-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/s390x-linux/macros", + "mode": 33188, + "size": 3423, + "digest": { + "algorithm": "sha256", + "value": "54ce0879d7063edc4911145ab7013c355dd91d4f1e4cefc73176d982f9ead05e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sh-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sh-linux/macros", + "mode": 33188, + "size": 3408, + "digest": { + "algorithm": "sha256", + "value": "647808e04766e4243c1b2a1d9ed0ad3bbe81de31b5243dae8c02bb5c07493852" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sh3-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sh3-linux/macros", + "mode": 33188, + "size": 3413, + "digest": { + "algorithm": "sha256", + "value": "44a103b488cd5934b5e18e34998eccc43c86463558c6cf1f54402bdc26deaac3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sh4-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sh4-linux/macros", + "mode": 33188, + "size": 3420, + "digest": { + "algorithm": "sha256", + "value": "0325b105e93df85c946909fdeb8ec7412df99be3d311d0222745764bcb707fb0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sh4a-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sh4a-linux/macros", + "mode": 33188, + "size": 3422, + "digest": { + "algorithm": "sha256", + "value": "3818e64c0441e5db247356e8b0bcc3b33f9b308a1d71f7a5061a2e9fc57aed59" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sparc-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sparc-linux/macros", + "mode": 33188, + "size": 3443, + "digest": { + "algorithm": "sha256", + "value": "6437bc458ca7170aa14cf3f8172270236b72d2a32728a9ec89eb03a49720544c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sparc64-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sparc64-linux/macros", + "mode": 33188, + "size": 3451, + "digest": { + "algorithm": "sha256", + "value": "95676b8042844423a2cee2ae9c5186c3fa17f82dc17ca73a1c9613714b67b161" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sparc64v-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sparc64v-linux/macros", + "mode": 33188, + "size": 3448, + "digest": { + "algorithm": "sha256", + "value": "8a2275952bd5c1635bceb9382bbf73547b05502d96bc0360c7cbb64c8a2e15cf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sparcv8-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sparcv8-linux/macros", + "mode": 33188, + "size": 3448, + "digest": { + "algorithm": "sha256", + "value": "091a4bb25ce60367d5b97600cdca92e695960de54e6e70ca596df95057d634d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sparcv9-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sparcv9-linux/macros", + "mode": 33188, + "size": 3443, + "digest": { + "algorithm": "sha256", + "value": "6437bc458ca7170aa14cf3f8172270236b72d2a32728a9ec89eb03a49720544c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sparcv9v-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/sparcv9v-linux/macros", + "mode": 33188, + "size": 3440, + "digest": { + "algorithm": "sha256", + "value": "486d438b82a0fc17f7934fc60dc2cb369c993fb2b52778c4e4a44c06bca056c4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/x86_64-linux", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/platform/x86_64-linux/macros", + "mode": 33188, + "size": 3424, + "digest": { + "algorithm": "sha256", + "value": "92db1b683d4178016d645ee5a912e572ddaa62d281caec616677c75da1d115e7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/rpm.daily", + "mode": 33188, + "size": 296, + "digest": { + "algorithm": "sha256", + "value": "b98748f664b3245cb7f3d22927b541ee659c221094df7e4d7e5950b6d73eb37d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/rpm.log", + "mode": 33188, + "size": 61, + "digest": { + "algorithm": "sha256", + "value": "ed0a8b7f8ec41ea0d6d8d7ccdc698d216cd7a7154e77bbdaf8eb02bc4535ab0a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/rpm.supp", + "mode": 33188, + "size": 688, + "digest": { + "algorithm": "sha256", + "value": "d88d7b62b79bf754a47ba69d0997ae82c4f0e5ea6af3f8fe2e40ffb1fc3fe054" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/rpm2cpio.sh", + "mode": 33261, + "size": 1597, + "digest": { + "algorithm": "sha256", + "value": "e23cd42e7200d3ac193d2d299ecf0fadda19f2306a9a232be71147be0c3cb31b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/rpmdb_dump", + "mode": 33261, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "bf09433a9284ba72a3e7e698d74f7d3873dab852d4aa4a0e1ef78b2a1711c96c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/rpmdb_load", + "mode": 33261, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "9e924a2590ec3c4322f07e24f1ed7f3aa16f13e2c38496a78f7ab873d238b27e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/rpmpopt-4.16.1.3", + "mode": 33188, + "size": 12112, + "digest": { + "algorithm": "sha256", + "value": "00071b0002402da148d4338cb3578b994a1b248510f79e6d52d8e647b27a5b59" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/rpmrc", + "mode": 33188, + "size": 17654, + "digest": { + "algorithm": "sha256", + "value": "5d9a1c85de3205a6423a2bf71025d71d11e4cbbc1da9318cb72a0f0789baa437" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/rpm/tgpg", + "mode": 33261, + "size": 937, + "digest": { + "algorithm": "sha256", + "value": "2301f06a63659cc2acd2f8c3c00f19a4cfeb427b916345299a3112844ae2b5b0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/systemd/system/rpmdb-rebuild.service", + "mode": 33188, + "size": 446, + "digest": { + "algorithm": "sha256", + "value": "4ec87c1c7fcdc16d7799fe781fa6a2042cf0ed0c3f641c4c7721e78989749a5b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/rpm", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/rpm/CREDITS", + "mode": 33188, + "size": 3749, + "digest": { + "algorithm": "sha256", + "value": "eca98e23b93ba154007bc76bb763d52167255a5def83715727946e2b14bc847d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/rpm/builddependencies", + "mode": 33188, + "size": 6496, + "digest": { + "algorithm": "sha256", + "value": "1580050367dd281a03cb5d5e8692349829f1b21e48ebb328cbacf7e7e09d04ad" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/rpm/buildroot", + "mode": 33188, + "size": 3754, + "digest": { + "algorithm": "sha256", + "value": "7eac4a3d80abb2c002735348520f939cb43d21e73d3f52990baf3ba925b40d10" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/rpm/conditionalbuilds", + "mode": 33188, + "size": 4050, + "digest": { + "algorithm": "sha256", + "value": "70a9517d270bcfd399cd7927aa18d659e0c63395b7d8fa11560ed71b549340a2" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/rpm/dependencies", + "mode": 33188, + "size": 13647, + "digest": { + "algorithm": "sha256", + "value": "397c40977dcd4655cb76ce9847a1968c0de37d3f351b722fb05376969a8dbee2" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/rpm/format", + "mode": 33188, + "size": 10424, + "digest": { + "algorithm": "sha256", + "value": "546660743edaa82c31176c705c6452ce0e4600ec1e5a77def2bc1c8c3ea86b8c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/rpm/hregions", + "mode": 33188, + "size": 2968, + "digest": { + "algorithm": "sha256", + "value": "013a188ee9adf79a94b8961e4342d6994ee0866f12cea3f6579dcd51eda0d796" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/rpm/macros", + "mode": 33188, + "size": 13053, + "digest": { + "algorithm": "sha256", + "value": "960b85cc1ab24fe12ba69e0ffea91ada56b1afc67d6e20bb48903bab4961133d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/rpm/multiplebuilds", + "mode": 33188, + "size": 1866, + "digest": { + "algorithm": "sha256", + "value": "59e84e15d9af66ed7b693b7c200aa48328bd24d18c9ce53f4c2a36bcefe65a31" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/rpm/queryformat", + "mode": 33188, + "size": 5665, + "digest": { + "algorithm": "sha256", + "value": "ecaaa58e3a380e4def9c2e4bcb315810209a802027fe1b4a7bf2a01f44bc5e3d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/rpm/relocatable", + "mode": 33188, + "size": 2029, + "digest": { + "algorithm": "sha256", + "value": "3a41eeced53b1c6d1ffcb8df980d98f6b53c8f79cf0b3d78eea66ce058bd817d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/rpm/signatures", + "mode": 33188, + "size": 2636, + "digest": { + "algorithm": "sha256", + "value": "e52f26d6b1474b405e410e0d348b45509aee6168eaae06643ce1298d41a69ed9" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/rpm/spec", + "mode": 33188, + "size": 9842, + "digest": { + "algorithm": "sha256", + "value": "02fc972cb34963139c4363ac279905ec6428cbba7e0f4d799c7fc3015fcf1aa8" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/rpm/triggers", + "mode": 33188, + "size": 5673, + "digest": { + "algorithm": "sha256", + "value": "ac2f2772cf98b150a0c9779d2dae3c6c213c98d85f9c037527c35db57345b906" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/rpm/tsort", + "mode": 33188, + "size": 5460, + "digest": { + "algorithm": "sha256", + "value": "533567bdebec1ed11887dc9041d68402a67497d19a3d124a090093ca5bfeb96f" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/rpm", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/rpm/COPYING", + "mode": 33188, + "size": 44182, + "digest": { + "algorithm": "sha256", + "value": "171d94d9f1641316bff7f157a903237dc69cdb5fca405fed8c832c76ed8370f9" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man8/rpm-misc.8.gz", + "mode": 33188, + "size": 769, + "digest": { + "algorithm": "sha256", + "value": "a8c647b82726c4c7f7c5bb89f7b16a8c638e575c51b912adcf9d29fa5e5d12ca" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/rpm-plugins.8.gz", + "mode": 33188, + "size": 823, + "digest": { + "algorithm": "sha256", + "value": "e4877aa3aa292ca6c369b372bd65b08385ef1a8f98d328a643a5e743a0634395" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/rpm.8.gz", + "mode": 33188, + "size": 8750, + "digest": { + "algorithm": "sha256", + "value": "c177bafab7ba5a754b7aef7e901e23bb70fb21a265f5b0554bedd41d44746899" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/rpm2archive.8.gz", + "mode": 33188, + "size": 670, + "digest": { + "algorithm": "sha256", + "value": "1fa08dc7c7f37f287e802fb28759b33c7175440051582fe86be9b95995651584" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/rpm2cpio.8.gz", + "mode": 33188, + "size": 379, + "digest": { + "algorithm": "sha256", + "value": "f3853aef7abafb2a402738fbc85ad008c2cb7c467f909522013abfba00de97b4" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/rpmdb.8.gz", + "mode": 33188, + "size": 887, + "digest": { + "algorithm": "sha256", + "value": "e4e15b316d7d83b2cb18b59426b532ed1cdb3da8d546475b154f53b5abe96e61" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/rpmkeys.8.gz", + "mode": 33188, + "size": 1002, + "digest": { + "algorithm": "sha256", + "value": "1ff622afaae4ec05292f0284c991fc4f3cbaf295200372c410a89cad3c6dd404" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/var/lib/rpm", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/var/lib/rpm/.rpm.lock", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "g" + }, + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "mode": 33188, + "size": 212992, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/var/lib/rpm/rpmdb.sqlite-shm", + "mode": 33188, + "size": 32768, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + }, + { + "path": "/var/lib/rpm/rpmdb.sqlite-wal", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "cmng" + } + ] + } + }, + { + "id": "81412860457969fe", + "name": "rpm-libs", + "version": "4.16.1.3-39.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv2+ and LGPLv2+ with exceptions", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:rpm-libs:rpm-libs:4.16.1.3-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:rpm-libs:rpm_libs:4.16.1.3-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:rpm_libs:rpm-libs:4.16.1.3-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:rpm_libs:rpm_libs:4.16.1.3-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:rpm-libs:4.16.1.3-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:rpm_libs:4.16.1.3-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:rpm:rpm-libs:4.16.1.3-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:rpm:rpm_libs:4.16.1.3-39.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/rpm-libs@4.16.1.3-39.el9?arch=x86_64&distro=rhel-9.7&upstream=rpm-4.16.1.3-39.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "rpm-libs", + "version": "4.16.1.3", + "epoch": null, + "architecture": "x86_64", + "release": "39.el9", + "sourceRpm": "rpm-4.16.1.3-39.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Mar 8 08:29:14 2037", + "issuer": "431d51ba7c0fff43" + } + ], + "size": 773068, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "librpm.so.9()(64bit)", + "librpmio.so.9()(64bit)", + "rpm-libs", + "rpm-libs(x86-64)" + ], + "requires": [ + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libacl.so.1()(64bit)", + "libacl.so.1(ACL_1.0)(64bit)", + "libaudit.so.1()(64bit)", + "libbz2.so.1()(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.15)(64bit)", + "libc.so.6(GLIBC_2.16)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.32)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.6)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libcap.so.2()(64bit)", + "libcrypto.so.3()(64bit)", + "libcrypto.so.3(OPENSSL_3.0.0)(64bit)", + "libcrypto.so.3(OPENSSL_3.4.0)(64bit)", + "liblua-5.4.so()(64bit)", + "liblzma.so.5()(64bit)", + "liblzma.so.5(XZ_5.0)(64bit)", + "liblzma.so.5(XZ_5.2)(64bit)", + "libm.so.6()(64bit)", + "libpopt.so.0()(64bit)", + "libpopt.so.0(LIBPOPT_0)(64bit)", + "librpmio.so.9()(64bit)", + "libsqlite3.so.0()(64bit)", + "libz.so.1()(64bit)", + "libzstd.so.1()(64bit)", + "rpm", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/30", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/30/af34b405d8328dc17b302aece9fee0fc2fefe5", + "mode": 41471, + "size": 37, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/7d/050c103ef2d72e483d71aa6335959fa7eaaae9", + "mode": 41471, + "size": 39, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/librpm.so.9", + "mode": 41471, + "size": 15, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/librpm.so.9.1.3", + "mode": 33261, + "size": 541904, + "digest": { + "algorithm": "sha256", + "value": "402844cc65877b72fe5a013de4e83ac6aa3efeb0d91ec6b78dc41c911a65a58c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/librpmio.so.9", + "mode": 41471, + "size": 17, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/librpmio.so.9.1.3", + "mode": 33261, + "size": 231056, + "digest": { + "algorithm": "sha256", + "value": "414b4c6dd584b0a9ab9de230cd395bd9bd57daad6979798fe9c716140aa8a027" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/rpm-plugins", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "e21cb9e7dda039e1", + "name": "sed", + "version": "4.8-9.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "GPLv3+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:sed:4.8-9.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:sed:sed:4.8-9.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/sed@4.8-9.el9?arch=x86_64&distro=rhel-9.7&upstream=sed-4.8-9.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "sed", + "version": "4.8", + "epoch": null, + "architecture": "x86_64", + "release": "9.el9", + "sourceRpm": "sed-4.8-9.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 15:23:56 2021", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Nov 20 15:23:56 2021", + "issuer": "199e2f91fd431d51" + } + ], + "size": 813599, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "/bin/sed", + "bundled(gnulib)", + "sed", + "sed(x86-64)" + ], + "requires": [ + "libacl.so.1()(64bit)", + "libacl.so.1(ACL_1.0)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libselinux.so.1()(64bit)", + "libselinux.so.1(LIBSELINUX_1.0)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/bin/sed", + "mode": 33261, + "size": 116728, + "digest": { + "algorithm": "sha256", + "value": "094185ede26906ce24155af7d04ed766bb854e4061a52cd8a063e23e98cfaa76" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/1a", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/1a/f80cb3e8e968f5ab7f0ea8dc1b2f9b814e29c2", + "mode": 41471, + "size": 23, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/share/licenses/sed", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/sed/COPYING", + "mode": 33188, + "size": 35151, + "digest": { + "algorithm": "sha256", + "value": "e79e9c8a0c85d735ff98185918ec94ed7d175efc377012787aebcf3b80f0d90b" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "5e411c4e4f6d3d56", + "name": "setup", + "version": "2.13.7-10.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Public Domain", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:setup:setup:2.13.7-10.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/setup@2.13.7-10.el9?arch=noarch&distro=rhel-9.7&upstream=setup-2.13.7-10.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "setup", + "version": "2.13.7", + "epoch": null, + "architecture": "noarch", + "release": "10.el9", + "sourceRpm": "setup-2.13.7-10.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Thu Jan 18 17:38:43 1973", + "issuer": "431d51d0f210008f" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Aug 5 02:13:28 1991", + "issuer": "431d515d3f0fff79" + } + ], + "size": 725932, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "config(setup)", + "setup" + ], + "requires": [ + "config(setup)", + "rpmlib(BuiltinLuaScripts)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "system-release" + ], + "files": [ + { + "path": "/etc/aliases", + "mode": 33188, + "size": 1529, + "digest": { + "algorithm": "sha256", + "value": "a4c569569f893bc22fbe696c459f8fba0fe4565022637300b705b54a95c47bce" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/bashrc", + "mode": 33188, + "size": 2658, + "digest": { + "algorithm": "sha256", + "value": "bb091ed0ed1cbf1cd40cd3da60a4a994e2246c551ab086e96f43fefca197f75e" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/csh.cshrc", + "mode": 33188, + "size": 1401, + "digest": { + "algorithm": "sha256", + "value": "441b02ec287f3bd2b94e2df4462e29f1f2f49d5fa41b8cce9dddd7865775868d" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/csh.login", + "mode": 33188, + "size": 1112, + "digest": { + "algorithm": "sha256", + "value": "c9ea846975d2c90ac93c86ff6b04566f2b1d15c705ab62ec467c194b8a242f0e" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/dnf/protected.d/setup.conf", + "mode": 33188, + "size": 6, + "digest": { + "algorithm": "sha256", + "value": "9752eb62a6845a78a9e2eaeb4a6eb2d93a1b654ee8665f71d516cfaca3e7cf57" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/environment", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/ethertypes", + "mode": 33188, + "size": 1362, + "digest": { + "algorithm": "sha256", + "value": "ed38f9d644befc87eb41a8649c310073240d9a8cd75b2f9c115b5d9d7e5d033c" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/exports", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/filesystems", + "mode": 33188, + "size": 66, + "digest": { + "algorithm": "sha256", + "value": "ba1ed4fe76cd63c37dbd44a040921db7810c4b63f46ee6635779627a4a36a196" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/group", + "mode": 33188, + "size": 264, + "digest": { + "algorithm": "sha256", + "value": "5be46faf83078411c18ce0f3cb5e5fc5b56b8cb214a7f5a65dbbef6cb8249e16" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/gshadow", + "mode": 32768, + "size": 198, + "digest": { + "algorithm": "sha256", + "value": "50b56bf2e0d5dd28900aa04478a9d4cc2ca1ea3452a76a71c71b5ade7f2221cd" + }, + "userName": "root", + "groupName": "root", + "flags": "cmn" + }, + { + "path": "/etc/host.conf", + "mode": 33188, + "size": 9, + "digest": { + "algorithm": "sha256", + "value": "380f5fe21d755923b44203b58ca3c8b9681c485d152bd5d7e3914f67d821d32a" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/hosts", + "mode": 33188, + "size": 158, + "digest": { + "algorithm": "sha256", + "value": "498f494232085ec83303a2bc6f04bea840c2b210fbbeda31a46a6e5674d4fc0e" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/inputrc", + "mode": 33188, + "size": 943, + "digest": { + "algorithm": "sha256", + "value": "e016c93c4ded93c7e08e92957345746618c5893eae0c8528b0392a6e0d6e447a" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/motd", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/motd.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/networks", + "mode": 33188, + "size": 58, + "digest": { + "algorithm": "sha256", + "value": "ae89ab2e35076a070ae7cf5b0edf600c3ea6999e15db9b543ef35dfc76d37cb1" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/passwd", + "mode": 33188, + "size": 533, + "digest": { + "algorithm": "sha256", + "value": "d137fa8bf6ca9020c35a5bf992f32d4c803497e856e0254618f5abcb2f2425c6" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/printcap", + "mode": 33188, + "size": 233, + "digest": { + "algorithm": "sha256", + "value": "f809352567a37d932b014311cf626774b97b63ec06d4f7bdd8a9cfcc34c691d9" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/profile", + "mode": 33188, + "size": 1899, + "digest": { + "algorithm": "sha256", + "value": "304bbca429881a74f3e8f8b1c003b29020c635b83661492accd576c99baf9f30" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/profile.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/profile.d/csh.local", + "mode": 33188, + "size": 80, + "digest": { + "algorithm": "sha256", + "value": "07a2a80f1386c89941b3da4cda68790afe19f7425a14e01acdc2fbddb73b5508" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/profile.d/lang.csh", + "mode": 33188, + "size": 3424, + "digest": { + "algorithm": "sha256", + "value": "5486ae2358f54ba086017a5a7d89fc71855e4071c06fe1866a278838b465b161" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/profile.d/lang.sh", + "mode": 33188, + "size": 3187, + "digest": { + "algorithm": "sha256", + "value": "58bf8b07428754b273560c5ea4040c672440b2bb04709842cf94163e15dc144f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/etc/profile.d/sh.local", + "mode": 33188, + "size": 81, + "digest": { + "algorithm": "sha256", + "value": "3c5de252d65ae8c40e54c21be09dc574ca3641d036d7b44174939a7e64863920" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/protocols", + "mode": 33188, + "size": 6568, + "digest": { + "algorithm": "sha256", + "value": "d0e614d3ac7c6d9f6fe7b6c8ac678f26cca185de66f5dd34b56e634b2398a8cd" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/services", + "mode": 33188, + "size": 692252, + "digest": { + "algorithm": "sha256", + "value": "ac7ed9a0608f2ee925d17dfa8154102f56d863e0ab53f39053ff27120ce571ce" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/shadow", + "mode": 32768, + "size": 346, + "digest": { + "algorithm": "sha256", + "value": "02773a6edfc62186d7c40f5782c8b1ade7c260fb9d0be3a7153b961758ea7fbf" + }, + "userName": "root", + "groupName": "root", + "flags": "cmn" + }, + { + "path": "/etc/shells", + "mode": 33188, + "size": 44, + "digest": { + "algorithm": "sha256", + "value": "4ec4e8c524a4f10ca5898ccfaa6d29e7e08aff3a681f6bafbb62e7bec91aa154" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/subgid", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/subuid", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/run/motd", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/run/motd.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/motd", + "mode": 33188, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/usr/lib/motd.d", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/tmpfiles.d/setup.conf", + "mode": 33188, + "size": 60, + "digest": { + "algorithm": "sha256", + "value": "b1a7958d03497b0e231f8f14ee501ebb4d15a822d096c180226af5429df15f78" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/setup", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/setup/COPYING", + "mode": 33188, + "size": 118, + "digest": { + "algorithm": "sha256", + "value": "628095e1ef656bbe9034cf5bfa3c220880a16cd0ceea25b17cd2198ea3503e03" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "4e01ddd4ea86a505", + "name": "shadow-utils", + "version": "2:4.9-15.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD and GPLv2+", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-15.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-15.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-15.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-15.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-15.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-15.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-15.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-15.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/shadow-utils@4.9-15.el9?arch=x86_64&distro=rhel-9.7&epoch=2&upstream=shadow-utils-4.9-15.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "shadow-utils", + "version": "4.9", + "epoch": 2, + "architecture": "x86_64", + "release": "15.el9", + "sourceRpm": "shadow-utils-4.9-15.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun Oct 3 18:45:05 2027", + "issuer": "431d518b2b0ffc0b" + } + ], + "size": 3812562, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "config(shadow-utils)", + "shadow", + "shadow-utils", + "shadow-utils(x86-64)" + ], + "requires": [ + "audit-libs", + "config(shadow-utils)", + "libacl.so.1()(64bit)", + "libacl.so.1(ACL_1.1)(64bit)", + "libattr.so.1()(64bit)", + "libattr.so.1(ATTR_1.1)(64bit)", + "libaudit.so.1()(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.25)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libcrypt.so.2()(64bit)", + "libcrypt.so.2(XCRYPT_2.0)(64bit)", + "libselinux", + "libselinux.so.1()(64bit)", + "libselinux.so.1(LIBSELINUX_1.0)(64bit)", + "libsemanage.so.2()(64bit)", + "libsemanage.so.2(LIBSEMANAGE_1.0)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileCaps)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)", + "setup" + ], + "files": [ + { + "path": "/etc/default/useradd", + "mode": 33188, + "size": 119, + "digest": { + "algorithm": "sha256", + "value": "b121fd1b90c1a2fb6081a137dd7b441c7e7fec61bc17ca60db401a952d7b8825" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/etc/login.defs", + "mode": 33188, + "size": 7779, + "digest": { + "algorithm": "sha256", + "value": "b8caab091c2b4a4b8194a438ff5df718d3c469362ac92a1901dc308eeac5a91e" + }, + "userName": "root", + "groupName": "root", + "flags": "cn" + }, + { + "path": "/usr/bin/chage", + "mode": 35309, + "size": 73704, + "digest": { + "algorithm": "sha256", + "value": "326a4bba3ca2a8525c683bee311803427177b8e375b50ae4000c653114d6a119" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/gpasswd", + "mode": 35309, + "size": 78016, + "digest": { + "algorithm": "sha256", + "value": "1b9c0ff43bcc29c7a7d1a59c12c4373b52d80f82a4f2438a4a24f746ff9ae0b0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/lastlog", + "mode": 33261, + "size": 29320, + "digest": { + "algorithm": "sha256", + "value": "203580c2537f42b4efd7d1067b1d9d678d5ee3353b5a139bcf7214eaa1f87f40" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/newgidmap", + "mode": 33261, + "size": 42960, + "digest": { + "algorithm": "sha256", + "value": "960116f9e9adc30ffbad051a78119196b3567d477680db5143c91467c410d465" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/newgrp", + "mode": 35309, + "size": 41744, + "digest": { + "algorithm": "sha256", + "value": "b1c7720e7c518bea3aa6a171846e8a089446e5e386e377bbfc162bcfd3d2ba49" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/newuidmap", + "mode": 33261, + "size": 38840, + "digest": { + "algorithm": "sha256", + "value": "d796755c9b01ee87a2a0cbe88e6d4f145b1d1afbba42172bb6ed05e52c836b15" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/bin/sg", + "mode": 41471, + "size": 6, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/08", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/08/3d9a52f57ed07399d469f5b2da5dd0c6a00f67", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/0a", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/0a/3c18324601038d9daa19e50269cdc9dcf7704e", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/12", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/12/ac6d59cf70d2e3ee9e142bf5db0ffa6f11512d", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/14", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/14/ca0c5ae3e608acaffbc39549b1e0a76c9fcbc4", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/20", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/20/4e7a0f7df903669797e87e587cc5a22d7afd66", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/25", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/25/b4cece56e80e6eac438efd13aede2fc030357d", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/33", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/33/29f54a7649f17471d0553d1bf491ee6156fcb2", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/37", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/37/549f43451387177f239d8ae9d64f79533c5671", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/41", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/41/d613f194f13bfd1dd842f01a4a6f1aafd62df7", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/74", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/74/95f719e0cdf0c509a8ba9f746208c643999a79", + "mode": 41471, + "size": 26, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/79", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/79/7f0f035aa4ca8797520bf6b8415339247cb7fc", + "mode": 41471, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/89", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/89/f16de1a60146fddb0fc1707205b98a57465f7d", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/8b", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/8b/97abe3c83fdbfa76dc0965de8c9729f9ee1679", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a0", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a0/4d6144b490c4b1cb2d2e477ded81f92d6d2c26", + "mode": 41471, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a1", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a1/5e68937c52208b9758b588e7e58d3ca0fa05bc", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c1", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c1/4e8039ee2070ce2741d304a194dbde1e3b21ac", + "mode": 41471, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/dd", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/dd/9d35644effa63b31912f28df8e1b30ec743072", + "mode": 41471, + "size": 25, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e1", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e1/4dd702ef391c48f2c5d85ada9cb91dc5ef7331", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e5", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/e5/a1f7fae29c86e700e58010b50991bb39e04fd4", + "mode": 41471, + "size": 28, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ec", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/ec/af82eebb4461e711e32e61bc449bd754b0389e", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f5", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f5/7eaed92a632011bfc62eaf6b47a180c9f4367a", + "mode": 41471, + "size": 27, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f5/d0034043a51605fed8fd5d6881a610ef8a42e5", + "mode": 41471, + "size": 29, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f7", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/f7/87c704ca01e186f8f61ace5e171f8a1155bbe4", + "mode": 41471, + "size": 30, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/sbin/adduser", + "mode": 41471, + "size": 7, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/chgpasswd", + "mode": 33261, + "size": 61200, + "digest": { + "algorithm": "sha256", + "value": "ecdec0e57aada7c08b4c658fe35558f9e30fe9f7e1d4360e8009fb90a9202366" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/chpasswd", + "mode": 33261, + "size": 56968, + "digest": { + "algorithm": "sha256", + "value": "7896f25aeef8f5f1dfcc5865a9dcb9019a7edc9b449b1e4ac9746d391ad6ba88" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/groupadd", + "mode": 33261, + "size": 70424, + "digest": { + "algorithm": "sha256", + "value": "c212db3ba1a3d8c510d3c6ae2267f3e7c9a44a28c132c58189d60e7d57266eda" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/groupdel", + "mode": 33261, + "size": 66080, + "digest": { + "algorithm": "sha256", + "value": "d217dd3a21566ac3916682b469cf9bf08fc36c09e411c004b1acf590d22ad4e1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/groupmems", + "mode": 33261, + "size": 57112, + "digest": { + "algorithm": "sha256", + "value": "ebd54ce8fb0a1f3d291a80c8f6837709a0d40bd8313015bb0d2d0ff47c28021f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/groupmod", + "mode": 33261, + "size": 74504, + "digest": { + "algorithm": "sha256", + "value": "b3f14c7f5eef120c5696e583a43c973e7cab820455682fe2c20fe08473252128" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/grpck", + "mode": 33261, + "size": 61192, + "digest": { + "algorithm": "sha256", + "value": "49ac971fae50937b2867db851e690c29ea169af0dc2bc05d98a4c2c09b5030bb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/grpconv", + "mode": 33261, + "size": 52800, + "digest": { + "algorithm": "sha256", + "value": "0e17621db09d8e4aa82302048b9c9ca79e46714c9cc1a5e23557cf61a4ae8bc5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/grpunconv", + "mode": 33261, + "size": 52768, + "digest": { + "algorithm": "sha256", + "value": "5c4a66ba5ca8d17b353c9f4ea50ece515f22fe3138943c0d8981d857c9f2174f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/newusers", + "mode": 33261, + "size": 90840, + "digest": { + "algorithm": "sha256", + "value": "903936f7d3d8b3defc8e0adf429804739684b32e1b959e269df8b1c814099537" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/pwck", + "mode": 33261, + "size": 56936, + "digest": { + "algorithm": "sha256", + "value": "6e334199eb49cc3ca096149f91933e40ead747da5bba47d35f534bbadfe6cf3e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/pwconv", + "mode": 33261, + "size": 48584, + "digest": { + "algorithm": "sha256", + "value": "988929767fd0e92f2e070cb1a3c6c176097381e9a604a1fec4b511d145c566ed" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/pwunconv", + "mode": 33261, + "size": 48544, + "digest": { + "algorithm": "sha256", + "value": "2755c539e10308a55440c2bba4e733d014c8f3c346d114514c4588808716e371" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/useradd", + "mode": 33261, + "size": 141144, + "digest": { + "algorithm": "sha256", + "value": "7de0113096523518f915f2abfa1fa02a4842a3412e0acf380bf25581ef06809c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/userdel", + "mode": 33261, + "size": 90968, + "digest": { + "algorithm": "sha256", + "value": "07fba687576480843c16c4e29683318f84a9ab8b514db6556691d25056583c28" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/usermod", + "mode": 33261, + "size": 132776, + "digest": { + "algorithm": "sha256", + "value": "4c7fb62ea533f122b57fd2173a023d4bf5f6f5adb859488a8dd5b89e861c7828" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/vigr", + "mode": 41471, + "size": 4, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/sbin/vipw", + "mode": 33261, + "size": 59552, + "digest": { + "algorithm": "sha256", + "value": "1c685db51740be4f85e13faeb3322e210468db9bced41d9d8522f914f5c96035" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/shadow-utils", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/shadow-utils/HOWTO", + "mode": 33188, + "size": 68557, + "digest": { + "algorithm": "sha256", + "value": "9786629ea4c20733b576cac0f09a342ff2d971c74abc1c571f9eb1c1ef53219e" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/shadow-utils/NEWS", + "mode": 33188, + "size": 106767, + "digest": { + "algorithm": "sha256", + "value": "b9de8dcd827a89d0eaeaec17ac4a319160dde1dbde618f41bc6ce3a6e877525d" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/shadow-utils/README", + "mode": 33188, + "size": 4041, + "digest": { + "algorithm": "sha256", + "value": "fda044b9c99d2ad2748248f93562138ff0a3582ed1ac300ff5befda04eb0b40a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/shadow-utils", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/shadow-utils/gpl-2.0.txt", + "mode": 33188, + "size": 18092, + "digest": { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/licenses/shadow-utils/shadow-bsd.txt", + "mode": 33188, + "size": 1724, + "digest": { + "algorithm": "sha256", + "value": "f062266d929e3157924e7a48dd77d8852b246d911ae382b1c06a0b35a724ac3b" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man1/chage.1.gz", + "mode": 33188, + "size": 2241, + "digest": { + "algorithm": "sha256", + "value": "4779a5bd67b642e9820fef0afdb9d68a0215b5c1c124238a1676d28b5ad7b0f4" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/gpasswd.1.gz", + "mode": 33188, + "size": 2552, + "digest": { + "algorithm": "sha256", + "value": "c6cf714bd64d1569f6bc56b5eada580a84197e91b326bf6f8369c07a27ec0fba" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/newgidmap.1.gz", + "mode": 33188, + "size": 1157, + "digest": { + "algorithm": "sha256", + "value": "8c80ee485dab2f8052b2749cf94bfc32231b66adbb8ead5c44384227533cdfd3" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/newgrp.1.gz", + "mode": 33188, + "size": 1223, + "digest": { + "algorithm": "sha256", + "value": "500956b7fd739d4fcea7ba1c53ccf0a9e8f4cdf6d1828dec923690aaaaf3ec7c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/newuidmap.1.gz", + "mode": 33188, + "size": 1156, + "digest": { + "algorithm": "sha256", + "value": "ed8f0354f4a5b18a8a604877b87ce79eb006eb699a337ca64dcb7ab62593d91a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man1/sg.1.gz", + "mode": 33188, + "size": 1056, + "digest": { + "algorithm": "sha256", + "value": "10d68d5a468d038ef51a2adc17dde913d9c8cf2d0aecbc4d400ce0e8266bc31f" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man3/shadow.3.gz", + "mode": 33188, + "size": 1793, + "digest": { + "algorithm": "sha256", + "value": "30c26db9f71ce1252c3e63e6d67edd054fb1412c9576e7547cc064f9d5d118ec" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man5/gshadow.5.gz", + "mode": 33188, + "size": 1262, + "digest": { + "algorithm": "sha256", + "value": "4ecc289c15bc66b7b2e940c378ea42888296906e134bbb30e489db606f569f81" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man5/login.defs.5.gz", + "mode": 33188, + "size": 7362, + "digest": { + "algorithm": "sha256", + "value": "7097c6bf418935b73098fe95e4887d3300029e71d63850b81055be5eedb167a2" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man5/shadow.5.gz", + "mode": 33188, + "size": 1891, + "digest": { + "algorithm": "sha256", + "value": "17ff57d3aa76ee64c3fbbb7b02ad93b86bf385662f5a73feddb48f4377af2a31" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man5/subgid.5.gz", + "mode": 33188, + "size": 1372, + "digest": { + "algorithm": "sha256", + "value": "48f8de23a71fefc8105be9a088f933fc7474ea7e9e5c0e41d93d84c32b279f4b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man5/subuid.5.gz", + "mode": 33188, + "size": 1367, + "digest": { + "algorithm": "sha256", + "value": "962b2b540d0f847ef919ebf26cc2f88f8ef5f52621281837b775be6a08eb7b1e" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/adduser.8.gz", + "mode": 41471, + "size": 12, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/chgpasswd.8.gz", + "mode": 33188, + "size": 2544, + "digest": { + "algorithm": "sha256", + "value": "a6e0963808914bbdd01576f37d8fbc0a56a389360f9cb7528b606b93ad65b0fe" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/chpasswd.8.gz", + "mode": 33188, + "size": 2337, + "digest": { + "algorithm": "sha256", + "value": "e99b4d1203743bf05eb9616888310c0c5a01b0c4eb5bf75e119c206e44b6c33a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/groupadd.8.gz", + "mode": 33188, + "size": 2650, + "digest": { + "algorithm": "sha256", + "value": "8ea1978377b2a22456443edcf6889cb8a74b65026bafd417df8da981e5a1d9d0" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/groupdel.8.gz", + "mode": 33188, + "size": 1676, + "digest": { + "algorithm": "sha256", + "value": "b90f55b4f492761d2ecdadfe518c1d30080af13b7ee53a8d77c51976530db624" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/groupmems.8.gz", + "mode": 33188, + "size": 1666, + "digest": { + "algorithm": "sha256", + "value": "3155aaa0d9c29b2449222888e74ac34b1684d3537d89973b9ad9958a2f09615a" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/groupmod.8.gz", + "mode": 33188, + "size": 2339, + "digest": { + "algorithm": "sha256", + "value": "dbaa039b771872344ae1576c813109c3bbf5cd09d5fd1cdd4aa031379e308eed" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/grpck.8.gz", + "mode": 33188, + "size": 2161, + "digest": { + "algorithm": "sha256", + "value": "4f9d17ad9c8aeaa651ded8f6457a71192c07ece9091899ab7fe9002e92202698" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/grpconv.8.gz", + "mode": 33188, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "1de2873f0b66dd4bfc3d78fa621727e9b01a1304dd2f627f8ef92e454c06fdf0" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/grpunconv.8.gz", + "mode": 33188, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "1de2873f0b66dd4bfc3d78fa621727e9b01a1304dd2f627f8ef92e454c06fdf0" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/lastlog.8.gz", + "mode": 33188, + "size": 1929, + "digest": { + "algorithm": "sha256", + "value": "1b68dd77880e9772b3fa4c0ff0547a91d24a07c8ac220897fc608342526d6342" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/newusers.8.gz", + "mode": 33188, + "size": 4227, + "digest": { + "algorithm": "sha256", + "value": "cb947b80687c563cfb42f114b44bda8a112aabd076b7417dcd1c424ab7da6e0f" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/pwck.8.gz", + "mode": 33188, + "size": 2291, + "digest": { + "algorithm": "sha256", + "value": "8d6053d9eda3b481bafeba7c65336af76445c5a0ede868be34c7049d0df9d354" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/pwconv.8.gz", + "mode": 33188, + "size": 2109, + "digest": { + "algorithm": "sha256", + "value": "836530469af58342f13c40249a226ca018ed0fed400f9336cc0a4a4fb4864821" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/pwunconv.8.gz", + "mode": 33188, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "1de2873f0b66dd4bfc3d78fa621727e9b01a1304dd2f627f8ef92e454c06fdf0" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/useradd.8.gz", + "mode": 33188, + "size": 6147, + "digest": { + "algorithm": "sha256", + "value": "a35494b203a2ead241817fd820a8ec268d9a8cfefa003024087c98106826c202" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/userdel.8.gz", + "mode": 33188, + "size": 3215, + "digest": { + "algorithm": "sha256", + "value": "144ef60d536a87f9b80e3c97e64f4326129e46f14b26fa4e98be9f9ba9da2972" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/usermod.8.gz", + "mode": 33188, + "size": 4224, + "digest": { + "algorithm": "sha256", + "value": "980486b182a2d5510cbe6abeb17e3978f93bd6fa706c66346e04bbecbdfb019c" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/vigr.8.gz", + "mode": 33188, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "d7e13de50506fd087784c5e0c52eb496c3daae11deae8e684eabf69b45ddb3db" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/vipw.8.gz", + "mode": 33188, + "size": 1155, + "digest": { + "algorithm": "sha256", + "value": "23b1f5cf9b7e925790e9a1b0826e55aef807db34463c247f44eeb07316818f85" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Public Domain", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "sqlite-libs", + "version": "3.34.1", + "epoch": null, + "architecture": "x86_64", + "release": "9.el9_7", + "sourceRpm": "sqlite-3.34.1-9.el9_7.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Fri Jun 23 08:22:15 1916", + "issuer": "431d519c9410009a" + } + ], + "size": 1372984, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libsqlite3.so.0()(64bit)", + "sqlite-libs", + "sqlite-libs(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.28)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libm.so.6()(64bit)", + "libm.so.6(GLIBC_2.29)(64bit)", + "libz.so.1()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c3", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/c3/05f68fd1314b407fd029668bf36983006a76f7", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libsqlite3.so.0", + "mode": 41471, + "size": 19, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libsqlite3.so.0.8.6", + "mode": 33261, + "size": 1356864, + "digest": { + "algorithm": "sha256", + "value": "2a7040e37b57d51f6b157875e7610b37491d0cb4dd69ed5055921da43b855e8c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/sqlite-libs", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/sqlite-libs/README.md", + "mode": 33188, + "size": 16060, + "digest": { + "algorithm": "sha256", + "value": "8f065f666e82710b9f5dcfc74a6dc04e359a1883c655647e2d97882e1ca42787" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "e28c009b2c72d8a9", + "name": "systemd-libs", + "version": "252-55.el9_7.7", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPLv2+ and MIT", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "systemd-libs", + "version": "252", + "epoch": null, + "architecture": "x86_64", + "release": "55.el9_7.7", + "sourceRpm": "systemd-252-55.el9_7.7.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sun May 17 14:31:07 1964", + "issuer": "431d519a2810009b" + } + ], + "size": 1814768, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libnss_myhostname.so.2()(64bit)", + "libnss_resolve.so.2()(64bit)", + "libnss_systemd.so.2()(64bit)", + "libsystemd.so.0()(64bit)", + "libsystemd.so.0(LIBSYSTEMD_209)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_211)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_213)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_214)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_216)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_217)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_219)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_220)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_221)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_222)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_226)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_227)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_229)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_230)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_231)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_232)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_233)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_234)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_236)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_237)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_238)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_239)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_240)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_241)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_243)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_245)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_246)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_247)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_248)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_249)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_250)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_251)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_252)(64bit)", + "libsystemd.so.0(LIBSYSTEMD_254)(64bit)", + "libudev.so.1()(64bit)", + "libudev.so.1(LIBUDEV_183)(64bit)", + "libudev.so.1(LIBUDEV_189)(64bit)", + "libudev.so.1(LIBUDEV_196)(64bit)", + "libudev.so.1(LIBUDEV_199)(64bit)", + "libudev.so.1(LIBUDEV_215)(64bit)", + "libudev.so.1(LIBUDEV_247)(64bit)", + "nss-myhostname", + "nss-myhostname(x86-64)", + "systemd-libs", + "systemd-libs(x86-64)" + ], + "requires": [ + "/bin/sh", + "/usr/bin/getent", + "coreutils", + "grep", + "ld-linux-x86-64.so.2()(64bit)", + "ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)", + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.10)(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.16)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.25)(64bit)", + "libc.so.6(GLIBC_2.26)(64bit)", + "libc.so.6(GLIBC_2.27)(64bit)", + "libc.so.6(GLIBC_2.28)(64bit)", + "libc.so.6(GLIBC_2.3)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.30)(64bit)", + "libc.so.6(GLIBC_2.32)(64bit)", + "libc.so.6(GLIBC_2.33)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.7)(64bit)", + "libc.so.6(GLIBC_2.8)(64bit)", + "libc.so.6(GLIBC_2.9)(64bit)", + "libcap.so.2()(64bit)", + "libcrypt.so.2()(64bit)", + "libcrypto.so.3()(64bit)", + "libgcc_s.so.1()(64bit)", + "libgcc_s.so.1(GCC_3.0)(64bit)", + "libgcc_s.so.1(GCC_3.3.1)(64bit)", + "libgcrypt.so.20()(64bit)", + "libgcrypt.so.20(GCRYPT_1.6)(64bit)", + "liblz4.so.1()(64bit)", + "liblzma.so.5()(64bit)", + "liblzma.so.5(XZ_5.0)(64bit)", + "libm.so.6()(64bit)", + "libm.so.6(GLIBC_2.2.5)(64bit)", + "libp11-kit.so.0()(64bit)", + "libselinux.so.1()(64bit)", + "libzstd.so.1()(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)", + "sed" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/1e", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/1e/445674d0f547bead50c6833673f8b645a95c3c", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/2a/90aa67b4a6f49cec5a99988cf264e950b18468", + "mode": 41471, + "size": 42, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5b", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5b/9373e1e1264d8da53c9f424562c29845a31ba3", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a2/a85b216553d450eab08603dac7d0b5af61a463", + "mode": 41471, + "size": 41, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a6", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/a6/ea5d259a8948627e338dee74c7a819a9c74099", + "mode": 41471, + "size": 44, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libnss_myhostname.so.2", + "mode": 33261, + "size": 157104, + "digest": { + "algorithm": "sha256", + "value": "2f7bc8428b97a496b43d0bf8a462e9e6bb9e4dfdf3992690dfbf02ffa6c52bdd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libnss_resolve.so.2", + "mode": 33261, + "size": 153232, + "digest": { + "algorithm": "sha256", + "value": "3d1a8fb6a740b2f54a34a62fe3e22c23478e13e468f689455d3a750560fb2fa2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libnss_systemd.so.2", + "mode": 33261, + "size": 357424, + "digest": { + "algorithm": "sha256", + "value": "b31efa30a02ec58c3425a8aec2f958081d96f56c3f7b1d0558b70410f8789949" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libsystemd.so.0", + "mode": 41471, + "size": 20, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libsystemd.so.0.35.0", + "mode": 33261, + "size": 919936, + "digest": { + "algorithm": "sha256", + "value": "8a20a2daf7dcd24dfdb8b7ccf0c8a2a33d5251a445da3b55de0d16ca78593437" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libudev.so.1", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libudev.so.1.7.5", + "mode": 33261, + "size": 200168, + "digest": { + "algorithm": "sha256", + "value": "afbc80413aeb6161f62fe0947c37ed50616f280592bd12023bf3b32f80bb4b36" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/systemd", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/systemd/LICENSE.LGPL2.1", + "mode": 33188, + "size": 26530, + "digest": { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/man/man8/libnss_myhostname.so.2.8.gz", + "mode": 33188, + "size": 46, + "digest": { + "algorithm": "sha256", + "value": "b2f995e61359cb0efbfb6b3356f29136fd7e1c15ee1c3d3909ac0cc9e92826d5" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/libnss_resolve.so.2.8.gz", + "mode": 33188, + "size": 43, + "digest": { + "algorithm": "sha256", + "value": "a68b9870d5051a5c63125019047f4ab0c9ffe0b94e3fb829d6df75a572ba87d0" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/man/man8/libnss_systemd.so.2.8.gz", + "mode": 33188, + "size": 43, + "digest": { + "algorithm": "sha256", + "value": "3b085ed21510b7f307f8af04e73d95c854d12d6c51749a801ab6bdbd6d679213" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + } + ] + } + }, + { + "id": "a08e57c8715e4d05", + "name": "tzdata", + "version": "2025c-1.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Public Domain", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:tzdata:2025c-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:tzdata:tzdata:2025c-1.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/tzdata@2025c-1.el9?arch=noarch&distro=rhel-9.7&upstream=tzdata-2025c-1.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "tzdata", + "version": "2025c", + "epoch": null, + "architecture": "noarch", + "release": "1.el9", + "sourceRpm": "tzdata-2025c-1.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Sat Apr 17 19:25:14 1943", + "issuer": "431d5162520fff5a" + } + ], + "size": 1914371, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "tzdata" + ], + "requires": [ + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PartialHardlinkSets)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)" + ], + "files": [ + { + "path": "/usr/share/doc/tzdata", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/doc/tzdata/NEWS", + "mode": 33188, + "size": 245317, + "digest": { + "algorithm": "sha256", + "value": "6786fdd586c42d9dc9e6cf0c977430753c6c4f3b2b9716c8cd12dbbe69a00243" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/tzdata/README", + "mode": 33188, + "size": 2464, + "digest": { + "algorithm": "sha256", + "value": "f6d96b82996a6ccac80027816704183c63a754d5b1eb2e7b25858e32164e2707" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/tzdata/theory.html", + "mode": 33188, + "size": 67110, + "digest": { + "algorithm": "sha256", + "value": "6595250beade4e03269711bff79b07f0bbd00ee93c54fb1931b576786d49ab9b" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/tzdata/tz-art.html", + "mode": 33188, + "size": 24590, + "digest": { + "algorithm": "sha256", + "value": "0665b9189cf5f6fb2e912c01da70a5ce5543d2f439e8d5be8b1185cea7ea0679" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/doc/tzdata/tz-link.html", + "mode": 33188, + "size": 63411, + "digest": { + "algorithm": "sha256", + "value": "f1f9ab582449226111e7eef271a71f25875383c4c236f4531941c69faaab5db3" + }, + "userName": "root", + "groupName": "root", + "flags": "d" + }, + { + "path": "/usr/share/licenses/tzdata", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/tzdata/LICENSE", + "mode": 33188, + "size": 252, + "digest": { + "algorithm": "sha256", + "value": "0613408568889f5739e5ae252b722a2659c02002839ad970a63dc5e9174b27cf" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + }, + { + "path": "/usr/share/zoneinfo", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Abidjan", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Accra", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Addis_Ababa", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Algiers", + "mode": 33188, + "size": 735, + "digest": { + "algorithm": "sha256", + "value": "bda1698cd542c0e6e76dfbbcdab390cdd26f37a9d5826a57a50d5aab37f3b2a6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Asmara", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Asmera", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Bamako", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Bangui", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Banjul", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Bissau", + "mode": 33188, + "size": 194, + "digest": { + "algorithm": "sha256", + "value": "223bb10cfe846620c716f97f6c74ba34deec751c4b297965a28042f36f69a1a9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Blantyre", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Brazzaville", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Bujumbura", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Cairo", + "mode": 33188, + "size": 2399, + "digest": { + "algorithm": "sha256", + "value": "2dfb7e1822d085a4899bd56a526b041681c84b55617daee91499fd1990a989fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Casablanca", + "mode": 33188, + "size": 2431, + "digest": { + "algorithm": "sha256", + "value": "5f06da20694355706642644e3ffce81779e17cf37e302f7b6c5ef83390bb1723" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Ceuta", + "mode": 33188, + "size": 2052, + "digest": { + "algorithm": "sha256", + "value": "0b0fb6fe714319b37c5aa22c56971abb2668a165fc8f72a6c763e70b47c7badf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Conakry", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Dakar", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Dar_es_Salaam", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Djibouti", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Douala", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/El_Aaiun", + "mode": 33188, + "size": 2273, + "digest": { + "algorithm": "sha256", + "value": "d47aadca5f9d163223d71c75fc5689fbf418968a805441f9681fecd816c9f0e8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Freetown", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Gaborone", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Harare", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Johannesburg", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "6c1bcc752668e77585a308ae8543bd0bccd8e813865626e809bf94f3fe3d977e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Juba", + "mode": 33188, + "size": 679, + "digest": { + "algorithm": "sha256", + "value": "5159c8a843c9c072d3302fabe6a6501cdbfda29a1856c29dabeb5aff95d4c3f4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Kampala", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Khartoum", + "mode": 33188, + "size": 679, + "digest": { + "algorithm": "sha256", + "value": "318583a09dc070222d65d029a1e3a0b565830f1aaec13a27e6fe533863fbd3ea" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Kigali", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Kinshasa", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Lagos", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Libreville", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Lome", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Luanda", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Lubumbashi", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Lusaka", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Malabo", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Maputo", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Maseru", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "6c1bcc752668e77585a308ae8543bd0bccd8e813865626e809bf94f3fe3d977e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Mbabane", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "6c1bcc752668e77585a308ae8543bd0bccd8e813865626e809bf94f3fe3d977e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Mogadishu", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Monrovia", + "mode": 33188, + "size": 208, + "digest": { + "algorithm": "sha256", + "value": "f95b095b9714e0a76f7e061a415bf895cbb399a28854531de369cee915ce05d5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Nairobi", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Ndjamena", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "f13dc0d199bd1a3d01be6eab77cf2ddc60172a229d1947c7948a98964608d0a3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Niamey", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Nouakchott", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Ouagadougou", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Porto-Novo", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Sao_Tome", + "mode": 33188, + "size": 254, + "digest": { + "algorithm": "sha256", + "value": "31d8f1a50dbaf2ecc9ed9c7566ba0552d454c2ab09e85ff263701857d157c352" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Timbuktu", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Tripoli", + "mode": 33188, + "size": 625, + "digest": { + "algorithm": "sha256", + "value": "5b5769b460fbd13ee9a46a28d1f733150783888a749ee96d2cd3d5eba3300767" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Tunis", + "mode": 33188, + "size": 689, + "digest": { + "algorithm": "sha256", + "value": "38554c10ce1e613d84cf46deba1114093488a5c165756c6c576b84a1364850d2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Africa/Windhoek", + "mode": 33188, + "size": 993, + "digest": { + "algorithm": "sha256", + "value": "639c868f5284fdf750a11e21b9aa6a972cb48596c8afbc8f949d8efeb6128d1c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Adak", + "mode": 33188, + "size": 2356, + "digest": { + "algorithm": "sha256", + "value": "201d4387025000a6e13c9f631cb7fccd6e4369dec7224052f9d86feb81353a53" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Anchorage", + "mode": 33188, + "size": 2371, + "digest": { + "algorithm": "sha256", + "value": "a190353523d2d8159dca66299c21c53bc0656154be965e4a2e0d84cfd09b113b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Anguilla", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Antigua", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Araguaina", + "mode": 33188, + "size": 884, + "digest": { + "algorithm": "sha256", + "value": "929a628b2b6649079eb1f97234660cdebf0d5549750be820bb4f2cf7f4edf9ca" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Argentina", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "9ed9ff1851da75bac527866e854ea1daecdb170983c92f665d5e52dbca64185f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Argentina/Catamarca", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "7621f57fdea46db63eee0258427482347b379fd7701c9a94852746371d4bec8d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Argentina/ComodRivadavia", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "7621f57fdea46db63eee0258427482347b379fd7701c9a94852746371d4bec8d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Argentina/Cordoba", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "d57a883fc428d9b3d1efdd3d86b008faa02db726e6c045b89acec58d903961fc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Argentina/Jujuy", + "mode": 33188, + "size": 1048, + "digest": { + "algorithm": "sha256", + "value": "e474744e564589fc09e672d39a0ef25978024f1f664616a17ece3f5aaef4c0e6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "mode": 33188, + "size": 1090, + "digest": { + "algorithm": "sha256", + "value": "65ffc4dda905135614b7d319e31c5b4673aba766c7d43f818ec73448b15f4725" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Argentina/Mendoza", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "e43262618790a5c2c147f228209b64e3722cc0978661ac31e46ca4b33b89f8dc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "4fded6003c2f6ba25bc480af88d414b7fee2c3d73e9e5a08e10242b1c10d49c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Argentina/Salta", + "mode": 33188, + "size": 1048, + "digest": { + "algorithm": "sha256", + "value": "013c34b91eaccd628fb3a8f3767eab7af4bb5310970f6e8e44aea3966b232f5f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Argentina/San_Juan", + "mode": 33188, + "size": 1090, + "digest": { + "algorithm": "sha256", + "value": "aa55baf776b44e7a1fcbe45d71506e598dc3bd34c6c56c1c61d294dd8f7ca57f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Argentina/San_Luis", + "mode": 33188, + "size": 1102, + "digest": { + "algorithm": "sha256", + "value": "59875cae8e7e15ef8de8b910b0ac31ff5b55a339a7069e7c0ced7e049b36b2ea" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Argentina/Tucuman", + "mode": 33188, + "size": 1104, + "digest": { + "algorithm": "sha256", + "value": "c2c8e0d5ae4033574fda08ebd75da4defb79e2dadc38e33f4ad17be31cef0497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "f79e3c56fabf929c3f357e6ceb9bd8b886eabf0195f8f071ab099cadf94b2345" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Aruba", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Asuncion", + "mode": 33188, + "size": 1658, + "digest": { + "algorithm": "sha256", + "value": "a9e3a3a4b284bb3ed45dabfb7b1df7e14c482e835c7b5856ab6cdfbf1ef4c709" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Atikokan", + "mode": 33188, + "size": 182, + "digest": { + "algorithm": "sha256", + "value": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Atka", + "mode": 33188, + "size": 2356, + "digest": { + "algorithm": "sha256", + "value": "201d4387025000a6e13c9f631cb7fccd6e4369dec7224052f9d86feb81353a53" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Bahia", + "mode": 33188, + "size": 1024, + "digest": { + "algorithm": "sha256", + "value": "7262e448003320d9736065c1a800c4537b8f800f52e67b7ea75015dd9cbce956" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Bahia_Banderas", + "mode": 33188, + "size": 1100, + "digest": { + "algorithm": "sha256", + "value": "32fad7189e4bcda1ce7a0b89ab1b33c63c4c85569f1956e4fa88d711ceff6042" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Barbados", + "mode": 33188, + "size": 436, + "digest": { + "algorithm": "sha256", + "value": "8a66be42bae16b3bb841fbeed99d3e7ba13e193898927b8906ee9cdb2546f4b1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Belem", + "mode": 33188, + "size": 576, + "digest": { + "algorithm": "sha256", + "value": "ff6e7c85064b0845c15fcc512f2412c3e004fa38839a3570257df698de545049" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Belize", + "mode": 33188, + "size": 1614, + "digest": { + "algorithm": "sha256", + "value": "a647cb63629f3dc85b7896b5a56717996030a7866546fc562d57b35e7adb930b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Blanc-Sablon", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Boa_Vista", + "mode": 33188, + "size": 632, + "digest": { + "algorithm": "sha256", + "value": "5785553a4ac5515d6a51f569f44f7be0838916603943142b72d6ad4c111bfa1b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Bogota", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "afe3b7e1d826b7507bc08da3c5c7e5d2b0ae33dfb0d7f66a8c63708c98700e24" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Boise", + "mode": 33188, + "size": 2410, + "digest": { + "algorithm": "sha256", + "value": "ec742c34f262521790805cf99152ef4e77f9c615c061a78036a0ec9312b3d95b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Buenos_Aires", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "9ed9ff1851da75bac527866e854ea1daecdb170983c92f665d5e52dbca64185f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Cambridge_Bay", + "mode": 33188, + "size": 2254, + "digest": { + "algorithm": "sha256", + "value": "ff8c51957dd6755a4472aa13ea6c83ecd7930979e7f4e624fe21f4d3a6f050ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Campo_Grande", + "mode": 33188, + "size": 1444, + "digest": { + "algorithm": "sha256", + "value": "e41044351dfff20269e05fd48f6451927bd173824958d44f9d953d13bb5bf102" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Cancun", + "mode": 33188, + "size": 864, + "digest": { + "algorithm": "sha256", + "value": "11d574370d968cced59e3147a2ae63b126cbbae13b78fd4e13be2eb44c96246e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Caracas", + "mode": 33188, + "size": 264, + "digest": { + "algorithm": "sha256", + "value": "d8da705cf12d42423cd96099b905875dfeba54200371ac0ca5f84a4ecb80d31e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Catamarca", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "7621f57fdea46db63eee0258427482347b379fd7701c9a94852746371d4bec8d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Cayenne", + "mode": 33188, + "size": 198, + "digest": { + "algorithm": "sha256", + "value": "6ad55b5b90a1262290feafb7905b3e0cb4d365af69b64887926265ab8017a18e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Cayman", + "mode": 33188, + "size": 182, + "digest": { + "algorithm": "sha256", + "value": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Chicago", + "mode": 33188, + "size": 3592, + "digest": { + "algorithm": "sha256", + "value": "feba326ebe88eac20017a718748c46c68469a1e7f5e7716dcb8f1d43a6e6f686" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Chihuahua", + "mode": 33188, + "size": 1102, + "digest": { + "algorithm": "sha256", + "value": "dcd8336de760f00cc0ab1b1b4121b48d5471f8bc58970d62de4c7e63397ed887" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Ciudad_Juarez", + "mode": 33188, + "size": 1538, + "digest": { + "algorithm": "sha256", + "value": "8abe1bdbb0e216b84bd07e1f650f769c46be041a0f7cb588cf7a61537ef77601" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Coral_Harbour", + "mode": 33188, + "size": 182, + "digest": { + "algorithm": "sha256", + "value": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Cordoba", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "d57a883fc428d9b3d1efdd3d86b008faa02db726e6c045b89acec58d903961fc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Costa_Rica", + "mode": 33188, + "size": 316, + "digest": { + "algorithm": "sha256", + "value": "ef8ad86ba96b80893296cf4f907a3c482625f683aa8ae1b94bb31676725e94fe" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Coyhaique", + "mode": 33188, + "size": 2140, + "digest": { + "algorithm": "sha256", + "value": "1c54d0a27e44241baf597e2406334a6d29124ccc3a7edce42e070bab4f77c027" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Creston", + "mode": 33188, + "size": 360, + "digest": { + "algorithm": "sha256", + "value": "8a5973d2c62e2cbf2520f2b44e4a2ee9d2f455c93f0f45bfdeb4533af1584664" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Cuiaba", + "mode": 33188, + "size": 1416, + "digest": { + "algorithm": "sha256", + "value": "33416c47c4fdb388c54aecc3f108baa6ab5be917f6353cf254728666b9f9ea7e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Curacao", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Danmarkshavn", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6116407d40a856d68bd4bf8c60c60c1f5c3239a5509df528fe0167bcc5d2bb3c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Dawson", + "mode": 33188, + "size": 1614, + "digest": { + "algorithm": "sha256", + "value": "ac01e1cae32eca37ff7b20364811bbe8c4417ff7e3ff18b9140ba2595420261c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Dawson_Creek", + "mode": 33188, + "size": 1050, + "digest": { + "algorithm": "sha256", + "value": "6895c2c8fe23de0804e3018237e2eb4bd8690ffe73587cd04de4802935843d43" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Denver", + "mode": 33188, + "size": 2460, + "digest": { + "algorithm": "sha256", + "value": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Detroit", + "mode": 33188, + "size": 2230, + "digest": { + "algorithm": "sha256", + "value": "85e733f32a98d828f907ad46de02d9740559bd180af65d0ff7473f80dfae0f98" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Dominica", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Edmonton", + "mode": 33188, + "size": 2332, + "digest": { + "algorithm": "sha256", + "value": "f939087dcdd096f6827f4a7c08e678dd8d47441025fa7011522f8975778ad6f1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Eirunepe", + "mode": 33188, + "size": 656, + "digest": { + "algorithm": "sha256", + "value": "a52f741d9cd1c07e137fcba098a1df8a9857ef308fa99921ff408d6fe7c43003" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/El_Salvador", + "mode": 33188, + "size": 224, + "digest": { + "algorithm": "sha256", + "value": "82f18df0b923fac1a6dbfaecf0e52300c7f5a0cb4aa765deb3a51f593d16aa05" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Ensenada", + "mode": 33188, + "size": 2906, + "digest": { + "algorithm": "sha256", + "value": "8c2e7b321726e6345912da396796bdb3672bfc4bd1a91c65ee58b38e004d4ca5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Fort_Nelson", + "mode": 33188, + "size": 2240, + "digest": { + "algorithm": "sha256", + "value": "7ab7ce0ebdc3ad2a73eb990074eed3b367466d9c6f75d10fea0c78057df2d89d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Fort_Wayne", + "mode": 33188, + "size": 1682, + "digest": { + "algorithm": "sha256", + "value": "90d2b2f4a8fd202b226187c209b020833300edec5ff86a463ccc685e8707532c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Fortaleza", + "mode": 33188, + "size": 716, + "digest": { + "algorithm": "sha256", + "value": "9884ee32b44b4535b2a22174e0ecbf519f20c59a1f4e95c36e533cb7b721ed28" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Glace_Bay", + "mode": 33188, + "size": 2192, + "digest": { + "algorithm": "sha256", + "value": "1bc0c62c609aa47fda60217f3a168be50a277fb14e02000fc1e94ee61b425817" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Godthab", + "mode": 33188, + "size": 1903, + "digest": { + "algorithm": "sha256", + "value": "d10822ffacf8c01b25cee6d99f0f862eea713a894818a9f1a3b63353519c4202" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Goose_Bay", + "mode": 33188, + "size": 3210, + "digest": { + "algorithm": "sha256", + "value": "26068bb9e8214af5f683bdb914e7c882982fb2ac591b29163a1019586a506516" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Grand_Turk", + "mode": 33188, + "size": 1834, + "digest": { + "algorithm": "sha256", + "value": "e1838510f2bad017a5dbf7c2b18eaf499c5470c24a8e22adc8e7ff4349211305" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Grenada", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Guadeloupe", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Guatemala", + "mode": 33188, + "size": 280, + "digest": { + "algorithm": "sha256", + "value": "76e81480277a418e76c87907b943f88d15b3a39c78dfd2108a06980af105e3a4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Guayaquil", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "3db705e1bbc6026f9a17076d18fa2d272de46f8370a325b0c60c0bf7c05e5160" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Guyana", + "mode": 33188, + "size": 262, + "digest": { + "algorithm": "sha256", + "value": "89c1eed182c2261c24f43e3b7f85420478277b1eb21ab638245b6391f308783b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Halifax", + "mode": 33188, + "size": 3424, + "digest": { + "algorithm": "sha256", + "value": "4d9a667393f05a82df4df42843f6f7535ec113689529278d911d07a3c99b4e7f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Havana", + "mode": 33188, + "size": 2416, + "digest": { + "algorithm": "sha256", + "value": "1d441e02e281b04908e522d98eaca75c808e51539a8e42b3287e6bf8ebf939d7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Hermosillo", + "mode": 33188, + "size": 388, + "digest": { + "algorithm": "sha256", + "value": "8b160a7acb4b992ee05a86e4f4aaba16d2d9a35caa6d601cb6b1542a5bb372dc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Indiana", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Indiana/Indianapolis", + "mode": 33188, + "size": 1682, + "digest": { + "algorithm": "sha256", + "value": "90d2b2f4a8fd202b226187c209b020833300edec5ff86a463ccc685e8707532c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Indiana/Knox", + "mode": 33188, + "size": 2444, + "digest": { + "algorithm": "sha256", + "value": "0acbd9e412b0daa55abf7c7f17c094f6d68974393b8d7e3509fb2a9acea35d5f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Indiana/Marengo", + "mode": 33188, + "size": 1738, + "digest": { + "algorithm": "sha256", + "value": "7f7b50fa580c49403b9ef9fae295e12ad24bee65b319a8e809e81ae4c10949b2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Indiana/Petersburg", + "mode": 33188, + "size": 1920, + "digest": { + "algorithm": "sha256", + "value": "03cf0e1ee334460de230b1e32a05eafddda36427554b2b5442cfbd5b429c1724" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Indiana/Tell_City", + "mode": 33188, + "size": 1700, + "digest": { + "algorithm": "sha256", + "value": "e1d5aa02bf58d815df2f8a40424fbcd5cde01a5d9c35d1d7383effc09861867f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Indiana/Vevay", + "mode": 33188, + "size": 1430, + "digest": { + "algorithm": "sha256", + "value": "1fb551d86fbfb03fc2e519b83f78358910b515608f8389b43060f73f53cbcec9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Indiana/Vincennes", + "mode": 33188, + "size": 1710, + "digest": { + "algorithm": "sha256", + "value": "eb6980c53ec03c509aa3281f96713374ea5ef9fb96d7239b23a9ba11451c4bb0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Indiana/Winamac", + "mode": 33188, + "size": 1794, + "digest": { + "algorithm": "sha256", + "value": "69918cda347c087f411d252aed7ca08b078377a768ad72cf5e0db8e97b1b47ab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Indianapolis", + "mode": 33188, + "size": 1682, + "digest": { + "algorithm": "sha256", + "value": "90d2b2f4a8fd202b226187c209b020833300edec5ff86a463ccc685e8707532c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Inuvik", + "mode": 33188, + "size": 2074, + "digest": { + "algorithm": "sha256", + "value": "e89fa66a90e7ae4f40d4bb6cc28137e2da92cbfb9f79d70404dc62c64ac48c8a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Iqaluit", + "mode": 33188, + "size": 2202, + "digest": { + "algorithm": "sha256", + "value": "7de3a7c40374374afe335aa592b03824cc9ac28734b6a69ed2288108f0c0b389" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Jamaica", + "mode": 33188, + "size": 482, + "digest": { + "algorithm": "sha256", + "value": "c256a089e50f45fe7e6de89efa1ed0b0e35b3738c6b26f2f32cf2e7f6f29c36f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Jujuy", + "mode": 33188, + "size": 1048, + "digest": { + "algorithm": "sha256", + "value": "e474744e564589fc09e672d39a0ef25978024f1f664616a17ece3f5aaef4c0e6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Juneau", + "mode": 33188, + "size": 2353, + "digest": { + "algorithm": "sha256", + "value": "93b8716f46864677e713e0c18b72e472303344fc807f4fc7c34bd515f8c679bd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Kentucky", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Kentucky/Louisville", + "mode": 33188, + "size": 2788, + "digest": { + "algorithm": "sha256", + "value": "b4fd3bdb157f9ffbc8423c71709efb0067868fac8bd4a3e99f77f089db3d8355" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Kentucky/Monticello", + "mode": 33188, + "size": 2368, + "digest": { + "algorithm": "sha256", + "value": "2ed7720a8f3906b5d0b3aae51fad589bef0aa961c7e8fc003a30f44318487733" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Knox_IN", + "mode": 33188, + "size": 2444, + "digest": { + "algorithm": "sha256", + "value": "0acbd9e412b0daa55abf7c7f17c094f6d68974393b8d7e3509fb2a9acea35d5f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Kralendijk", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/La_Paz", + "mode": 33188, + "size": 232, + "digest": { + "algorithm": "sha256", + "value": "3c0185d9553f40ec36c53d42a9da763fc023f615cc55694207257b72f7c843f9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Lima", + "mode": 33188, + "size": 406, + "digest": { + "algorithm": "sha256", + "value": "2470c283de6ec3a044bb86b819fca2926d6cf2b9bc02c60f1bc749c5040d645b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Los_Angeles", + "mode": 33188, + "size": 2852, + "digest": { + "algorithm": "sha256", + "value": "68977bb9ad6d186fefc6c7abd36010a66e30008dcb2d376087a41c49861e7268" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Louisville", + "mode": 33188, + "size": 2788, + "digest": { + "algorithm": "sha256", + "value": "b4fd3bdb157f9ffbc8423c71709efb0067868fac8bd4a3e99f77f089db3d8355" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Lower_Princes", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Maceio", + "mode": 33188, + "size": 744, + "digest": { + "algorithm": "sha256", + "value": "a738cd82199e1e1bc5e1a237703ab61bfe6def505234621b4401793662720e6c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Managua", + "mode": 33188, + "size": 430, + "digest": { + "algorithm": "sha256", + "value": "c41cc5d350079f61367c3f10772f831c57b7e94aa878da4a3df0a176e04a59d9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Manaus", + "mode": 33188, + "size": 604, + "digest": { + "algorithm": "sha256", + "value": "969e91964717250ee64ac2aa9c4802f2cbc956b143264ff5eb1c6f7e9352a4ae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Marigot", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Martinique", + "mode": 33188, + "size": 232, + "digest": { + "algorithm": "sha256", + "value": "7ccb3cd24394d9816f0b47fdcb67a37bdec9780b536016a65eb9e54ee9cd2f34" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Matamoros", + "mode": 33188, + "size": 1418, + "digest": { + "algorithm": "sha256", + "value": "7eaf8fa9d999ad0f7c52c1661c0f62be3059bf91840514ceb8b4390aee5a8d6f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Mazatlan", + "mode": 33188, + "size": 1060, + "digest": { + "algorithm": "sha256", + "value": "0561f636a54f0353ecc842cf37fd8117c2a596bb26424aa0d5eba3b10be79f1f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Mendoza", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "e43262618790a5c2c147f228209b64e3722cc0978661ac31e46ca4b33b89f8dc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Menominee", + "mode": 33188, + "size": 2274, + "digest": { + "algorithm": "sha256", + "value": "02bbfd58b6df84d72946c5231c353be7b044770969d3c1addf4022c46de0674e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Merida", + "mode": 33188, + "size": 1004, + "digest": { + "algorithm": "sha256", + "value": "4953441c26b38e899fb67b8f5416b2148f84f884345a696e1df4e91cfd21dddd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Metlakatla", + "mode": 33188, + "size": 1423, + "digest": { + "algorithm": "sha256", + "value": "b709a27864d563657e53c9c5c6abf1edab18bfc1958de59d2edace23b500a552" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Mexico_City", + "mode": 33188, + "size": 1222, + "digest": { + "algorithm": "sha256", + "value": "528836f85316cf6a35da347ab0af6f7a625a98b7a8e8e105310477b34c53c647" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Miquelon", + "mode": 33188, + "size": 1666, + "digest": { + "algorithm": "sha256", + "value": "c1e3fb359fc8c508ace29266314768a6211b28e217c2457b2d3c6e9e0cdbf06d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Moncton", + "mode": 33188, + "size": 3154, + "digest": { + "algorithm": "sha256", + "value": "5a6bfe6e4f5a28a7165b33a9735505bbaec739fc1a224d969a1dcb82a19cb72b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Monterrey", + "mode": 33188, + "size": 1114, + "digest": { + "algorithm": "sha256", + "value": "622c5311226e6dfe990545f2ea0df6840336811e065d73ea394e2dbf42f7906d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Montevideo", + "mode": 33188, + "size": 1510, + "digest": { + "algorithm": "sha256", + "value": "e237204de80ae57f05d32358ce4fb7a32499e14f57434f546d327f9a5bbc37bd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Montreal", + "mode": 33188, + "size": 3494, + "digest": { + "algorithm": "sha256", + "value": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Montserrat", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Nassau", + "mode": 33188, + "size": 3494, + "digest": { + "algorithm": "sha256", + "value": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/New_York", + "mode": 33188, + "size": 3552, + "digest": { + "algorithm": "sha256", + "value": "e9ed07d7bee0c76a9d442d091ef1f01668fee7c4f26014c0a868b19fe6c18a95" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Nipigon", + "mode": 33188, + "size": 3494, + "digest": { + "algorithm": "sha256", + "value": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Nome", + "mode": 33188, + "size": 2367, + "digest": { + "algorithm": "sha256", + "value": "da2cccdfe3fe3ea27dcdae8c761cc57ccbcf14dabb1a29baf6d02f1303de636b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Noronha", + "mode": 33188, + "size": 716, + "digest": { + "algorithm": "sha256", + "value": "dd1e252d5f238394a58e10b9395542939d58efb11f8e8eb309efa8a6983f145a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/North_Dakota", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "mode": 33188, + "size": 2396, + "digest": { + "algorithm": "sha256", + "value": "aad81ba8dbbc3370241c5da7fbfa12a6cd69613e12c607256e490f29b5da047b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/North_Dakota/Center", + "mode": 33188, + "size": 2396, + "digest": { + "algorithm": "sha256", + "value": "f5959b2bd60a92ab942f2054152dcbaff89dc5bb7b57bcb85b810ed0a9f6d2cc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "mode": 33188, + "size": 2396, + "digest": { + "algorithm": "sha256", + "value": "0c7fdbb107ee5272b6a1b75bd3a2a08ac3b85cbaa1b75d815ddae052c659bde8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Nuuk", + "mode": 33188, + "size": 1903, + "digest": { + "algorithm": "sha256", + "value": "d10822ffacf8c01b25cee6d99f0f862eea713a894818a9f1a3b63353519c4202" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Ojinaga", + "mode": 33188, + "size": 1524, + "digest": { + "algorithm": "sha256", + "value": "6f7f10ffb55d902673695c1bece5ee75d8a1240cd428f4d3a97726a419b59ed1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Panama", + "mode": 33188, + "size": 182, + "digest": { + "algorithm": "sha256", + "value": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Pangnirtung", + "mode": 33188, + "size": 2202, + "digest": { + "algorithm": "sha256", + "value": "7de3a7c40374374afe335aa592b03824cc9ac28734b6a69ed2288108f0c0b389" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Paramaribo", + "mode": 33188, + "size": 262, + "digest": { + "algorithm": "sha256", + "value": "1e6e6d0f05269e84eb4d43c43b8580adf485ef8663cb0544a1ccb890be751730" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Phoenix", + "mode": 33188, + "size": 360, + "digest": { + "algorithm": "sha256", + "value": "8a5973d2c62e2cbf2520f2b44e4a2ee9d2f455c93f0f45bfdeb4533af1584664" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Port-au-Prince", + "mode": 33188, + "size": 1434, + "digest": { + "algorithm": "sha256", + "value": "d3d64025de083a23297dda54b85d54e3847f851b7a06fa409055ce9d83bdc8e3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Port_of_Spain", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Porto_Acre", + "mode": 33188, + "size": 628, + "digest": { + "algorithm": "sha256", + "value": "d7ba27926f0ffd580c904ae32bdaebd2ac0d9e2eeaa7db6071467dde0de5b4eb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Porto_Velho", + "mode": 33188, + "size": 576, + "digest": { + "algorithm": "sha256", + "value": "6517f380612edba86797724fb6264b3921468ff58149b38a7622c2d712327397" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Puerto_Rico", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Punta_Arenas", + "mode": 33188, + "size": 1916, + "digest": { + "algorithm": "sha256", + "value": "dfd2c88e86a8399349656b1820dfd061d842e1caea6c2e8b5abc683d6761f441" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Rainy_River", + "mode": 33188, + "size": 2868, + "digest": { + "algorithm": "sha256", + "value": "ecffbf610ae77857289fb40a4933a79221a3129a450e7dd9e3c309d6aabc541c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Rankin_Inlet", + "mode": 33188, + "size": 2066, + "digest": { + "algorithm": "sha256", + "value": "9d782a8cbdced815747a6f9793ca9545165bfd7d324261c4eaf9924af23d2b37" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Recife", + "mode": 33188, + "size": 716, + "digest": { + "algorithm": "sha256", + "value": "8a314dd99cd97b9a0161d97c020dd2c261a38f625e558617d95a3bebb836b3a2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Regina", + "mode": 33188, + "size": 980, + "digest": { + "algorithm": "sha256", + "value": "ca3a93d3ca476c80987bcdc7f099ad68306f085a91bfb4dfcdedd8f31b97ba4c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Resolute", + "mode": 33188, + "size": 2066, + "digest": { + "algorithm": "sha256", + "value": "0a7314d9d048fbadefb7cf89d10d51a29c7ef1bf694422e386faf270c21e7468" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Rio_Branco", + "mode": 33188, + "size": 628, + "digest": { + "algorithm": "sha256", + "value": "d7ba27926f0ffd580c904ae32bdaebd2ac0d9e2eeaa7db6071467dde0de5b4eb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Rosario", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "d57a883fc428d9b3d1efdd3d86b008faa02db726e6c045b89acec58d903961fc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Santa_Isabel", + "mode": 33188, + "size": 2906, + "digest": { + "algorithm": "sha256", + "value": "8c2e7b321726e6345912da396796bdb3672bfc4bd1a91c65ee58b38e004d4ca5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Santarem", + "mode": 33188, + "size": 602, + "digest": { + "algorithm": "sha256", + "value": "1a5fe5237a4f679ed42185d6726693a45a960c0e6b7ba6c78759d6b3f674f8d7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Santiago", + "mode": 33188, + "size": 2529, + "digest": { + "algorithm": "sha256", + "value": "ef9d2bf24112c65671eea391722ad6ae2cbf5f2f6ed5fcee8cc2c860780bfa01" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Santo_Domingo", + "mode": 33188, + "size": 458, + "digest": { + "algorithm": "sha256", + "value": "0cab5a123f1f43ddb26c84d3594e019b5eb44bda732665156e36964677a7c54e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Sao_Paulo", + "mode": 33188, + "size": 1444, + "digest": { + "algorithm": "sha256", + "value": "70edd519e90c19d49fd72e1ffd4824a433117acdbafa5d68194a038252225108" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Scoresbysund", + "mode": 33188, + "size": 1949, + "digest": { + "algorithm": "sha256", + "value": "75a39cf7fa0b8f250c4f8453d43588fbcc7d0e0ae58be81e2d45ce8891292c96" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Shiprock", + "mode": 33188, + "size": 2460, + "digest": { + "algorithm": "sha256", + "value": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Sitka", + "mode": 33188, + "size": 2329, + "digest": { + "algorithm": "sha256", + "value": "6a24bb164dfb859a7367d56478941e17e06a4cb442d503930a03002704fc5310" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/St_Barthelemy", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/St_Johns", + "mode": 33188, + "size": 3655, + "digest": { + "algorithm": "sha256", + "value": "af5fb5eee2afdbb799dc9b15930fc32d941ba3ac2f8eeb95bbb0b6a43b263a02" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/St_Kitts", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/St_Lucia", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/St_Thomas", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/St_Vincent", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Swift_Current", + "mode": 33188, + "size": 560, + "digest": { + "algorithm": "sha256", + "value": "45128e17bbd90bc56f6310fc3cfe09d7f8543dac8a04fecbbbcd1abd191f3c36" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Tegucigalpa", + "mode": 33188, + "size": 252, + "digest": { + "algorithm": "sha256", + "value": "1333b3ee7b5396b78cabaf4967609c01bf0fb3df15f5b50c378f34b693c8cb0e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Thule", + "mode": 33188, + "size": 1502, + "digest": { + "algorithm": "sha256", + "value": "f31b8f45a654f1180ee440aa1581d89a71e2a1cf35b0139a8a5915bbc634da2f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Thunder_Bay", + "mode": 33188, + "size": 3494, + "digest": { + "algorithm": "sha256", + "value": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Tijuana", + "mode": 33188, + "size": 2906, + "digest": { + "algorithm": "sha256", + "value": "8c2e7b321726e6345912da396796bdb3672bfc4bd1a91c65ee58b38e004d4ca5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Toronto", + "mode": 33188, + "size": 3494, + "digest": { + "algorithm": "sha256", + "value": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Tortola", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Vancouver", + "mode": 33188, + "size": 2892, + "digest": { + "algorithm": "sha256", + "value": "b249ca1f48d23d66a6f831df337e6a5ecf0d6a6edde5316591423d4a0c6bcb28" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Virgin", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Whitehorse", + "mode": 33188, + "size": 1614, + "digest": { + "algorithm": "sha256", + "value": "4eb47a3c29d81be9920a504ca21aa53fcaa76215cc52cc9d23e2feaae5c5c723" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Winnipeg", + "mode": 33188, + "size": 2868, + "digest": { + "algorithm": "sha256", + "value": "ecffbf610ae77857289fb40a4933a79221a3129a450e7dd9e3c309d6aabc541c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Yakutat", + "mode": 33188, + "size": 2305, + "digest": { + "algorithm": "sha256", + "value": "b45c2729bbf0872ca7e0b353027e727bf2560ddc6309eacd0edee83b05303b63" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/America/Yellowknife", + "mode": 33188, + "size": 2332, + "digest": { + "algorithm": "sha256", + "value": "f939087dcdd096f6827f4a7c08e678dd8d47441025fa7011522f8975778ad6f1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Antarctica", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Antarctica/Casey", + "mode": 33188, + "size": 437, + "digest": { + "algorithm": "sha256", + "value": "f8c45f27605f5b7f12c009a914042a53ad991ac268056fc49b61a093d620be52" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Antarctica/Davis", + "mode": 33188, + "size": 297, + "digest": { + "algorithm": "sha256", + "value": "e8fa24c8e69a212453375dec8acb8681db79bc6e40d98a8da282697cb4dbe524" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Antarctica/DumontDUrville", + "mode": 33188, + "size": 186, + "digest": { + "algorithm": "sha256", + "value": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Antarctica/Macquarie", + "mode": 33188, + "size": 2260, + "digest": { + "algorithm": "sha256", + "value": "89eed195a53c4474e8ad5563f8c5fc4ad28cab1fe85dfe141f63d4aa9cdcc1ed" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Antarctica/Mawson", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "f535b583fcf4b64e447de07b2baf55268f1a80eefe2bd67159b8aa34a9d464d1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Antarctica/McMurdo", + "mode": 33188, + "size": 2437, + "digest": { + "algorithm": "sha256", + "value": "8000e3a323e8fd0212414e9426b020707a771c368ca0e151747f9ddb7b814b27" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Antarctica/Palmer", + "mode": 33188, + "size": 1418, + "digest": { + "algorithm": "sha256", + "value": "0d6fc35c1c97839327319fb0d5b35dbbc6f494a3980ff120acf45de44732126e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Antarctica/Rothera", + "mode": 33188, + "size": 164, + "digest": { + "algorithm": "sha256", + "value": "4102359b520de3fd9ee816f4cfeace61a3b0c69e178cc24338a33d4850d43ca8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Antarctica/South_Pole", + "mode": 33188, + "size": 2437, + "digest": { + "algorithm": "sha256", + "value": "8000e3a323e8fd0212414e9426b020707a771c368ca0e151747f9ddb7b814b27" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Antarctica/Syowa", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "aeaf4a3e3f25d050679ca9fddd690c780d489e036d4f3939fe8578b04661738c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Antarctica/Troll", + "mode": 33188, + "size": 1162, + "digest": { + "algorithm": "sha256", + "value": "df3ae1f8ffe3302b2cf461b01c9247932a5967276ae26920a3f4c3a9cb67ddce" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Antarctica/Vostok", + "mode": 33188, + "size": 227, + "digest": { + "algorithm": "sha256", + "value": "fd919da6bacf97141ca6169c92cf789f6a6e5a7c816564b5a9f17b329124355d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Arctic", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Arctic/Longyearbyen", + "mode": 33188, + "size": 2298, + "digest": { + "algorithm": "sha256", + "value": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Aden", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "aeaf4a3e3f25d050679ca9fddd690c780d489e036d4f3939fe8578b04661738c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Almaty", + "mode": 33188, + "size": 997, + "digest": { + "algorithm": "sha256", + "value": "0027ca41ce1a18262ee881b9daf8d4c0493240ccc468da435d757868d118c81e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Amman", + "mode": 33188, + "size": 1447, + "digest": { + "algorithm": "sha256", + "value": "5fd1b785b66b85d591515bc49aaf85e05e94a1c4156698f0a2b6c17eee93d9f6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Anadyr", + "mode": 33188, + "size": 1188, + "digest": { + "algorithm": "sha256", + "value": "8430d3972e397a3a1554ff40974ed398aa5300234625a20f95c5cb45bb06ff88" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Aqtau", + "mode": 33188, + "size": 983, + "digest": { + "algorithm": "sha256", + "value": "0397b164ddb9e896a01494dc6ac81d0ab43c8223aa6761053115580564daa990" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Aqtobe", + "mode": 33188, + "size": 1011, + "digest": { + "algorithm": "sha256", + "value": "2d0ecfe4b1047bb8db59b8eabf398cefd734a3a01d65e084c504be7ce5a9f32c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Ashgabat", + "mode": 33188, + "size": 619, + "digest": { + "algorithm": "sha256", + "value": "2f80d85769995b272c61e1c8ca95f33ba64d637b43f308e0c5f3d1d993d6dba7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Ashkhabad", + "mode": 33188, + "size": 619, + "digest": { + "algorithm": "sha256", + "value": "2f80d85769995b272c61e1c8ca95f33ba64d637b43f308e0c5f3d1d993d6dba7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Atyrau", + "mode": 33188, + "size": 991, + "digest": { + "algorithm": "sha256", + "value": "dee128f3d391c8326a43f4ed6907487fd50f681f16a88450562d2079e63d8151" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Baghdad", + "mode": 33188, + "size": 983, + "digest": { + "algorithm": "sha256", + "value": "9503125273ae8a36dca13682a8c3676219ef2ad4b62153ff917140cde3d53435" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Bahrain", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "574ac525d2c722b4e82795a5dbc573568c3009566863c65949e369fbb90ebe36" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Baku", + "mode": 33188, + "size": 1227, + "digest": { + "algorithm": "sha256", + "value": "be11e796268e751c8db9d974b0524574bca7120d0773423e22264d7db0de09b3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Bangkok", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "798ab4be1f3d3758f4ebd511a10bed06ed277446a5e853ebb5b17c58228aa43c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Barnaul", + "mode": 33188, + "size": 1221, + "digest": { + "algorithm": "sha256", + "value": "d9cd42abc5d89418326d140c3fcc343427fb91a2c3acf66d1a7e0ce622596c9a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Beirut", + "mode": 33188, + "size": 2154, + "digest": { + "algorithm": "sha256", + "value": "fd9ff664083f88bf6f539d490c1f02074e2e5c10eb7f590b222b3e2675da4b6a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Bishkek", + "mode": 33188, + "size": 983, + "digest": { + "algorithm": "sha256", + "value": "768ff8922d49bd22aea54aef973f634641eca4385dbe4d43d88901c85b248c93" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Brunei", + "mode": 33188, + "size": 483, + "digest": { + "algorithm": "sha256", + "value": "2ac02d4346a8708368ce2c705bb0a4a2b63ed4f4cb96c8fb5149d01903046134" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Calcutta", + "mode": 33188, + "size": 285, + "digest": { + "algorithm": "sha256", + "value": "e90c341036cb7203200e293cb3b513267e104a39a594f35e195254e6bc0a17cf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Chita", + "mode": 33188, + "size": 1221, + "digest": { + "algorithm": "sha256", + "value": "e0808e7005401169cff9c75ffd826ed7f90262760f1b6fef61f49bb8d23e5702" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Choibalsan", + "mode": 33188, + "size": 891, + "digest": { + "algorithm": "sha256", + "value": "bb2412cc8065d1fd935c7ae6526dd53ecd42f6ba34d77858980971eb25238776" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Chongqing", + "mode": 33188, + "size": 561, + "digest": { + "algorithm": "sha256", + "value": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Chungking", + "mode": 33188, + "size": 561, + "digest": { + "algorithm": "sha256", + "value": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Colombo", + "mode": 33188, + "size": 372, + "digest": { + "algorithm": "sha256", + "value": "1c679af63b30208833ee4db42d3cdb2ad43252e9faec83f91efb19ae60096496" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Dacca", + "mode": 33188, + "size": 337, + "digest": { + "algorithm": "sha256", + "value": "dcae6594685ca4275930c709ba8988095bfb9599434695383d46f90ed171f25e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Damascus", + "mode": 33188, + "size": 1887, + "digest": { + "algorithm": "sha256", + "value": "fb90ce2ad6329e7b146189c13108a7dd7b2d850f58e651bebdd9e20fde6d2037" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Dhaka", + "mode": 33188, + "size": 337, + "digest": { + "algorithm": "sha256", + "value": "dcae6594685ca4275930c709ba8988095bfb9599434695383d46f90ed171f25e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Dili", + "mode": 33188, + "size": 271, + "digest": { + "algorithm": "sha256", + "value": "9d4384e3039ac9fc4b4d9c3becc8aa43802f9ccecd8e0b20bbb82fb1ba227f61" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Dubai", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "fa06b49b7b9af58ea4496444cf6fd576d715024abcdd6ad6defc63048ed6346b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Dushanbe", + "mode": 33188, + "size": 591, + "digest": { + "algorithm": "sha256", + "value": "15493d4edfc68a67d1ba57166a612fb8ebc0ec5439d987d9a90db0f3ca8cc7a3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Famagusta", + "mode": 33188, + "size": 2028, + "digest": { + "algorithm": "sha256", + "value": "085adcca077cb9d7b9c7a384b5f33f0f0d0a607a31a4f3f3ab8e8aa075718e37" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Gaza", + "mode": 33188, + "size": 3844, + "digest": { + "algorithm": "sha256", + "value": "b7463171440be7754d2a729b2a28e7d0e13f31aaf21329e89da6ec7be893b73b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Harbin", + "mode": 33188, + "size": 561, + "digest": { + "algorithm": "sha256", + "value": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Hebron", + "mode": 33188, + "size": 3872, + "digest": { + "algorithm": "sha256", + "value": "e98d144872b1fb1a02c42aff5a90ae337a253f5bd41a7ceb7271a2c9015ca9d4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "mode": 33188, + "size": 351, + "digest": { + "algorithm": "sha256", + "value": "e23774e40786df8d8cc1ef0fb6a6a72ba32c94d9cb7765fb06ed4dfd8c96065e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Hong_Kong", + "mode": 33188, + "size": 1233, + "digest": { + "algorithm": "sha256", + "value": "6a5fcee243e5ab92698242d88c4699ceb7208a22ee97d342d11e41ebd2555a17" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Hovd", + "mode": 33188, + "size": 891, + "digest": { + "algorithm": "sha256", + "value": "2549cea2cecf3538b65512b10fa5e7695477369ba1b17fcf8b5f2b23355ed71c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Irkutsk", + "mode": 33188, + "size": 1243, + "digest": { + "algorithm": "sha256", + "value": "894259095063a5f078acd2893abea0d33519b5c718624fc6934c13925c7c623d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Istanbul", + "mode": 33188, + "size": 1947, + "digest": { + "algorithm": "sha256", + "value": "d92d00fdfed5c6fc84ac930c08fa8adf7002840dbd21590caf5a3e4a932d3319" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Jakarta", + "mode": 33188, + "size": 383, + "digest": { + "algorithm": "sha256", + "value": "4ef13306f4b37f314274eb0c019d10811f79240e717f790064e361cb98045d11" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Jayapura", + "mode": 33188, + "size": 221, + "digest": { + "algorithm": "sha256", + "value": "8a1cd477e2fc1d456a1be35ad743323c4f986308d5163fb17abaa34cde04259b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Jerusalem", + "mode": 33188, + "size": 2388, + "digest": { + "algorithm": "sha256", + "value": "254b964265b94e16b4a498f0eb543968dec25f4cf80fba29b3d38e4a775ae837" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Kabul", + "mode": 33188, + "size": 208, + "digest": { + "algorithm": "sha256", + "value": "89a97b4afc1e1d34170e5efd3275e6e901ed8b0da2ed9b757b9bab2d753c4aaf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Kamchatka", + "mode": 33188, + "size": 1166, + "digest": { + "algorithm": "sha256", + "value": "a4103445bca72932ac30299fda124c67f8605543de9a6b3e55c78c309ed00bae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Karachi", + "mode": 33188, + "size": 379, + "digest": { + "algorithm": "sha256", + "value": "881fa658c4d75327c1c00919773f3f526130d31b20c48b9bf8a348eda9338649" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Kashgar", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "0045c32793f140e85e3d9670d50665f7c9a80cd6be6d6dc8dd654d4191c13d80" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Kathmandu", + "mode": 33188, + "size": 212, + "digest": { + "algorithm": "sha256", + "value": "4d4796eeb0d289f3934ac371be8f628086197c621311951ffb4123825c910d6b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Katmandu", + "mode": 33188, + "size": 212, + "digest": { + "algorithm": "sha256", + "value": "4d4796eeb0d289f3934ac371be8f628086197c621311951ffb4123825c910d6b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Khandyga", + "mode": 33188, + "size": 1271, + "digest": { + "algorithm": "sha256", + "value": "5d8cc4dadb04e526b2f698347070d090413d693bb2da988548b006c7f77e7663" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Kolkata", + "mode": 33188, + "size": 285, + "digest": { + "algorithm": "sha256", + "value": "e90c341036cb7203200e293cb3b513267e104a39a594f35e195254e6bc0a17cf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "mode": 33188, + "size": 1207, + "digest": { + "algorithm": "sha256", + "value": "9f3470e0f2360222bf19ef39e1bf14ed3483c342c6432ddc6b962e38e5365f02" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Kuala_Lumpur", + "mode": 33188, + "size": 415, + "digest": { + "algorithm": "sha256", + "value": "739e349e40a3e820c222f70c4c9d55810b65987ffb14e494d08b145ed3445711" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Kuching", + "mode": 33188, + "size": 483, + "digest": { + "algorithm": "sha256", + "value": "2ac02d4346a8708368ce2c705bb0a4a2b63ed4f4cb96c8fb5149d01903046134" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Kuwait", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "aeaf4a3e3f25d050679ca9fddd690c780d489e036d4f3939fe8578b04661738c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Macao", + "mode": 33188, + "size": 1227, + "digest": { + "algorithm": "sha256", + "value": "32f02447246cac0dabd39d88b65c85e5b8761617918c8d233f0834b88887d989" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Macau", + "mode": 33188, + "size": 1227, + "digest": { + "algorithm": "sha256", + "value": "32f02447246cac0dabd39d88b65c85e5b8761617918c8d233f0834b88887d989" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Magadan", + "mode": 33188, + "size": 1222, + "digest": { + "algorithm": "sha256", + "value": "72ac23290b7c4e5ce7335c360decc066ecf512378e7cbc4f792635f62f7391f4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Makassar", + "mode": 33188, + "size": 254, + "digest": { + "algorithm": "sha256", + "value": "3a126d0aa493114faee67d28a4154ee41bbec10cdc60fcbd4bfe9a02125780ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Manila", + "mode": 33188, + "size": 422, + "digest": { + "algorithm": "sha256", + "value": "f314d21c542e615756dd385d36a896cd57ba16fef983fe6b4d061444bbf1ac9e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Muscat", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "fa06b49b7b9af58ea4496444cf6fd576d715024abcdd6ad6defc63048ed6346b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Nicosia", + "mode": 33188, + "size": 2002, + "digest": { + "algorithm": "sha256", + "value": "d149e6d08153ec7c86790ec5def4daffe9257f2b0282bba5a853ba043d699595" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Novokuznetsk", + "mode": 33188, + "size": 1165, + "digest": { + "algorithm": "sha256", + "value": "bd019ca8a766626583765ef740f65373269d9e8a5ed513c9e2806065e950bbdd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Novosibirsk", + "mode": 33188, + "size": 1221, + "digest": { + "algorithm": "sha256", + "value": "0292f7b36d075f6788027a34dc709ad915dd94ba2d55bf49be7665ed6d6c334d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Omsk", + "mode": 33188, + "size": 1207, + "digest": { + "algorithm": "sha256", + "value": "c316c47ac7deedd24e90d3df7ea4f04fac2e4d249333a13d7f4b85300cb33023" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Oral", + "mode": 33188, + "size": 1005, + "digest": { + "algorithm": "sha256", + "value": "88c8ea0f82ef0e0cb1375e6fec2ab211d043c8115a3a50a1c17d701f3d898954" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Phnom_Penh", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "798ab4be1f3d3758f4ebd511a10bed06ed277446a5e853ebb5b17c58228aa43c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Pontianak", + "mode": 33188, + "size": 353, + "digest": { + "algorithm": "sha256", + "value": "8a7397c2e2ad8cabf5cff7a588f65222a8d2b7ac21b6ec613de1b56298d4fc14" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Pyongyang", + "mode": 33188, + "size": 237, + "digest": { + "algorithm": "sha256", + "value": "ffe8371a70c0b5f0d7e17024b571fd8c5a2e2d40e63a8be78e839fbd1a540ec1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Qatar", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "574ac525d2c722b4e82795a5dbc573568c3009566863c65949e369fbb90ebe36" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Qostanay", + "mode": 33188, + "size": 1039, + "digest": { + "algorithm": "sha256", + "value": "f76633d7074fa667abc02f50d5685c95e2023102c3c1c68d8550ae36c09e77b5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Qyzylorda", + "mode": 33188, + "size": 1025, + "digest": { + "algorithm": "sha256", + "value": "6a2491c70a146d0f930477f6c1cc9a3a141bf3a8f78d0a57c1c41a48f9c0b705" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Rangoon", + "mode": 33188, + "size": 268, + "digest": { + "algorithm": "sha256", + "value": "647b97f97547afc746263acf439716edbf23414bf78a1c9df95ccde78e6694c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Riyadh", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "aeaf4a3e3f25d050679ca9fddd690c780d489e036d4f3939fe8578b04661738c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Saigon", + "mode": 33188, + "size": 351, + "digest": { + "algorithm": "sha256", + "value": "e23774e40786df8d8cc1ef0fb6a6a72ba32c94d9cb7765fb06ed4dfd8c96065e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Sakhalin", + "mode": 33188, + "size": 1202, + "digest": { + "algorithm": "sha256", + "value": "f7901d3f03a049ed20f70771ebb90a2c36e3bd8dc5b697950680166c955ca34c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Samarkand", + "mode": 33188, + "size": 577, + "digest": { + "algorithm": "sha256", + "value": "0417ba1a0fca95242e4b9840cafbe165698295c2c96858e708d182dfdd471d03" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Seoul", + "mode": 33188, + "size": 617, + "digest": { + "algorithm": "sha256", + "value": "2c8f4bb15dd77090b497e2a841ff3323ecbbae4f9dbb9edead2f8dd8fb5d8bb4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Shanghai", + "mode": 33188, + "size": 561, + "digest": { + "algorithm": "sha256", + "value": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Singapore", + "mode": 33188, + "size": 415, + "digest": { + "algorithm": "sha256", + "value": "739e349e40a3e820c222f70c4c9d55810b65987ffb14e494d08b145ed3445711" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Srednekolymsk", + "mode": 33188, + "size": 1208, + "digest": { + "algorithm": "sha256", + "value": "d039655bcab95605c4315e5cfe72c912566c3696aebcd84d00242972076a125d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Taipei", + "mode": 33188, + "size": 761, + "digest": { + "algorithm": "sha256", + "value": "0cc990c0ea4faa5db9b9edcd7fcbc028a4f87a6d3a0f567dac76cb222b718b19" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Tashkent", + "mode": 33188, + "size": 591, + "digest": { + "algorithm": "sha256", + "value": "2d2fb24f1874bf5be626843d23a7d8f8811193bba43e6a2f571d94b7ff9bf888" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Tbilisi", + "mode": 33188, + "size": 1035, + "digest": { + "algorithm": "sha256", + "value": "c3a50dc60ca7e015554c5e56900b71a3fbbb9e7218dba99a90a4399d18227ddb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Tehran", + "mode": 33188, + "size": 1262, + "digest": { + "algorithm": "sha256", + "value": "a996eb28d87f8c73af608beada143b344fc2e9c297d84da7915d731ba97566b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Tel_Aviv", + "mode": 33188, + "size": 2388, + "digest": { + "algorithm": "sha256", + "value": "254b964265b94e16b4a498f0eb543968dec25f4cf80fba29b3d38e4a775ae837" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Thimbu", + "mode": 33188, + "size": 203, + "digest": { + "algorithm": "sha256", + "value": "ba26bca2be5db4393155466b70bc248db4f3f42ed984bab44f88e513862fbaf4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Thimphu", + "mode": 33188, + "size": 203, + "digest": { + "algorithm": "sha256", + "value": "ba26bca2be5db4393155466b70bc248db4f3f42ed984bab44f88e513862fbaf4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Tokyo", + "mode": 33188, + "size": 309, + "digest": { + "algorithm": "sha256", + "value": "a02b9e66044dc5c35c5f76467627fdcba4aee1cc958606b85c777095cad82ceb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Tomsk", + "mode": 33188, + "size": 1221, + "digest": { + "algorithm": "sha256", + "value": "efb6207492f111344a8d08e76871dfe78c4102a372c130f0410999e6fe80ab6f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Ujung_Pandang", + "mode": 33188, + "size": 254, + "digest": { + "algorithm": "sha256", + "value": "3a126d0aa493114faee67d28a4154ee41bbec10cdc60fcbd4bfe9a02125780ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Ulaanbaatar", + "mode": 33188, + "size": 891, + "digest": { + "algorithm": "sha256", + "value": "bb2412cc8065d1fd935c7ae6526dd53ecd42f6ba34d77858980971eb25238776" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Ulan_Bator", + "mode": 33188, + "size": 891, + "digest": { + "algorithm": "sha256", + "value": "bb2412cc8065d1fd935c7ae6526dd53ecd42f6ba34d77858980971eb25238776" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Urumqi", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "0045c32793f140e85e3d9670d50665f7c9a80cd6be6d6dc8dd654d4191c13d80" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Ust-Nera", + "mode": 33188, + "size": 1252, + "digest": { + "algorithm": "sha256", + "value": "2406614403dd6ce2fd00bf961ce2fc6998f1759c4b9860cd046302c3d4cab51f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Vientiane", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "798ab4be1f3d3758f4ebd511a10bed06ed277446a5e853ebb5b17c58228aa43c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Vladivostok", + "mode": 33188, + "size": 1208, + "digest": { + "algorithm": "sha256", + "value": "5a892182d8f69f0523f7dda1ed2c9f07f7d134700a7cf37386c7ffa19a629bc7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Yakutsk", + "mode": 33188, + "size": 1207, + "digest": { + "algorithm": "sha256", + "value": "455088979d84bccae9d911b6860d9c8c34abf5086cb1c6804fe355f35c70ef37" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Yangon", + "mode": 33188, + "size": 268, + "digest": { + "algorithm": "sha256", + "value": "647b97f97547afc746263acf439716edbf23414bf78a1c9df95ccde78e6694c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Yekaterinburg", + "mode": 33188, + "size": 1243, + "digest": { + "algorithm": "sha256", + "value": "37355cd8388f7b2c3415d307c123d0245f64dedbd676dac44d988de7ca72c4b9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Asia/Yerevan", + "mode": 33188, + "size": 1151, + "digest": { + "algorithm": "sha256", + "value": "934587b56416fdc0428dc12ff273f4d5c54f79354395fd7c950d3fbba7229f5a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Atlantic", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Atlantic/Azores", + "mode": 33188, + "size": 3456, + "digest": { + "algorithm": "sha256", + "value": "5daae581a2cbfa4926b50ac964e31f453141d0d3803ca4a4eea06a993d53c76f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Atlantic/Bermuda", + "mode": 33188, + "size": 2396, + "digest": { + "algorithm": "sha256", + "value": "2cd18a7ccb2762fc089a34f2cd7acb84c3871c3bbba88ebb45b60d2afbc8d792" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Atlantic/Canary", + "mode": 33188, + "size": 1897, + "digest": { + "algorithm": "sha256", + "value": "ca62bdb9faa986f3630cade1ce290de067e4711dd07820623cac9573a16395b0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "mode": 33188, + "size": 270, + "digest": { + "algorithm": "sha256", + "value": "11242f13775e308fa5c7d986d3224b12c157e4a465fbb73a803e4eda1d199bd4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Atlantic/Faeroe", + "mode": 33188, + "size": 1815, + "digest": { + "algorithm": "sha256", + "value": "3626dd64f66d6a99d847f9b22199cc753692286b0e04682e8e3d3f4f636f033b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Atlantic/Faroe", + "mode": 33188, + "size": 1815, + "digest": { + "algorithm": "sha256", + "value": "3626dd64f66d6a99d847f9b22199cc753692286b0e04682e8e3d3f4f636f033b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Atlantic/Jan_Mayen", + "mode": 33188, + "size": 2298, + "digest": { + "algorithm": "sha256", + "value": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Atlantic/Madeira", + "mode": 33188, + "size": 3377, + "digest": { + "algorithm": "sha256", + "value": "4cac333702082b0d818dede51b57dde86e68f3e2fcb6d897a20d5b844ecdcc46" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Atlantic/Reykjavik", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Atlantic/South_Georgia", + "mode": 33188, + "size": 164, + "digest": { + "algorithm": "sha256", + "value": "419ef67d12a9e8a82fcbb0dfc871a1b753159f31a048fba32d07785cc8cdaeb7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Atlantic/St_Helena", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Atlantic/Stanley", + "mode": 33188, + "size": 1214, + "digest": { + "algorithm": "sha256", + "value": "7b128c2f0f8ff79db04b5153c558e7514d66903d8ebca503c2d0edf081a07fcc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/ACT", + "mode": 33188, + "size": 2190, + "digest": { + "algorithm": "sha256", + "value": "42c3857585b16db2f8ffd47ba19faa60f473340de8d4fe9320ea7be861605906" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Adelaide", + "mode": 33188, + "size": 2208, + "digest": { + "algorithm": "sha256", + "value": "95dd846f153be6856098f7bbd37cfe23a6aa2e0d0a9afeb665c086ce44f9476d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Brisbane", + "mode": 33188, + "size": 419, + "digest": { + "algorithm": "sha256", + "value": "796e90cf37b6b74faca5e2669afb7524ccdb91269d20a744f385c773b254b467" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Broken_Hill", + "mode": 33188, + "size": 2229, + "digest": { + "algorithm": "sha256", + "value": "de4ff79634ef4b91927e8ed787ac3bd54811dda03060f06c9c227e9a51180aa4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Canberra", + "mode": 33188, + "size": 2190, + "digest": { + "algorithm": "sha256", + "value": "42c3857585b16db2f8ffd47ba19faa60f473340de8d4fe9320ea7be861605906" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Currie", + "mode": 33188, + "size": 2358, + "digest": { + "algorithm": "sha256", + "value": "18b412ce021fb16c4ebe628eae1a5fa1f5aa20d41fea1dfa358cb799caba81c8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Darwin", + "mode": 33188, + "size": 325, + "digest": { + "algorithm": "sha256", + "value": "7e7d08661216f7c1409f32e283efc606d5b92c0e788da8dd79e533838b421afa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Eucla", + "mode": 33188, + "size": 470, + "digest": { + "algorithm": "sha256", + "value": "2f112e156c8cb1efdc00b56d4560a47fab08204935de34382575bc9366a049df" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Hobart", + "mode": 33188, + "size": 2358, + "digest": { + "algorithm": "sha256", + "value": "18b412ce021fb16c4ebe628eae1a5fa1f5aa20d41fea1dfa358cb799caba81c8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/LHI", + "mode": 33188, + "size": 1860, + "digest": { + "algorithm": "sha256", + "value": "2ee7f42f1fe2247ba1de465de0bc518dfdfab4b179fb05b650531534a353ee08" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Lindeman", + "mode": 33188, + "size": 475, + "digest": { + "algorithm": "sha256", + "value": "c4ce94771db6a0b3682d1d58ec64211ce628bfc9f0df140daa073f35543624ae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Lord_Howe", + "mode": 33188, + "size": 1860, + "digest": { + "algorithm": "sha256", + "value": "2ee7f42f1fe2247ba1de465de0bc518dfdfab4b179fb05b650531534a353ee08" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Melbourne", + "mode": 33188, + "size": 2190, + "digest": { + "algorithm": "sha256", + "value": "96fc7f31072e9cc73abb6b2622b97c5f8dbb6cbb17be3920a4249d8d80933413" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/NSW", + "mode": 33188, + "size": 2190, + "digest": { + "algorithm": "sha256", + "value": "42c3857585b16db2f8ffd47ba19faa60f473340de8d4fe9320ea7be861605906" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/North", + "mode": 33188, + "size": 325, + "digest": { + "algorithm": "sha256", + "value": "7e7d08661216f7c1409f32e283efc606d5b92c0e788da8dd79e533838b421afa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Perth", + "mode": 33188, + "size": 446, + "digest": { + "algorithm": "sha256", + "value": "025d4339487853fa1f3144127959734b20f7c7b4948cff5d72149a0541a67968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Queensland", + "mode": 33188, + "size": 419, + "digest": { + "algorithm": "sha256", + "value": "796e90cf37b6b74faca5e2669afb7524ccdb91269d20a744f385c773b254b467" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/South", + "mode": 33188, + "size": 2208, + "digest": { + "algorithm": "sha256", + "value": "95dd846f153be6856098f7bbd37cfe23a6aa2e0d0a9afeb665c086ce44f9476d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Sydney", + "mode": 33188, + "size": 2190, + "digest": { + "algorithm": "sha256", + "value": "42c3857585b16db2f8ffd47ba19faa60f473340de8d4fe9320ea7be861605906" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Tasmania", + "mode": 33188, + "size": 2358, + "digest": { + "algorithm": "sha256", + "value": "18b412ce021fb16c4ebe628eae1a5fa1f5aa20d41fea1dfa358cb799caba81c8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Victoria", + "mode": 33188, + "size": 2190, + "digest": { + "algorithm": "sha256", + "value": "96fc7f31072e9cc73abb6b2622b97c5f8dbb6cbb17be3920a4249d8d80933413" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/West", + "mode": 33188, + "size": 446, + "digest": { + "algorithm": "sha256", + "value": "025d4339487853fa1f3144127959734b20f7c7b4948cff5d72149a0541a67968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Australia/Yancowinna", + "mode": 33188, + "size": 2229, + "digest": { + "algorithm": "sha256", + "value": "de4ff79634ef4b91927e8ed787ac3bd54811dda03060f06c9c227e9a51180aa4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Brazil", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Brazil/Acre", + "mode": 33188, + "size": 628, + "digest": { + "algorithm": "sha256", + "value": "d7ba27926f0ffd580c904ae32bdaebd2ac0d9e2eeaa7db6071467dde0de5b4eb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Brazil/DeNoronha", + "mode": 33188, + "size": 716, + "digest": { + "algorithm": "sha256", + "value": "dd1e252d5f238394a58e10b9395542939d58efb11f8e8eb309efa8a6983f145a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Brazil/East", + "mode": 33188, + "size": 1444, + "digest": { + "algorithm": "sha256", + "value": "70edd519e90c19d49fd72e1ffd4824a433117acdbafa5d68194a038252225108" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Brazil/West", + "mode": 33188, + "size": 604, + "digest": { + "algorithm": "sha256", + "value": "969e91964717250ee64ac2aa9c4802f2cbc956b143264ff5eb1c6f7e9352a4ae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/CET", + "mode": 33188, + "size": 2933, + "digest": { + "algorithm": "sha256", + "value": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/CST6CDT", + "mode": 33188, + "size": 3592, + "digest": { + "algorithm": "sha256", + "value": "feba326ebe88eac20017a718748c46c68469a1e7f5e7716dcb8f1d43a6e6f686" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Canada", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Canada/Atlantic", + "mode": 33188, + "size": 3424, + "digest": { + "algorithm": "sha256", + "value": "4d9a667393f05a82df4df42843f6f7535ec113689529278d911d07a3c99b4e7f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Canada/Central", + "mode": 33188, + "size": 2868, + "digest": { + "algorithm": "sha256", + "value": "ecffbf610ae77857289fb40a4933a79221a3129a450e7dd9e3c309d6aabc541c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Canada/Eastern", + "mode": 33188, + "size": 3494, + "digest": { + "algorithm": "sha256", + "value": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Canada/Mountain", + "mode": 33188, + "size": 2332, + "digest": { + "algorithm": "sha256", + "value": "f939087dcdd096f6827f4a7c08e678dd8d47441025fa7011522f8975778ad6f1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Canada/Newfoundland", + "mode": 33188, + "size": 3655, + "digest": { + "algorithm": "sha256", + "value": "af5fb5eee2afdbb799dc9b15930fc32d941ba3ac2f8eeb95bbb0b6a43b263a02" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Canada/Pacific", + "mode": 33188, + "size": 2892, + "digest": { + "algorithm": "sha256", + "value": "b249ca1f48d23d66a6f831df337e6a5ecf0d6a6edde5316591423d4a0c6bcb28" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Canada/Saskatchewan", + "mode": 33188, + "size": 980, + "digest": { + "algorithm": "sha256", + "value": "ca3a93d3ca476c80987bcdc7f099ad68306f085a91bfb4dfcdedd8f31b97ba4c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Canada/Yukon", + "mode": 33188, + "size": 1614, + "digest": { + "algorithm": "sha256", + "value": "4eb47a3c29d81be9920a504ca21aa53fcaa76215cc52cc9d23e2feaae5c5c723" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Chile", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Chile/Continental", + "mode": 33188, + "size": 2529, + "digest": { + "algorithm": "sha256", + "value": "ef9d2bf24112c65671eea391722ad6ae2cbf5f2f6ed5fcee8cc2c860780bfa01" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Chile/EasterIsland", + "mode": 33188, + "size": 2233, + "digest": { + "algorithm": "sha256", + "value": "64eefdb1ed60766dd954d0fdaf98b5162ad501313612ce55f61fdd506b0788d3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Cuba", + "mode": 33188, + "size": 2416, + "digest": { + "algorithm": "sha256", + "value": "1d441e02e281b04908e522d98eaca75c808e51539a8e42b3287e6bf8ebf939d7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/EET", + "mode": 33188, + "size": 2262, + "digest": { + "algorithm": "sha256", + "value": "5c363e14151d751c901cdf06c502d9e1ac23b8e956973954763bfb39d5c53730" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/EST", + "mode": 33188, + "size": 182, + "digest": { + "algorithm": "sha256", + "value": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/EST5EDT", + "mode": 33188, + "size": 3552, + "digest": { + "algorithm": "sha256", + "value": "e9ed07d7bee0c76a9d442d091ef1f01668fee7c4f26014c0a868b19fe6c18a95" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Egypt", + "mode": 33188, + "size": 2399, + "digest": { + "algorithm": "sha256", + "value": "2dfb7e1822d085a4899bd56a526b041681c84b55617daee91499fd1990a989fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Eire", + "mode": 33188, + "size": 3490, + "digest": { + "algorithm": "sha256", + "value": "75b0b9a6bad4fb50a098ebfffb8afdf1f0ffe6a9908fdd3d108f7148b647c889" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT+0", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT+1", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "d50ce5d97f6b43f45711fd75c87d3dc10642affa61e947453fb134caef6cf884" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT+10", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "244432432425902d28e994dd7958d984220e87a70ae5317b1f4d0f925b3eb142" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT+11", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "b56bdcbd830509a13ad27255bc3aeba2feecb49becd4a4183b2ae1977773714b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT+12", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "6fbd0712112babc2099aaf31edc399cb8791fffddfab9b871e98ef3c1107a8c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT+2", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "4fa129e7386c94129b61a10215407a8142a1de24d93f23285b59238689f1ad4a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT+3", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "406a18ac4d386d427e3b32f7eddb763194f917158d2e92433d55e025bb2d6190" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT+4", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "456ae43648bec15ed7f9ca1ed15bee7c17ba2eb595a643c98226b94106049c1a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT+5", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "a1199e0b8d5d8185d3fb3cf264844a5cdf48bdd2f60dae674eec261b6fe9ac80" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT+6", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "77a7409f089e8f2148da7ec0cc59455b4685013eb360d123048106d2ebb4b1b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT+7", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "4ea8d86f3774607a71d708ac160d3c275f704e983aced24b2e89e0658fe5a33b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT+8", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "b61ffc6c832662044f09eb01adb981851af48d03bbc2177bd0b898f477f02729" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT+9", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "42ae44ea2512ec9309232993ed8a2a948f0cb6ab55cb49abf6deb3585b5673d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT-0", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT-1", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "ef7175794f2e01018fde6728076abdf428df31a9c61479377de7e58e9f69602e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT-10", + "mode": 33188, + "size": 118, + "digest": { + "algorithm": "sha256", + "value": "7ca5963702c13a9d4e90a8ed735c3d2c85c94759934c3f8976f61f951cb522b5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT-11", + "mode": 33188, + "size": 118, + "digest": { + "algorithm": "sha256", + "value": "0f64bbf67ea9b1af6df7fdaf8f9c08ac5a471f63892dc08a3fabedc3315920d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT-12", + "mode": 33188, + "size": 118, + "digest": { + "algorithm": "sha256", + "value": "99ee15ea599623c812afc1fb378d56003d04c30d5a9e1fc4177e10afd5284a72" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT-13", + "mode": 33188, + "size": 118, + "digest": { + "algorithm": "sha256", + "value": "c5b99b1b505003a0e5a5afe2530106c89c56e1adedea599ac1d3ca004f2f6d1f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT-14", + "mode": 33188, + "size": 118, + "digest": { + "algorithm": "sha256", + "value": "3e95e8444061d36a85a6fc55323da957d200cd242f044ed73ef9cdf6a499f8a7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT-2", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "bdeea158b75eba22e1a9a81a58ba8c0fa1cdc9b4b57214708ee75f4d9d9b6011" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT-3", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "37bee320b6a7b8b0d590bb1dba35d94aef9db078b0379308a7087b7cc5227eca" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT-4", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "2d2928e5f547a8f979cdfc231aa91b31afce167beda53ea8ff8c58c4dcfd9f9a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT-5", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "b8b69247931bd7c1d14ec000e52bde63d3c027dedd3bc433216a8d5dedf065be" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT-6", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "25237e454029849e747e922fedc602eae9ebb6bcfd4b55a66bea620c79467bb7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT-7", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "bd500e17cc54f53f444a7c3af1cd12157a5cbe4a28a5a8b04d1d336de7c71d25" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT-8", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "4bbc4541b14ca620d9cb8bf92f80fd7c2ae3448cf3a0b0b9a7c49edb7c62eeeb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT-9", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "239bc736650af98ca0fd2d6c905378e15195cc1824b6316055088320a3b868c2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/GMT0", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/Greenwich", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/UCT", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/UTC", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/Universal", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Etc/Zulu", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Amsterdam", + "mode": 33188, + "size": 2933, + "digest": { + "algorithm": "sha256", + "value": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Andorra", + "mode": 33188, + "size": 1742, + "digest": { + "algorithm": "sha256", + "value": "8130798c2426bc8c372498b5fef01c398ba1b733c147a457531f60555ea9eae8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Astrakhan", + "mode": 33188, + "size": 1165, + "digest": { + "algorithm": "sha256", + "value": "cb0b732fdd8a55fa326ce980844f5e1ea98c72f2599b96f48ece460dd5882444" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Athens", + "mode": 33188, + "size": 2262, + "digest": { + "algorithm": "sha256", + "value": "5c363e14151d751c901cdf06c502d9e1ac23b8e956973954763bfb39d5c53730" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Belfast", + "mode": 33188, + "size": 3664, + "digest": { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Belgrade", + "mode": 33188, + "size": 1920, + "digest": { + "algorithm": "sha256", + "value": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Berlin", + "mode": 33188, + "size": 2298, + "digest": { + "algorithm": "sha256", + "value": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Bratislava", + "mode": 33188, + "size": 2301, + "digest": { + "algorithm": "sha256", + "value": "fadd1d112954ec192506fb9421d7a22a80764fe4ae7b2eb116290437fec33167" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Brussels", + "mode": 33188, + "size": 2933, + "digest": { + "algorithm": "sha256", + "value": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Bucharest", + "mode": 33188, + "size": 2184, + "digest": { + "algorithm": "sha256", + "value": "9df83af9b5360fa0cc1166fd10c2014799319cdb1b0d2c7450a7c71ff673a857" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Budapest", + "mode": 33188, + "size": 2368, + "digest": { + "algorithm": "sha256", + "value": "94dc2ac5672206fc3d7a2f35550c082876c2fd90c98e980753a1c5838c025246" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Busingen", + "mode": 33188, + "size": 1909, + "digest": { + "algorithm": "sha256", + "value": "2b9418ed48e3d9551c84a4786e185bd2181d009866c040fbd729170d038629ef" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Chisinau", + "mode": 33188, + "size": 2390, + "digest": { + "algorithm": "sha256", + "value": "a7527faea144d77a4bf1ca4146b1057beb5e088f1fd1f28ae2e4d4cbfe1d885e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Copenhagen", + "mode": 33188, + "size": 2298, + "digest": { + "algorithm": "sha256", + "value": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Dublin", + "mode": 33188, + "size": 3490, + "digest": { + "algorithm": "sha256", + "value": "75b0b9a6bad4fb50a098ebfffb8afdf1f0ffe6a9908fdd3d108f7148b647c889" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Gibraltar", + "mode": 33188, + "size": 3068, + "digest": { + "algorithm": "sha256", + "value": "6bced6a5a065bf123880053d3a940e90df155096e2ad55987fe55f14b4c8a12e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Guernsey", + "mode": 33188, + "size": 3664, + "digest": { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Helsinki", + "mode": 33188, + "size": 1900, + "digest": { + "algorithm": "sha256", + "value": "184901ecbb158667a0b7b62eb9685e083bc3182edbecdc3d6d3743192f6a9097" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Isle_of_Man", + "mode": 33188, + "size": 3664, + "digest": { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Istanbul", + "mode": 33188, + "size": 1947, + "digest": { + "algorithm": "sha256", + "value": "d92d00fdfed5c6fc84ac930c08fa8adf7002840dbd21590caf5a3e4a932d3319" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Jersey", + "mode": 33188, + "size": 3664, + "digest": { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Kaliningrad", + "mode": 33188, + "size": 1493, + "digest": { + "algorithm": "sha256", + "value": "b3b19749ed58bcc72cec089484735303a2389c03909ff2a6cff66a2583be2cc3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Kiev", + "mode": 33188, + "size": 2120, + "digest": { + "algorithm": "sha256", + "value": "fb0ae91bd8cfb882853f5360055be7c6c3117fd2ff879cf727a4378e3d40c0d3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Kirov", + "mode": 33188, + "size": 1185, + "digest": { + "algorithm": "sha256", + "value": "3fb4f665fe44a3aa382f80db83f05f8858d48138f47505e5af063e419d5e0559" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Kyiv", + "mode": 33188, + "size": 2120, + "digest": { + "algorithm": "sha256", + "value": "fb0ae91bd8cfb882853f5360055be7c6c3117fd2ff879cf727a4378e3d40c0d3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Lisbon", + "mode": 33188, + "size": 3527, + "digest": { + "algorithm": "sha256", + "value": "92b07cb24689226bf934308d1f1bd33c306aa4da610c52cd5bce25077960502c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Ljubljana", + "mode": 33188, + "size": 1920, + "digest": { + "algorithm": "sha256", + "value": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/London", + "mode": 33188, + "size": 3664, + "digest": { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Luxembourg", + "mode": 33188, + "size": 2933, + "digest": { + "algorithm": "sha256", + "value": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Madrid", + "mode": 33188, + "size": 2614, + "digest": { + "algorithm": "sha256", + "value": "9a42d7d37ad6dedd2d9b328120f7bf9e852f6850c4af00baff964f659b161cea" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Malta", + "mode": 33188, + "size": 2620, + "digest": { + "algorithm": "sha256", + "value": "12129c6cf2f8efbeb9b56022439edcbac68ad9368842a64282d268119b3751dd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Mariehamn", + "mode": 33188, + "size": 1900, + "digest": { + "algorithm": "sha256", + "value": "184901ecbb158667a0b7b62eb9685e083bc3182edbecdc3d6d3743192f6a9097" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Minsk", + "mode": 33188, + "size": 1321, + "digest": { + "algorithm": "sha256", + "value": "9a7f3acddacd5a92580df139d48cbd9f5f998b6a624f26fd10f692d80fae1894" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Monaco", + "mode": 33188, + "size": 2962, + "digest": { + "algorithm": "sha256", + "value": "ab77a1488a2dd4667a4f23072236e0d2845fe208405eec1b4834985629ba7af8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Moscow", + "mode": 33188, + "size": 1535, + "digest": { + "algorithm": "sha256", + "value": "2a69287d1723e93f0f876f0f242866f09569d77b91bde7fa4d9d06b8fcd4883c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Nicosia", + "mode": 33188, + "size": 2002, + "digest": { + "algorithm": "sha256", + "value": "d149e6d08153ec7c86790ec5def4daffe9257f2b0282bba5a853ba043d699595" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Oslo", + "mode": 33188, + "size": 2298, + "digest": { + "algorithm": "sha256", + "value": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Paris", + "mode": 33188, + "size": 2962, + "digest": { + "algorithm": "sha256", + "value": "ab77a1488a2dd4667a4f23072236e0d2845fe208405eec1b4834985629ba7af8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Podgorica", + "mode": 33188, + "size": 1920, + "digest": { + "algorithm": "sha256", + "value": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Prague", + "mode": 33188, + "size": 2301, + "digest": { + "algorithm": "sha256", + "value": "fadd1d112954ec192506fb9421d7a22a80764fe4ae7b2eb116290437fec33167" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Riga", + "mode": 33188, + "size": 2198, + "digest": { + "algorithm": "sha256", + "value": "849dbfd26d6d696f48b80fa13323f99fe597ed83ab47485e2accc98609634569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Rome", + "mode": 33188, + "size": 2641, + "digest": { + "algorithm": "sha256", + "value": "d5ade82cc4a232949b87d43157c84b2c355b66a6ac87cf6250ed6ead80b5018f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Samara", + "mode": 33188, + "size": 1215, + "digest": { + "algorithm": "sha256", + "value": "cf68a79ea499f3f964132f1c23217d24cfc57e73b6b1665aa9e16a3a1f290fb3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/San_Marino", + "mode": 33188, + "size": 2641, + "digest": { + "algorithm": "sha256", + "value": "d5ade82cc4a232949b87d43157c84b2c355b66a6ac87cf6250ed6ead80b5018f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Sarajevo", + "mode": 33188, + "size": 1920, + "digest": { + "algorithm": "sha256", + "value": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Saratov", + "mode": 33188, + "size": 1183, + "digest": { + "algorithm": "sha256", + "value": "04c7a3e3d1e5406db80960a1e5538436b0778cfb893d270fb3346d6fb32b2772" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Simferopol", + "mode": 33188, + "size": 1469, + "digest": { + "algorithm": "sha256", + "value": "b7397bc5d355499a6b342ba5e181392d2a6847d268ba398eabc55b6c1f301e27" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Skopje", + "mode": 33188, + "size": 1920, + "digest": { + "algorithm": "sha256", + "value": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Sofia", + "mode": 33188, + "size": 2077, + "digest": { + "algorithm": "sha256", + "value": "84240a5df30dae7039c47370feecd38cacd5c38f81becab9a063b8c940afe6d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Stockholm", + "mode": 33188, + "size": 2298, + "digest": { + "algorithm": "sha256", + "value": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Tallinn", + "mode": 33188, + "size": 2148, + "digest": { + "algorithm": "sha256", + "value": "e1ae890b4688a4ccea215ecedf9ce81b42cb270910ab90285d9da2be489cebec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Tirane", + "mode": 33188, + "size": 2084, + "digest": { + "algorithm": "sha256", + "value": "ced959c824bd5825de556f2706e9f74f28b91d463412d15b8816c473582e72ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Tiraspol", + "mode": 33188, + "size": 2390, + "digest": { + "algorithm": "sha256", + "value": "a7527faea144d77a4bf1ca4146b1057beb5e088f1fd1f28ae2e4d4cbfe1d885e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Ulyanovsk", + "mode": 33188, + "size": 1267, + "digest": { + "algorithm": "sha256", + "value": "9c5b207154e64e2885cc7b722434673bedc7e064407c079c79be9bda31472d44" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Uzhgorod", + "mode": 33188, + "size": 2120, + "digest": { + "algorithm": "sha256", + "value": "fb0ae91bd8cfb882853f5360055be7c6c3117fd2ff879cf727a4378e3d40c0d3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Vaduz", + "mode": 33188, + "size": 1909, + "digest": { + "algorithm": "sha256", + "value": "2b9418ed48e3d9551c84a4786e185bd2181d009866c040fbd729170d038629ef" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Vatican", + "mode": 33188, + "size": 2641, + "digest": { + "algorithm": "sha256", + "value": "d5ade82cc4a232949b87d43157c84b2c355b66a6ac87cf6250ed6ead80b5018f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Vienna", + "mode": 33188, + "size": 2200, + "digest": { + "algorithm": "sha256", + "value": "6662379000c4e9b9eb24471caa1ef75d7058dfa2f51b80e4a624d0226b4dad49" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Vilnius", + "mode": 33188, + "size": 2162, + "digest": { + "algorithm": "sha256", + "value": "505cd15f7a2b09307c77d23397124fcb9794036a013ee0aed54265fb60fb0b75" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Volgograd", + "mode": 33188, + "size": 1193, + "digest": { + "algorithm": "sha256", + "value": "46016fb7b9b367e4ed20a2fd0551e6a0d64b21e2c8ba20dd5de635d20dbfbe4b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Warsaw", + "mode": 33188, + "size": 2654, + "digest": { + "algorithm": "sha256", + "value": "4e22c33db79517472480b54491a49e0da299f3072d7490ce97f1c4fd6779acab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Zagreb", + "mode": 33188, + "size": 1920, + "digest": { + "algorithm": "sha256", + "value": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Zaporozhye", + "mode": 33188, + "size": 2120, + "digest": { + "algorithm": "sha256", + "value": "fb0ae91bd8cfb882853f5360055be7c6c3117fd2ff879cf727a4378e3d40c0d3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Europe/Zurich", + "mode": 33188, + "size": 1909, + "digest": { + "algorithm": "sha256", + "value": "2b9418ed48e3d9551c84a4786e185bd2181d009866c040fbd729170d038629ef" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Factory", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "6851652b1f771d7a09a05e124ae4e50fc719b4903e9dee682b301ae9e5f65789" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/GB", + "mode": 33188, + "size": 3664, + "digest": { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/GB-Eire", + "mode": 33188, + "size": 3664, + "digest": { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/GMT", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/GMT+0", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/GMT-0", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/GMT0", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Greenwich", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/HST", + "mode": 33188, + "size": 329, + "digest": { + "algorithm": "sha256", + "value": "7f03d1bf5264e7ab023a2ef9b997ddfc8cb6936692407c770762b9c549523f33" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Hongkong", + "mode": 33188, + "size": 1233, + "digest": { + "algorithm": "sha256", + "value": "6a5fcee243e5ab92698242d88c4699ceb7208a22ee97d342d11e41ebd2555a17" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Iceland", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Indian", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Indian/Antananarivo", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Indian/Chagos", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "db7076ea9c302b48315bb4cfefa1a5b7263e454fe8e911864ab17dde917b4b51" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Indian/Christmas", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "798ab4be1f3d3758f4ebd511a10bed06ed277446a5e853ebb5b17c58228aa43c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Indian/Cocos", + "mode": 33188, + "size": 268, + "digest": { + "algorithm": "sha256", + "value": "647b97f97547afc746263acf439716edbf23414bf78a1c9df95ccde78e6694c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Indian/Comoro", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Indian/Kerguelen", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "7544016eb9a8077a1d5ac32ddcad58527078e3b03a9e45b7691d5a1f374b17b3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Indian/Mahe", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "fa06b49b7b9af58ea4496444cf6fd576d715024abcdd6ad6defc63048ed6346b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Indian/Maldives", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "7544016eb9a8077a1d5ac32ddcad58527078e3b03a9e45b7691d5a1f374b17b3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Indian/Mauritius", + "mode": 33188, + "size": 241, + "digest": { + "algorithm": "sha256", + "value": "93abd651571f537812d4ad767bf68cc3a05e49d32f74bc822510802fb083d20a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Indian/Mayotte", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Indian/Reunion", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "fa06b49b7b9af58ea4496444cf6fd576d715024abcdd6ad6defc63048ed6346b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Iran", + "mode": 33188, + "size": 1262, + "digest": { + "algorithm": "sha256", + "value": "a996eb28d87f8c73af608beada143b344fc2e9c297d84da7915d731ba97566b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Israel", + "mode": 33188, + "size": 2388, + "digest": { + "algorithm": "sha256", + "value": "254b964265b94e16b4a498f0eb543968dec25f4cf80fba29b3d38e4a775ae837" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Jamaica", + "mode": 33188, + "size": 482, + "digest": { + "algorithm": "sha256", + "value": "c256a089e50f45fe7e6de89efa1ed0b0e35b3738c6b26f2f32cf2e7f6f29c36f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Japan", + "mode": 33188, + "size": 309, + "digest": { + "algorithm": "sha256", + "value": "a02b9e66044dc5c35c5f76467627fdcba4aee1cc958606b85c777095cad82ceb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Kwajalein", + "mode": 33188, + "size": 316, + "digest": { + "algorithm": "sha256", + "value": "2f89c7deac6fe4404a551c58b7aedbf487d97c1ce0e4a264d7d8aeef1de804c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Libya", + "mode": 33188, + "size": 625, + "digest": { + "algorithm": "sha256", + "value": "5b5769b460fbd13ee9a46a28d1f733150783888a749ee96d2cd3d5eba3300767" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/MET", + "mode": 33188, + "size": 2933, + "digest": { + "algorithm": "sha256", + "value": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/MST", + "mode": 33188, + "size": 360, + "digest": { + "algorithm": "sha256", + "value": "8a5973d2c62e2cbf2520f2b44e4a2ee9d2f455c93f0f45bfdeb4533af1584664" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/MST7MDT", + "mode": 33188, + "size": 2460, + "digest": { + "algorithm": "sha256", + "value": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Mexico", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Mexico/BajaNorte", + "mode": 33188, + "size": 2906, + "digest": { + "algorithm": "sha256", + "value": "8c2e7b321726e6345912da396796bdb3672bfc4bd1a91c65ee58b38e004d4ca5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Mexico/BajaSur", + "mode": 33188, + "size": 1060, + "digest": { + "algorithm": "sha256", + "value": "0561f636a54f0353ecc842cf37fd8117c2a596bb26424aa0d5eba3b10be79f1f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Mexico/General", + "mode": 33188, + "size": 1222, + "digest": { + "algorithm": "sha256", + "value": "528836f85316cf6a35da347ab0af6f7a625a98b7a8e8e105310477b34c53c647" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/NZ", + "mode": 33188, + "size": 2437, + "digest": { + "algorithm": "sha256", + "value": "8000e3a323e8fd0212414e9426b020707a771c368ca0e151747f9ddb7b814b27" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/NZ-CHAT", + "mode": 33188, + "size": 2068, + "digest": { + "algorithm": "sha256", + "value": "96456a692175596a6ffc1d8afa4dae269dac7ad4552ba5db8ec437f200c65448" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Navajo", + "mode": 33188, + "size": 2460, + "digest": { + "algorithm": "sha256", + "value": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/PRC", + "mode": 33188, + "size": 561, + "digest": { + "algorithm": "sha256", + "value": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/PST8PDT", + "mode": 33188, + "size": 2852, + "digest": { + "algorithm": "sha256", + "value": "68977bb9ad6d186fefc6c7abd36010a66e30008dcb2d376087a41c49861e7268" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Apia", + "mode": 33188, + "size": 612, + "digest": { + "algorithm": "sha256", + "value": "726e92e83d15747b1da8b264ba95091faa4bca76a8e50970a4c99123d9b9647e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Auckland", + "mode": 33188, + "size": 2437, + "digest": { + "algorithm": "sha256", + "value": "8000e3a323e8fd0212414e9426b020707a771c368ca0e151747f9ddb7b814b27" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Bougainville", + "mode": 33188, + "size": 268, + "digest": { + "algorithm": "sha256", + "value": "64a0dafd2ff68129663968b35750eac47df06c4e7cadf2b5bca64766aaebb632" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Chatham", + "mode": 33188, + "size": 2068, + "digest": { + "algorithm": "sha256", + "value": "96456a692175596a6ffc1d8afa4dae269dac7ad4552ba5db8ec437f200c65448" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Chuuk", + "mode": 33188, + "size": 186, + "digest": { + "algorithm": "sha256", + "value": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Easter", + "mode": 33188, + "size": 2233, + "digest": { + "algorithm": "sha256", + "value": "64eefdb1ed60766dd954d0fdaf98b5162ad501313612ce55f61fdd506b0788d3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Efate", + "mode": 33188, + "size": 538, + "digest": { + "algorithm": "sha256", + "value": "a46e0d31578cde10494d99d99aa78bab3dd0e680a08135b81cef91f457bddba0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Enderbury", + "mode": 33188, + "size": 234, + "digest": { + "algorithm": "sha256", + "value": "52f13b7d5b79bc64bb968297d7489b84d8a596288dab0bd001757d3518588603" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Fakaofo", + "mode": 33188, + "size": 200, + "digest": { + "algorithm": "sha256", + "value": "828c3e4a0139af973c27f020e67bc9e5250f0e0eb21fca6d87f6be40b0dc3eff" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Fiji", + "mode": 33188, + "size": 578, + "digest": { + "algorithm": "sha256", + "value": "c955305c2fc9c0bc9f929adf08d4e7580add30ba925c600e7a479ee37b191a23" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Funafuti", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Galapagos", + "mode": 33188, + "size": 238, + "digest": { + "algorithm": "sha256", + "value": "31db650be7dfa7cade202cc3c6c43cb5632c4e4ab965c37e8f73b2ca18e8915f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Gambier", + "mode": 33188, + "size": 164, + "digest": { + "algorithm": "sha256", + "value": "cfa79817cb2cccb8e47e9aa65a76c1040501fa26da4799e874a68061bbd739ed" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Guadalcanal", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "e865fe5e9c5c0b203ae2a50c77124c14cab8b0f93466385ec6a19baf2cdf8231" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Guam", + "mode": 33188, + "size": 494, + "digest": { + "algorithm": "sha256", + "value": "131f739e67faacd7c6cdeea036964908caf54d3e2b925d929eb85e72b749b9f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Honolulu", + "mode": 33188, + "size": 329, + "digest": { + "algorithm": "sha256", + "value": "7f03d1bf5264e7ab023a2ef9b997ddfc8cb6936692407c770762b9c549523f33" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Johnston", + "mode": 33188, + "size": 329, + "digest": { + "algorithm": "sha256", + "value": "7f03d1bf5264e7ab023a2ef9b997ddfc8cb6936692407c770762b9c549523f33" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Kanton", + "mode": 33188, + "size": 234, + "digest": { + "algorithm": "sha256", + "value": "52f13b7d5b79bc64bb968297d7489b84d8a596288dab0bd001757d3518588603" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Kiritimati", + "mode": 33188, + "size": 238, + "digest": { + "algorithm": "sha256", + "value": "5474778aec22bf7b71eb95ad8ad5470a840483754977cd76559e5d8ee4b25317" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Kosrae", + "mode": 33188, + "size": 351, + "digest": { + "algorithm": "sha256", + "value": "566e40288e8dbee612cf9f2cf3ddb658d2225a8a8f722c7624e24e8b1d669525" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Kwajalein", + "mode": 33188, + "size": 316, + "digest": { + "algorithm": "sha256", + "value": "2f89c7deac6fe4404a551c58b7aedbf487d97c1ce0e4a264d7d8aeef1de804c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Majuro", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Marquesas", + "mode": 33188, + "size": 173, + "digest": { + "algorithm": "sha256", + "value": "bb3b2356896eb46457a7f1519ef5e85340290c46f865a628cffafad03ee3b9f8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Midway", + "mode": 33188, + "size": 175, + "digest": { + "algorithm": "sha256", + "value": "7c262b62985863aad47f13b0ef5db2e5cc917b5d38002de9a2ea83ddb0883458" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Nauru", + "mode": 33188, + "size": 252, + "digest": { + "algorithm": "sha256", + "value": "a06c68718b2ab2c67f11e4077f77143f9720d2ab6acf1d41ce81235568c4ffb8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Niue", + "mode": 33188, + "size": 203, + "digest": { + "algorithm": "sha256", + "value": "29cd01460b2eee0d904d1f5edfb0eea91a35b140960c5328c00438c0ee98350d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Norfolk", + "mode": 33188, + "size": 880, + "digest": { + "algorithm": "sha256", + "value": "09d11733d48a602f569fb68cc43dac5798bccc4f3c350a36e59fcbf3be09b612" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Noumea", + "mode": 33188, + "size": 304, + "digest": { + "algorithm": "sha256", + "value": "1526a7a4038213b58741e8a8a78404aca57d642dd3ceed86c641fcfad217b076" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Pago_Pago", + "mode": 33188, + "size": 175, + "digest": { + "algorithm": "sha256", + "value": "7c262b62985863aad47f13b0ef5db2e5cc917b5d38002de9a2ea83ddb0883458" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Palau", + "mode": 33188, + "size": 180, + "digest": { + "algorithm": "sha256", + "value": "0915bffcc7173e539ac68d92f641cc1da05d8efeeee7d65613062e242a27ce64" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Pitcairn", + "mode": 33188, + "size": 202, + "digest": { + "algorithm": "sha256", + "value": "3bae4477514e085ff4ac48e960f02ab83c2d005de1c7224d8ae8e0a60655d247" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Pohnpei", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "e865fe5e9c5c0b203ae2a50c77124c14cab8b0f93466385ec6a19baf2cdf8231" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Ponape", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "e865fe5e9c5c0b203ae2a50c77124c14cab8b0f93466385ec6a19baf2cdf8231" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Port_Moresby", + "mode": 33188, + "size": 186, + "digest": { + "algorithm": "sha256", + "value": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Rarotonga", + "mode": 33188, + "size": 603, + "digest": { + "algorithm": "sha256", + "value": "deeaf48e2050a94db457228c2376d27c0f8705a43e1e18c4953aac1d69359227" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Saipan", + "mode": 33188, + "size": 494, + "digest": { + "algorithm": "sha256", + "value": "131f739e67faacd7c6cdeea036964908caf54d3e2b925d929eb85e72b749b9f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Samoa", + "mode": 33188, + "size": 175, + "digest": { + "algorithm": "sha256", + "value": "7c262b62985863aad47f13b0ef5db2e5cc917b5d38002de9a2ea83ddb0883458" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Tahiti", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "f62a335d11580e104e2e28e60e4da6452e0c6fe2d7596d6eee7efdd2304d2b13" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Tarawa", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Tongatapu", + "mode": 33188, + "size": 372, + "digest": { + "algorithm": "sha256", + "value": "6f44db6da6015031243c8a5c4be12720a099e4a4a0d8734e188649f4f6bc4c42" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Truk", + "mode": 33188, + "size": 186, + "digest": { + "algorithm": "sha256", + "value": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Wake", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Wallis", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Pacific/Yap", + "mode": 33188, + "size": 186, + "digest": { + "algorithm": "sha256", + "value": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Poland", + "mode": 33188, + "size": 2654, + "digest": { + "algorithm": "sha256", + "value": "4e22c33db79517472480b54491a49e0da299f3072d7490ce97f1c4fd6779acab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Portugal", + "mode": 33188, + "size": 3527, + "digest": { + "algorithm": "sha256", + "value": "92b07cb24689226bf934308d1f1bd33c306aa4da610c52cd5bce25077960502c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/ROC", + "mode": 33188, + "size": 761, + "digest": { + "algorithm": "sha256", + "value": "0cc990c0ea4faa5db9b9edcd7fcbc028a4f87a6d3a0f567dac76cb222b718b19" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/ROK", + "mode": 33188, + "size": 617, + "digest": { + "algorithm": "sha256", + "value": "2c8f4bb15dd77090b497e2a841ff3323ecbbae4f9dbb9edead2f8dd8fb5d8bb4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Singapore", + "mode": 33188, + "size": 415, + "digest": { + "algorithm": "sha256", + "value": "739e349e40a3e820c222f70c4c9d55810b65987ffb14e494d08b145ed3445711" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Turkey", + "mode": 33188, + "size": 1947, + "digest": { + "algorithm": "sha256", + "value": "d92d00fdfed5c6fc84ac930c08fa8adf7002840dbd21590caf5a3e4a932d3319" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/UCT", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/US", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/US/Alaska", + "mode": 33188, + "size": 2371, + "digest": { + "algorithm": "sha256", + "value": "a190353523d2d8159dca66299c21c53bc0656154be965e4a2e0d84cfd09b113b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/US/Aleutian", + "mode": 33188, + "size": 2356, + "digest": { + "algorithm": "sha256", + "value": "201d4387025000a6e13c9f631cb7fccd6e4369dec7224052f9d86feb81353a53" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/US/Arizona", + "mode": 33188, + "size": 360, + "digest": { + "algorithm": "sha256", + "value": "8a5973d2c62e2cbf2520f2b44e4a2ee9d2f455c93f0f45bfdeb4533af1584664" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/US/Central", + "mode": 33188, + "size": 3592, + "digest": { + "algorithm": "sha256", + "value": "feba326ebe88eac20017a718748c46c68469a1e7f5e7716dcb8f1d43a6e6f686" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/US/East-Indiana", + "mode": 33188, + "size": 1682, + "digest": { + "algorithm": "sha256", + "value": "90d2b2f4a8fd202b226187c209b020833300edec5ff86a463ccc685e8707532c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/US/Eastern", + "mode": 33188, + "size": 3552, + "digest": { + "algorithm": "sha256", + "value": "e9ed07d7bee0c76a9d442d091ef1f01668fee7c4f26014c0a868b19fe6c18a95" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/US/Hawaii", + "mode": 33188, + "size": 329, + "digest": { + "algorithm": "sha256", + "value": "7f03d1bf5264e7ab023a2ef9b997ddfc8cb6936692407c770762b9c549523f33" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/US/Indiana-Starke", + "mode": 33188, + "size": 2444, + "digest": { + "algorithm": "sha256", + "value": "0acbd9e412b0daa55abf7c7f17c094f6d68974393b8d7e3509fb2a9acea35d5f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/US/Michigan", + "mode": 33188, + "size": 2230, + "digest": { + "algorithm": "sha256", + "value": "85e733f32a98d828f907ad46de02d9740559bd180af65d0ff7473f80dfae0f98" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/US/Mountain", + "mode": 33188, + "size": 2460, + "digest": { + "algorithm": "sha256", + "value": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/US/Pacific", + "mode": 33188, + "size": 2852, + "digest": { + "algorithm": "sha256", + "value": "68977bb9ad6d186fefc6c7abd36010a66e30008dcb2d376087a41c49861e7268" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/US/Samoa", + "mode": 33188, + "size": 175, + "digest": { + "algorithm": "sha256", + "value": "7c262b62985863aad47f13b0ef5db2e5cc917b5d38002de9a2ea83ddb0883458" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/UTC", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Universal", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/W-SU", + "mode": 33188, + "size": 1535, + "digest": { + "algorithm": "sha256", + "value": "2a69287d1723e93f0f876f0f242866f09569d77b91bde7fa4d9d06b8fcd4883c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/WET", + "mode": 33188, + "size": 3527, + "digest": { + "algorithm": "sha256", + "value": "92b07cb24689226bf934308d1f1bd33c306aa4da610c52cd5bce25077960502c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/Zulu", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/iso3166.tab", + "mode": 33188, + "size": 4841, + "digest": { + "algorithm": "sha256", + "value": "837c80785080c8433fd9d4ea87e78f161ac7a40389301c5153d4f90198baeb2a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/leap-seconds.list", + "mode": 33188, + "size": 5065, + "digest": { + "algorithm": "sha256", + "value": "f060924e3a76ee4e464f6664035b7beae834155dd93a81c50e922f94dfdb1d20" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/leapseconds", + "mode": 33188, + "size": 3694, + "digest": { + "algorithm": "sha256", + "value": "5514348190a3ef9f0f65fee87fca59b4d6d9292702ae0e84960011159a7c2767" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Abidjan", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Accra", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Addis_Ababa", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Algiers", + "mode": 33188, + "size": 735, + "digest": { + "algorithm": "sha256", + "value": "bda1698cd542c0e6e76dfbbcdab390cdd26f37a9d5826a57a50d5aab37f3b2a6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Asmara", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Asmera", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Bamako", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Bangui", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Banjul", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Bissau", + "mode": 33188, + "size": 194, + "digest": { + "algorithm": "sha256", + "value": "223bb10cfe846620c716f97f6c74ba34deec751c4b297965a28042f36f69a1a9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Blantyre", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Brazzaville", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Bujumbura", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Cairo", + "mode": 33188, + "size": 2399, + "digest": { + "algorithm": "sha256", + "value": "2dfb7e1822d085a4899bd56a526b041681c84b55617daee91499fd1990a989fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Casablanca", + "mode": 33188, + "size": 2431, + "digest": { + "algorithm": "sha256", + "value": "5f06da20694355706642644e3ffce81779e17cf37e302f7b6c5ef83390bb1723" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Ceuta", + "mode": 33188, + "size": 2052, + "digest": { + "algorithm": "sha256", + "value": "0b0fb6fe714319b37c5aa22c56971abb2668a165fc8f72a6c763e70b47c7badf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Conakry", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Dakar", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Dar_es_Salaam", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Djibouti", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Douala", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/El_Aaiun", + "mode": 33188, + "size": 2273, + "digest": { + "algorithm": "sha256", + "value": "d47aadca5f9d163223d71c75fc5689fbf418968a805441f9681fecd816c9f0e8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Freetown", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Gaborone", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Harare", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Johannesburg", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "6c1bcc752668e77585a308ae8543bd0bccd8e813865626e809bf94f3fe3d977e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Juba", + "mode": 33188, + "size": 679, + "digest": { + "algorithm": "sha256", + "value": "5159c8a843c9c072d3302fabe6a6501cdbfda29a1856c29dabeb5aff95d4c3f4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Kampala", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Khartoum", + "mode": 33188, + "size": 679, + "digest": { + "algorithm": "sha256", + "value": "318583a09dc070222d65d029a1e3a0b565830f1aaec13a27e6fe533863fbd3ea" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Kigali", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Kinshasa", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Lagos", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Libreville", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Lome", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Luanda", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Lubumbashi", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Lusaka", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Malabo", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Maputo", + "mode": 33188, + "size": 149, + "digest": { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Maseru", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "6c1bcc752668e77585a308ae8543bd0bccd8e813865626e809bf94f3fe3d977e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Mbabane", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "6c1bcc752668e77585a308ae8543bd0bccd8e813865626e809bf94f3fe3d977e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Mogadishu", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Monrovia", + "mode": 33188, + "size": 208, + "digest": { + "algorithm": "sha256", + "value": "f95b095b9714e0a76f7e061a415bf895cbb399a28854531de369cee915ce05d5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Nairobi", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Ndjamena", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "f13dc0d199bd1a3d01be6eab77cf2ddc60172a229d1947c7948a98964608d0a3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Niamey", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Nouakchott", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Ouagadougou", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Porto-Novo", + "mode": 33188, + "size": 235, + "digest": { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Sao_Tome", + "mode": 33188, + "size": 254, + "digest": { + "algorithm": "sha256", + "value": "31d8f1a50dbaf2ecc9ed9c7566ba0552d454c2ab09e85ff263701857d157c352" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Timbuktu", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Tripoli", + "mode": 33188, + "size": 625, + "digest": { + "algorithm": "sha256", + "value": "5b5769b460fbd13ee9a46a28d1f733150783888a749ee96d2cd3d5eba3300767" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Tunis", + "mode": 33188, + "size": 689, + "digest": { + "algorithm": "sha256", + "value": "38554c10ce1e613d84cf46deba1114093488a5c165756c6c576b84a1364850d2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Africa/Windhoek", + "mode": 33188, + "size": 993, + "digest": { + "algorithm": "sha256", + "value": "639c868f5284fdf750a11e21b9aa6a972cb48596c8afbc8f949d8efeb6128d1c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Adak", + "mode": 33188, + "size": 2356, + "digest": { + "algorithm": "sha256", + "value": "201d4387025000a6e13c9f631cb7fccd6e4369dec7224052f9d86feb81353a53" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Anchorage", + "mode": 33188, + "size": 2371, + "digest": { + "algorithm": "sha256", + "value": "a190353523d2d8159dca66299c21c53bc0656154be965e4a2e0d84cfd09b113b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Anguilla", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Antigua", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Araguaina", + "mode": 33188, + "size": 884, + "digest": { + "algorithm": "sha256", + "value": "929a628b2b6649079eb1f97234660cdebf0d5549750be820bb4f2cf7f4edf9ca" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Argentina", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Buenos_Aires", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "9ed9ff1851da75bac527866e854ea1daecdb170983c92f665d5e52dbca64185f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Catamarca", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "7621f57fdea46db63eee0258427482347b379fd7701c9a94852746371d4bec8d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Argentina/ComodRivadavia", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "7621f57fdea46db63eee0258427482347b379fd7701c9a94852746371d4bec8d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Cordoba", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "d57a883fc428d9b3d1efdd3d86b008faa02db726e6c045b89acec58d903961fc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Jujuy", + "mode": 33188, + "size": 1048, + "digest": { + "algorithm": "sha256", + "value": "e474744e564589fc09e672d39a0ef25978024f1f664616a17ece3f5aaef4c0e6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Argentina/La_Rioja", + "mode": 33188, + "size": 1090, + "digest": { + "algorithm": "sha256", + "value": "65ffc4dda905135614b7d319e31c5b4673aba766c7d43f818ec73448b15f4725" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Mendoza", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "e43262618790a5c2c147f228209b64e3722cc0978661ac31e46ca4b33b89f8dc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Rio_Gallegos", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "4fded6003c2f6ba25bc480af88d414b7fee2c3d73e9e5a08e10242b1c10d49c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Salta", + "mode": 33188, + "size": 1048, + "digest": { + "algorithm": "sha256", + "value": "013c34b91eaccd628fb3a8f3767eab7af4bb5310970f6e8e44aea3966b232f5f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Argentina/San_Juan", + "mode": 33188, + "size": 1090, + "digest": { + "algorithm": "sha256", + "value": "aa55baf776b44e7a1fcbe45d71506e598dc3bd34c6c56c1c61d294dd8f7ca57f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Argentina/San_Luis", + "mode": 33188, + "size": 1102, + "digest": { + "algorithm": "sha256", + "value": "59875cae8e7e15ef8de8b910b0ac31ff5b55a339a7069e7c0ced7e049b36b2ea" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Tucuman", + "mode": 33188, + "size": 1104, + "digest": { + "algorithm": "sha256", + "value": "c2c8e0d5ae4033574fda08ebd75da4defb79e2dadc38e33f4ad17be31cef0497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Ushuaia", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "f79e3c56fabf929c3f357e6ceb9bd8b886eabf0195f8f071ab099cadf94b2345" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Aruba", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Asuncion", + "mode": 33188, + "size": 1658, + "digest": { + "algorithm": "sha256", + "value": "a9e3a3a4b284bb3ed45dabfb7b1df7e14c482e835c7b5856ab6cdfbf1ef4c709" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Atikokan", + "mode": 33188, + "size": 182, + "digest": { + "algorithm": "sha256", + "value": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Atka", + "mode": 33188, + "size": 2356, + "digest": { + "algorithm": "sha256", + "value": "201d4387025000a6e13c9f631cb7fccd6e4369dec7224052f9d86feb81353a53" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Bahia", + "mode": 33188, + "size": 1024, + "digest": { + "algorithm": "sha256", + "value": "7262e448003320d9736065c1a800c4537b8f800f52e67b7ea75015dd9cbce956" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Bahia_Banderas", + "mode": 33188, + "size": 1100, + "digest": { + "algorithm": "sha256", + "value": "32fad7189e4bcda1ce7a0b89ab1b33c63c4c85569f1956e4fa88d711ceff6042" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Barbados", + "mode": 33188, + "size": 436, + "digest": { + "algorithm": "sha256", + "value": "8a66be42bae16b3bb841fbeed99d3e7ba13e193898927b8906ee9cdb2546f4b1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Belem", + "mode": 33188, + "size": 576, + "digest": { + "algorithm": "sha256", + "value": "ff6e7c85064b0845c15fcc512f2412c3e004fa38839a3570257df698de545049" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Belize", + "mode": 33188, + "size": 1614, + "digest": { + "algorithm": "sha256", + "value": "a647cb63629f3dc85b7896b5a56717996030a7866546fc562d57b35e7adb930b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Blanc-Sablon", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Boa_Vista", + "mode": 33188, + "size": 632, + "digest": { + "algorithm": "sha256", + "value": "5785553a4ac5515d6a51f569f44f7be0838916603943142b72d6ad4c111bfa1b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Bogota", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "afe3b7e1d826b7507bc08da3c5c7e5d2b0ae33dfb0d7f66a8c63708c98700e24" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Boise", + "mode": 33188, + "size": 2410, + "digest": { + "algorithm": "sha256", + "value": "ec742c34f262521790805cf99152ef4e77f9c615c061a78036a0ec9312b3d95b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Buenos_Aires", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "9ed9ff1851da75bac527866e854ea1daecdb170983c92f665d5e52dbca64185f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Cambridge_Bay", + "mode": 33188, + "size": 2254, + "digest": { + "algorithm": "sha256", + "value": "ff8c51957dd6755a4472aa13ea6c83ecd7930979e7f4e624fe21f4d3a6f050ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Campo_Grande", + "mode": 33188, + "size": 1444, + "digest": { + "algorithm": "sha256", + "value": "e41044351dfff20269e05fd48f6451927bd173824958d44f9d953d13bb5bf102" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Cancun", + "mode": 33188, + "size": 864, + "digest": { + "algorithm": "sha256", + "value": "11d574370d968cced59e3147a2ae63b126cbbae13b78fd4e13be2eb44c96246e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Caracas", + "mode": 33188, + "size": 264, + "digest": { + "algorithm": "sha256", + "value": "d8da705cf12d42423cd96099b905875dfeba54200371ac0ca5f84a4ecb80d31e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Catamarca", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "7621f57fdea46db63eee0258427482347b379fd7701c9a94852746371d4bec8d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Cayenne", + "mode": 33188, + "size": 198, + "digest": { + "algorithm": "sha256", + "value": "6ad55b5b90a1262290feafb7905b3e0cb4d365af69b64887926265ab8017a18e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Cayman", + "mode": 33188, + "size": 182, + "digest": { + "algorithm": "sha256", + "value": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Chicago", + "mode": 33188, + "size": 3592, + "digest": { + "algorithm": "sha256", + "value": "feba326ebe88eac20017a718748c46c68469a1e7f5e7716dcb8f1d43a6e6f686" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Chihuahua", + "mode": 33188, + "size": 1102, + "digest": { + "algorithm": "sha256", + "value": "dcd8336de760f00cc0ab1b1b4121b48d5471f8bc58970d62de4c7e63397ed887" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Ciudad_Juarez", + "mode": 33188, + "size": 1538, + "digest": { + "algorithm": "sha256", + "value": "8abe1bdbb0e216b84bd07e1f650f769c46be041a0f7cb588cf7a61537ef77601" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Coral_Harbour", + "mode": 33188, + "size": 182, + "digest": { + "algorithm": "sha256", + "value": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Cordoba", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "d57a883fc428d9b3d1efdd3d86b008faa02db726e6c045b89acec58d903961fc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Costa_Rica", + "mode": 33188, + "size": 316, + "digest": { + "algorithm": "sha256", + "value": "ef8ad86ba96b80893296cf4f907a3c482625f683aa8ae1b94bb31676725e94fe" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Coyhaique", + "mode": 33188, + "size": 2140, + "digest": { + "algorithm": "sha256", + "value": "1c54d0a27e44241baf597e2406334a6d29124ccc3a7edce42e070bab4f77c027" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Creston", + "mode": 33188, + "size": 360, + "digest": { + "algorithm": "sha256", + "value": "8a5973d2c62e2cbf2520f2b44e4a2ee9d2f455c93f0f45bfdeb4533af1584664" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Cuiaba", + "mode": 33188, + "size": 1416, + "digest": { + "algorithm": "sha256", + "value": "33416c47c4fdb388c54aecc3f108baa6ab5be917f6353cf254728666b9f9ea7e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Curacao", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Danmarkshavn", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6116407d40a856d68bd4bf8c60c60c1f5c3239a5509df528fe0167bcc5d2bb3c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Dawson", + "mode": 33188, + "size": 1614, + "digest": { + "algorithm": "sha256", + "value": "ac01e1cae32eca37ff7b20364811bbe8c4417ff7e3ff18b9140ba2595420261c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Dawson_Creek", + "mode": 33188, + "size": 1050, + "digest": { + "algorithm": "sha256", + "value": "6895c2c8fe23de0804e3018237e2eb4bd8690ffe73587cd04de4802935843d43" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Denver", + "mode": 33188, + "size": 2460, + "digest": { + "algorithm": "sha256", + "value": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Detroit", + "mode": 33188, + "size": 2230, + "digest": { + "algorithm": "sha256", + "value": "85e733f32a98d828f907ad46de02d9740559bd180af65d0ff7473f80dfae0f98" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Dominica", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Edmonton", + "mode": 33188, + "size": 2332, + "digest": { + "algorithm": "sha256", + "value": "f939087dcdd096f6827f4a7c08e678dd8d47441025fa7011522f8975778ad6f1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Eirunepe", + "mode": 33188, + "size": 656, + "digest": { + "algorithm": "sha256", + "value": "a52f741d9cd1c07e137fcba098a1df8a9857ef308fa99921ff408d6fe7c43003" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/El_Salvador", + "mode": 33188, + "size": 224, + "digest": { + "algorithm": "sha256", + "value": "82f18df0b923fac1a6dbfaecf0e52300c7f5a0cb4aa765deb3a51f593d16aa05" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Ensenada", + "mode": 33188, + "size": 2906, + "digest": { + "algorithm": "sha256", + "value": "8c2e7b321726e6345912da396796bdb3672bfc4bd1a91c65ee58b38e004d4ca5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Fort_Nelson", + "mode": 33188, + "size": 2240, + "digest": { + "algorithm": "sha256", + "value": "7ab7ce0ebdc3ad2a73eb990074eed3b367466d9c6f75d10fea0c78057df2d89d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Fort_Wayne", + "mode": 33188, + "size": 1682, + "digest": { + "algorithm": "sha256", + "value": "90d2b2f4a8fd202b226187c209b020833300edec5ff86a463ccc685e8707532c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Fortaleza", + "mode": 33188, + "size": 716, + "digest": { + "algorithm": "sha256", + "value": "9884ee32b44b4535b2a22174e0ecbf519f20c59a1f4e95c36e533cb7b721ed28" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Glace_Bay", + "mode": 33188, + "size": 2192, + "digest": { + "algorithm": "sha256", + "value": "1bc0c62c609aa47fda60217f3a168be50a277fb14e02000fc1e94ee61b425817" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Godthab", + "mode": 33188, + "size": 1903, + "digest": { + "algorithm": "sha256", + "value": "d10822ffacf8c01b25cee6d99f0f862eea713a894818a9f1a3b63353519c4202" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Goose_Bay", + "mode": 33188, + "size": 3210, + "digest": { + "algorithm": "sha256", + "value": "26068bb9e8214af5f683bdb914e7c882982fb2ac591b29163a1019586a506516" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Grand_Turk", + "mode": 33188, + "size": 1834, + "digest": { + "algorithm": "sha256", + "value": "e1838510f2bad017a5dbf7c2b18eaf499c5470c24a8e22adc8e7ff4349211305" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Grenada", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Guadeloupe", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Guatemala", + "mode": 33188, + "size": 280, + "digest": { + "algorithm": "sha256", + "value": "76e81480277a418e76c87907b943f88d15b3a39c78dfd2108a06980af105e3a4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Guayaquil", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "3db705e1bbc6026f9a17076d18fa2d272de46f8370a325b0c60c0bf7c05e5160" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Guyana", + "mode": 33188, + "size": 262, + "digest": { + "algorithm": "sha256", + "value": "89c1eed182c2261c24f43e3b7f85420478277b1eb21ab638245b6391f308783b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Halifax", + "mode": 33188, + "size": 3424, + "digest": { + "algorithm": "sha256", + "value": "4d9a667393f05a82df4df42843f6f7535ec113689529278d911d07a3c99b4e7f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Havana", + "mode": 33188, + "size": 2416, + "digest": { + "algorithm": "sha256", + "value": "1d441e02e281b04908e522d98eaca75c808e51539a8e42b3287e6bf8ebf939d7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Hermosillo", + "mode": 33188, + "size": 388, + "digest": { + "algorithm": "sha256", + "value": "8b160a7acb4b992ee05a86e4f4aaba16d2d9a35caa6d601cb6b1542a5bb372dc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Indiana", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Indiana/Indianapolis", + "mode": 33188, + "size": 1682, + "digest": { + "algorithm": "sha256", + "value": "90d2b2f4a8fd202b226187c209b020833300edec5ff86a463ccc685e8707532c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Indiana/Knox", + "mode": 33188, + "size": 2444, + "digest": { + "algorithm": "sha256", + "value": "0acbd9e412b0daa55abf7c7f17c094f6d68974393b8d7e3509fb2a9acea35d5f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Indiana/Marengo", + "mode": 33188, + "size": 1738, + "digest": { + "algorithm": "sha256", + "value": "7f7b50fa580c49403b9ef9fae295e12ad24bee65b319a8e809e81ae4c10949b2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Indiana/Petersburg", + "mode": 33188, + "size": 1920, + "digest": { + "algorithm": "sha256", + "value": "03cf0e1ee334460de230b1e32a05eafddda36427554b2b5442cfbd5b429c1724" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Indiana/Tell_City", + "mode": 33188, + "size": 1700, + "digest": { + "algorithm": "sha256", + "value": "e1d5aa02bf58d815df2f8a40424fbcd5cde01a5d9c35d1d7383effc09861867f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Indiana/Vevay", + "mode": 33188, + "size": 1430, + "digest": { + "algorithm": "sha256", + "value": "1fb551d86fbfb03fc2e519b83f78358910b515608f8389b43060f73f53cbcec9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Indiana/Vincennes", + "mode": 33188, + "size": 1710, + "digest": { + "algorithm": "sha256", + "value": "eb6980c53ec03c509aa3281f96713374ea5ef9fb96d7239b23a9ba11451c4bb0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Indiana/Winamac", + "mode": 33188, + "size": 1794, + "digest": { + "algorithm": "sha256", + "value": "69918cda347c087f411d252aed7ca08b078377a768ad72cf5e0db8e97b1b47ab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Indianapolis", + "mode": 33188, + "size": 1682, + "digest": { + "algorithm": "sha256", + "value": "90d2b2f4a8fd202b226187c209b020833300edec5ff86a463ccc685e8707532c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Inuvik", + "mode": 33188, + "size": 2074, + "digest": { + "algorithm": "sha256", + "value": "e89fa66a90e7ae4f40d4bb6cc28137e2da92cbfb9f79d70404dc62c64ac48c8a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Iqaluit", + "mode": 33188, + "size": 2202, + "digest": { + "algorithm": "sha256", + "value": "7de3a7c40374374afe335aa592b03824cc9ac28734b6a69ed2288108f0c0b389" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Jamaica", + "mode": 33188, + "size": 482, + "digest": { + "algorithm": "sha256", + "value": "c256a089e50f45fe7e6de89efa1ed0b0e35b3738c6b26f2f32cf2e7f6f29c36f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Jujuy", + "mode": 33188, + "size": 1048, + "digest": { + "algorithm": "sha256", + "value": "e474744e564589fc09e672d39a0ef25978024f1f664616a17ece3f5aaef4c0e6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Juneau", + "mode": 33188, + "size": 2353, + "digest": { + "algorithm": "sha256", + "value": "93b8716f46864677e713e0c18b72e472303344fc807f4fc7c34bd515f8c679bd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Kentucky", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Kentucky/Louisville", + "mode": 33188, + "size": 2788, + "digest": { + "algorithm": "sha256", + "value": "b4fd3bdb157f9ffbc8423c71709efb0067868fac8bd4a3e99f77f089db3d8355" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Kentucky/Monticello", + "mode": 33188, + "size": 2368, + "digest": { + "algorithm": "sha256", + "value": "2ed7720a8f3906b5d0b3aae51fad589bef0aa961c7e8fc003a30f44318487733" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Knox_IN", + "mode": 33188, + "size": 2444, + "digest": { + "algorithm": "sha256", + "value": "0acbd9e412b0daa55abf7c7f17c094f6d68974393b8d7e3509fb2a9acea35d5f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Kralendijk", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/La_Paz", + "mode": 33188, + "size": 232, + "digest": { + "algorithm": "sha256", + "value": "3c0185d9553f40ec36c53d42a9da763fc023f615cc55694207257b72f7c843f9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Lima", + "mode": 33188, + "size": 406, + "digest": { + "algorithm": "sha256", + "value": "2470c283de6ec3a044bb86b819fca2926d6cf2b9bc02c60f1bc749c5040d645b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Los_Angeles", + "mode": 33188, + "size": 2852, + "digest": { + "algorithm": "sha256", + "value": "68977bb9ad6d186fefc6c7abd36010a66e30008dcb2d376087a41c49861e7268" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Louisville", + "mode": 33188, + "size": 2788, + "digest": { + "algorithm": "sha256", + "value": "b4fd3bdb157f9ffbc8423c71709efb0067868fac8bd4a3e99f77f089db3d8355" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Lower_Princes", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Maceio", + "mode": 33188, + "size": 744, + "digest": { + "algorithm": "sha256", + "value": "a738cd82199e1e1bc5e1a237703ab61bfe6def505234621b4401793662720e6c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Managua", + "mode": 33188, + "size": 430, + "digest": { + "algorithm": "sha256", + "value": "c41cc5d350079f61367c3f10772f831c57b7e94aa878da4a3df0a176e04a59d9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Manaus", + "mode": 33188, + "size": 604, + "digest": { + "algorithm": "sha256", + "value": "969e91964717250ee64ac2aa9c4802f2cbc956b143264ff5eb1c6f7e9352a4ae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Marigot", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Martinique", + "mode": 33188, + "size": 232, + "digest": { + "algorithm": "sha256", + "value": "7ccb3cd24394d9816f0b47fdcb67a37bdec9780b536016a65eb9e54ee9cd2f34" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Matamoros", + "mode": 33188, + "size": 1418, + "digest": { + "algorithm": "sha256", + "value": "7eaf8fa9d999ad0f7c52c1661c0f62be3059bf91840514ceb8b4390aee5a8d6f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Mazatlan", + "mode": 33188, + "size": 1060, + "digest": { + "algorithm": "sha256", + "value": "0561f636a54f0353ecc842cf37fd8117c2a596bb26424aa0d5eba3b10be79f1f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Mendoza", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "e43262618790a5c2c147f228209b64e3722cc0978661ac31e46ca4b33b89f8dc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Menominee", + "mode": 33188, + "size": 2274, + "digest": { + "algorithm": "sha256", + "value": "02bbfd58b6df84d72946c5231c353be7b044770969d3c1addf4022c46de0674e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Merida", + "mode": 33188, + "size": 1004, + "digest": { + "algorithm": "sha256", + "value": "4953441c26b38e899fb67b8f5416b2148f84f884345a696e1df4e91cfd21dddd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Metlakatla", + "mode": 33188, + "size": 1423, + "digest": { + "algorithm": "sha256", + "value": "b709a27864d563657e53c9c5c6abf1edab18bfc1958de59d2edace23b500a552" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Mexico_City", + "mode": 33188, + "size": 1222, + "digest": { + "algorithm": "sha256", + "value": "528836f85316cf6a35da347ab0af6f7a625a98b7a8e8e105310477b34c53c647" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Miquelon", + "mode": 33188, + "size": 1666, + "digest": { + "algorithm": "sha256", + "value": "c1e3fb359fc8c508ace29266314768a6211b28e217c2457b2d3c6e9e0cdbf06d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Moncton", + "mode": 33188, + "size": 3154, + "digest": { + "algorithm": "sha256", + "value": "5a6bfe6e4f5a28a7165b33a9735505bbaec739fc1a224d969a1dcb82a19cb72b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Monterrey", + "mode": 33188, + "size": 1114, + "digest": { + "algorithm": "sha256", + "value": "622c5311226e6dfe990545f2ea0df6840336811e065d73ea394e2dbf42f7906d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Montevideo", + "mode": 33188, + "size": 1510, + "digest": { + "algorithm": "sha256", + "value": "e237204de80ae57f05d32358ce4fb7a32499e14f57434f546d327f9a5bbc37bd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Montreal", + "mode": 33188, + "size": 3494, + "digest": { + "algorithm": "sha256", + "value": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Montserrat", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Nassau", + "mode": 33188, + "size": 3494, + "digest": { + "algorithm": "sha256", + "value": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/New_York", + "mode": 33188, + "size": 3552, + "digest": { + "algorithm": "sha256", + "value": "e9ed07d7bee0c76a9d442d091ef1f01668fee7c4f26014c0a868b19fe6c18a95" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Nipigon", + "mode": 33188, + "size": 3494, + "digest": { + "algorithm": "sha256", + "value": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Nome", + "mode": 33188, + "size": 2367, + "digest": { + "algorithm": "sha256", + "value": "da2cccdfe3fe3ea27dcdae8c761cc57ccbcf14dabb1a29baf6d02f1303de636b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Noronha", + "mode": 33188, + "size": 716, + "digest": { + "algorithm": "sha256", + "value": "dd1e252d5f238394a58e10b9395542939d58efb11f8e8eb309efa8a6983f145a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/North_Dakota", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/North_Dakota/Beulah", + "mode": 33188, + "size": 2396, + "digest": { + "algorithm": "sha256", + "value": "aad81ba8dbbc3370241c5da7fbfa12a6cd69613e12c607256e490f29b5da047b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/North_Dakota/Center", + "mode": 33188, + "size": 2396, + "digest": { + "algorithm": "sha256", + "value": "f5959b2bd60a92ab942f2054152dcbaff89dc5bb7b57bcb85b810ed0a9f6d2cc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/North_Dakota/New_Salem", + "mode": 33188, + "size": 2396, + "digest": { + "algorithm": "sha256", + "value": "0c7fdbb107ee5272b6a1b75bd3a2a08ac3b85cbaa1b75d815ddae052c659bde8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Nuuk", + "mode": 33188, + "size": 1903, + "digest": { + "algorithm": "sha256", + "value": "d10822ffacf8c01b25cee6d99f0f862eea713a894818a9f1a3b63353519c4202" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Ojinaga", + "mode": 33188, + "size": 1524, + "digest": { + "algorithm": "sha256", + "value": "6f7f10ffb55d902673695c1bece5ee75d8a1240cd428f4d3a97726a419b59ed1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Panama", + "mode": 33188, + "size": 182, + "digest": { + "algorithm": "sha256", + "value": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Pangnirtung", + "mode": 33188, + "size": 2202, + "digest": { + "algorithm": "sha256", + "value": "7de3a7c40374374afe335aa592b03824cc9ac28734b6a69ed2288108f0c0b389" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Paramaribo", + "mode": 33188, + "size": 262, + "digest": { + "algorithm": "sha256", + "value": "1e6e6d0f05269e84eb4d43c43b8580adf485ef8663cb0544a1ccb890be751730" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Phoenix", + "mode": 33188, + "size": 360, + "digest": { + "algorithm": "sha256", + "value": "8a5973d2c62e2cbf2520f2b44e4a2ee9d2f455c93f0f45bfdeb4533af1584664" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Port-au-Prince", + "mode": 33188, + "size": 1434, + "digest": { + "algorithm": "sha256", + "value": "d3d64025de083a23297dda54b85d54e3847f851b7a06fa409055ce9d83bdc8e3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Port_of_Spain", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Porto_Acre", + "mode": 33188, + "size": 628, + "digest": { + "algorithm": "sha256", + "value": "d7ba27926f0ffd580c904ae32bdaebd2ac0d9e2eeaa7db6071467dde0de5b4eb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Porto_Velho", + "mode": 33188, + "size": 576, + "digest": { + "algorithm": "sha256", + "value": "6517f380612edba86797724fb6264b3921468ff58149b38a7622c2d712327397" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Puerto_Rico", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Punta_Arenas", + "mode": 33188, + "size": 1916, + "digest": { + "algorithm": "sha256", + "value": "dfd2c88e86a8399349656b1820dfd061d842e1caea6c2e8b5abc683d6761f441" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Rainy_River", + "mode": 33188, + "size": 2868, + "digest": { + "algorithm": "sha256", + "value": "ecffbf610ae77857289fb40a4933a79221a3129a450e7dd9e3c309d6aabc541c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Rankin_Inlet", + "mode": 33188, + "size": 2066, + "digest": { + "algorithm": "sha256", + "value": "9d782a8cbdced815747a6f9793ca9545165bfd7d324261c4eaf9924af23d2b37" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Recife", + "mode": 33188, + "size": 716, + "digest": { + "algorithm": "sha256", + "value": "8a314dd99cd97b9a0161d97c020dd2c261a38f625e558617d95a3bebb836b3a2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Regina", + "mode": 33188, + "size": 980, + "digest": { + "algorithm": "sha256", + "value": "ca3a93d3ca476c80987bcdc7f099ad68306f085a91bfb4dfcdedd8f31b97ba4c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Resolute", + "mode": 33188, + "size": 2066, + "digest": { + "algorithm": "sha256", + "value": "0a7314d9d048fbadefb7cf89d10d51a29c7ef1bf694422e386faf270c21e7468" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Rio_Branco", + "mode": 33188, + "size": 628, + "digest": { + "algorithm": "sha256", + "value": "d7ba27926f0ffd580c904ae32bdaebd2ac0d9e2eeaa7db6071467dde0de5b4eb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Rosario", + "mode": 33188, + "size": 1076, + "digest": { + "algorithm": "sha256", + "value": "d57a883fc428d9b3d1efdd3d86b008faa02db726e6c045b89acec58d903961fc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Santa_Isabel", + "mode": 33188, + "size": 2906, + "digest": { + "algorithm": "sha256", + "value": "8c2e7b321726e6345912da396796bdb3672bfc4bd1a91c65ee58b38e004d4ca5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Santarem", + "mode": 33188, + "size": 602, + "digest": { + "algorithm": "sha256", + "value": "1a5fe5237a4f679ed42185d6726693a45a960c0e6b7ba6c78759d6b3f674f8d7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Santiago", + "mode": 33188, + "size": 2529, + "digest": { + "algorithm": "sha256", + "value": "ef9d2bf24112c65671eea391722ad6ae2cbf5f2f6ed5fcee8cc2c860780bfa01" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Santo_Domingo", + "mode": 33188, + "size": 458, + "digest": { + "algorithm": "sha256", + "value": "0cab5a123f1f43ddb26c84d3594e019b5eb44bda732665156e36964677a7c54e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Sao_Paulo", + "mode": 33188, + "size": 1444, + "digest": { + "algorithm": "sha256", + "value": "70edd519e90c19d49fd72e1ffd4824a433117acdbafa5d68194a038252225108" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Scoresbysund", + "mode": 33188, + "size": 1949, + "digest": { + "algorithm": "sha256", + "value": "75a39cf7fa0b8f250c4f8453d43588fbcc7d0e0ae58be81e2d45ce8891292c96" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Shiprock", + "mode": 33188, + "size": 2460, + "digest": { + "algorithm": "sha256", + "value": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Sitka", + "mode": 33188, + "size": 2329, + "digest": { + "algorithm": "sha256", + "value": "6a24bb164dfb859a7367d56478941e17e06a4cb442d503930a03002704fc5310" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/St_Barthelemy", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/St_Johns", + "mode": 33188, + "size": 3655, + "digest": { + "algorithm": "sha256", + "value": "af5fb5eee2afdbb799dc9b15930fc32d941ba3ac2f8eeb95bbb0b6a43b263a02" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/St_Kitts", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/St_Lucia", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/St_Thomas", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/St_Vincent", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Swift_Current", + "mode": 33188, + "size": 560, + "digest": { + "algorithm": "sha256", + "value": "45128e17bbd90bc56f6310fc3cfe09d7f8543dac8a04fecbbbcd1abd191f3c36" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Tegucigalpa", + "mode": 33188, + "size": 252, + "digest": { + "algorithm": "sha256", + "value": "1333b3ee7b5396b78cabaf4967609c01bf0fb3df15f5b50c378f34b693c8cb0e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Thule", + "mode": 33188, + "size": 1502, + "digest": { + "algorithm": "sha256", + "value": "f31b8f45a654f1180ee440aa1581d89a71e2a1cf35b0139a8a5915bbc634da2f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Thunder_Bay", + "mode": 33188, + "size": 3494, + "digest": { + "algorithm": "sha256", + "value": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Tijuana", + "mode": 33188, + "size": 2906, + "digest": { + "algorithm": "sha256", + "value": "8c2e7b321726e6345912da396796bdb3672bfc4bd1a91c65ee58b38e004d4ca5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Toronto", + "mode": 33188, + "size": 3494, + "digest": { + "algorithm": "sha256", + "value": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Tortola", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Vancouver", + "mode": 33188, + "size": 2892, + "digest": { + "algorithm": "sha256", + "value": "b249ca1f48d23d66a6f831df337e6a5ecf0d6a6edde5316591423d4a0c6bcb28" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Virgin", + "mode": 33188, + "size": 246, + "digest": { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Whitehorse", + "mode": 33188, + "size": 1614, + "digest": { + "algorithm": "sha256", + "value": "4eb47a3c29d81be9920a504ca21aa53fcaa76215cc52cc9d23e2feaae5c5c723" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Winnipeg", + "mode": 33188, + "size": 2868, + "digest": { + "algorithm": "sha256", + "value": "ecffbf610ae77857289fb40a4933a79221a3129a450e7dd9e3c309d6aabc541c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Yakutat", + "mode": 33188, + "size": 2305, + "digest": { + "algorithm": "sha256", + "value": "b45c2729bbf0872ca7e0b353027e727bf2560ddc6309eacd0edee83b05303b63" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/America/Yellowknife", + "mode": 33188, + "size": 2332, + "digest": { + "algorithm": "sha256", + "value": "f939087dcdd096f6827f4a7c08e678dd8d47441025fa7011522f8975778ad6f1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Antarctica", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Antarctica/Casey", + "mode": 33188, + "size": 437, + "digest": { + "algorithm": "sha256", + "value": "f8c45f27605f5b7f12c009a914042a53ad991ac268056fc49b61a093d620be52" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Antarctica/Davis", + "mode": 33188, + "size": 297, + "digest": { + "algorithm": "sha256", + "value": "e8fa24c8e69a212453375dec8acb8681db79bc6e40d98a8da282697cb4dbe524" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Antarctica/DumontDUrville", + "mode": 33188, + "size": 186, + "digest": { + "algorithm": "sha256", + "value": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Antarctica/Macquarie", + "mode": 33188, + "size": 2260, + "digest": { + "algorithm": "sha256", + "value": "89eed195a53c4474e8ad5563f8c5fc4ad28cab1fe85dfe141f63d4aa9cdcc1ed" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Antarctica/Mawson", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "f535b583fcf4b64e447de07b2baf55268f1a80eefe2bd67159b8aa34a9d464d1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Antarctica/McMurdo", + "mode": 33188, + "size": 2437, + "digest": { + "algorithm": "sha256", + "value": "8000e3a323e8fd0212414e9426b020707a771c368ca0e151747f9ddb7b814b27" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Antarctica/Palmer", + "mode": 33188, + "size": 1418, + "digest": { + "algorithm": "sha256", + "value": "0d6fc35c1c97839327319fb0d5b35dbbc6f494a3980ff120acf45de44732126e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Antarctica/Rothera", + "mode": 33188, + "size": 164, + "digest": { + "algorithm": "sha256", + "value": "4102359b520de3fd9ee816f4cfeace61a3b0c69e178cc24338a33d4850d43ca8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Antarctica/South_Pole", + "mode": 33188, + "size": 2437, + "digest": { + "algorithm": "sha256", + "value": "8000e3a323e8fd0212414e9426b020707a771c368ca0e151747f9ddb7b814b27" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Antarctica/Syowa", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "aeaf4a3e3f25d050679ca9fddd690c780d489e036d4f3939fe8578b04661738c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Antarctica/Troll", + "mode": 33188, + "size": 1162, + "digest": { + "algorithm": "sha256", + "value": "df3ae1f8ffe3302b2cf461b01c9247932a5967276ae26920a3f4c3a9cb67ddce" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Antarctica/Vostok", + "mode": 33188, + "size": 227, + "digest": { + "algorithm": "sha256", + "value": "fd919da6bacf97141ca6169c92cf789f6a6e5a7c816564b5a9f17b329124355d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Arctic", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Arctic/Longyearbyen", + "mode": 33188, + "size": 2298, + "digest": { + "algorithm": "sha256", + "value": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Aden", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "aeaf4a3e3f25d050679ca9fddd690c780d489e036d4f3939fe8578b04661738c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Almaty", + "mode": 33188, + "size": 997, + "digest": { + "algorithm": "sha256", + "value": "0027ca41ce1a18262ee881b9daf8d4c0493240ccc468da435d757868d118c81e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Amman", + "mode": 33188, + "size": 1447, + "digest": { + "algorithm": "sha256", + "value": "5fd1b785b66b85d591515bc49aaf85e05e94a1c4156698f0a2b6c17eee93d9f6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Anadyr", + "mode": 33188, + "size": 1188, + "digest": { + "algorithm": "sha256", + "value": "8430d3972e397a3a1554ff40974ed398aa5300234625a20f95c5cb45bb06ff88" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Aqtau", + "mode": 33188, + "size": 983, + "digest": { + "algorithm": "sha256", + "value": "0397b164ddb9e896a01494dc6ac81d0ab43c8223aa6761053115580564daa990" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Aqtobe", + "mode": 33188, + "size": 1011, + "digest": { + "algorithm": "sha256", + "value": "2d0ecfe4b1047bb8db59b8eabf398cefd734a3a01d65e084c504be7ce5a9f32c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Ashgabat", + "mode": 33188, + "size": 619, + "digest": { + "algorithm": "sha256", + "value": "2f80d85769995b272c61e1c8ca95f33ba64d637b43f308e0c5f3d1d993d6dba7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Ashkhabad", + "mode": 33188, + "size": 619, + "digest": { + "algorithm": "sha256", + "value": "2f80d85769995b272c61e1c8ca95f33ba64d637b43f308e0c5f3d1d993d6dba7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Atyrau", + "mode": 33188, + "size": 991, + "digest": { + "algorithm": "sha256", + "value": "dee128f3d391c8326a43f4ed6907487fd50f681f16a88450562d2079e63d8151" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Baghdad", + "mode": 33188, + "size": 983, + "digest": { + "algorithm": "sha256", + "value": "9503125273ae8a36dca13682a8c3676219ef2ad4b62153ff917140cde3d53435" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Bahrain", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "574ac525d2c722b4e82795a5dbc573568c3009566863c65949e369fbb90ebe36" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Baku", + "mode": 33188, + "size": 1227, + "digest": { + "algorithm": "sha256", + "value": "be11e796268e751c8db9d974b0524574bca7120d0773423e22264d7db0de09b3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Bangkok", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "798ab4be1f3d3758f4ebd511a10bed06ed277446a5e853ebb5b17c58228aa43c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Barnaul", + "mode": 33188, + "size": 1221, + "digest": { + "algorithm": "sha256", + "value": "d9cd42abc5d89418326d140c3fcc343427fb91a2c3acf66d1a7e0ce622596c9a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Beirut", + "mode": 33188, + "size": 2154, + "digest": { + "algorithm": "sha256", + "value": "fd9ff664083f88bf6f539d490c1f02074e2e5c10eb7f590b222b3e2675da4b6a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Bishkek", + "mode": 33188, + "size": 983, + "digest": { + "algorithm": "sha256", + "value": "768ff8922d49bd22aea54aef973f634641eca4385dbe4d43d88901c85b248c93" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Brunei", + "mode": 33188, + "size": 483, + "digest": { + "algorithm": "sha256", + "value": "2ac02d4346a8708368ce2c705bb0a4a2b63ed4f4cb96c8fb5149d01903046134" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Calcutta", + "mode": 33188, + "size": 285, + "digest": { + "algorithm": "sha256", + "value": "e90c341036cb7203200e293cb3b513267e104a39a594f35e195254e6bc0a17cf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Chita", + "mode": 33188, + "size": 1221, + "digest": { + "algorithm": "sha256", + "value": "e0808e7005401169cff9c75ffd826ed7f90262760f1b6fef61f49bb8d23e5702" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Choibalsan", + "mode": 33188, + "size": 891, + "digest": { + "algorithm": "sha256", + "value": "bb2412cc8065d1fd935c7ae6526dd53ecd42f6ba34d77858980971eb25238776" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Chongqing", + "mode": 33188, + "size": 561, + "digest": { + "algorithm": "sha256", + "value": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Chungking", + "mode": 33188, + "size": 561, + "digest": { + "algorithm": "sha256", + "value": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Colombo", + "mode": 33188, + "size": 372, + "digest": { + "algorithm": "sha256", + "value": "1c679af63b30208833ee4db42d3cdb2ad43252e9faec83f91efb19ae60096496" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Dacca", + "mode": 33188, + "size": 337, + "digest": { + "algorithm": "sha256", + "value": "dcae6594685ca4275930c709ba8988095bfb9599434695383d46f90ed171f25e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Damascus", + "mode": 33188, + "size": 1887, + "digest": { + "algorithm": "sha256", + "value": "fb90ce2ad6329e7b146189c13108a7dd7b2d850f58e651bebdd9e20fde6d2037" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Dhaka", + "mode": 33188, + "size": 337, + "digest": { + "algorithm": "sha256", + "value": "dcae6594685ca4275930c709ba8988095bfb9599434695383d46f90ed171f25e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Dili", + "mode": 33188, + "size": 271, + "digest": { + "algorithm": "sha256", + "value": "9d4384e3039ac9fc4b4d9c3becc8aa43802f9ccecd8e0b20bbb82fb1ba227f61" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Dubai", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "fa06b49b7b9af58ea4496444cf6fd576d715024abcdd6ad6defc63048ed6346b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Dushanbe", + "mode": 33188, + "size": 591, + "digest": { + "algorithm": "sha256", + "value": "15493d4edfc68a67d1ba57166a612fb8ebc0ec5439d987d9a90db0f3ca8cc7a3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Famagusta", + "mode": 33188, + "size": 2028, + "digest": { + "algorithm": "sha256", + "value": "085adcca077cb9d7b9c7a384b5f33f0f0d0a607a31a4f3f3ab8e8aa075718e37" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Gaza", + "mode": 33188, + "size": 3844, + "digest": { + "algorithm": "sha256", + "value": "b7463171440be7754d2a729b2a28e7d0e13f31aaf21329e89da6ec7be893b73b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Harbin", + "mode": 33188, + "size": 561, + "digest": { + "algorithm": "sha256", + "value": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Hebron", + "mode": 33188, + "size": 3872, + "digest": { + "algorithm": "sha256", + "value": "e98d144872b1fb1a02c42aff5a90ae337a253f5bd41a7ceb7271a2c9015ca9d4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Ho_Chi_Minh", + "mode": 33188, + "size": 351, + "digest": { + "algorithm": "sha256", + "value": "e23774e40786df8d8cc1ef0fb6a6a72ba32c94d9cb7765fb06ed4dfd8c96065e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Hong_Kong", + "mode": 33188, + "size": 1233, + "digest": { + "algorithm": "sha256", + "value": "6a5fcee243e5ab92698242d88c4699ceb7208a22ee97d342d11e41ebd2555a17" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Hovd", + "mode": 33188, + "size": 891, + "digest": { + "algorithm": "sha256", + "value": "2549cea2cecf3538b65512b10fa5e7695477369ba1b17fcf8b5f2b23355ed71c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Irkutsk", + "mode": 33188, + "size": 1243, + "digest": { + "algorithm": "sha256", + "value": "894259095063a5f078acd2893abea0d33519b5c718624fc6934c13925c7c623d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Istanbul", + "mode": 33188, + "size": 1947, + "digest": { + "algorithm": "sha256", + "value": "d92d00fdfed5c6fc84ac930c08fa8adf7002840dbd21590caf5a3e4a932d3319" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Jakarta", + "mode": 33188, + "size": 383, + "digest": { + "algorithm": "sha256", + "value": "4ef13306f4b37f314274eb0c019d10811f79240e717f790064e361cb98045d11" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Jayapura", + "mode": 33188, + "size": 221, + "digest": { + "algorithm": "sha256", + "value": "8a1cd477e2fc1d456a1be35ad743323c4f986308d5163fb17abaa34cde04259b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Jerusalem", + "mode": 33188, + "size": 2388, + "digest": { + "algorithm": "sha256", + "value": "254b964265b94e16b4a498f0eb543968dec25f4cf80fba29b3d38e4a775ae837" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Kabul", + "mode": 33188, + "size": 208, + "digest": { + "algorithm": "sha256", + "value": "89a97b4afc1e1d34170e5efd3275e6e901ed8b0da2ed9b757b9bab2d753c4aaf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Kamchatka", + "mode": 33188, + "size": 1166, + "digest": { + "algorithm": "sha256", + "value": "a4103445bca72932ac30299fda124c67f8605543de9a6b3e55c78c309ed00bae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Karachi", + "mode": 33188, + "size": 379, + "digest": { + "algorithm": "sha256", + "value": "881fa658c4d75327c1c00919773f3f526130d31b20c48b9bf8a348eda9338649" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Kashgar", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "0045c32793f140e85e3d9670d50665f7c9a80cd6be6d6dc8dd654d4191c13d80" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Kathmandu", + "mode": 33188, + "size": 212, + "digest": { + "algorithm": "sha256", + "value": "4d4796eeb0d289f3934ac371be8f628086197c621311951ffb4123825c910d6b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Katmandu", + "mode": 33188, + "size": 212, + "digest": { + "algorithm": "sha256", + "value": "4d4796eeb0d289f3934ac371be8f628086197c621311951ffb4123825c910d6b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Khandyga", + "mode": 33188, + "size": 1271, + "digest": { + "algorithm": "sha256", + "value": "5d8cc4dadb04e526b2f698347070d090413d693bb2da988548b006c7f77e7663" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Kolkata", + "mode": 33188, + "size": 285, + "digest": { + "algorithm": "sha256", + "value": "e90c341036cb7203200e293cb3b513267e104a39a594f35e195254e6bc0a17cf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Krasnoyarsk", + "mode": 33188, + "size": 1207, + "digest": { + "algorithm": "sha256", + "value": "9f3470e0f2360222bf19ef39e1bf14ed3483c342c6432ddc6b962e38e5365f02" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Kuala_Lumpur", + "mode": 33188, + "size": 415, + "digest": { + "algorithm": "sha256", + "value": "739e349e40a3e820c222f70c4c9d55810b65987ffb14e494d08b145ed3445711" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Kuching", + "mode": 33188, + "size": 483, + "digest": { + "algorithm": "sha256", + "value": "2ac02d4346a8708368ce2c705bb0a4a2b63ed4f4cb96c8fb5149d01903046134" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Kuwait", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "aeaf4a3e3f25d050679ca9fddd690c780d489e036d4f3939fe8578b04661738c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Macao", + "mode": 33188, + "size": 1227, + "digest": { + "algorithm": "sha256", + "value": "32f02447246cac0dabd39d88b65c85e5b8761617918c8d233f0834b88887d989" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Macau", + "mode": 33188, + "size": 1227, + "digest": { + "algorithm": "sha256", + "value": "32f02447246cac0dabd39d88b65c85e5b8761617918c8d233f0834b88887d989" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Magadan", + "mode": 33188, + "size": 1222, + "digest": { + "algorithm": "sha256", + "value": "72ac23290b7c4e5ce7335c360decc066ecf512378e7cbc4f792635f62f7391f4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Makassar", + "mode": 33188, + "size": 254, + "digest": { + "algorithm": "sha256", + "value": "3a126d0aa493114faee67d28a4154ee41bbec10cdc60fcbd4bfe9a02125780ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Manila", + "mode": 33188, + "size": 422, + "digest": { + "algorithm": "sha256", + "value": "f314d21c542e615756dd385d36a896cd57ba16fef983fe6b4d061444bbf1ac9e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Muscat", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "fa06b49b7b9af58ea4496444cf6fd576d715024abcdd6ad6defc63048ed6346b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Nicosia", + "mode": 33188, + "size": 2002, + "digest": { + "algorithm": "sha256", + "value": "d149e6d08153ec7c86790ec5def4daffe9257f2b0282bba5a853ba043d699595" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Novokuznetsk", + "mode": 33188, + "size": 1165, + "digest": { + "algorithm": "sha256", + "value": "bd019ca8a766626583765ef740f65373269d9e8a5ed513c9e2806065e950bbdd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Novosibirsk", + "mode": 33188, + "size": 1221, + "digest": { + "algorithm": "sha256", + "value": "0292f7b36d075f6788027a34dc709ad915dd94ba2d55bf49be7665ed6d6c334d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Omsk", + "mode": 33188, + "size": 1207, + "digest": { + "algorithm": "sha256", + "value": "c316c47ac7deedd24e90d3df7ea4f04fac2e4d249333a13d7f4b85300cb33023" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Oral", + "mode": 33188, + "size": 1005, + "digest": { + "algorithm": "sha256", + "value": "88c8ea0f82ef0e0cb1375e6fec2ab211d043c8115a3a50a1c17d701f3d898954" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Phnom_Penh", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "798ab4be1f3d3758f4ebd511a10bed06ed277446a5e853ebb5b17c58228aa43c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Pontianak", + "mode": 33188, + "size": 353, + "digest": { + "algorithm": "sha256", + "value": "8a7397c2e2ad8cabf5cff7a588f65222a8d2b7ac21b6ec613de1b56298d4fc14" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Pyongyang", + "mode": 33188, + "size": 237, + "digest": { + "algorithm": "sha256", + "value": "ffe8371a70c0b5f0d7e17024b571fd8c5a2e2d40e63a8be78e839fbd1a540ec1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Qatar", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "574ac525d2c722b4e82795a5dbc573568c3009566863c65949e369fbb90ebe36" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Qostanay", + "mode": 33188, + "size": 1039, + "digest": { + "algorithm": "sha256", + "value": "f76633d7074fa667abc02f50d5685c95e2023102c3c1c68d8550ae36c09e77b5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Qyzylorda", + "mode": 33188, + "size": 1025, + "digest": { + "algorithm": "sha256", + "value": "6a2491c70a146d0f930477f6c1cc9a3a141bf3a8f78d0a57c1c41a48f9c0b705" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Rangoon", + "mode": 33188, + "size": 268, + "digest": { + "algorithm": "sha256", + "value": "647b97f97547afc746263acf439716edbf23414bf78a1c9df95ccde78e6694c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Riyadh", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "aeaf4a3e3f25d050679ca9fddd690c780d489e036d4f3939fe8578b04661738c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Saigon", + "mode": 33188, + "size": 351, + "digest": { + "algorithm": "sha256", + "value": "e23774e40786df8d8cc1ef0fb6a6a72ba32c94d9cb7765fb06ed4dfd8c96065e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Sakhalin", + "mode": 33188, + "size": 1202, + "digest": { + "algorithm": "sha256", + "value": "f7901d3f03a049ed20f70771ebb90a2c36e3bd8dc5b697950680166c955ca34c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Samarkand", + "mode": 33188, + "size": 577, + "digest": { + "algorithm": "sha256", + "value": "0417ba1a0fca95242e4b9840cafbe165698295c2c96858e708d182dfdd471d03" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Seoul", + "mode": 33188, + "size": 617, + "digest": { + "algorithm": "sha256", + "value": "2c8f4bb15dd77090b497e2a841ff3323ecbbae4f9dbb9edead2f8dd8fb5d8bb4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Shanghai", + "mode": 33188, + "size": 561, + "digest": { + "algorithm": "sha256", + "value": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Singapore", + "mode": 33188, + "size": 415, + "digest": { + "algorithm": "sha256", + "value": "739e349e40a3e820c222f70c4c9d55810b65987ffb14e494d08b145ed3445711" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Srednekolymsk", + "mode": 33188, + "size": 1208, + "digest": { + "algorithm": "sha256", + "value": "d039655bcab95605c4315e5cfe72c912566c3696aebcd84d00242972076a125d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Taipei", + "mode": 33188, + "size": 761, + "digest": { + "algorithm": "sha256", + "value": "0cc990c0ea4faa5db9b9edcd7fcbc028a4f87a6d3a0f567dac76cb222b718b19" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Tashkent", + "mode": 33188, + "size": 591, + "digest": { + "algorithm": "sha256", + "value": "2d2fb24f1874bf5be626843d23a7d8f8811193bba43e6a2f571d94b7ff9bf888" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Tbilisi", + "mode": 33188, + "size": 1035, + "digest": { + "algorithm": "sha256", + "value": "c3a50dc60ca7e015554c5e56900b71a3fbbb9e7218dba99a90a4399d18227ddb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Tehran", + "mode": 33188, + "size": 1262, + "digest": { + "algorithm": "sha256", + "value": "a996eb28d87f8c73af608beada143b344fc2e9c297d84da7915d731ba97566b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Tel_Aviv", + "mode": 33188, + "size": 2388, + "digest": { + "algorithm": "sha256", + "value": "254b964265b94e16b4a498f0eb543968dec25f4cf80fba29b3d38e4a775ae837" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Thimbu", + "mode": 33188, + "size": 203, + "digest": { + "algorithm": "sha256", + "value": "ba26bca2be5db4393155466b70bc248db4f3f42ed984bab44f88e513862fbaf4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Thimphu", + "mode": 33188, + "size": 203, + "digest": { + "algorithm": "sha256", + "value": "ba26bca2be5db4393155466b70bc248db4f3f42ed984bab44f88e513862fbaf4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Tokyo", + "mode": 33188, + "size": 309, + "digest": { + "algorithm": "sha256", + "value": "a02b9e66044dc5c35c5f76467627fdcba4aee1cc958606b85c777095cad82ceb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Tomsk", + "mode": 33188, + "size": 1221, + "digest": { + "algorithm": "sha256", + "value": "efb6207492f111344a8d08e76871dfe78c4102a372c130f0410999e6fe80ab6f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Ujung_Pandang", + "mode": 33188, + "size": 254, + "digest": { + "algorithm": "sha256", + "value": "3a126d0aa493114faee67d28a4154ee41bbec10cdc60fcbd4bfe9a02125780ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Ulaanbaatar", + "mode": 33188, + "size": 891, + "digest": { + "algorithm": "sha256", + "value": "bb2412cc8065d1fd935c7ae6526dd53ecd42f6ba34d77858980971eb25238776" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Ulan_Bator", + "mode": 33188, + "size": 891, + "digest": { + "algorithm": "sha256", + "value": "bb2412cc8065d1fd935c7ae6526dd53ecd42f6ba34d77858980971eb25238776" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Urumqi", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "0045c32793f140e85e3d9670d50665f7c9a80cd6be6d6dc8dd654d4191c13d80" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Ust-Nera", + "mode": 33188, + "size": 1252, + "digest": { + "algorithm": "sha256", + "value": "2406614403dd6ce2fd00bf961ce2fc6998f1759c4b9860cd046302c3d4cab51f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Vientiane", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "798ab4be1f3d3758f4ebd511a10bed06ed277446a5e853ebb5b17c58228aa43c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Vladivostok", + "mode": 33188, + "size": 1208, + "digest": { + "algorithm": "sha256", + "value": "5a892182d8f69f0523f7dda1ed2c9f07f7d134700a7cf37386c7ffa19a629bc7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Yakutsk", + "mode": 33188, + "size": 1207, + "digest": { + "algorithm": "sha256", + "value": "455088979d84bccae9d911b6860d9c8c34abf5086cb1c6804fe355f35c70ef37" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Yangon", + "mode": 33188, + "size": 268, + "digest": { + "algorithm": "sha256", + "value": "647b97f97547afc746263acf439716edbf23414bf78a1c9df95ccde78e6694c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Yekaterinburg", + "mode": 33188, + "size": 1243, + "digest": { + "algorithm": "sha256", + "value": "37355cd8388f7b2c3415d307c123d0245f64dedbd676dac44d988de7ca72c4b9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Asia/Yerevan", + "mode": 33188, + "size": 1151, + "digest": { + "algorithm": "sha256", + "value": "934587b56416fdc0428dc12ff273f4d5c54f79354395fd7c950d3fbba7229f5a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Atlantic", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Atlantic/Azores", + "mode": 33188, + "size": 3456, + "digest": { + "algorithm": "sha256", + "value": "5daae581a2cbfa4926b50ac964e31f453141d0d3803ca4a4eea06a993d53c76f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Atlantic/Bermuda", + "mode": 33188, + "size": 2396, + "digest": { + "algorithm": "sha256", + "value": "2cd18a7ccb2762fc089a34f2cd7acb84c3871c3bbba88ebb45b60d2afbc8d792" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Atlantic/Canary", + "mode": 33188, + "size": 1897, + "digest": { + "algorithm": "sha256", + "value": "ca62bdb9faa986f3630cade1ce290de067e4711dd07820623cac9573a16395b0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Atlantic/Cape_Verde", + "mode": 33188, + "size": 270, + "digest": { + "algorithm": "sha256", + "value": "11242f13775e308fa5c7d986d3224b12c157e4a465fbb73a803e4eda1d199bd4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Atlantic/Faeroe", + "mode": 33188, + "size": 1815, + "digest": { + "algorithm": "sha256", + "value": "3626dd64f66d6a99d847f9b22199cc753692286b0e04682e8e3d3f4f636f033b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Atlantic/Faroe", + "mode": 33188, + "size": 1815, + "digest": { + "algorithm": "sha256", + "value": "3626dd64f66d6a99d847f9b22199cc753692286b0e04682e8e3d3f4f636f033b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Atlantic/Jan_Mayen", + "mode": 33188, + "size": 2298, + "digest": { + "algorithm": "sha256", + "value": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Atlantic/Madeira", + "mode": 33188, + "size": 3377, + "digest": { + "algorithm": "sha256", + "value": "4cac333702082b0d818dede51b57dde86e68f3e2fcb6d897a20d5b844ecdcc46" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Atlantic/Reykjavik", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Atlantic/South_Georgia", + "mode": 33188, + "size": 164, + "digest": { + "algorithm": "sha256", + "value": "419ef67d12a9e8a82fcbb0dfc871a1b753159f31a048fba32d07785cc8cdaeb7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Atlantic/St_Helena", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Atlantic/Stanley", + "mode": 33188, + "size": 1214, + "digest": { + "algorithm": "sha256", + "value": "7b128c2f0f8ff79db04b5153c558e7514d66903d8ebca503c2d0edf081a07fcc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/ACT", + "mode": 33188, + "size": 2190, + "digest": { + "algorithm": "sha256", + "value": "42c3857585b16db2f8ffd47ba19faa60f473340de8d4fe9320ea7be861605906" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Adelaide", + "mode": 33188, + "size": 2208, + "digest": { + "algorithm": "sha256", + "value": "95dd846f153be6856098f7bbd37cfe23a6aa2e0d0a9afeb665c086ce44f9476d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Brisbane", + "mode": 33188, + "size": 419, + "digest": { + "algorithm": "sha256", + "value": "796e90cf37b6b74faca5e2669afb7524ccdb91269d20a744f385c773b254b467" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Broken_Hill", + "mode": 33188, + "size": 2229, + "digest": { + "algorithm": "sha256", + "value": "de4ff79634ef4b91927e8ed787ac3bd54811dda03060f06c9c227e9a51180aa4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Canberra", + "mode": 33188, + "size": 2190, + "digest": { + "algorithm": "sha256", + "value": "42c3857585b16db2f8ffd47ba19faa60f473340de8d4fe9320ea7be861605906" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Currie", + "mode": 33188, + "size": 2358, + "digest": { + "algorithm": "sha256", + "value": "18b412ce021fb16c4ebe628eae1a5fa1f5aa20d41fea1dfa358cb799caba81c8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Darwin", + "mode": 33188, + "size": 325, + "digest": { + "algorithm": "sha256", + "value": "7e7d08661216f7c1409f32e283efc606d5b92c0e788da8dd79e533838b421afa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Eucla", + "mode": 33188, + "size": 470, + "digest": { + "algorithm": "sha256", + "value": "2f112e156c8cb1efdc00b56d4560a47fab08204935de34382575bc9366a049df" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Hobart", + "mode": 33188, + "size": 2358, + "digest": { + "algorithm": "sha256", + "value": "18b412ce021fb16c4ebe628eae1a5fa1f5aa20d41fea1dfa358cb799caba81c8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/LHI", + "mode": 33188, + "size": 1860, + "digest": { + "algorithm": "sha256", + "value": "2ee7f42f1fe2247ba1de465de0bc518dfdfab4b179fb05b650531534a353ee08" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Lindeman", + "mode": 33188, + "size": 475, + "digest": { + "algorithm": "sha256", + "value": "c4ce94771db6a0b3682d1d58ec64211ce628bfc9f0df140daa073f35543624ae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Lord_Howe", + "mode": 33188, + "size": 1860, + "digest": { + "algorithm": "sha256", + "value": "2ee7f42f1fe2247ba1de465de0bc518dfdfab4b179fb05b650531534a353ee08" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Melbourne", + "mode": 33188, + "size": 2190, + "digest": { + "algorithm": "sha256", + "value": "96fc7f31072e9cc73abb6b2622b97c5f8dbb6cbb17be3920a4249d8d80933413" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/NSW", + "mode": 33188, + "size": 2190, + "digest": { + "algorithm": "sha256", + "value": "42c3857585b16db2f8ffd47ba19faa60f473340de8d4fe9320ea7be861605906" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/North", + "mode": 33188, + "size": 325, + "digest": { + "algorithm": "sha256", + "value": "7e7d08661216f7c1409f32e283efc606d5b92c0e788da8dd79e533838b421afa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Perth", + "mode": 33188, + "size": 446, + "digest": { + "algorithm": "sha256", + "value": "025d4339487853fa1f3144127959734b20f7c7b4948cff5d72149a0541a67968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Queensland", + "mode": 33188, + "size": 419, + "digest": { + "algorithm": "sha256", + "value": "796e90cf37b6b74faca5e2669afb7524ccdb91269d20a744f385c773b254b467" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/South", + "mode": 33188, + "size": 2208, + "digest": { + "algorithm": "sha256", + "value": "95dd846f153be6856098f7bbd37cfe23a6aa2e0d0a9afeb665c086ce44f9476d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Sydney", + "mode": 33188, + "size": 2190, + "digest": { + "algorithm": "sha256", + "value": "42c3857585b16db2f8ffd47ba19faa60f473340de8d4fe9320ea7be861605906" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Tasmania", + "mode": 33188, + "size": 2358, + "digest": { + "algorithm": "sha256", + "value": "18b412ce021fb16c4ebe628eae1a5fa1f5aa20d41fea1dfa358cb799caba81c8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Victoria", + "mode": 33188, + "size": 2190, + "digest": { + "algorithm": "sha256", + "value": "96fc7f31072e9cc73abb6b2622b97c5f8dbb6cbb17be3920a4249d8d80933413" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/West", + "mode": 33188, + "size": 446, + "digest": { + "algorithm": "sha256", + "value": "025d4339487853fa1f3144127959734b20f7c7b4948cff5d72149a0541a67968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Australia/Yancowinna", + "mode": 33188, + "size": 2229, + "digest": { + "algorithm": "sha256", + "value": "de4ff79634ef4b91927e8ed787ac3bd54811dda03060f06c9c227e9a51180aa4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Brazil", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Brazil/Acre", + "mode": 33188, + "size": 628, + "digest": { + "algorithm": "sha256", + "value": "d7ba27926f0ffd580c904ae32bdaebd2ac0d9e2eeaa7db6071467dde0de5b4eb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Brazil/DeNoronha", + "mode": 33188, + "size": 716, + "digest": { + "algorithm": "sha256", + "value": "dd1e252d5f238394a58e10b9395542939d58efb11f8e8eb309efa8a6983f145a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Brazil/East", + "mode": 33188, + "size": 1444, + "digest": { + "algorithm": "sha256", + "value": "70edd519e90c19d49fd72e1ffd4824a433117acdbafa5d68194a038252225108" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Brazil/West", + "mode": 33188, + "size": 604, + "digest": { + "algorithm": "sha256", + "value": "969e91964717250ee64ac2aa9c4802f2cbc956b143264ff5eb1c6f7e9352a4ae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/CET", + "mode": 33188, + "size": 2933, + "digest": { + "algorithm": "sha256", + "value": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/CST6CDT", + "mode": 33188, + "size": 3592, + "digest": { + "algorithm": "sha256", + "value": "feba326ebe88eac20017a718748c46c68469a1e7f5e7716dcb8f1d43a6e6f686" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Canada", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Canada/Atlantic", + "mode": 33188, + "size": 3424, + "digest": { + "algorithm": "sha256", + "value": "4d9a667393f05a82df4df42843f6f7535ec113689529278d911d07a3c99b4e7f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Canada/Central", + "mode": 33188, + "size": 2868, + "digest": { + "algorithm": "sha256", + "value": "ecffbf610ae77857289fb40a4933a79221a3129a450e7dd9e3c309d6aabc541c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Canada/Eastern", + "mode": 33188, + "size": 3494, + "digest": { + "algorithm": "sha256", + "value": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Canada/Mountain", + "mode": 33188, + "size": 2332, + "digest": { + "algorithm": "sha256", + "value": "f939087dcdd096f6827f4a7c08e678dd8d47441025fa7011522f8975778ad6f1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Canada/Newfoundland", + "mode": 33188, + "size": 3655, + "digest": { + "algorithm": "sha256", + "value": "af5fb5eee2afdbb799dc9b15930fc32d941ba3ac2f8eeb95bbb0b6a43b263a02" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Canada/Pacific", + "mode": 33188, + "size": 2892, + "digest": { + "algorithm": "sha256", + "value": "b249ca1f48d23d66a6f831df337e6a5ecf0d6a6edde5316591423d4a0c6bcb28" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Canada/Saskatchewan", + "mode": 33188, + "size": 980, + "digest": { + "algorithm": "sha256", + "value": "ca3a93d3ca476c80987bcdc7f099ad68306f085a91bfb4dfcdedd8f31b97ba4c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Canada/Yukon", + "mode": 33188, + "size": 1614, + "digest": { + "algorithm": "sha256", + "value": "4eb47a3c29d81be9920a504ca21aa53fcaa76215cc52cc9d23e2feaae5c5c723" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Chile", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Chile/Continental", + "mode": 33188, + "size": 2529, + "digest": { + "algorithm": "sha256", + "value": "ef9d2bf24112c65671eea391722ad6ae2cbf5f2f6ed5fcee8cc2c860780bfa01" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Chile/EasterIsland", + "mode": 33188, + "size": 2233, + "digest": { + "algorithm": "sha256", + "value": "64eefdb1ed60766dd954d0fdaf98b5162ad501313612ce55f61fdd506b0788d3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Cuba", + "mode": 33188, + "size": 2416, + "digest": { + "algorithm": "sha256", + "value": "1d441e02e281b04908e522d98eaca75c808e51539a8e42b3287e6bf8ebf939d7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/EET", + "mode": 33188, + "size": 2262, + "digest": { + "algorithm": "sha256", + "value": "5c363e14151d751c901cdf06c502d9e1ac23b8e956973954763bfb39d5c53730" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/EST", + "mode": 33188, + "size": 182, + "digest": { + "algorithm": "sha256", + "value": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/EST5EDT", + "mode": 33188, + "size": 3552, + "digest": { + "algorithm": "sha256", + "value": "e9ed07d7bee0c76a9d442d091ef1f01668fee7c4f26014c0a868b19fe6c18a95" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Egypt", + "mode": 33188, + "size": 2399, + "digest": { + "algorithm": "sha256", + "value": "2dfb7e1822d085a4899bd56a526b041681c84b55617daee91499fd1990a989fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Eire", + "mode": 33188, + "size": 3490, + "digest": { + "algorithm": "sha256", + "value": "75b0b9a6bad4fb50a098ebfffb8afdf1f0ffe6a9908fdd3d108f7148b647c889" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+0", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+1", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "d50ce5d97f6b43f45711fd75c87d3dc10642affa61e947453fb134caef6cf884" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+10", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "244432432425902d28e994dd7958d984220e87a70ae5317b1f4d0f925b3eb142" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+11", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "b56bdcbd830509a13ad27255bc3aeba2feecb49becd4a4183b2ae1977773714b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+12", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "6fbd0712112babc2099aaf31edc399cb8791fffddfab9b871e98ef3c1107a8c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+2", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "4fa129e7386c94129b61a10215407a8142a1de24d93f23285b59238689f1ad4a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+3", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "406a18ac4d386d427e3b32f7eddb763194f917158d2e92433d55e025bb2d6190" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+4", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "456ae43648bec15ed7f9ca1ed15bee7c17ba2eb595a643c98226b94106049c1a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+5", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "a1199e0b8d5d8185d3fb3cf264844a5cdf48bdd2f60dae674eec261b6fe9ac80" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+6", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "77a7409f089e8f2148da7ec0cc59455b4685013eb360d123048106d2ebb4b1b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+7", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "4ea8d86f3774607a71d708ac160d3c275f704e983aced24b2e89e0658fe5a33b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+8", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "b61ffc6c832662044f09eb01adb981851af48d03bbc2177bd0b898f477f02729" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+9", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "42ae44ea2512ec9309232993ed8a2a948f0cb6ab55cb49abf6deb3585b5673d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-0", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-1", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "ef7175794f2e01018fde6728076abdf428df31a9c61479377de7e58e9f69602e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-10", + "mode": 33188, + "size": 118, + "digest": { + "algorithm": "sha256", + "value": "7ca5963702c13a9d4e90a8ed735c3d2c85c94759934c3f8976f61f951cb522b5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-11", + "mode": 33188, + "size": 118, + "digest": { + "algorithm": "sha256", + "value": "0f64bbf67ea9b1af6df7fdaf8f9c08ac5a471f63892dc08a3fabedc3315920d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-12", + "mode": 33188, + "size": 118, + "digest": { + "algorithm": "sha256", + "value": "99ee15ea599623c812afc1fb378d56003d04c30d5a9e1fc4177e10afd5284a72" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-13", + "mode": 33188, + "size": 118, + "digest": { + "algorithm": "sha256", + "value": "c5b99b1b505003a0e5a5afe2530106c89c56e1adedea599ac1d3ca004f2f6d1f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-14", + "mode": 33188, + "size": 118, + "digest": { + "algorithm": "sha256", + "value": "3e95e8444061d36a85a6fc55323da957d200cd242f044ed73ef9cdf6a499f8a7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-2", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "bdeea158b75eba22e1a9a81a58ba8c0fa1cdc9b4b57214708ee75f4d9d9b6011" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-3", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "37bee320b6a7b8b0d590bb1dba35d94aef9db078b0379308a7087b7cc5227eca" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-4", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "2d2928e5f547a8f979cdfc231aa91b31afce167beda53ea8ff8c58c4dcfd9f9a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-5", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "b8b69247931bd7c1d14ec000e52bde63d3c027dedd3bc433216a8d5dedf065be" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-6", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "25237e454029849e747e922fedc602eae9ebb6bcfd4b55a66bea620c79467bb7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-7", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "bd500e17cc54f53f444a7c3af1cd12157a5cbe4a28a5a8b04d1d336de7c71d25" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-8", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "4bbc4541b14ca620d9cb8bf92f80fd7c2ae3448cf3a0b0b9a7c49edb7c62eeeb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-9", + "mode": 33188, + "size": 117, + "digest": { + "algorithm": "sha256", + "value": "239bc736650af98ca0fd2d6c905378e15195cc1824b6316055088320a3b868c2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/GMT0", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/Greenwich", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/UCT", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/UTC", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/Universal", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Etc/Zulu", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Amsterdam", + "mode": 33188, + "size": 2933, + "digest": { + "algorithm": "sha256", + "value": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Andorra", + "mode": 33188, + "size": 1742, + "digest": { + "algorithm": "sha256", + "value": "8130798c2426bc8c372498b5fef01c398ba1b733c147a457531f60555ea9eae8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Astrakhan", + "mode": 33188, + "size": 1165, + "digest": { + "algorithm": "sha256", + "value": "cb0b732fdd8a55fa326ce980844f5e1ea98c72f2599b96f48ece460dd5882444" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Athens", + "mode": 33188, + "size": 2262, + "digest": { + "algorithm": "sha256", + "value": "5c363e14151d751c901cdf06c502d9e1ac23b8e956973954763bfb39d5c53730" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Belfast", + "mode": 33188, + "size": 3664, + "digest": { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Belgrade", + "mode": 33188, + "size": 1920, + "digest": { + "algorithm": "sha256", + "value": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Berlin", + "mode": 33188, + "size": 2298, + "digest": { + "algorithm": "sha256", + "value": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Bratislava", + "mode": 33188, + "size": 2301, + "digest": { + "algorithm": "sha256", + "value": "fadd1d112954ec192506fb9421d7a22a80764fe4ae7b2eb116290437fec33167" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Brussels", + "mode": 33188, + "size": 2933, + "digest": { + "algorithm": "sha256", + "value": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Bucharest", + "mode": 33188, + "size": 2184, + "digest": { + "algorithm": "sha256", + "value": "9df83af9b5360fa0cc1166fd10c2014799319cdb1b0d2c7450a7c71ff673a857" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Budapest", + "mode": 33188, + "size": 2368, + "digest": { + "algorithm": "sha256", + "value": "94dc2ac5672206fc3d7a2f35550c082876c2fd90c98e980753a1c5838c025246" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Busingen", + "mode": 33188, + "size": 1909, + "digest": { + "algorithm": "sha256", + "value": "2b9418ed48e3d9551c84a4786e185bd2181d009866c040fbd729170d038629ef" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Chisinau", + "mode": 33188, + "size": 2390, + "digest": { + "algorithm": "sha256", + "value": "a7527faea144d77a4bf1ca4146b1057beb5e088f1fd1f28ae2e4d4cbfe1d885e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Copenhagen", + "mode": 33188, + "size": 2298, + "digest": { + "algorithm": "sha256", + "value": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Dublin", + "mode": 33188, + "size": 3490, + "digest": { + "algorithm": "sha256", + "value": "75b0b9a6bad4fb50a098ebfffb8afdf1f0ffe6a9908fdd3d108f7148b647c889" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Gibraltar", + "mode": 33188, + "size": 3068, + "digest": { + "algorithm": "sha256", + "value": "6bced6a5a065bf123880053d3a940e90df155096e2ad55987fe55f14b4c8a12e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Guernsey", + "mode": 33188, + "size": 3664, + "digest": { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Helsinki", + "mode": 33188, + "size": 1900, + "digest": { + "algorithm": "sha256", + "value": "184901ecbb158667a0b7b62eb9685e083bc3182edbecdc3d6d3743192f6a9097" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Isle_of_Man", + "mode": 33188, + "size": 3664, + "digest": { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Istanbul", + "mode": 33188, + "size": 1947, + "digest": { + "algorithm": "sha256", + "value": "d92d00fdfed5c6fc84ac930c08fa8adf7002840dbd21590caf5a3e4a932d3319" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Jersey", + "mode": 33188, + "size": 3664, + "digest": { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Kaliningrad", + "mode": 33188, + "size": 1493, + "digest": { + "algorithm": "sha256", + "value": "b3b19749ed58bcc72cec089484735303a2389c03909ff2a6cff66a2583be2cc3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Kiev", + "mode": 33188, + "size": 2120, + "digest": { + "algorithm": "sha256", + "value": "fb0ae91bd8cfb882853f5360055be7c6c3117fd2ff879cf727a4378e3d40c0d3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Kirov", + "mode": 33188, + "size": 1185, + "digest": { + "algorithm": "sha256", + "value": "3fb4f665fe44a3aa382f80db83f05f8858d48138f47505e5af063e419d5e0559" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Kyiv", + "mode": 33188, + "size": 2120, + "digest": { + "algorithm": "sha256", + "value": "fb0ae91bd8cfb882853f5360055be7c6c3117fd2ff879cf727a4378e3d40c0d3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Lisbon", + "mode": 33188, + "size": 3527, + "digest": { + "algorithm": "sha256", + "value": "92b07cb24689226bf934308d1f1bd33c306aa4da610c52cd5bce25077960502c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Ljubljana", + "mode": 33188, + "size": 1920, + "digest": { + "algorithm": "sha256", + "value": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/London", + "mode": 33188, + "size": 3664, + "digest": { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Luxembourg", + "mode": 33188, + "size": 2933, + "digest": { + "algorithm": "sha256", + "value": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Madrid", + "mode": 33188, + "size": 2614, + "digest": { + "algorithm": "sha256", + "value": "9a42d7d37ad6dedd2d9b328120f7bf9e852f6850c4af00baff964f659b161cea" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Malta", + "mode": 33188, + "size": 2620, + "digest": { + "algorithm": "sha256", + "value": "12129c6cf2f8efbeb9b56022439edcbac68ad9368842a64282d268119b3751dd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Mariehamn", + "mode": 33188, + "size": 1900, + "digest": { + "algorithm": "sha256", + "value": "184901ecbb158667a0b7b62eb9685e083bc3182edbecdc3d6d3743192f6a9097" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Minsk", + "mode": 33188, + "size": 1321, + "digest": { + "algorithm": "sha256", + "value": "9a7f3acddacd5a92580df139d48cbd9f5f998b6a624f26fd10f692d80fae1894" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Monaco", + "mode": 33188, + "size": 2962, + "digest": { + "algorithm": "sha256", + "value": "ab77a1488a2dd4667a4f23072236e0d2845fe208405eec1b4834985629ba7af8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Moscow", + "mode": 33188, + "size": 1535, + "digest": { + "algorithm": "sha256", + "value": "2a69287d1723e93f0f876f0f242866f09569d77b91bde7fa4d9d06b8fcd4883c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Nicosia", + "mode": 33188, + "size": 2002, + "digest": { + "algorithm": "sha256", + "value": "d149e6d08153ec7c86790ec5def4daffe9257f2b0282bba5a853ba043d699595" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Oslo", + "mode": 33188, + "size": 2298, + "digest": { + "algorithm": "sha256", + "value": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Paris", + "mode": 33188, + "size": 2962, + "digest": { + "algorithm": "sha256", + "value": "ab77a1488a2dd4667a4f23072236e0d2845fe208405eec1b4834985629ba7af8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Podgorica", + "mode": 33188, + "size": 1920, + "digest": { + "algorithm": "sha256", + "value": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Prague", + "mode": 33188, + "size": 2301, + "digest": { + "algorithm": "sha256", + "value": "fadd1d112954ec192506fb9421d7a22a80764fe4ae7b2eb116290437fec33167" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Riga", + "mode": 33188, + "size": 2198, + "digest": { + "algorithm": "sha256", + "value": "849dbfd26d6d696f48b80fa13323f99fe597ed83ab47485e2accc98609634569" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Rome", + "mode": 33188, + "size": 2641, + "digest": { + "algorithm": "sha256", + "value": "d5ade82cc4a232949b87d43157c84b2c355b66a6ac87cf6250ed6ead80b5018f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Samara", + "mode": 33188, + "size": 1215, + "digest": { + "algorithm": "sha256", + "value": "cf68a79ea499f3f964132f1c23217d24cfc57e73b6b1665aa9e16a3a1f290fb3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/San_Marino", + "mode": 33188, + "size": 2641, + "digest": { + "algorithm": "sha256", + "value": "d5ade82cc4a232949b87d43157c84b2c355b66a6ac87cf6250ed6ead80b5018f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Sarajevo", + "mode": 33188, + "size": 1920, + "digest": { + "algorithm": "sha256", + "value": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Saratov", + "mode": 33188, + "size": 1183, + "digest": { + "algorithm": "sha256", + "value": "04c7a3e3d1e5406db80960a1e5538436b0778cfb893d270fb3346d6fb32b2772" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Simferopol", + "mode": 33188, + "size": 1469, + "digest": { + "algorithm": "sha256", + "value": "b7397bc5d355499a6b342ba5e181392d2a6847d268ba398eabc55b6c1f301e27" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Skopje", + "mode": 33188, + "size": 1920, + "digest": { + "algorithm": "sha256", + "value": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Sofia", + "mode": 33188, + "size": 2077, + "digest": { + "algorithm": "sha256", + "value": "84240a5df30dae7039c47370feecd38cacd5c38f81becab9a063b8c940afe6d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Stockholm", + "mode": 33188, + "size": 2298, + "digest": { + "algorithm": "sha256", + "value": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Tallinn", + "mode": 33188, + "size": 2148, + "digest": { + "algorithm": "sha256", + "value": "e1ae890b4688a4ccea215ecedf9ce81b42cb270910ab90285d9da2be489cebec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Tirane", + "mode": 33188, + "size": 2084, + "digest": { + "algorithm": "sha256", + "value": "ced959c824bd5825de556f2706e9f74f28b91d463412d15b8816c473582e72ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Tiraspol", + "mode": 33188, + "size": 2390, + "digest": { + "algorithm": "sha256", + "value": "a7527faea144d77a4bf1ca4146b1057beb5e088f1fd1f28ae2e4d4cbfe1d885e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Ulyanovsk", + "mode": 33188, + "size": 1267, + "digest": { + "algorithm": "sha256", + "value": "9c5b207154e64e2885cc7b722434673bedc7e064407c079c79be9bda31472d44" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Uzhgorod", + "mode": 33188, + "size": 2120, + "digest": { + "algorithm": "sha256", + "value": "fb0ae91bd8cfb882853f5360055be7c6c3117fd2ff879cf727a4378e3d40c0d3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Vaduz", + "mode": 33188, + "size": 1909, + "digest": { + "algorithm": "sha256", + "value": "2b9418ed48e3d9551c84a4786e185bd2181d009866c040fbd729170d038629ef" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Vatican", + "mode": 33188, + "size": 2641, + "digest": { + "algorithm": "sha256", + "value": "d5ade82cc4a232949b87d43157c84b2c355b66a6ac87cf6250ed6ead80b5018f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Vienna", + "mode": 33188, + "size": 2200, + "digest": { + "algorithm": "sha256", + "value": "6662379000c4e9b9eb24471caa1ef75d7058dfa2f51b80e4a624d0226b4dad49" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Vilnius", + "mode": 33188, + "size": 2162, + "digest": { + "algorithm": "sha256", + "value": "505cd15f7a2b09307c77d23397124fcb9794036a013ee0aed54265fb60fb0b75" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Volgograd", + "mode": 33188, + "size": 1193, + "digest": { + "algorithm": "sha256", + "value": "46016fb7b9b367e4ed20a2fd0551e6a0d64b21e2c8ba20dd5de635d20dbfbe4b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Warsaw", + "mode": 33188, + "size": 2654, + "digest": { + "algorithm": "sha256", + "value": "4e22c33db79517472480b54491a49e0da299f3072d7490ce97f1c4fd6779acab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Zagreb", + "mode": 33188, + "size": 1920, + "digest": { + "algorithm": "sha256", + "value": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Zaporozhye", + "mode": 33188, + "size": 2120, + "digest": { + "algorithm": "sha256", + "value": "fb0ae91bd8cfb882853f5360055be7c6c3117fd2ff879cf727a4378e3d40c0d3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Europe/Zurich", + "mode": 33188, + "size": 1909, + "digest": { + "algorithm": "sha256", + "value": "2b9418ed48e3d9551c84a4786e185bd2181d009866c040fbd729170d038629ef" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Factory", + "mode": 33188, + "size": 116, + "digest": { + "algorithm": "sha256", + "value": "6851652b1f771d7a09a05e124ae4e50fc719b4903e9dee682b301ae9e5f65789" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/GB", + "mode": 33188, + "size": 3664, + "digest": { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/GB-Eire", + "mode": 33188, + "size": 3664, + "digest": { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/GMT", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/GMT+0", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/GMT-0", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/GMT0", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Greenwich", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/HST", + "mode": 33188, + "size": 329, + "digest": { + "algorithm": "sha256", + "value": "7f03d1bf5264e7ab023a2ef9b997ddfc8cb6936692407c770762b9c549523f33" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Hongkong", + "mode": 33188, + "size": 1233, + "digest": { + "algorithm": "sha256", + "value": "6a5fcee243e5ab92698242d88c4699ceb7208a22ee97d342d11e41ebd2555a17" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Iceland", + "mode": 33188, + "size": 148, + "digest": { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Indian", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Indian/Antananarivo", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Indian/Chagos", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "db7076ea9c302b48315bb4cfefa1a5b7263e454fe8e911864ab17dde917b4b51" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Indian/Christmas", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "798ab4be1f3d3758f4ebd511a10bed06ed277446a5e853ebb5b17c58228aa43c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Indian/Cocos", + "mode": 33188, + "size": 268, + "digest": { + "algorithm": "sha256", + "value": "647b97f97547afc746263acf439716edbf23414bf78a1c9df95ccde78e6694c0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Indian/Comoro", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Indian/Kerguelen", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "7544016eb9a8077a1d5ac32ddcad58527078e3b03a9e45b7691d5a1f374b17b3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Indian/Mahe", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "fa06b49b7b9af58ea4496444cf6fd576d715024abcdd6ad6defc63048ed6346b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Indian/Maldives", + "mode": 33188, + "size": 199, + "digest": { + "algorithm": "sha256", + "value": "7544016eb9a8077a1d5ac32ddcad58527078e3b03a9e45b7691d5a1f374b17b3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Indian/Mauritius", + "mode": 33188, + "size": 241, + "digest": { + "algorithm": "sha256", + "value": "93abd651571f537812d4ad767bf68cc3a05e49d32f74bc822510802fb083d20a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Indian/Mayotte", + "mode": 33188, + "size": 265, + "digest": { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Indian/Reunion", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "fa06b49b7b9af58ea4496444cf6fd576d715024abcdd6ad6defc63048ed6346b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Iran", + "mode": 33188, + "size": 1262, + "digest": { + "algorithm": "sha256", + "value": "a996eb28d87f8c73af608beada143b344fc2e9c297d84da7915d731ba97566b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Israel", + "mode": 33188, + "size": 2388, + "digest": { + "algorithm": "sha256", + "value": "254b964265b94e16b4a498f0eb543968dec25f4cf80fba29b3d38e4a775ae837" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Jamaica", + "mode": 33188, + "size": 482, + "digest": { + "algorithm": "sha256", + "value": "c256a089e50f45fe7e6de89efa1ed0b0e35b3738c6b26f2f32cf2e7f6f29c36f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Japan", + "mode": 33188, + "size": 309, + "digest": { + "algorithm": "sha256", + "value": "a02b9e66044dc5c35c5f76467627fdcba4aee1cc958606b85c777095cad82ceb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Kwajalein", + "mode": 33188, + "size": 316, + "digest": { + "algorithm": "sha256", + "value": "2f89c7deac6fe4404a551c58b7aedbf487d97c1ce0e4a264d7d8aeef1de804c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Libya", + "mode": 33188, + "size": 625, + "digest": { + "algorithm": "sha256", + "value": "5b5769b460fbd13ee9a46a28d1f733150783888a749ee96d2cd3d5eba3300767" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/MET", + "mode": 33188, + "size": 2933, + "digest": { + "algorithm": "sha256", + "value": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/MST", + "mode": 33188, + "size": 360, + "digest": { + "algorithm": "sha256", + "value": "8a5973d2c62e2cbf2520f2b44e4a2ee9d2f455c93f0f45bfdeb4533af1584664" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/MST7MDT", + "mode": 33188, + "size": 2460, + "digest": { + "algorithm": "sha256", + "value": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Mexico", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Mexico/BajaNorte", + "mode": 33188, + "size": 2906, + "digest": { + "algorithm": "sha256", + "value": "8c2e7b321726e6345912da396796bdb3672bfc4bd1a91c65ee58b38e004d4ca5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Mexico/BajaSur", + "mode": 33188, + "size": 1060, + "digest": { + "algorithm": "sha256", + "value": "0561f636a54f0353ecc842cf37fd8117c2a596bb26424aa0d5eba3b10be79f1f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Mexico/General", + "mode": 33188, + "size": 1222, + "digest": { + "algorithm": "sha256", + "value": "528836f85316cf6a35da347ab0af6f7a625a98b7a8e8e105310477b34c53c647" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/NZ", + "mode": 33188, + "size": 2437, + "digest": { + "algorithm": "sha256", + "value": "8000e3a323e8fd0212414e9426b020707a771c368ca0e151747f9ddb7b814b27" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/NZ-CHAT", + "mode": 33188, + "size": 2068, + "digest": { + "algorithm": "sha256", + "value": "96456a692175596a6ffc1d8afa4dae269dac7ad4552ba5db8ec437f200c65448" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Navajo", + "mode": 33188, + "size": 2460, + "digest": { + "algorithm": "sha256", + "value": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/PRC", + "mode": 33188, + "size": 561, + "digest": { + "algorithm": "sha256", + "value": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/PST8PDT", + "mode": 33188, + "size": 2852, + "digest": { + "algorithm": "sha256", + "value": "68977bb9ad6d186fefc6c7abd36010a66e30008dcb2d376087a41c49861e7268" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Apia", + "mode": 33188, + "size": 612, + "digest": { + "algorithm": "sha256", + "value": "726e92e83d15747b1da8b264ba95091faa4bca76a8e50970a4c99123d9b9647e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Auckland", + "mode": 33188, + "size": 2437, + "digest": { + "algorithm": "sha256", + "value": "8000e3a323e8fd0212414e9426b020707a771c368ca0e151747f9ddb7b814b27" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Bougainville", + "mode": 33188, + "size": 268, + "digest": { + "algorithm": "sha256", + "value": "64a0dafd2ff68129663968b35750eac47df06c4e7cadf2b5bca64766aaebb632" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Chatham", + "mode": 33188, + "size": 2068, + "digest": { + "algorithm": "sha256", + "value": "96456a692175596a6ffc1d8afa4dae269dac7ad4552ba5db8ec437f200c65448" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Chuuk", + "mode": 33188, + "size": 186, + "digest": { + "algorithm": "sha256", + "value": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Easter", + "mode": 33188, + "size": 2233, + "digest": { + "algorithm": "sha256", + "value": "64eefdb1ed60766dd954d0fdaf98b5162ad501313612ce55f61fdd506b0788d3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Efate", + "mode": 33188, + "size": 538, + "digest": { + "algorithm": "sha256", + "value": "a46e0d31578cde10494d99d99aa78bab3dd0e680a08135b81cef91f457bddba0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Enderbury", + "mode": 33188, + "size": 234, + "digest": { + "algorithm": "sha256", + "value": "52f13b7d5b79bc64bb968297d7489b84d8a596288dab0bd001757d3518588603" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Fakaofo", + "mode": 33188, + "size": 200, + "digest": { + "algorithm": "sha256", + "value": "828c3e4a0139af973c27f020e67bc9e5250f0e0eb21fca6d87f6be40b0dc3eff" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Fiji", + "mode": 33188, + "size": 578, + "digest": { + "algorithm": "sha256", + "value": "c955305c2fc9c0bc9f929adf08d4e7580add30ba925c600e7a479ee37b191a23" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Funafuti", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Galapagos", + "mode": 33188, + "size": 238, + "digest": { + "algorithm": "sha256", + "value": "31db650be7dfa7cade202cc3c6c43cb5632c4e4ab965c37e8f73b2ca18e8915f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Gambier", + "mode": 33188, + "size": 164, + "digest": { + "algorithm": "sha256", + "value": "cfa79817cb2cccb8e47e9aa65a76c1040501fa26da4799e874a68061bbd739ed" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Guadalcanal", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "e865fe5e9c5c0b203ae2a50c77124c14cab8b0f93466385ec6a19baf2cdf8231" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Guam", + "mode": 33188, + "size": 494, + "digest": { + "algorithm": "sha256", + "value": "131f739e67faacd7c6cdeea036964908caf54d3e2b925d929eb85e72b749b9f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Honolulu", + "mode": 33188, + "size": 329, + "digest": { + "algorithm": "sha256", + "value": "7f03d1bf5264e7ab023a2ef9b997ddfc8cb6936692407c770762b9c549523f33" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Johnston", + "mode": 33188, + "size": 329, + "digest": { + "algorithm": "sha256", + "value": "7f03d1bf5264e7ab023a2ef9b997ddfc8cb6936692407c770762b9c549523f33" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Kanton", + "mode": 33188, + "size": 234, + "digest": { + "algorithm": "sha256", + "value": "52f13b7d5b79bc64bb968297d7489b84d8a596288dab0bd001757d3518588603" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Kiritimati", + "mode": 33188, + "size": 238, + "digest": { + "algorithm": "sha256", + "value": "5474778aec22bf7b71eb95ad8ad5470a840483754977cd76559e5d8ee4b25317" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Kosrae", + "mode": 33188, + "size": 351, + "digest": { + "algorithm": "sha256", + "value": "566e40288e8dbee612cf9f2cf3ddb658d2225a8a8f722c7624e24e8b1d669525" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Kwajalein", + "mode": 33188, + "size": 316, + "digest": { + "algorithm": "sha256", + "value": "2f89c7deac6fe4404a551c58b7aedbf487d97c1ce0e4a264d7d8aeef1de804c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Majuro", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Marquesas", + "mode": 33188, + "size": 173, + "digest": { + "algorithm": "sha256", + "value": "bb3b2356896eb46457a7f1519ef5e85340290c46f865a628cffafad03ee3b9f8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Midway", + "mode": 33188, + "size": 175, + "digest": { + "algorithm": "sha256", + "value": "7c262b62985863aad47f13b0ef5db2e5cc917b5d38002de9a2ea83ddb0883458" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Nauru", + "mode": 33188, + "size": 252, + "digest": { + "algorithm": "sha256", + "value": "a06c68718b2ab2c67f11e4077f77143f9720d2ab6acf1d41ce81235568c4ffb8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Niue", + "mode": 33188, + "size": 203, + "digest": { + "algorithm": "sha256", + "value": "29cd01460b2eee0d904d1f5edfb0eea91a35b140960c5328c00438c0ee98350d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Norfolk", + "mode": 33188, + "size": 880, + "digest": { + "algorithm": "sha256", + "value": "09d11733d48a602f569fb68cc43dac5798bccc4f3c350a36e59fcbf3be09b612" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Noumea", + "mode": 33188, + "size": 304, + "digest": { + "algorithm": "sha256", + "value": "1526a7a4038213b58741e8a8a78404aca57d642dd3ceed86c641fcfad217b076" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Pago_Pago", + "mode": 33188, + "size": 175, + "digest": { + "algorithm": "sha256", + "value": "7c262b62985863aad47f13b0ef5db2e5cc917b5d38002de9a2ea83ddb0883458" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Palau", + "mode": 33188, + "size": 180, + "digest": { + "algorithm": "sha256", + "value": "0915bffcc7173e539ac68d92f641cc1da05d8efeeee7d65613062e242a27ce64" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Pitcairn", + "mode": 33188, + "size": 202, + "digest": { + "algorithm": "sha256", + "value": "3bae4477514e085ff4ac48e960f02ab83c2d005de1c7224d8ae8e0a60655d247" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Pohnpei", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "e865fe5e9c5c0b203ae2a50c77124c14cab8b0f93466385ec6a19baf2cdf8231" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Ponape", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "e865fe5e9c5c0b203ae2a50c77124c14cab8b0f93466385ec6a19baf2cdf8231" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Port_Moresby", + "mode": 33188, + "size": 186, + "digest": { + "algorithm": "sha256", + "value": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Rarotonga", + "mode": 33188, + "size": 603, + "digest": { + "algorithm": "sha256", + "value": "deeaf48e2050a94db457228c2376d27c0f8705a43e1e18c4953aac1d69359227" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Saipan", + "mode": 33188, + "size": 494, + "digest": { + "algorithm": "sha256", + "value": "131f739e67faacd7c6cdeea036964908caf54d3e2b925d929eb85e72b749b9f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Samoa", + "mode": 33188, + "size": 175, + "digest": { + "algorithm": "sha256", + "value": "7c262b62985863aad47f13b0ef5db2e5cc917b5d38002de9a2ea83ddb0883458" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Tahiti", + "mode": 33188, + "size": 165, + "digest": { + "algorithm": "sha256", + "value": "f62a335d11580e104e2e28e60e4da6452e0c6fe2d7596d6eee7efdd2304d2b13" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Tarawa", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Tongatapu", + "mode": 33188, + "size": 372, + "digest": { + "algorithm": "sha256", + "value": "6f44db6da6015031243c8a5c4be12720a099e4a4a0d8734e188649f4f6bc4c42" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Truk", + "mode": 33188, + "size": 186, + "digest": { + "algorithm": "sha256", + "value": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Wake", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Wallis", + "mode": 33188, + "size": 166, + "digest": { + "algorithm": "sha256", + "value": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Pacific/Yap", + "mode": 33188, + "size": 186, + "digest": { + "algorithm": "sha256", + "value": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Poland", + "mode": 33188, + "size": 2654, + "digest": { + "algorithm": "sha256", + "value": "4e22c33db79517472480b54491a49e0da299f3072d7490ce97f1c4fd6779acab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Portugal", + "mode": 33188, + "size": 3527, + "digest": { + "algorithm": "sha256", + "value": "92b07cb24689226bf934308d1f1bd33c306aa4da610c52cd5bce25077960502c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/ROC", + "mode": 33188, + "size": 761, + "digest": { + "algorithm": "sha256", + "value": "0cc990c0ea4faa5db9b9edcd7fcbc028a4f87a6d3a0f567dac76cb222b718b19" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/ROK", + "mode": 33188, + "size": 617, + "digest": { + "algorithm": "sha256", + "value": "2c8f4bb15dd77090b497e2a841ff3323ecbbae4f9dbb9edead2f8dd8fb5d8bb4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Singapore", + "mode": 33188, + "size": 415, + "digest": { + "algorithm": "sha256", + "value": "739e349e40a3e820c222f70c4c9d55810b65987ffb14e494d08b145ed3445711" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Turkey", + "mode": 33188, + "size": 1947, + "digest": { + "algorithm": "sha256", + "value": "d92d00fdfed5c6fc84ac930c08fa8adf7002840dbd21590caf5a3e4a932d3319" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/UCT", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/US", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/US/Alaska", + "mode": 33188, + "size": 2371, + "digest": { + "algorithm": "sha256", + "value": "a190353523d2d8159dca66299c21c53bc0656154be965e4a2e0d84cfd09b113b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/US/Aleutian", + "mode": 33188, + "size": 2356, + "digest": { + "algorithm": "sha256", + "value": "201d4387025000a6e13c9f631cb7fccd6e4369dec7224052f9d86feb81353a53" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/US/Arizona", + "mode": 33188, + "size": 360, + "digest": { + "algorithm": "sha256", + "value": "8a5973d2c62e2cbf2520f2b44e4a2ee9d2f455c93f0f45bfdeb4533af1584664" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/US/Central", + "mode": 33188, + "size": 3592, + "digest": { + "algorithm": "sha256", + "value": "feba326ebe88eac20017a718748c46c68469a1e7f5e7716dcb8f1d43a6e6f686" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/US/East-Indiana", + "mode": 33188, + "size": 1682, + "digest": { + "algorithm": "sha256", + "value": "90d2b2f4a8fd202b226187c209b020833300edec5ff86a463ccc685e8707532c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/US/Eastern", + "mode": 33188, + "size": 3552, + "digest": { + "algorithm": "sha256", + "value": "e9ed07d7bee0c76a9d442d091ef1f01668fee7c4f26014c0a868b19fe6c18a95" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/US/Hawaii", + "mode": 33188, + "size": 329, + "digest": { + "algorithm": "sha256", + "value": "7f03d1bf5264e7ab023a2ef9b997ddfc8cb6936692407c770762b9c549523f33" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/US/Indiana-Starke", + "mode": 33188, + "size": 2444, + "digest": { + "algorithm": "sha256", + "value": "0acbd9e412b0daa55abf7c7f17c094f6d68974393b8d7e3509fb2a9acea35d5f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/US/Michigan", + "mode": 33188, + "size": 2230, + "digest": { + "algorithm": "sha256", + "value": "85e733f32a98d828f907ad46de02d9740559bd180af65d0ff7473f80dfae0f98" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/US/Mountain", + "mode": 33188, + "size": 2460, + "digest": { + "algorithm": "sha256", + "value": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/US/Pacific", + "mode": 33188, + "size": 2852, + "digest": { + "algorithm": "sha256", + "value": "68977bb9ad6d186fefc6c7abd36010a66e30008dcb2d376087a41c49861e7268" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/US/Samoa", + "mode": 33188, + "size": 175, + "digest": { + "algorithm": "sha256", + "value": "7c262b62985863aad47f13b0ef5db2e5cc917b5d38002de9a2ea83ddb0883458" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/UTC", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Universal", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/W-SU", + "mode": 33188, + "size": 1535, + "digest": { + "algorithm": "sha256", + "value": "2a69287d1723e93f0f876f0f242866f09569d77b91bde7fa4d9d06b8fcd4883c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/WET", + "mode": 33188, + "size": 3527, + "digest": { + "algorithm": "sha256", + "value": "92b07cb24689226bf934308d1f1bd33c306aa4da610c52cd5bce25077960502c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posix/Zulu", + "mode": 33188, + "size": 114, + "digest": { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/posixrules", + "mode": 33188, + "size": 3552, + "digest": { + "algorithm": "sha256", + "value": "e9ed07d7bee0c76a9d442d091ef1f01668fee7c4f26014c0a868b19fe6c18a95" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Abidjan", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Accra", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Addis_Ababa", + "mode": 33188, + "size": 814, + "digest": { + "algorithm": "sha256", + "value": "0452df41e535930e88a7c4783bd33c4284d5cae96daa6915fffb9a27ccf2f4d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Algiers", + "mode": 33188, + "size": 1284, + "digest": { + "algorithm": "sha256", + "value": "b82210ca1dcb1915525fe6ecb6447113998bb3848e6d9c6129908894b9cf69dd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Asmara", + "mode": 33188, + "size": 814, + "digest": { + "algorithm": "sha256", + "value": "0452df41e535930e88a7c4783bd33c4284d5cae96daa6915fffb9a27ccf2f4d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Asmera", + "mode": 33188, + "size": 814, + "digest": { + "algorithm": "sha256", + "value": "0452df41e535930e88a7c4783bd33c4284d5cae96daa6915fffb9a27ccf2f4d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Bamako", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Bangui", + "mode": 33188, + "size": 784, + "digest": { + "algorithm": "sha256", + "value": "b498fd4a1c3b46c690f2b78e39afd2f8c31e4b1506115e12a82c89260dfce48e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Banjul", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Bissau", + "mode": 33188, + "size": 744, + "digest": { + "algorithm": "sha256", + "value": "69cb21ce2a4876370726a0d53384cb91070b3b5395957017eb8e3baf1545bf5a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Blantyre", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "50e495f300ed648bcd599326561fa29edc695ba8cdb27469b2008460406e0aaa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Brazzaville", + "mode": 33188, + "size": 784, + "digest": { + "algorithm": "sha256", + "value": "b498fd4a1c3b46c690f2b78e39afd2f8c31e4b1506115e12a82c89260dfce48e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Bujumbura", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "50e495f300ed648bcd599326561fa29edc695ba8cdb27469b2008460406e0aaa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Cairo", + "mode": 33188, + "size": 2602, + "digest": { + "algorithm": "sha256", + "value": "0cf2295a003fcdf7e72d5254f968c7f9b9fee98fba0fca1aeef2630d898ac313" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Casablanca", + "mode": 33188, + "size": 1708, + "digest": { + "algorithm": "sha256", + "value": "7308ffbd19caeb2e0236505cb098f2771a518d5f49dd7b5087bb67ad5716cc16" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Ceuta", + "mode": 33188, + "size": 2258, + "digest": { + "algorithm": "sha256", + "value": "c24c8fd8f15c5cfd8a0af1c6f82ddb123376866eb592ae8e2ae3b729d5ed1142" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Conakry", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Dakar", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Dar_es_Salaam", + "mode": 33188, + "size": 814, + "digest": { + "algorithm": "sha256", + "value": "0452df41e535930e88a7c4783bd33c4284d5cae96daa6915fffb9a27ccf2f4d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Djibouti", + "mode": 33188, + "size": 814, + "digest": { + "algorithm": "sha256", + "value": "0452df41e535930e88a7c4783bd33c4284d5cae96daa6915fffb9a27ccf2f4d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Douala", + "mode": 33188, + "size": 784, + "digest": { + "algorithm": "sha256", + "value": "b498fd4a1c3b46c690f2b78e39afd2f8c31e4b1506115e12a82c89260dfce48e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/El_Aaiun", + "mode": 33188, + "size": 1550, + "digest": { + "algorithm": "sha256", + "value": "4b87e565d279ef251825c24160a0e4975fb46c390838159e3d82246d5890eb08" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Freetown", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Gaborone", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "50e495f300ed648bcd599326561fa29edc695ba8cdb27469b2008460406e0aaa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Harare", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "50e495f300ed648bcd599326561fa29edc695ba8cdb27469b2008460406e0aaa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Johannesburg", + "mode": 33188, + "size": 794, + "digest": { + "algorithm": "sha256", + "value": "23430ce1b491d37d0cf263434c913117b38588a7bcd3d19644733d94c24c3d80" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Juba", + "mode": 33188, + "size": 1228, + "digest": { + "algorithm": "sha256", + "value": "95f824cbcdef20db8f196141d752f3a745a67377d1c42d81c1b305a13dfbbf75" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Kampala", + "mode": 33188, + "size": 814, + "digest": { + "algorithm": "sha256", + "value": "0452df41e535930e88a7c4783bd33c4284d5cae96daa6915fffb9a27ccf2f4d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Khartoum", + "mode": 33188, + "size": 1228, + "digest": { + "algorithm": "sha256", + "value": "e2f1a0bfcda4b70b929a141d995899ea42b717ece0c3c5d2b30fa7eadee4185f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Kigali", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "50e495f300ed648bcd599326561fa29edc695ba8cdb27469b2008460406e0aaa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Kinshasa", + "mode": 33188, + "size": 784, + "digest": { + "algorithm": "sha256", + "value": "b498fd4a1c3b46c690f2b78e39afd2f8c31e4b1506115e12a82c89260dfce48e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Lagos", + "mode": 33188, + "size": 784, + "digest": { + "algorithm": "sha256", + "value": "b498fd4a1c3b46c690f2b78e39afd2f8c31e4b1506115e12a82c89260dfce48e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Libreville", + "mode": 33188, + "size": 784, + "digest": { + "algorithm": "sha256", + "value": "b498fd4a1c3b46c690f2b78e39afd2f8c31e4b1506115e12a82c89260dfce48e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Lome", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Luanda", + "mode": 33188, + "size": 784, + "digest": { + "algorithm": "sha256", + "value": "b498fd4a1c3b46c690f2b78e39afd2f8c31e4b1506115e12a82c89260dfce48e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Lubumbashi", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "50e495f300ed648bcd599326561fa29edc695ba8cdb27469b2008460406e0aaa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Lusaka", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "50e495f300ed648bcd599326561fa29edc695ba8cdb27469b2008460406e0aaa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Malabo", + "mode": 33188, + "size": 784, + "digest": { + "algorithm": "sha256", + "value": "b498fd4a1c3b46c690f2b78e39afd2f8c31e4b1506115e12a82c89260dfce48e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Maputo", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "50e495f300ed648bcd599326561fa29edc695ba8cdb27469b2008460406e0aaa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Maseru", + "mode": 33188, + "size": 794, + "digest": { + "algorithm": "sha256", + "value": "23430ce1b491d37d0cf263434c913117b38588a7bcd3d19644733d94c24c3d80" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Mbabane", + "mode": 33188, + "size": 794, + "digest": { + "algorithm": "sha256", + "value": "23430ce1b491d37d0cf263434c913117b38588a7bcd3d19644733d94c24c3d80" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Mogadishu", + "mode": 33188, + "size": 814, + "digest": { + "algorithm": "sha256", + "value": "0452df41e535930e88a7c4783bd33c4284d5cae96daa6915fffb9a27ccf2f4d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Monrovia", + "mode": 33188, + "size": 758, + "digest": { + "algorithm": "sha256", + "value": "23c47fbe43d31c1c2eab3fc40909480a9f797368d8fa8e429774e16f8202d33a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Nairobi", + "mode": 33188, + "size": 814, + "digest": { + "algorithm": "sha256", + "value": "0452df41e535930e88a7c4783bd33c4284d5cae96daa6915fffb9a27ccf2f4d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Ndjamena", + "mode": 33188, + "size": 748, + "digest": { + "algorithm": "sha256", + "value": "72b90718f783f47d1194762dfdf1e9476f1272c92e3e674221605191ba9642ce" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Niamey", + "mode": 33188, + "size": 784, + "digest": { + "algorithm": "sha256", + "value": "b498fd4a1c3b46c690f2b78e39afd2f8c31e4b1506115e12a82c89260dfce48e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Nouakchott", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Ouagadougou", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Porto-Novo", + "mode": 33188, + "size": 784, + "digest": { + "algorithm": "sha256", + "value": "b498fd4a1c3b46c690f2b78e39afd2f8c31e4b1506115e12a82c89260dfce48e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Sao_Tome", + "mode": 33188, + "size": 804, + "digest": { + "algorithm": "sha256", + "value": "eac39b97f89cb5c9a5a6e8188fcdc2254c5e470bdba79cfd7dcc430f86ab23e3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Timbuktu", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Tripoli", + "mode": 33188, + "size": 1174, + "digest": { + "algorithm": "sha256", + "value": "bb5d4058b24832f4d9d47f2464b01b458efabc17243252c13cb1f7732eab4d0e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Tunis", + "mode": 33188, + "size": 1238, + "digest": { + "algorithm": "sha256", + "value": "5e2b3f9e67dba3db5f16186bb601bf9eddc930026bd9729a87de1e67b9215d7d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Africa/Windhoek", + "mode": 33188, + "size": 1542, + "digest": { + "algorithm": "sha256", + "value": "423d39a12510b844303818beaf7ca9bbab64f1d89bc74693dff4cc3538c7208a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Adak", + "mode": 33188, + "size": 2565, + "digest": { + "algorithm": "sha256", + "value": "eda5938e2a7bcf04fe49e8f88a54725faa398319b93206dfaeb2d0915887d560" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Anchorage", + "mode": 33188, + "size": 2579, + "digest": { + "algorithm": "sha256", + "value": "822caa627009cfbaec50af294a81c1e237ac690033f0f424468f1fa29ca60bf8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Anguilla", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Antigua", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Araguaina", + "mode": 33188, + "size": 1418, + "digest": { + "algorithm": "sha256", + "value": "48d382d8c4965a56dd7385bdf6b751c369359681530fdf04115ea1394b5bbee7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Argentina", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", + "mode": 33188, + "size": 1610, + "digest": { + "algorithm": "sha256", + "value": "2e14211d1ef17ff25d3e08567e9e53ef9ef4d1f81db55396a8e5cdff73d6a9ef" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Argentina/Catamarca", + "mode": 33188, + "size": 1610, + "digest": { + "algorithm": "sha256", + "value": "905ae931fb0eaada8c616b75e4df4d37499c4086cac66edd0ee9b16d0cbebbe5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Argentina/ComodRivadavia", + "mode": 33188, + "size": 1610, + "digest": { + "algorithm": "sha256", + "value": "905ae931fb0eaada8c616b75e4df4d37499c4086cac66edd0ee9b16d0cbebbe5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Argentina/Cordoba", + "mode": 33188, + "size": 1610, + "digest": { + "algorithm": "sha256", + "value": "8484fedab6db3db014c76102c714037f36dbc2577448550f7ab0162ee918c3ca" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Argentina/Jujuy", + "mode": 33188, + "size": 1582, + "digest": { + "algorithm": "sha256", + "value": "33ca10a968a8b941e09fd3fe3af2ea04309c7fe62f46d3a38b592767ef73f681" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", + "mode": 33188, + "size": 1624, + "digest": { + "algorithm": "sha256", + "value": "c874c359a6133f8d351124e131096e560c85745697b855a0dc7c39349a0f8816" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Argentina/Mendoza", + "mode": 33188, + "size": 1610, + "digest": { + "algorithm": "sha256", + "value": "c8f0a41e270f3428b7266e7b5286811b0c5a649b7e54f91e3e31f254c59154bb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", + "mode": 33188, + "size": 1610, + "digest": { + "algorithm": "sha256", + "value": "eff23fa4ef928a02ece1a45edda3c609d87b20e89739e6e6583d9a4270b53773" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Argentina/Salta", + "mode": 33188, + "size": 1582, + "digest": { + "algorithm": "sha256", + "value": "4afc8318be82f56fbc93b31cfeb5d14be09bbe8a06c769184da425fa923025c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Argentina/San_Juan", + "mode": 33188, + "size": 1624, + "digest": { + "algorithm": "sha256", + "value": "3bd8dea3ac42e9a2d1a0163bfe8f016fe2fc646a1ab6fc140a9f773bab427e46" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Argentina/San_Luis", + "mode": 33188, + "size": 1636, + "digest": { + "algorithm": "sha256", + "value": "2de51d378aa922263bbc8f8dd76127d4ad696a6fd477d7951c6f0fa4cb3f919f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Argentina/Tucuman", + "mode": 33188, + "size": 1638, + "digest": { + "algorithm": "sha256", + "value": "f459b3b4bdbd76e51a8058fcee5e33edc125ad05a7aab1c942d00d0ba720d24c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", + "mode": 33188, + "size": 1610, + "digest": { + "algorithm": "sha256", + "value": "0819bab11849a3ecc0c9bcea0859010c658df967ef0f223d2d6f9cfe2f9bc160" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Aruba", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Asuncion", + "mode": 33188, + "size": 2192, + "digest": { + "algorithm": "sha256", + "value": "2af7198626a523401b074059d12974998b644d8e1e5bebfd27e78bb4ac64e740" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Atikokan", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "52d82dae24e548fb8be6b53a7c8bf2f6a008600afb7c4616caf40f620f191174" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Atka", + "mode": 33188, + "size": 2565, + "digest": { + "algorithm": "sha256", + "value": "eda5938e2a7bcf04fe49e8f88a54725faa398319b93206dfaeb2d0915887d560" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Bahia", + "mode": 33188, + "size": 1558, + "digest": { + "algorithm": "sha256", + "value": "5e242c35d73d4f3bdabe156f23b114144f9cc359d3400ab7d7464b86b16d21c5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Bahia_Banderas", + "mode": 33188, + "size": 1650, + "digest": { + "algorithm": "sha256", + "value": "3b928d2fea6733afd52890678319e08e13112bb79a96ece242ed0d3c96235ef9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Barbados", + "mode": 33188, + "size": 986, + "digest": { + "algorithm": "sha256", + "value": "978e1e4bb9e907b25efd9c990c7e2fa4cce322aa08063ebd73983187d7db033d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Belem", + "mode": 33188, + "size": 1110, + "digest": { + "algorithm": "sha256", + "value": "30fedc0e5f3334ab4cbd939be48d7d8ef22d3d79927c136b88fd7bfee27601ab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Belize", + "mode": 33188, + "size": 2164, + "digest": { + "algorithm": "sha256", + "value": "7c378a7a12875e3dc0e8ec6232c6d057f7bf03335dcf9aa59afb4c3fcda21b26" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Blanc-Sablon", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Boa_Vista", + "mode": 33188, + "size": 1166, + "digest": { + "algorithm": "sha256", + "value": "d727d0877afc200e80e9ce5c2e5b77bdb21b6f01a2b52854f392b5bf1c45f9ee" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Bogota", + "mode": 33188, + "size": 780, + "digest": { + "algorithm": "sha256", + "value": "a7e9b73f5a0e6c85c3823c4da7336b0863ed53d62410c721e6cac0cdf5133991" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Boise", + "mode": 33188, + "size": 2620, + "digest": { + "algorithm": "sha256", + "value": "dd82ebade8f4b3c53cb5eae589c1061aa473cdae1b9f39076569e168f349a618" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Buenos_Aires", + "mode": 33188, + "size": 1610, + "digest": { + "algorithm": "sha256", + "value": "2e14211d1ef17ff25d3e08567e9e53ef9ef4d1f81db55396a8e5cdff73d6a9ef" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Cambridge_Bay", + "mode": 33188, + "size": 2464, + "digest": { + "algorithm": "sha256", + "value": "43b852b08512ed5a2eed675bfd74dfd8be60427b531bcfe77a443d8ebf0a5583" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Campo_Grande", + "mode": 33188, + "size": 1978, + "digest": { + "algorithm": "sha256", + "value": "de2c0178c7d83e45a841ad3747e791804738aae41ad147ce8a88c0aea562361a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Cancun", + "mode": 33188, + "size": 1414, + "digest": { + "algorithm": "sha256", + "value": "20096d8861f681fbcc5f4347a53ad0f163a470edabcb25add585a2ab078e024f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Caracas", + "mode": 33188, + "size": 798, + "digest": { + "algorithm": "sha256", + "value": "d43948c2d59a0dec759017b9c336ea5b44f1d24c487ee0938fcca43e0328264f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Catamarca", + "mode": 33188, + "size": 1610, + "digest": { + "algorithm": "sha256", + "value": "905ae931fb0eaada8c616b75e4df4d37499c4086cac66edd0ee9b16d0cbebbe5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Cayenne", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "0409a1d87a48254170b4561e085e4c4b39af2f257bdf440f1664861972eed754" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Cayman", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "52d82dae24e548fb8be6b53a7c8bf2f6a008600afb7c4616caf40f620f191174" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Chicago", + "mode": 33188, + "size": 3802, + "digest": { + "algorithm": "sha256", + "value": "508cca4fb0cd8f8c0fa7cbcd2bef318dd1c13234733675f18c353e39190888f7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Chihuahua", + "mode": 33188, + "size": 1652, + "digest": { + "algorithm": "sha256", + "value": "4b7c51f5b3eb517fedaa16555abc06f2c9eef1bd74f13338dcfd1d2d813b1ad9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Ciudad_Juarez", + "mode": 33188, + "size": 1748, + "digest": { + "algorithm": "sha256", + "value": "53a22d0f650666a63c4dea821d59578c6eaee0fff02e0e264eed8ac58d72defc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Coral_Harbour", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "52d82dae24e548fb8be6b53a7c8bf2f6a008600afb7c4616caf40f620f191174" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Cordoba", + "mode": 33188, + "size": 1610, + "digest": { + "algorithm": "sha256", + "value": "8484fedab6db3db014c76102c714037f36dbc2577448550f7ab0162ee918c3ca" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Costa_Rica", + "mode": 33188, + "size": 866, + "digest": { + "algorithm": "sha256", + "value": "3b1c0b45d274ae11b0d6b804f36aa49130434f81e936b6d3221c344d432665c7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Coyhaique", + "mode": 33188, + "size": 2674, + "digest": { + "algorithm": "sha256", + "value": "5840f696649edae1ff3a58946e5a1cfe1b79cfc2d3999f2277c35724ef08b239" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Creston", + "mode": 33188, + "size": 910, + "digest": { + "algorithm": "sha256", + "value": "2c497e17c3ec106cd3b05bcc0fc89f225cac710c30874b2443ef5e9247f171cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Cuiaba", + "mode": 33188, + "size": 1950, + "digest": { + "algorithm": "sha256", + "value": "61f4864f28eab14abc8dfbd85af412514f117c9970c9351d14d6e8dade5f59ce" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Curacao", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Danmarkshavn", + "mode": 33188, + "size": 1248, + "digest": { + "algorithm": "sha256", + "value": "5a2614344b77a66b5cb9f736165ecbff65a459d5dc5c4fc2a6eb65cdb162a878" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Dawson", + "mode": 33188, + "size": 2164, + "digest": { + "algorithm": "sha256", + "value": "3adb27eb1135311a63552717850232daadd5f47f6b10871fc42625a5c4b044e8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Dawson_Creek", + "mode": 33188, + "size": 1600, + "digest": { + "algorithm": "sha256", + "value": "caae6cca9f37e6f82a0d32eeb7a4f0b9cbad2b610647714e8fc3380e3f3fe5ea" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Denver", + "mode": 33188, + "size": 2670, + "digest": { + "algorithm": "sha256", + "value": "009b1d983df4e7e214c72eb8b510fb1a7793c6f6765a14fb82d1a00ca1dacf4f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Detroit", + "mode": 33188, + "size": 2440, + "digest": { + "algorithm": "sha256", + "value": "36ca32bc9140609c6ebabf35e479741fc2e98fed91eea751fe591e0a26689633" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Dominica", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Edmonton", + "mode": 33188, + "size": 2542, + "digest": { + "algorithm": "sha256", + "value": "afa6d497bc5818c957d3808fd514e1c9d8c3d5dc6d73eb827fd9887a706f0236" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Eirunepe", + "mode": 33188, + "size": 1190, + "digest": { + "algorithm": "sha256", + "value": "245360c9d41ad26bcfa74c470afe94960a4ef9856ad135fb9409c632bf4110d4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/El_Salvador", + "mode": 33188, + "size": 774, + "digest": { + "algorithm": "sha256", + "value": "2340aa52619e7a57372cbe9ae51f7ebb1b9ce83aa63ca0fd7f62c070eec378ce" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Ensenada", + "mode": 33188, + "size": 3116, + "digest": { + "algorithm": "sha256", + "value": "9b7623823f34274fcf498f5d4dcad2c1998f01a41cac6d1503df53fcd6b30e98" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Fort_Nelson", + "mode": 33188, + "size": 2790, + "digest": { + "algorithm": "sha256", + "value": "90cdaf661b23c31d02c3117f15f784d862722edee856ef88d596770b56545e43" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Fort_Wayne", + "mode": 33188, + "size": 1892, + "digest": { + "algorithm": "sha256", + "value": "95f90a543d0cbb550509c74f43492a26efc3160d4cecf10dc01e4412e0b77d32" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Fortaleza", + "mode": 33188, + "size": 1250, + "digest": { + "algorithm": "sha256", + "value": "6fb50feee952dd0613a9c3ac25174d154287cd24dddeec0aac7ec1b088dd4e8d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Glace_Bay", + "mode": 33188, + "size": 2402, + "digest": { + "algorithm": "sha256", + "value": "8689c6d71429789da2e34330e7da391e0e7b814478e882870edd4d67a03d05d0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Godthab", + "mode": 33188, + "size": 2090, + "digest": { + "algorithm": "sha256", + "value": "b2268d9af4acbba78fbeb12253078472f1c32694c2b9c288c292bfc565559c7f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Goose_Bay", + "mode": 33188, + "size": 3420, + "digest": { + "algorithm": "sha256", + "value": "e7493665d2774ac378e7ddc0e229027e8682d78374fe2484459b57da6fa52d2b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Grand_Turk", + "mode": 33188, + "size": 2044, + "digest": { + "algorithm": "sha256", + "value": "39845b71ff73d93286d04e50434d2a604cdc546ed5976af2b991f16e88dd6866" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Grenada", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Guadeloupe", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Guatemala", + "mode": 33188, + "size": 830, + "digest": { + "algorithm": "sha256", + "value": "bbe6000920225bd9f2dc14ae1f6a52e017e053764e651f8bc9b95c1bcf5a8f1a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Guayaquil", + "mode": 33188, + "size": 780, + "digest": { + "algorithm": "sha256", + "value": "27667cee3f74c7cf1136efc77a5ab4efcda8bb441427250fb9a083bc7696c423" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Guyana", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "6e579e187207c29c2900788fa37af2bdc3f30e55d386a37c02b7bdac3cacb19c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Halifax", + "mode": 33188, + "size": 3634, + "digest": { + "algorithm": "sha256", + "value": "e3d54dd2fc3666188c6b90bfbcc18901b65c37f6c77e19a4839a1e72a33bf824" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Havana", + "mode": 33188, + "size": 2622, + "digest": { + "algorithm": "sha256", + "value": "8028af31cdd0d78b7df66f5226e6bc41fd7ac6f565bb6223a3ad2e2dcdacfc28" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Hermosillo", + "mode": 33188, + "size": 938, + "digest": { + "algorithm": "sha256", + "value": "c9570d55caed4ccd2bc1f01b2ccd8bea0c4874a5ebfa480b20291fee76176493" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Indiana", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", + "mode": 33188, + "size": 1892, + "digest": { + "algorithm": "sha256", + "value": "95f90a543d0cbb550509c74f43492a26efc3160d4cecf10dc01e4412e0b77d32" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Indiana/Knox", + "mode": 33188, + "size": 2654, + "digest": { + "algorithm": "sha256", + "value": "b253321849d846469f82aaabc9024d51a5d9d9255e923dbdd9e87dbfe4417a0b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Indiana/Marengo", + "mode": 33188, + "size": 1948, + "digest": { + "algorithm": "sha256", + "value": "1614069da3538889f0a7e4f1bc7e4debfe09e7faa035858ae7367e6680a3c8e3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Indiana/Petersburg", + "mode": 33188, + "size": 2130, + "digest": { + "algorithm": "sha256", + "value": "8d7aa8f6495d9216d239780c0690f7517bb0ba582cc555568c50cbfb628bf5d5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Indiana/Tell_City", + "mode": 33188, + "size": 1910, + "digest": { + "algorithm": "sha256", + "value": "9dd5ecf8014dfbd548457fde23d6b11edba3a9e4e61409b34d840bcd7bfc6e53" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Indiana/Vevay", + "mode": 33188, + "size": 1640, + "digest": { + "algorithm": "sha256", + "value": "4dd0b872317af6466735bd2957516de64ad3c9ffc32153f67314eeb73a8a1de3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Indiana/Vincennes", + "mode": 33188, + "size": 1920, + "digest": { + "algorithm": "sha256", + "value": "7741c4fb0b37e5bf498cfdf3d86450732e5a048a591274a43dc93903d819fae8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Indiana/Winamac", + "mode": 33188, + "size": 2004, + "digest": { + "algorithm": "sha256", + "value": "d8cd67020740116a33c551b2c1d99f2a1134c344d99772753590d9aeb15bf7d9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Indianapolis", + "mode": 33188, + "size": 1892, + "digest": { + "algorithm": "sha256", + "value": "95f90a543d0cbb550509c74f43492a26efc3160d4cecf10dc01e4412e0b77d32" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Inuvik", + "mode": 33188, + "size": 2284, + "digest": { + "algorithm": "sha256", + "value": "1727c844eb1ae4ba69d85272788b825c53ea4dfad2bce3f0769da92834b84129" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Iqaluit", + "mode": 33188, + "size": 2412, + "digest": { + "algorithm": "sha256", + "value": "5599db0e4a8dff27506e5e116957712b4448075dc6f615286232559d3ce772b8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Jamaica", + "mode": 33188, + "size": 1032, + "digest": { + "algorithm": "sha256", + "value": "066c0660cb97453bf01c9107491f05eb45de90f34c9b001530a5af69b728b312" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Jujuy", + "mode": 33188, + "size": 1582, + "digest": { + "algorithm": "sha256", + "value": "33ca10a968a8b941e09fd3fe3af2ea04309c7fe62f46d3a38b592767ef73f681" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Juneau", + "mode": 33188, + "size": 2561, + "digest": { + "algorithm": "sha256", + "value": "90013fbad458645176b558a153cfa76886766a90f6bd5f9f13ad13611ac59115" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Kentucky", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Kentucky/Louisville", + "mode": 33188, + "size": 2998, + "digest": { + "algorithm": "sha256", + "value": "7eacfbe7dc579d0b6419ff0ffbce9b492ed9ea146bea00062e2baed4c8007b44" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Kentucky/Monticello", + "mode": 33188, + "size": 2578, + "digest": { + "algorithm": "sha256", + "value": "f00f8fe3447b51bd50317d7a042a5e549f486f027077a6c85a9b161f0baba943" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Knox_IN", + "mode": 33188, + "size": 2654, + "digest": { + "algorithm": "sha256", + "value": "b253321849d846469f82aaabc9024d51a5d9d9255e923dbdd9e87dbfe4417a0b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Kralendijk", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/La_Paz", + "mode": 33188, + "size": 766, + "digest": { + "algorithm": "sha256", + "value": "218d77afcba8a419201babfa27d0cdd559a32954dee4600d593e8155dd30cdc6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Lima", + "mode": 33188, + "size": 940, + "digest": { + "algorithm": "sha256", + "value": "61ae3c588fed2c476275e1fff7d4e45ef8541655540e1abe52066c9a97e83d53" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Los_Angeles", + "mode": 33188, + "size": 3062, + "digest": { + "algorithm": "sha256", + "value": "b40a39d8debb895ca0e5ef0cd6bc4521d867c3b45f404d1226a1cb1cda5eb922" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Louisville", + "mode": 33188, + "size": 2998, + "digest": { + "algorithm": "sha256", + "value": "7eacfbe7dc579d0b6419ff0ffbce9b492ed9ea146bea00062e2baed4c8007b44" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Lower_Princes", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Maceio", + "mode": 33188, + "size": 1278, + "digest": { + "algorithm": "sha256", + "value": "64e2ac99140770e8a99706abaa8bbc04ed11e1c48fddefeb3252d66c192de87a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Managua", + "mode": 33188, + "size": 980, + "digest": { + "algorithm": "sha256", + "value": "498566bab900866aabc7d189349de4276e268d62ef51c07f192209246fc6c945" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Manaus", + "mode": 33188, + "size": 1138, + "digest": { + "algorithm": "sha256", + "value": "f162c969260f6bfb6e26478b8750959119262a6aa36ae5878bae7500f0b145ff" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Marigot", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Martinique", + "mode": 33188, + "size": 782, + "digest": { + "algorithm": "sha256", + "value": "a835d8b3c5e8e11e669ebb8bb256753516a3c593ae84618c37c77f81e737b1ea" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Matamoros", + "mode": 33188, + "size": 1628, + "digest": { + "algorithm": "sha256", + "value": "d898fcbdf925555508486e707010dfcb2e3866fa55d70274e83eff51f7b5c178" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Mazatlan", + "mode": 33188, + "size": 1610, + "digest": { + "algorithm": "sha256", + "value": "50f02ec5dbf826efdb74219c2e548f72f8a693bd03ae8661fa65ce8c7574859c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Mendoza", + "mode": 33188, + "size": 1610, + "digest": { + "algorithm": "sha256", + "value": "c8f0a41e270f3428b7266e7b5286811b0c5a649b7e54f91e3e31f254c59154bb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Menominee", + "mode": 33188, + "size": 2484, + "digest": { + "algorithm": "sha256", + "value": "0f5590586230464a1e9b1d5b9fcb4ebc71cf9edbf095b5fda3043579e331b42c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Merida", + "mode": 33188, + "size": 1554, + "digest": { + "algorithm": "sha256", + "value": "c50cba406c5824dfc5cbdd47b592ea54a78240eb86bcd96c95a351fdf90cb3cd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Metlakatla", + "mode": 33188, + "size": 1631, + "digest": { + "algorithm": "sha256", + "value": "a5d691ffae4be4257acb5583e9dd9f72d296514f14d906aea1ba69bd5754b22b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Mexico_City", + "mode": 33188, + "size": 1772, + "digest": { + "algorithm": "sha256", + "value": "38cf0b0b9baf9ddd8c236c22d47ce8c73766d2946586caca1a91530f7fed0182" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Miquelon", + "mode": 33188, + "size": 1858, + "digest": { + "algorithm": "sha256", + "value": "1d7cbad8c75bc9b6cc7db5d0c43a872066bf3fb6b623a20d53575c4757237949" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Moncton", + "mode": 33188, + "size": 3364, + "digest": { + "algorithm": "sha256", + "value": "e4e6c11b1dc04ac8e3148f38c4e3d205924a9a6d2d666cda0a7f9678f391cfbf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Monterrey", + "mode": 33188, + "size": 1664, + "digest": { + "algorithm": "sha256", + "value": "2f853ca6bbd3d0b113a5128a025cfdd84d7b6318541208522c3372fc48495c76" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Montevideo", + "mode": 33188, + "size": 2044, + "digest": { + "algorithm": "sha256", + "value": "3321c222a35086ee3eabf562076e3c4cb0eaf800976b721e08c32b253b4d085f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Montreal", + "mode": 33188, + "size": 3704, + "digest": { + "algorithm": "sha256", + "value": "48d64bfabc72975ed46e01ed1a2420ebfbaa219c776afa5c9aefb369c707e39c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Montserrat", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Nassau", + "mode": 33188, + "size": 3704, + "digest": { + "algorithm": "sha256", + "value": "48d64bfabc72975ed46e01ed1a2420ebfbaa219c776afa5c9aefb369c707e39c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/New_York", + "mode": 33188, + "size": 3762, + "digest": { + "algorithm": "sha256", + "value": "f7f1a62c6b3c2ef445eb4f8e2d79480623b927eb218b5d56c32f4c0bb6747e02" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Nipigon", + "mode": 33188, + "size": 3704, + "digest": { + "algorithm": "sha256", + "value": "48d64bfabc72975ed46e01ed1a2420ebfbaa219c776afa5c9aefb369c707e39c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Nome", + "mode": 33188, + "size": 2575, + "digest": { + "algorithm": "sha256", + "value": "71c2fdd3fc2daa3670b40994d5b0132507879b69cbddc5e0445b2c90a11087c6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Noronha", + "mode": 33188, + "size": 1250, + "digest": { + "algorithm": "sha256", + "value": "d47c47c7faba76d805fadb6fde14087023df5bff9b9dae7cb49a2907efea8537" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/North_Dakota", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", + "mode": 33188, + "size": 2606, + "digest": { + "algorithm": "sha256", + "value": "33e570d57ff43a8ecc4eb2b5fff849c37fcb488d18dfbf5da9961acc989ee248" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/North_Dakota/Center", + "mode": 33188, + "size": 2606, + "digest": { + "algorithm": "sha256", + "value": "75847a6592b29c5f010bfd063ae285cee2c4990331b31c0eeaa4f02197b063d8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", + "mode": 33188, + "size": 2606, + "digest": { + "algorithm": "sha256", + "value": "63a7e424c49f9cc222424e6857ce09d909319aec22285ebfbef7d16f6c2afc61" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Nuuk", + "mode": 33188, + "size": 2090, + "digest": { + "algorithm": "sha256", + "value": "b2268d9af4acbba78fbeb12253078472f1c32694c2b9c288c292bfc565559c7f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Ojinaga", + "mode": 33188, + "size": 1734, + "digest": { + "algorithm": "sha256", + "value": "1d7e9c203e1876396d4f554b69111994472f185d682cfd3d7bba9dea957e21db" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Panama", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "52d82dae24e548fb8be6b53a7c8bf2f6a008600afb7c4616caf40f620f191174" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Pangnirtung", + "mode": 33188, + "size": 2412, + "digest": { + "algorithm": "sha256", + "value": "5599db0e4a8dff27506e5e116957712b4448075dc6f615286232559d3ce772b8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Paramaribo", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "e56d27942c7770d739698012db60f59808bc59a59638d2961c55590cfe693ee6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Phoenix", + "mode": 33188, + "size": 910, + "digest": { + "algorithm": "sha256", + "value": "2c497e17c3ec106cd3b05bcc0fc89f225cac710c30874b2443ef5e9247f171cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Port-au-Prince", + "mode": 33188, + "size": 1644, + "digest": { + "algorithm": "sha256", + "value": "2a2e9854608f9c5e984399ed7ee325a5632165e7a8e8fb5aa3b0afbf65e7ed9e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Port_of_Spain", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Porto_Acre", + "mode": 33188, + "size": 1162, + "digest": { + "algorithm": "sha256", + "value": "d3c4b22423c1999a0b2a1aaf11967b27df7d7d3ae095313c14b1eb190a74bcf2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Porto_Velho", + "mode": 33188, + "size": 1110, + "digest": { + "algorithm": "sha256", + "value": "686e94634d729f9aa8307bc248431a43c1ec476515c3e5c0e73b57d74e3f14cd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Puerto_Rico", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Punta_Arenas", + "mode": 33188, + "size": 2450, + "digest": { + "algorithm": "sha256", + "value": "a13d6ed6df004a5761a851d49f48360f98c21a184eba51578c4d0be7ed496cdb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Rainy_River", + "mode": 33188, + "size": 3078, + "digest": { + "algorithm": "sha256", + "value": "d319be96dde3c4101f61279e1d11487b5257e5231ab4aa3edf14cadf149097f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Rankin_Inlet", + "mode": 33188, + "size": 2276, + "digest": { + "algorithm": "sha256", + "value": "6a4a295ef6c89d44cc4ff815c6d8589440f64c531dea4f0a09c91f1439fa5e9f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Recife", + "mode": 33188, + "size": 1250, + "digest": { + "algorithm": "sha256", + "value": "764feb407ef17a1fd465a69be32f25669ca09f25cfe686bbc111bbcab88031c9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Regina", + "mode": 33188, + "size": 1530, + "digest": { + "algorithm": "sha256", + "value": "ec572e3bd6fea3d591fd296ef3e2e95adf12e929ac5516c3800a960105d035e5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Resolute", + "mode": 33188, + "size": 2276, + "digest": { + "algorithm": "sha256", + "value": "73b701dea80faffe0cfb8172a99b7bab90a77666e71ddc712a0c5273c305e40d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Rio_Branco", + "mode": 33188, + "size": 1162, + "digest": { + "algorithm": "sha256", + "value": "d3c4b22423c1999a0b2a1aaf11967b27df7d7d3ae095313c14b1eb190a74bcf2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Rosario", + "mode": 33188, + "size": 1610, + "digest": { + "algorithm": "sha256", + "value": "8484fedab6db3db014c76102c714037f36dbc2577448550f7ab0162ee918c3ca" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Santa_Isabel", + "mode": 33188, + "size": 3116, + "digest": { + "algorithm": "sha256", + "value": "9b7623823f34274fcf498f5d4dcad2c1998f01a41cac6d1503df53fcd6b30e98" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Santarem", + "mode": 33188, + "size": 1136, + "digest": { + "algorithm": "sha256", + "value": "91d7fc19bfecb703a724ad11a17f67a7095cd9d494ccebdd506bc2bc776e000d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Santiago", + "mode": 33188, + "size": 2716, + "digest": { + "algorithm": "sha256", + "value": "30acb9f36104eb92e583e873f2daa58abacda173d476d7d0433d811cef20dcfc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Santo_Domingo", + "mode": 33188, + "size": 1008, + "digest": { + "algorithm": "sha256", + "value": "14f58c692f142bdcb59cf3d700aa9604be1ff22827c6c17140953d0611b9a924" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Sao_Paulo", + "mode": 33188, + "size": 1978, + "digest": { + "algorithm": "sha256", + "value": "fede3897f0ae7fe27958092c4ac1848b45c6443898883096702eea92f1c63edb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Scoresbysund", + "mode": 33188, + "size": 2136, + "digest": { + "algorithm": "sha256", + "value": "4e01cc705341e29b44036a82cff81732b50b3e540d55ccd087433918d27f0da6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Shiprock", + "mode": 33188, + "size": 2670, + "digest": { + "algorithm": "sha256", + "value": "009b1d983df4e7e214c72eb8b510fb1a7793c6f6765a14fb82d1a00ca1dacf4f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Sitka", + "mode": 33188, + "size": 2537, + "digest": { + "algorithm": "sha256", + "value": "3236f77d934ce9d5a591961e15838a0b5e7c2134edf43cce18c0ccd7d0b37955" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/St_Barthelemy", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/St_Johns", + "mode": 33188, + "size": 3862, + "digest": { + "algorithm": "sha256", + "value": "c981661bea74f4fb22944f78424489cec690f056a5dc2b9255fe0fabd24f041c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/St_Kitts", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/St_Lucia", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/St_Thomas", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/St_Vincent", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Swift_Current", + "mode": 33188, + "size": 1110, + "digest": { + "algorithm": "sha256", + "value": "2ef279908fc95e3d2a430c7201b837b2763e56e8650b767c2641f557d1461681" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Tegucigalpa", + "mode": 33188, + "size": 802, + "digest": { + "algorithm": "sha256", + "value": "a08df830c1e23a5f1bf1469ee4fa780aafaf25ff94894d28cfae7bce83b9b9f1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Thule", + "mode": 33188, + "size": 1712, + "digest": { + "algorithm": "sha256", + "value": "c52d066a190b66826c90f918412d1723846983693c4193a571bb6f51a3fdca36" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Thunder_Bay", + "mode": 33188, + "size": 3704, + "digest": { + "algorithm": "sha256", + "value": "48d64bfabc72975ed46e01ed1a2420ebfbaa219c776afa5c9aefb369c707e39c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Tijuana", + "mode": 33188, + "size": 3116, + "digest": { + "algorithm": "sha256", + "value": "9b7623823f34274fcf498f5d4dcad2c1998f01a41cac6d1503df53fcd6b30e98" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Toronto", + "mode": 33188, + "size": 3704, + "digest": { + "algorithm": "sha256", + "value": "48d64bfabc72975ed46e01ed1a2420ebfbaa219c776afa5c9aefb369c707e39c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Tortola", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Vancouver", + "mode": 33188, + "size": 3102, + "digest": { + "algorithm": "sha256", + "value": "656726b667e9b7abce63ab5788c32152b1bcd20ddf3e9fd7056ec39a4df2542c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Virgin", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Whitehorse", + "mode": 33188, + "size": 2164, + "digest": { + "algorithm": "sha256", + "value": "413ee9b56dcd0788468a0ae8d5d2d3b55a7186c054d2917b2b7dd94200f9921c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Winnipeg", + "mode": 33188, + "size": 3078, + "digest": { + "algorithm": "sha256", + "value": "d319be96dde3c4101f61279e1d11487b5257e5231ab4aa3edf14cadf149097f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Yakutat", + "mode": 33188, + "size": 2513, + "digest": { + "algorithm": "sha256", + "value": "5cde21c64c156969bd1b2983d1ad9d608b0de21ca2da793c6c48db21f3543f11" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/America/Yellowknife", + "mode": 33188, + "size": 2542, + "digest": { + "algorithm": "sha256", + "value": "afa6d497bc5818c957d3808fd514e1c9d8c3d5dc6d73eb827fd9887a706f0236" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Antarctica", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Antarctica/Casey", + "mode": 33188, + "size": 970, + "digest": { + "algorithm": "sha256", + "value": "9407c27aea0e373d4c9c9d3b5e97bc269135adcd82569e8a1fa8324dfd17efbe" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Antarctica/Davis", + "mode": 33188, + "size": 830, + "digest": { + "algorithm": "sha256", + "value": "32917626152dcdd9eb7279663fe0b33ff383f2a8e07ce5b10cd53fd26aba0bcb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Antarctica/DumontDUrville", + "mode": 33188, + "size": 718, + "digest": { + "algorithm": "sha256", + "value": "dfcbe211275b20b5959c160ac363d99dbd25ef6ae357e2bcf161a9ed9eca6f0d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Antarctica/Macquarie", + "mode": 33188, + "size": 2464, + "digest": { + "algorithm": "sha256", + "value": "3e03e6ffa22cbdf5d509e165100d10b3b80f8c5dc5e53fa2346eb894fc1fd060" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Antarctica/Mawson", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "293a4db864cd6373b3862a753d10c5e66801365dc9e6343e9fb427f2915ff96b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Antarctica/McMurdo", + "mode": 33188, + "size": 2642, + "digest": { + "algorithm": "sha256", + "value": "6cf0475f637a0105f80af3aed943f6c86ccec3dd8d7aa3a0882147a54001e69a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Antarctica/Palmer", + "mode": 33188, + "size": 1952, + "digest": { + "algorithm": "sha256", + "value": "9e60db920af40199feb2c3b32901b596c8a7fd710e34ff44b298259fddd637b0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Antarctica/Rothera", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "881b79a6f03a9cb3ff504b40ff4307c3b1ee2440b504fca46b00efbb7c11a352" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Antarctica/South_Pole", + "mode": 33188, + "size": 2642, + "digest": { + "algorithm": "sha256", + "value": "6cf0475f637a0105f80af3aed943f6c86ccec3dd8d7aa3a0882147a54001e69a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Antarctica/Syowa", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "a0fe59eb5abbde35b25c7daa4ae408c7efb3668be6a0ed8d6b341ec2c30b0bcf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Antarctica/Troll", + "mode": 33188, + "size": 1348, + "digest": { + "algorithm": "sha256", + "value": "76825c28587b56d36bfcbe02ac96979f3633bcddff0ab8b00da0edc1e9a81c8f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Antarctica/Vostok", + "mode": 33188, + "size": 760, + "digest": { + "algorithm": "sha256", + "value": "29a5a255c288f672ee381983970da9090c81b4056b9506db3d67a453ae739dc5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Arctic", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Arctic/Longyearbyen", + "mode": 33188, + "size": 2504, + "digest": { + "algorithm": "sha256", + "value": "485189e858e34ea0dc8467797379074240effd120e3cf71a3d64b830888b6d8d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Aden", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "a0fe59eb5abbde35b25c7daa4ae408c7efb3668be6a0ed8d6b341ec2c30b0bcf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Almaty", + "mode": 33188, + "size": 1530, + "digest": { + "algorithm": "sha256", + "value": "2af708dde05b31b79c1df7a3b656c4e9b0cef50c4db8e458afd3e029dc89a0da" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Amman", + "mode": 33188, + "size": 1980, + "digest": { + "algorithm": "sha256", + "value": "c4870a6a4221ff72066f8aa21499a2bb92d452a3b50576fa7f4e2203bd8517da" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Anadyr", + "mode": 33188, + "size": 1720, + "digest": { + "algorithm": "sha256", + "value": "72d3c61e7fbae5c1374d5eff46194ee654a074f4cc85adfe12de8094b260348c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Aqtau", + "mode": 33188, + "size": 1516, + "digest": { + "algorithm": "sha256", + "value": "0a722faee98ac9e960da4978754434daf29921a1a5758920eb098940c0f20cdf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Aqtobe", + "mode": 33188, + "size": 1544, + "digest": { + "algorithm": "sha256", + "value": "ed7b46d90e245917536bc492068a7dc4b123df5ad90cd586a055139bf8e1f5ae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Ashgabat", + "mode": 33188, + "size": 1152, + "digest": { + "algorithm": "sha256", + "value": "20eda1eddf2d458e73637f4504a7756b071f4ac39403e726c023b606395e7c4d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Ashkhabad", + "mode": 33188, + "size": 1152, + "digest": { + "algorithm": "sha256", + "value": "20eda1eddf2d458e73637f4504a7756b071f4ac39403e726c023b606395e7c4d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Atyrau", + "mode": 33188, + "size": 1524, + "digest": { + "algorithm": "sha256", + "value": "a0baa3c0f54e9c5972aaeceaaed4f5bf256be1747728cbe2d334175363e771c1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Baghdad", + "mode": 33188, + "size": 1516, + "digest": { + "algorithm": "sha256", + "value": "bfc112458498dfd4b6965d5538b164b568d923505c6d6b12aee5f58b692dc047" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Bahrain", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "b183e0ed340781649a8870e63bd860aba246a0924f5c318e7cac551f2ae82b78" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Baku", + "mode": 33188, + "size": 1760, + "digest": { + "algorithm": "sha256", + "value": "b213a1ba26f4f9684ba98ee41f988dfa780d348b28a94fcb85898fe3cd5ce4ab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Bangkok", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "6a9ab5fcd3ec2c28ba6de7223f5e036219dcbfb8c12cf180095268be1e03f969" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Barnaul", + "mode": 33188, + "size": 1754, + "digest": { + "algorithm": "sha256", + "value": "a811724f90d0d3b317fec7844eeca62f481e40b55723f7c49adbbb3b66dcd9e7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Beirut", + "mode": 33188, + "size": 2358, + "digest": { + "algorithm": "sha256", + "value": "12facfe95d656a35dde148d2e220e01a0aafa1e7b9b71b40396c91abfcb4c140" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Bishkek", + "mode": 33188, + "size": 1516, + "digest": { + "algorithm": "sha256", + "value": "742d9eb1d99e5183e33c817af952ac5a54f8d73b1b5e6c6ab676ce048b47ea79" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Brunei", + "mode": 33188, + "size": 1016, + "digest": { + "algorithm": "sha256", + "value": "1378d7bffa56e11bd0a5185b50264ce7deb763051a80b84e6015c2dcb5abc46d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Calcutta", + "mode": 33188, + "size": 831, + "digest": { + "algorithm": "sha256", + "value": "8c4b2523c8fbf932c166659e8545f8e130c007436643bae5d87b493fbec00618" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Chita", + "mode": 33188, + "size": 1754, + "digest": { + "algorithm": "sha256", + "value": "d432791b40f33a27d26fa8015da821cbbbd342e5f0f446f08dcb335f61114480" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Choibalsan", + "mode": 33188, + "size": 1424, + "digest": { + "algorithm": "sha256", + "value": "a85c3f8409af204452a090c8f8dc073ba63ef07f9c54abc647bdd3d73320f84f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Chongqing", + "mode": 33188, + "size": 1110, + "digest": { + "algorithm": "sha256", + "value": "3dabb2cbd654bfeff65ce40f9e3e6e1f8905196bf11dbb7d09da90bfee0902dc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Chungking", + "mode": 33188, + "size": 1110, + "digest": { + "algorithm": "sha256", + "value": "3dabb2cbd654bfeff65ce40f9e3e6e1f8905196bf11dbb7d09da90bfee0902dc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Colombo", + "mode": 33188, + "size": 900, + "digest": { + "algorithm": "sha256", + "value": "9568be7d3c15c035fe21d134fcf3e4cbbe9fb88630669e1d5a82856045a1894e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Dacca", + "mode": 33188, + "size": 870, + "digest": { + "algorithm": "sha256", + "value": "883255334c7a560186731a994545992a58ddb7ebe0046d9bfac5d9bc0404fc31" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Damascus", + "mode": 33188, + "size": 2420, + "digest": { + "algorithm": "sha256", + "value": "905ca552d118390d8a55d110ccc510fd8ca62ee1c924b8fedb6e51ee06723bfd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Dhaka", + "mode": 33188, + "size": 870, + "digest": { + "algorithm": "sha256", + "value": "883255334c7a560186731a994545992a58ddb7ebe0046d9bfac5d9bc0404fc31" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Dili", + "mode": 33188, + "size": 804, + "digest": { + "algorithm": "sha256", + "value": "7f774195ded2dcae0fd35ad7c8631e25592b1dfaf7adf2f1a6fdfc57a756117d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Dubai", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "e81a84a54de891c2d04582ff7df63e4216f7b8da850a85f408295e5d4563cbd7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Dushanbe", + "mode": 33188, + "size": 1124, + "digest": { + "algorithm": "sha256", + "value": "ea635b2d543c7cef8e22a7f5e4908237b7b0f9c0d0913e0fac541005034e449c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Famagusta", + "mode": 33188, + "size": 2232, + "digest": { + "algorithm": "sha256", + "value": "20091893b43e49e89146c6565d0354a3e66eddf8cd7a684543516320cc43df79" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Gaza", + "mode": 33188, + "size": 2624, + "digest": { + "algorithm": "sha256", + "value": "9944849e649605ade7f9135704640d03377e79ec844685baedd067dd089df7fc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Harbin", + "mode": 33188, + "size": 1110, + "digest": { + "algorithm": "sha256", + "value": "3dabb2cbd654bfeff65ce40f9e3e6e1f8905196bf11dbb7d09da90bfee0902dc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Hebron", + "mode": 33188, + "size": 2652, + "digest": { + "algorithm": "sha256", + "value": "c14954909bece0963016e16fe991109861c3f321423dd66f8f079294a7a1763e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", + "mode": 33188, + "size": 884, + "digest": { + "algorithm": "sha256", + "value": "2506d16a1e40756e93071eeb87eb390d80677e97af93cfba0a8db85c0c30a78a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Hong_Kong", + "mode": 33188, + "size": 1782, + "digest": { + "algorithm": "sha256", + "value": "7b7d0ca6c638c25f978f1634aa550dbc6b581fc68c7fb8fc8206f185916d13d5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Hovd", + "mode": 33188, + "size": 1424, + "digest": { + "algorithm": "sha256", + "value": "65ae13b140b91e71ad833667bfc7f2e6800fc302b58226ef423fc1ecbda4d604" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Irkutsk", + "mode": 33188, + "size": 1776, + "digest": { + "algorithm": "sha256", + "value": "e949dd759bcfadcb7222bfc64add3bc627604ca295a6550295d4d15a1610f7d3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Istanbul", + "mode": 33188, + "size": 2480, + "digest": { + "algorithm": "sha256", + "value": "79e7252772bb1e751c4051a881290654a091b48eb6c5f7e8dbd75b902e9b69e3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Jakarta", + "mode": 33188, + "size": 932, + "digest": { + "algorithm": "sha256", + "value": "4a01dcddf56ccd3dce9bd268e1a9c2f8f45d01599ad1d2756e24b322c88ddf81" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Jayapura", + "mode": 33188, + "size": 770, + "digest": { + "algorithm": "sha256", + "value": "aab37ddf857fffe26ae3c74d6b0be399d4315c1f3e626b51d7c371ca33aa632b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Jerusalem", + "mode": 33188, + "size": 2594, + "digest": { + "algorithm": "sha256", + "value": "b0148f8add566bc74f6812b19c7b6ab83946b49391062d57594b48ff68b4a579" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Kabul", + "mode": 33188, + "size": 736, + "digest": { + "algorithm": "sha256", + "value": "b6801f8238f3facc093d3599d29a938743de04c8bd02a34232b47e2902da0a75" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Kamchatka", + "mode": 33188, + "size": 1698, + "digest": { + "algorithm": "sha256", + "value": "59e32ed392ec42cdd6a82e8442393d7a26cff5a4efa91463e853ea341bfb9ebd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Karachi", + "mode": 33188, + "size": 928, + "digest": { + "algorithm": "sha256", + "value": "d553bc3c156e678388d870fb20fec1f3a5fafd6df697c16764303d549a0bbc5d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Kashgar", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "e89dcc179fd438c7f0bfdd7c36386e1ef6ade581a140444a799c36c739218bf8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Kathmandu", + "mode": 33188, + "size": 740, + "digest": { + "algorithm": "sha256", + "value": "6d72acb61184a8dd4aeb228b7df667a1af8e3166bcd2f942b1500d0c487605b9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Katmandu", + "mode": 33188, + "size": 740, + "digest": { + "algorithm": "sha256", + "value": "6d72acb61184a8dd4aeb228b7df667a1af8e3166bcd2f942b1500d0c487605b9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Khandyga", + "mode": 33188, + "size": 1804, + "digest": { + "algorithm": "sha256", + "value": "34541fa47299957178a872c4b5a406acca305eb0491a505397590de3790b87a7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Kolkata", + "mode": 33188, + "size": 831, + "digest": { + "algorithm": "sha256", + "value": "8c4b2523c8fbf932c166659e8545f8e130c007436643bae5d87b493fbec00618" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", + "mode": 33188, + "size": 1740, + "digest": { + "algorithm": "sha256", + "value": "3af7c4abd423ffcfbb41c76ce325460e94806b01670507a84d24479a743bc57a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Kuala_Lumpur", + "mode": 33188, + "size": 948, + "digest": { + "algorithm": "sha256", + "value": "9aae6b3d02b5d8e625f614d3db703803868cbfd6307370c1ec8f189d23d38e86" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Kuching", + "mode": 33188, + "size": 1016, + "digest": { + "algorithm": "sha256", + "value": "1378d7bffa56e11bd0a5185b50264ce7deb763051a80b84e6015c2dcb5abc46d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Kuwait", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "a0fe59eb5abbde35b25c7daa4ae408c7efb3668be6a0ed8d6b341ec2c30b0bcf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Macao", + "mode": 33188, + "size": 1776, + "digest": { + "algorithm": "sha256", + "value": "1bca990b0f1a5a1cd670a97844a919313f001fcd1300e759646b07777464afc0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Macau", + "mode": 33188, + "size": 1776, + "digest": { + "algorithm": "sha256", + "value": "1bca990b0f1a5a1cd670a97844a919313f001fcd1300e759646b07777464afc0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Magadan", + "mode": 33188, + "size": 1754, + "digest": { + "algorithm": "sha256", + "value": "e5c4dc15e34614bb39258cf6c02e86e42ceb62ec7af0b5ca925d34ff2b838de3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Makassar", + "mode": 33188, + "size": 802, + "digest": { + "algorithm": "sha256", + "value": "9baf5051a31815f8e742137b58b84d39d2e18f7523e31c661154e98cc94236ab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Manila", + "mode": 33188, + "size": 971, + "digest": { + "algorithm": "sha256", + "value": "da9a7302d5e020e9c8a25de5c2658913221c6ee6de2fd3c73a9f916d9e092ac6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Muscat", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "e81a84a54de891c2d04582ff7df63e4216f7b8da850a85f408295e5d4563cbd7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Nicosia", + "mode": 33188, + "size": 2206, + "digest": { + "algorithm": "sha256", + "value": "816ece597d51a1dc8fb9f2b5f704fb92ca46f39193c82d203b3e0f76022bfe6f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Novokuznetsk", + "mode": 33188, + "size": 1698, + "digest": { + "algorithm": "sha256", + "value": "ecd1e87524dbea8b32301ab86d801059ea058c4a44ef91413366d0ea1e55a7dd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Novosibirsk", + "mode": 33188, + "size": 1754, + "digest": { + "algorithm": "sha256", + "value": "4bc8670b03af61f39638e08b06b3233505dd623976ab72df7382989687ac3cfa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Omsk", + "mode": 33188, + "size": 1740, + "digest": { + "algorithm": "sha256", + "value": "ba4e12684ef834b2d8fd16eec35fc1f7e742ec9880203294572bdab53d3b5684" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Oral", + "mode": 33188, + "size": 1538, + "digest": { + "algorithm": "sha256", + "value": "8dab88f61eba53c08e408d58d78c4c18dfc34d03bfdea4ac75b6c69c110227d0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Phnom_Penh", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "6a9ab5fcd3ec2c28ba6de7223f5e036219dcbfb8c12cf180095268be1e03f969" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Pontianak", + "mode": 33188, + "size": 902, + "digest": { + "algorithm": "sha256", + "value": "24665b40a1d184b383861fb511ac1842c9697b172aa95553cdbeee510e85207b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Pyongyang", + "mode": 33188, + "size": 786, + "digest": { + "algorithm": "sha256", + "value": "2e6cd3912e92ad2ab9de080ad938668ca91dee96f5ff3dc16236e92411cd4970" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Qatar", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "b183e0ed340781649a8870e63bd860aba246a0924f5c318e7cac551f2ae82b78" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Qostanay", + "mode": 33188, + "size": 1572, + "digest": { + "algorithm": "sha256", + "value": "f0c637df806e7d9b767f035b731651d98766fffbacdfbe46427317142c1c5e18" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Qyzylorda", + "mode": 33188, + "size": 1558, + "digest": { + "algorithm": "sha256", + "value": "a1f7f65b16b26a0ee985c46961fdf72b555a11c8179c07dd07178c45950f33cc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Rangoon", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "1cfd8f0fa6de43e4e9ed265490c9456349f6d1432d16df8b800d6f05523cd652" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Riyadh", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "a0fe59eb5abbde35b25c7daa4ae408c7efb3668be6a0ed8d6b341ec2c30b0bcf" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Saigon", + "mode": 33188, + "size": 884, + "digest": { + "algorithm": "sha256", + "value": "2506d16a1e40756e93071eeb87eb390d80677e97af93cfba0a8db85c0c30a78a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Sakhalin", + "mode": 33188, + "size": 1734, + "digest": { + "algorithm": "sha256", + "value": "200016884eeb4dd0e79b6510428bf4abf98b7a2f7ceb9b01c1243b71a019b4c1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Samarkand", + "mode": 33188, + "size": 1110, + "digest": { + "algorithm": "sha256", + "value": "0a16a07b835821e5d7df7d673e31e8c23f73a9566756810728c1a714254963ff" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Seoul", + "mode": 33188, + "size": 1166, + "digest": { + "algorithm": "sha256", + "value": "ada505a6950423e64d3dc95d6fb5e49035d9c0660f45196f379fb98ef2db464d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Shanghai", + "mode": 33188, + "size": 1110, + "digest": { + "algorithm": "sha256", + "value": "3dabb2cbd654bfeff65ce40f9e3e6e1f8905196bf11dbb7d09da90bfee0902dc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Singapore", + "mode": 33188, + "size": 948, + "digest": { + "algorithm": "sha256", + "value": "9aae6b3d02b5d8e625f614d3db703803868cbfd6307370c1ec8f189d23d38e86" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Srednekolymsk", + "mode": 33188, + "size": 1740, + "digest": { + "algorithm": "sha256", + "value": "b71e39c85bc690caa7d5eff6cd8812de59147ae3d734327fa93c6c161541081d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Taipei", + "mode": 33188, + "size": 1310, + "digest": { + "algorithm": "sha256", + "value": "2e0fab6e1dc06ffab787f03fbedb00bfba79cd7e24111d4bba043941951da401" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Tashkent", + "mode": 33188, + "size": 1124, + "digest": { + "algorithm": "sha256", + "value": "a401a4c5888b6a017118b63716cd5d511601ee0414546facf1c6b13b11e2d778" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Tbilisi", + "mode": 33188, + "size": 1568, + "digest": { + "algorithm": "sha256", + "value": "6a88a837d9b4cfe9763a39074af7cee568b4b8301ce76f554648cfd591bb2c40" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Tehran", + "mode": 33188, + "size": 1790, + "digest": { + "algorithm": "sha256", + "value": "51517431e87fc787c60334fea3fdcac3212d69cfe68efdfab1af7078db475421" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Tel_Aviv", + "mode": 33188, + "size": 2594, + "digest": { + "algorithm": "sha256", + "value": "b0148f8add566bc74f6812b19c7b6ab83946b49391062d57594b48ff68b4a579" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Thimbu", + "mode": 33188, + "size": 736, + "digest": { + "algorithm": "sha256", + "value": "8b68b1bd1b172cc41d1182634f6396d1883a07472294a1b9b08b53f22c7d526b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Thimphu", + "mode": 33188, + "size": 736, + "digest": { + "algorithm": "sha256", + "value": "8b68b1bd1b172cc41d1182634f6396d1883a07472294a1b9b08b53f22c7d526b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Tokyo", + "mode": 33188, + "size": 858, + "digest": { + "algorithm": "sha256", + "value": "ebd0981ce34f6067ae2a1ac10cb93045e2c53207739cd4c4e5a5182c1e58eb29" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Tomsk", + "mode": 33188, + "size": 1754, + "digest": { + "algorithm": "sha256", + "value": "d097fcdc0791e3ad95b57007487139d569daa9cc454201a3b5a9e23eabc5ad12" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Ujung_Pandang", + "mode": 33188, + "size": 802, + "digest": { + "algorithm": "sha256", + "value": "9baf5051a31815f8e742137b58b84d39d2e18f7523e31c661154e98cc94236ab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", + "mode": 33188, + "size": 1424, + "digest": { + "algorithm": "sha256", + "value": "a85c3f8409af204452a090c8f8dc073ba63ef07f9c54abc647bdd3d73320f84f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Ulan_Bator", + "mode": 33188, + "size": 1424, + "digest": { + "algorithm": "sha256", + "value": "a85c3f8409af204452a090c8f8dc073ba63ef07f9c54abc647bdd3d73320f84f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Urumqi", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "e89dcc179fd438c7f0bfdd7c36386e1ef6ade581a140444a799c36c739218bf8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Ust-Nera", + "mode": 33188, + "size": 1784, + "digest": { + "algorithm": "sha256", + "value": "2e5ae847187fe508b769c504e5374d1849bb96538dbc8c37734c8e0fe7fe0d64" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Vientiane", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "6a9ab5fcd3ec2c28ba6de7223f5e036219dcbfb8c12cf180095268be1e03f969" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Vladivostok", + "mode": 33188, + "size": 1740, + "digest": { + "algorithm": "sha256", + "value": "3169967b2fdc43cf45958af33ba6f68d1b21e77483de43a4c2e7bb9937ae09e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Yakutsk", + "mode": 33188, + "size": 1740, + "digest": { + "algorithm": "sha256", + "value": "6a008c10551d500021b9656ac0275359050f7dfeeb95c6f09a5e92ff947a929c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Yangon", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "1cfd8f0fa6de43e4e9ed265490c9456349f6d1432d16df8b800d6f05523cd652" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Yekaterinburg", + "mode": 33188, + "size": 1776, + "digest": { + "algorithm": "sha256", + "value": "a38ccdd3308be5ba8d0d05a194034f8f878df83efae43f9542f2bf32d12f371e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Asia/Yerevan", + "mode": 33188, + "size": 1684, + "digest": { + "algorithm": "sha256", + "value": "eb1d78885ef08e71fbd252a8a94211a75ef5945df8d13cef0a2b7ecb1b4327db" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Atlantic", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Atlantic/Azores", + "mode": 33188, + "size": 3644, + "digest": { + "algorithm": "sha256", + "value": "8d43571970c544ffa840bf6a6c36e22ba2e61f0a08f305b872550533cdbbe84d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Atlantic/Bermuda", + "mode": 33188, + "size": 2606, + "digest": { + "algorithm": "sha256", + "value": "acde2d95e4d36821033d1dabbc8a8411b9e6350c23a2ad2d80801f7fec87a6d0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Atlantic/Canary", + "mode": 33188, + "size": 2104, + "digest": { + "algorithm": "sha256", + "value": "9c494307b553c65f8b98288d007d865588e17f02fccd5198dae5d8a304506df7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", + "mode": 33188, + "size": 804, + "digest": { + "algorithm": "sha256", + "value": "80298c8e9532d3c7f14575b254803ee66856504126bdec0c78bbea9a5c11023d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Atlantic/Faeroe", + "mode": 33188, + "size": 2022, + "digest": { + "algorithm": "sha256", + "value": "e4bc706cbf76ac1b6af63a674384a5b29bce64d961cc701453de33a9df2da140" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Atlantic/Faroe", + "mode": 33188, + "size": 2022, + "digest": { + "algorithm": "sha256", + "value": "e4bc706cbf76ac1b6af63a674384a5b29bce64d961cc701453de33a9df2da140" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Atlantic/Jan_Mayen", + "mode": 33188, + "size": 2504, + "digest": { + "algorithm": "sha256", + "value": "485189e858e34ea0dc8467797379074240effd120e3cf71a3d64b830888b6d8d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Atlantic/Madeira", + "mode": 33188, + "size": 3584, + "digest": { + "algorithm": "sha256", + "value": "c9d7c63adae12bd3b067d9da920e70b46c80918958f66fe8e58e763fe39b9e3d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Atlantic/Reykjavik", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Atlantic/South_Georgia", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "230b5565a00d4a87d68c1aa7f36316522fb46f2b10de37b8ba6f03276c40851f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Atlantic/St_Helena", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Atlantic/Stanley", + "mode": 33188, + "size": 1748, + "digest": { + "algorithm": "sha256", + "value": "8e17fa24405bdeab427f31d715b75aad22ff767bca0f421f47a0c1ea57410bba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/ACT", + "mode": 33188, + "size": 2394, + "digest": { + "algorithm": "sha256", + "value": "642e4c43482e65d17e43cbc5fe2c665bcfc6500fbd7be117997a958519357c54" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Adelaide", + "mode": 33188, + "size": 2410, + "digest": { + "algorithm": "sha256", + "value": "ba3b9c88bef36f4b814ca5049c06b5eb2a1935a61c237c79aa2c88b2292819a3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Brisbane", + "mode": 33188, + "size": 966, + "digest": { + "algorithm": "sha256", + "value": "0d0dd2a38a62d3fe7b8d7b26719631363df500dd58c34194c7615bd369465309" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Broken_Hill", + "mode": 33188, + "size": 2431, + "digest": { + "algorithm": "sha256", + "value": "2f15cd9d3c530060a73b2bb4a5f6e9d88cadd4eee4fa132a688fe592a7a24e66" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Canberra", + "mode": 33188, + "size": 2394, + "digest": { + "algorithm": "sha256", + "value": "642e4c43482e65d17e43cbc5fe2c665bcfc6500fbd7be117997a958519357c54" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Currie", + "mode": 33188, + "size": 2562, + "digest": { + "algorithm": "sha256", + "value": "ed21235521d7650b7ab9c2fbac6670b52ef1c316a7d3387c3468ffcc2f1c4e56" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Darwin", + "mode": 33188, + "size": 870, + "digest": { + "algorithm": "sha256", + "value": "e6a593646f567712af1a334e9386b4e2b12af1bfbb84478bfa03a1a752ed1041" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Eucla", + "mode": 33188, + "size": 998, + "digest": { + "algorithm": "sha256", + "value": "b7d2a342295c3224ba9d297b001af131566ef88a3546cbe8c225ce5053414a8c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Hobart", + "mode": 33188, + "size": 2562, + "digest": { + "algorithm": "sha256", + "value": "ed21235521d7650b7ab9c2fbac6670b52ef1c316a7d3387c3468ffcc2f1c4e56" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/LHI", + "mode": 33188, + "size": 2042, + "digest": { + "algorithm": "sha256", + "value": "76162efac0f2925905052ab5cf35988527658a004db0d2c441ad97db8a3e22d7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Lindeman", + "mode": 33188, + "size": 1022, + "digest": { + "algorithm": "sha256", + "value": "a8d5b962760b0cfd9dd1f008029b15ae5e074855e82ec66d742563027eb55d24" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Lord_Howe", + "mode": 33188, + "size": 2042, + "digest": { + "algorithm": "sha256", + "value": "76162efac0f2925905052ab5cf35988527658a004db0d2c441ad97db8a3e22d7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Melbourne", + "mode": 33188, + "size": 2394, + "digest": { + "algorithm": "sha256", + "value": "84ab5e18504d4001ee4e97c6008760e6851ec1b81ff2fac5c33a5551cbb1001e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/NSW", + "mode": 33188, + "size": 2394, + "digest": { + "algorithm": "sha256", + "value": "642e4c43482e65d17e43cbc5fe2c665bcfc6500fbd7be117997a958519357c54" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/North", + "mode": 33188, + "size": 870, + "digest": { + "algorithm": "sha256", + "value": "e6a593646f567712af1a334e9386b4e2b12af1bfbb84478bfa03a1a752ed1041" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Perth", + "mode": 33188, + "size": 994, + "digest": { + "algorithm": "sha256", + "value": "27a4964d7927ddd70e9940a5b0bd82611825ec6e505195cd4a4a46605e5d6b2d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Queensland", + "mode": 33188, + "size": 966, + "digest": { + "algorithm": "sha256", + "value": "0d0dd2a38a62d3fe7b8d7b26719631363df500dd58c34194c7615bd369465309" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/South", + "mode": 33188, + "size": 2410, + "digest": { + "algorithm": "sha256", + "value": "ba3b9c88bef36f4b814ca5049c06b5eb2a1935a61c237c79aa2c88b2292819a3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Sydney", + "mode": 33188, + "size": 2394, + "digest": { + "algorithm": "sha256", + "value": "642e4c43482e65d17e43cbc5fe2c665bcfc6500fbd7be117997a958519357c54" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Tasmania", + "mode": 33188, + "size": 2562, + "digest": { + "algorithm": "sha256", + "value": "ed21235521d7650b7ab9c2fbac6670b52ef1c316a7d3387c3468ffcc2f1c4e56" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Victoria", + "mode": 33188, + "size": 2394, + "digest": { + "algorithm": "sha256", + "value": "84ab5e18504d4001ee4e97c6008760e6851ec1b81ff2fac5c33a5551cbb1001e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/West", + "mode": 33188, + "size": 994, + "digest": { + "algorithm": "sha256", + "value": "27a4964d7927ddd70e9940a5b0bd82611825ec6e505195cd4a4a46605e5d6b2d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Australia/Yancowinna", + "mode": 33188, + "size": 2431, + "digest": { + "algorithm": "sha256", + "value": "2f15cd9d3c530060a73b2bb4a5f6e9d88cadd4eee4fa132a688fe592a7a24e66" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Brazil", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Brazil/Acre", + "mode": 33188, + "size": 1162, + "digest": { + "algorithm": "sha256", + "value": "d3c4b22423c1999a0b2a1aaf11967b27df7d7d3ae095313c14b1eb190a74bcf2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Brazil/DeNoronha", + "mode": 33188, + "size": 1250, + "digest": { + "algorithm": "sha256", + "value": "d47c47c7faba76d805fadb6fde14087023df5bff9b9dae7cb49a2907efea8537" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Brazil/East", + "mode": 33188, + "size": 1978, + "digest": { + "algorithm": "sha256", + "value": "fede3897f0ae7fe27958092c4ac1848b45c6443898883096702eea92f1c63edb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Brazil/West", + "mode": 33188, + "size": 1138, + "digest": { + "algorithm": "sha256", + "value": "f162c969260f6bfb6e26478b8750959119262a6aa36ae5878bae7500f0b145ff" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/CET", + "mode": 33188, + "size": 3139, + "digest": { + "algorithm": "sha256", + "value": "f335b2e2a80f9fa6c01a7ab22bff2167484a28c1dd50fbeb24921e7b78d19ab7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/CST6CDT", + "mode": 33188, + "size": 3802, + "digest": { + "algorithm": "sha256", + "value": "508cca4fb0cd8f8c0fa7cbcd2bef318dd1c13234733675f18c353e39190888f7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Canada", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Canada/Atlantic", + "mode": 33188, + "size": 3634, + "digest": { + "algorithm": "sha256", + "value": "e3d54dd2fc3666188c6b90bfbcc18901b65c37f6c77e19a4839a1e72a33bf824" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Canada/Central", + "mode": 33188, + "size": 3078, + "digest": { + "algorithm": "sha256", + "value": "d319be96dde3c4101f61279e1d11487b5257e5231ab4aa3edf14cadf149097f2" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Canada/Eastern", + "mode": 33188, + "size": 3704, + "digest": { + "algorithm": "sha256", + "value": "48d64bfabc72975ed46e01ed1a2420ebfbaa219c776afa5c9aefb369c707e39c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Canada/Mountain", + "mode": 33188, + "size": 2542, + "digest": { + "algorithm": "sha256", + "value": "afa6d497bc5818c957d3808fd514e1c9d8c3d5dc6d73eb827fd9887a706f0236" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Canada/Newfoundland", + "mode": 33188, + "size": 3862, + "digest": { + "algorithm": "sha256", + "value": "c981661bea74f4fb22944f78424489cec690f056a5dc2b9255fe0fabd24f041c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Canada/Pacific", + "mode": 33188, + "size": 3102, + "digest": { + "algorithm": "sha256", + "value": "656726b667e9b7abce63ab5788c32152b1bcd20ddf3e9fd7056ec39a4df2542c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Canada/Saskatchewan", + "mode": 33188, + "size": 1530, + "digest": { + "algorithm": "sha256", + "value": "ec572e3bd6fea3d591fd296ef3e2e95adf12e929ac5516c3800a960105d035e5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Canada/Yukon", + "mode": 33188, + "size": 2164, + "digest": { + "algorithm": "sha256", + "value": "413ee9b56dcd0788468a0ae8d5d2d3b55a7186c054d2917b2b7dd94200f9921c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Chile", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Chile/Continental", + "mode": 33188, + "size": 2716, + "digest": { + "algorithm": "sha256", + "value": "30acb9f36104eb92e583e873f2daa58abacda173d476d7d0433d811cef20dcfc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Chile/EasterIsland", + "mode": 33188, + "size": 2420, + "digest": { + "algorithm": "sha256", + "value": "b0635e8bb3a3efb07b5e4955576082a7ea8886d6ccc9a7b7eb80792e75a81aae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Cuba", + "mode": 33188, + "size": 2622, + "digest": { + "algorithm": "sha256", + "value": "8028af31cdd0d78b7df66f5226e6bc41fd7ac6f565bb6223a3ad2e2dcdacfc28" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/EET", + "mode": 33188, + "size": 2466, + "digest": { + "algorithm": "sha256", + "value": "51319031e6a4e42a4c15c2952140f2d428a71255bfd4ad0dce25b8fde7d00585" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/EST", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "52d82dae24e548fb8be6b53a7c8bf2f6a008600afb7c4616caf40f620f191174" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/EST5EDT", + "mode": 33188, + "size": 3762, + "digest": { + "algorithm": "sha256", + "value": "f7f1a62c6b3c2ef445eb4f8e2d79480623b927eb218b5d56c32f4c0bb6747e02" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Egypt", + "mode": 33188, + "size": 2602, + "digest": { + "algorithm": "sha256", + "value": "0cf2295a003fcdf7e72d5254f968c7f9b9fee98fba0fca1aeef2630d898ac313" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Eire", + "mode": 33188, + "size": 3698, + "digest": { + "algorithm": "sha256", + "value": "2cd23fa1542d2e8f07e27e17560d1f6283b8b525e8a9ca4be9f0c16ce66aa7dd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "c0ae0c488922dfe5baff09fea6c5d252a8f2d5cdd8f3cd280c68e31d2d8ac6fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT+0", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "c0ae0c488922dfe5baff09fea6c5d252a8f2d5cdd8f3cd280c68e31d2d8ac6fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT+1", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "16ea18914e1676430fee370b242d86587d3117b432482ec8a497db8bd14453ba" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT+10", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "c683654d0864baadc2f98ba9fa75b5f203af117c4e611cc8cc4c73eaac254cd5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT+11", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "5fea7c2d91940b17e15f78137ab3d40073ea161c858899498a7b90c79d84d48d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT+12", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "24bbfaa6ff8159d3012fe838b6db32b77c13164f652c84dc43d7d3dc6a25f265" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT+2", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "580fa5dae9587a6a260d0933985575b20cfefc9e7e17ce0587c24df848b82700" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT+3", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "4e52fa3acf4d068ab35ec9d0fb5c10122bee012c6fd0bc1fbb3ed6419d2d8db9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT+4", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "ec22c8e01edffa45b339dedcbcbdf8be615094f09b649213183cd75a5ab29800" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT+5", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "46fdd6be7520a43a5465619781bdd047e72c0b1a8e6a16a5b31b00b758221a57" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT+6", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "0439857b0b94981df61fbf4070041d0f3f26f6102012843bca69e750e5b49ad8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT+7", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "75138491c3bd0ac7b172c3cf9c878159f557d7346144d71c89001fa0b5434eef" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT+8", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "65f78112a4e299dd478d06bef4569e93ca88781f5a7aca82861aca64f2a54921" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT+9", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "14fa76a891398da90e64238f578675169038c2aabdece2bdd807c7e5c8014423" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT-0", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "c0ae0c488922dfe5baff09fea6c5d252a8f2d5cdd8f3cd280c68e31d2d8ac6fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT-1", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "bd9f157a6d4ed2edaecc9986c6a37a15b4cf24b4ec285d1fb033f60a8b6b40ea" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT-10", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "31ad29ec2374b91ee2c65ec4a3d55a9a349f656cf147e88ceab2078866118555" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT-11", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "7e8147d18a82011ce5c40cfdb3e72ee7c9f663a36319c769ff34c861c07d46e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT-12", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "1643f375f77a9cfa4f5a43a7edc5b1c9aaf6b142e38f5f11a5ad424d3c3bc50e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT-13", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "ae045edea58729a07bf482af7f0514ef1f58cf0229da64203d847cbd73091ced" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT-14", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "6cfd1aea860e6e5bdc9acf61fb9d73b8157a184699af09ec60a7ac9105129d09" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT-2", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "ab411c42f81cf32921ba066b3fd207c19f8fadfc7a645ac498d0cd99403e08b4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT-3", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "456321d4535e73ea2f90d57b4c6a01985b6c61975d3192079010ecba1756319a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT-4", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "3bd4a880605600d48d2c6a66bb8c06f8311517e66ab8f36033712637741804aa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT-5", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "1d1c996246907f0f3a9acd5e718e2081d09fa9302db8cdba699970f042ec2bb7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT-6", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "240967a18e32890d63fbf85c36a4f68ee7e34ee2e74369ca7cc302e8d5628081" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT-7", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "d64bfa44a85bf15af2bae860eb7c983d37e105feec38bbac7abdb68e7301db9e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT-8", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "5a45eb9a1793d21016cca402103fc96cada05665bb04419479a8c16dfb2d127d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT-9", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "7b073597e60378b11510062f4763f5b028665d89a202f460f8076a66ce9c1e86" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/GMT0", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "c0ae0c488922dfe5baff09fea6c5d252a8f2d5cdd8f3cd280c68e31d2d8ac6fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/Greenwich", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "c0ae0c488922dfe5baff09fea6c5d252a8f2d5cdd8f3cd280c68e31d2d8ac6fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/UCT", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "d8ae7a9298ef0de0e84b7cbe5988f476d9ac76168506ad4a15ba2a4c77d0f882" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/UTC", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "d8ae7a9298ef0de0e84b7cbe5988f476d9ac76168506ad4a15ba2a4c77d0f882" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/Universal", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "d8ae7a9298ef0de0e84b7cbe5988f476d9ac76168506ad4a15ba2a4c77d0f882" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Etc/Zulu", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "d8ae7a9298ef0de0e84b7cbe5988f476d9ac76168506ad4a15ba2a4c77d0f882" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Amsterdam", + "mode": 33188, + "size": 3139, + "digest": { + "algorithm": "sha256", + "value": "f335b2e2a80f9fa6c01a7ab22bff2167484a28c1dd50fbeb24921e7b78d19ab7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Andorra", + "mode": 33188, + "size": 1948, + "digest": { + "algorithm": "sha256", + "value": "636f35db63ba2d24513234d0aaeac9176dffe5c59b992fb8ec284306fc1e8e55" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Astrakhan", + "mode": 33188, + "size": 1698, + "digest": { + "algorithm": "sha256", + "value": "db0f7db18f4422f75f50905bbe3e1385d9beb785ac3ab4830c95e60ed6d26663" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Athens", + "mode": 33188, + "size": 2466, + "digest": { + "algorithm": "sha256", + "value": "51319031e6a4e42a4c15c2952140f2d428a71255bfd4ad0dce25b8fde7d00585" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Belfast", + "mode": 33188, + "size": 3872, + "digest": { + "algorithm": "sha256", + "value": "46b7d10bfe167c8abbe0a6b9568a56254b1d32bf709c59f79730d434c01f620a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Belgrade", + "mode": 33188, + "size": 2126, + "digest": { + "algorithm": "sha256", + "value": "424a31c5076e7e8df83719bef2256bfc462950cb25dbe4757ec6bf2bffc73407" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Berlin", + "mode": 33188, + "size": 2504, + "digest": { + "algorithm": "sha256", + "value": "485189e858e34ea0dc8467797379074240effd120e3cf71a3d64b830888b6d8d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Bratislava", + "mode": 33188, + "size": 2507, + "digest": { + "algorithm": "sha256", + "value": "2724db32864ac46c3519d2e65ceaab5c5aa47ea40fc7ef223b0e95f1d6123478" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Brussels", + "mode": 33188, + "size": 3139, + "digest": { + "algorithm": "sha256", + "value": "f335b2e2a80f9fa6c01a7ab22bff2167484a28c1dd50fbeb24921e7b78d19ab7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Bucharest", + "mode": 33188, + "size": 2388, + "digest": { + "algorithm": "sha256", + "value": "1c344ffd880bb10fab22505e6a155ede7966118ffe8154f9823d636f539f1fad" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Budapest", + "mode": 33188, + "size": 2574, + "digest": { + "algorithm": "sha256", + "value": "b794eb2756f3064a56dc6d69b6283d782c4fe5b847f08e8f01791febc2aa7d64" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Busingen", + "mode": 33188, + "size": 2115, + "digest": { + "algorithm": "sha256", + "value": "c7933f897854ae9ba3f186d4e69e6a4d8c83a7aadeac05bfc6ad24b352902c87" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Chisinau", + "mode": 33188, + "size": 2596, + "digest": { + "algorithm": "sha256", + "value": "7f5a8ec399f624b8c76af090704ff395e751d5a1b01d97d591e6bb7456e50707" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Copenhagen", + "mode": 33188, + "size": 2504, + "digest": { + "algorithm": "sha256", + "value": "485189e858e34ea0dc8467797379074240effd120e3cf71a3d64b830888b6d8d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Dublin", + "mode": 33188, + "size": 3698, + "digest": { + "algorithm": "sha256", + "value": "2cd23fa1542d2e8f07e27e17560d1f6283b8b525e8a9ca4be9f0c16ce66aa7dd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Gibraltar", + "mode": 33188, + "size": 3274, + "digest": { + "algorithm": "sha256", + "value": "bfa36a2a92509b37f9ce349039b318cfacd1a8f42b8d45a90123441b0bc5f614" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Guernsey", + "mode": 33188, + "size": 3872, + "digest": { + "algorithm": "sha256", + "value": "46b7d10bfe167c8abbe0a6b9568a56254b1d32bf709c59f79730d434c01f620a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Helsinki", + "mode": 33188, + "size": 2104, + "digest": { + "algorithm": "sha256", + "value": "99774635d3673503f5f9a68bfa0a8ed22904a6aa240a54ca146c769a6b44f04f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Isle_of_Man", + "mode": 33188, + "size": 3872, + "digest": { + "algorithm": "sha256", + "value": "46b7d10bfe167c8abbe0a6b9568a56254b1d32bf709c59f79730d434c01f620a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Istanbul", + "mode": 33188, + "size": 2480, + "digest": { + "algorithm": "sha256", + "value": "79e7252772bb1e751c4051a881290654a091b48eb6c5f7e8dbd75b902e9b69e3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Jersey", + "mode": 33188, + "size": 3872, + "digest": { + "algorithm": "sha256", + "value": "46b7d10bfe167c8abbe0a6b9568a56254b1d32bf709c59f79730d434c01f620a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Kaliningrad", + "mode": 33188, + "size": 2042, + "digest": { + "algorithm": "sha256", + "value": "4e9d028d6e75c1d8dee0ea1d2911be263c15986ce0d85f7962fc3a74980abea3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Kiev", + "mode": 33188, + "size": 2324, + "digest": { + "algorithm": "sha256", + "value": "2908feb1a02054053d38f4237fef440ecb8c4823532447f37dd40496081a7aab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Kirov", + "mode": 33188, + "size": 1734, + "digest": { + "algorithm": "sha256", + "value": "cd4ce071df873475dae25a8f9bc6669f210ffb2f59459177ba85cecdb1066869" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Kyiv", + "mode": 33188, + "size": 2324, + "digest": { + "algorithm": "sha256", + "value": "2908feb1a02054053d38f4237fef440ecb8c4823532447f37dd40496081a7aab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Lisbon", + "mode": 33188, + "size": 3734, + "digest": { + "algorithm": "sha256", + "value": "a36f7b5c14745fcf1ce8d81bd69ddf2a5f54acb42ae257b4f9a76979af60d2fd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Ljubljana", + "mode": 33188, + "size": 2126, + "digest": { + "algorithm": "sha256", + "value": "424a31c5076e7e8df83719bef2256bfc462950cb25dbe4757ec6bf2bffc73407" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/London", + "mode": 33188, + "size": 3872, + "digest": { + "algorithm": "sha256", + "value": "46b7d10bfe167c8abbe0a6b9568a56254b1d32bf709c59f79730d434c01f620a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Luxembourg", + "mode": 33188, + "size": 3139, + "digest": { + "algorithm": "sha256", + "value": "f335b2e2a80f9fa6c01a7ab22bff2167484a28c1dd50fbeb24921e7b78d19ab7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Madrid", + "mode": 33188, + "size": 2820, + "digest": { + "algorithm": "sha256", + "value": "60a674aaf464d0c1c6449054d431dbf18e3530563279b8a504816f3652a16d24" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Malta", + "mode": 33188, + "size": 2826, + "digest": { + "algorithm": "sha256", + "value": "cff70fde0bb281552820a88054c3474f60421052182e1f5c5dfc6f79d9964d20" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Mariehamn", + "mode": 33188, + "size": 2104, + "digest": { + "algorithm": "sha256", + "value": "99774635d3673503f5f9a68bfa0a8ed22904a6aa240a54ca146c769a6b44f04f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Minsk", + "mode": 33188, + "size": 1854, + "digest": { + "algorithm": "sha256", + "value": "2143110d5ab8d697694075f8a9f9e6e4db2e9ae3fc864588dc4aaf06bd215940" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Monaco", + "mode": 33188, + "size": 3168, + "digest": { + "algorithm": "sha256", + "value": "843e7e61f730fd653c286c01cbc9cd290b79e3e61d2fb2e9f216bbe3f7db31f8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Moscow", + "mode": 33188, + "size": 2084, + "digest": { + "algorithm": "sha256", + "value": "fbe286e4e8b537f98c782958f935e648f86643a4db89bf8566f4037afe216d15" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Nicosia", + "mode": 33188, + "size": 2206, + "digest": { + "algorithm": "sha256", + "value": "816ece597d51a1dc8fb9f2b5f704fb92ca46f39193c82d203b3e0f76022bfe6f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Oslo", + "mode": 33188, + "size": 2504, + "digest": { + "algorithm": "sha256", + "value": "485189e858e34ea0dc8467797379074240effd120e3cf71a3d64b830888b6d8d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Paris", + "mode": 33188, + "size": 3168, + "digest": { + "algorithm": "sha256", + "value": "843e7e61f730fd653c286c01cbc9cd290b79e3e61d2fb2e9f216bbe3f7db31f8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Podgorica", + "mode": 33188, + "size": 2126, + "digest": { + "algorithm": "sha256", + "value": "424a31c5076e7e8df83719bef2256bfc462950cb25dbe4757ec6bf2bffc73407" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Prague", + "mode": 33188, + "size": 2507, + "digest": { + "algorithm": "sha256", + "value": "2724db32864ac46c3519d2e65ceaab5c5aa47ea40fc7ef223b0e95f1d6123478" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Riga", + "mode": 33188, + "size": 2402, + "digest": { + "algorithm": "sha256", + "value": "8ba637f5e64e2e7ec5c3f78b2e60905d33107a9ef6f81ed9d7c4f4e0c3a5f1c6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Rome", + "mode": 33188, + "size": 2847, + "digest": { + "algorithm": "sha256", + "value": "c5891612c9a5e83e5ed103fe82045826dcd6c82c7c566622fdb9e77eafc7d50a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Samara", + "mode": 33188, + "size": 1748, + "digest": { + "algorithm": "sha256", + "value": "82f9a27b9f643a01a4dc1da68b08864a6713345326309721466b128e72c32231" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/San_Marino", + "mode": 33188, + "size": 2847, + "digest": { + "algorithm": "sha256", + "value": "c5891612c9a5e83e5ed103fe82045826dcd6c82c7c566622fdb9e77eafc7d50a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Sarajevo", + "mode": 33188, + "size": 2126, + "digest": { + "algorithm": "sha256", + "value": "424a31c5076e7e8df83719bef2256bfc462950cb25dbe4757ec6bf2bffc73407" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Saratov", + "mode": 33188, + "size": 1716, + "digest": { + "algorithm": "sha256", + "value": "bf2199a05b90cb3b923d20bc669acf2f86fd843130a1d9dfe3383807d5245941" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Simferopol", + "mode": 33188, + "size": 2018, + "digest": { + "algorithm": "sha256", + "value": "58dbfa564500222376adbd40333a91130fa799752e66bdf1a45551c726e27faa" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Skopje", + "mode": 33188, + "size": 2126, + "digest": { + "algorithm": "sha256", + "value": "424a31c5076e7e8df83719bef2256bfc462950cb25dbe4757ec6bf2bffc73407" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Sofia", + "mode": 33188, + "size": 2281, + "digest": { + "algorithm": "sha256", + "value": "37bbdd3d0a1bbb85dddaf9bd9379405f1c7ccda6b319f0344818e1a92731aed8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Stockholm", + "mode": 33188, + "size": 2504, + "digest": { + "algorithm": "sha256", + "value": "485189e858e34ea0dc8467797379074240effd120e3cf71a3d64b830888b6d8d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Tallinn", + "mode": 33188, + "size": 2352, + "digest": { + "algorithm": "sha256", + "value": "fe35837b7201844c0f4cc40926df64aca256425ef499bafb5d4dddac7231fbb9" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Tirane", + "mode": 33188, + "size": 2290, + "digest": { + "algorithm": "sha256", + "value": "728eeba75e4e7c47d50342c1d0cb77442d5433ec082942f4291d404af86e9b38" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Tiraspol", + "mode": 33188, + "size": 2596, + "digest": { + "algorithm": "sha256", + "value": "7f5a8ec399f624b8c76af090704ff395e751d5a1b01d97d591e6bb7456e50707" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Ulyanovsk", + "mode": 33188, + "size": 1800, + "digest": { + "algorithm": "sha256", + "value": "178ebea5ec84691a5e29c09f05b268bb6a3839bd2b6069537acab096b2608dce" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Uzhgorod", + "mode": 33188, + "size": 2324, + "digest": { + "algorithm": "sha256", + "value": "2908feb1a02054053d38f4237fef440ecb8c4823532447f37dd40496081a7aab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Vaduz", + "mode": 33188, + "size": 2115, + "digest": { + "algorithm": "sha256", + "value": "c7933f897854ae9ba3f186d4e69e6a4d8c83a7aadeac05bfc6ad24b352902c87" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Vatican", + "mode": 33188, + "size": 2847, + "digest": { + "algorithm": "sha256", + "value": "c5891612c9a5e83e5ed103fe82045826dcd6c82c7c566622fdb9e77eafc7d50a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Vienna", + "mode": 33188, + "size": 2406, + "digest": { + "algorithm": "sha256", + "value": "1978e5d57f4ae3db762ad0cc8d9b1825467ddb6e7b37add40589ad88d67dcf12" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Vilnius", + "mode": 33188, + "size": 2366, + "digest": { + "algorithm": "sha256", + "value": "9e0346c05bd62e5062c3e9c1af6abb3a76cac647d69904414df525dc699a8da1" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Volgograd", + "mode": 33188, + "size": 1742, + "digest": { + "algorithm": "sha256", + "value": "c0a89c4186f6cb4116f953bee1e96336d76a95fe242958b36f1d343d3feae1ae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Warsaw", + "mode": 33188, + "size": 2860, + "digest": { + "algorithm": "sha256", + "value": "9e8225d49707e4b369634eb200212e63222e6ea0a8ef16a346ea6e32a12ca651" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Zagreb", + "mode": 33188, + "size": 2126, + "digest": { + "algorithm": "sha256", + "value": "424a31c5076e7e8df83719bef2256bfc462950cb25dbe4757ec6bf2bffc73407" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Zaporozhye", + "mode": 33188, + "size": 2324, + "digest": { + "algorithm": "sha256", + "value": "2908feb1a02054053d38f4237fef440ecb8c4823532447f37dd40496081a7aab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Europe/Zurich", + "mode": 33188, + "size": 2115, + "digest": { + "algorithm": "sha256", + "value": "c7933f897854ae9ba3f186d4e69e6a4d8c83a7aadeac05bfc6ad24b352902c87" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Factory", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "1562a07bd51e51e00a99a8db7ceac2bc5d473008d9798b66d1046ff7ca69f2e3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/GB", + "mode": 33188, + "size": 3872, + "digest": { + "algorithm": "sha256", + "value": "46b7d10bfe167c8abbe0a6b9568a56254b1d32bf709c59f79730d434c01f620a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/GB-Eire", + "mode": 33188, + "size": 3872, + "digest": { + "algorithm": "sha256", + "value": "46b7d10bfe167c8abbe0a6b9568a56254b1d32bf709c59f79730d434c01f620a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/GMT", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "c0ae0c488922dfe5baff09fea6c5d252a8f2d5cdd8f3cd280c68e31d2d8ac6fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/GMT+0", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "c0ae0c488922dfe5baff09fea6c5d252a8f2d5cdd8f3cd280c68e31d2d8ac6fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/GMT-0", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "c0ae0c488922dfe5baff09fea6c5d252a8f2d5cdd8f3cd280c68e31d2d8ac6fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/GMT0", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "c0ae0c488922dfe5baff09fea6c5d252a8f2d5cdd8f3cd280c68e31d2d8ac6fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Greenwich", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "c0ae0c488922dfe5baff09fea6c5d252a8f2d5cdd8f3cd280c68e31d2d8ac6fb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/HST", + "mode": 33188, + "size": 878, + "digest": { + "algorithm": "sha256", + "value": "3cd58372124c8149411f3b1e7a923096293afb60d234258ae9230e768f906175" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Hongkong", + "mode": 33188, + "size": 1782, + "digest": { + "algorithm": "sha256", + "value": "7b7d0ca6c638c25f978f1634aa550dbc6b581fc68c7fb8fc8206f185916d13d5" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Iceland", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Indian", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Indian/Antananarivo", + "mode": 33188, + "size": 814, + "digest": { + "algorithm": "sha256", + "value": "0452df41e535930e88a7c4783bd33c4284d5cae96daa6915fffb9a27ccf2f4d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Indian/Chagos", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "a56c856698ed900dd9f105de3ecfa7c02a47d3e0a72cf9b0b2dda8d78e1ca668" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Indian/Christmas", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "6a9ab5fcd3ec2c28ba6de7223f5e036219dcbfb8c12cf180095268be1e03f969" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Indian/Cocos", + "mode": 33188, + "size": 796, + "digest": { + "algorithm": "sha256", + "value": "1cfd8f0fa6de43e4e9ed265490c9456349f6d1432d16df8b800d6f05523cd652" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Indian/Comoro", + "mode": 33188, + "size": 814, + "digest": { + "algorithm": "sha256", + "value": "0452df41e535930e88a7c4783bd33c4284d5cae96daa6915fffb9a27ccf2f4d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Indian/Kerguelen", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "6f460c82f439e2d45a82af8290775e71ebe2ee472d802c2fc36ca477151ed03a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Indian/Mahe", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "e81a84a54de891c2d04582ff7df63e4216f7b8da850a85f408295e5d4563cbd7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Indian/Maldives", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "6f460c82f439e2d45a82af8290775e71ebe2ee472d802c2fc36ca477151ed03a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Indian/Mauritius", + "mode": 33188, + "size": 774, + "digest": { + "algorithm": "sha256", + "value": "392bac1d8217b660b7affe6623ef563ab1deefd077661e4ca48746f20ff07e73" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Indian/Mayotte", + "mode": 33188, + "size": 814, + "digest": { + "algorithm": "sha256", + "value": "0452df41e535930e88a7c4783bd33c4284d5cae96daa6915fffb9a27ccf2f4d6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Indian/Reunion", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "e81a84a54de891c2d04582ff7df63e4216f7b8da850a85f408295e5d4563cbd7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Iran", + "mode": 33188, + "size": 1790, + "digest": { + "algorithm": "sha256", + "value": "51517431e87fc787c60334fea3fdcac3212d69cfe68efdfab1af7078db475421" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Israel", + "mode": 33188, + "size": 2594, + "digest": { + "algorithm": "sha256", + "value": "b0148f8add566bc74f6812b19c7b6ab83946b49391062d57594b48ff68b4a579" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Jamaica", + "mode": 33188, + "size": 1032, + "digest": { + "algorithm": "sha256", + "value": "066c0660cb97453bf01c9107491f05eb45de90f34c9b001530a5af69b728b312" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Japan", + "mode": 33188, + "size": 858, + "digest": { + "algorithm": "sha256", + "value": "ebd0981ce34f6067ae2a1ac10cb93045e2c53207739cd4c4e5a5182c1e58eb29" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Kwajalein", + "mode": 33188, + "size": 848, + "digest": { + "algorithm": "sha256", + "value": "fe0269639dfeb4da4a29422764e8ce5d131bceb70eb858288feacb33adb93357" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Libya", + "mode": 33188, + "size": 1174, + "digest": { + "algorithm": "sha256", + "value": "bb5d4058b24832f4d9d47f2464b01b458efabc17243252c13cb1f7732eab4d0e" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/MET", + "mode": 33188, + "size": 3139, + "digest": { + "algorithm": "sha256", + "value": "f335b2e2a80f9fa6c01a7ab22bff2167484a28c1dd50fbeb24921e7b78d19ab7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/MST", + "mode": 33188, + "size": 910, + "digest": { + "algorithm": "sha256", + "value": "2c497e17c3ec106cd3b05bcc0fc89f225cac710c30874b2443ef5e9247f171cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/MST7MDT", + "mode": 33188, + "size": 2670, + "digest": { + "algorithm": "sha256", + "value": "009b1d983df4e7e214c72eb8b510fb1a7793c6f6765a14fb82d1a00ca1dacf4f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Mexico", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Mexico/BajaNorte", + "mode": 33188, + "size": 3116, + "digest": { + "algorithm": "sha256", + "value": "9b7623823f34274fcf498f5d4dcad2c1998f01a41cac6d1503df53fcd6b30e98" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Mexico/BajaSur", + "mode": 33188, + "size": 1610, + "digest": { + "algorithm": "sha256", + "value": "50f02ec5dbf826efdb74219c2e548f72f8a693bd03ae8661fa65ce8c7574859c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Mexico/General", + "mode": 33188, + "size": 1772, + "digest": { + "algorithm": "sha256", + "value": "38cf0b0b9baf9ddd8c236c22d47ce8c73766d2946586caca1a91530f7fed0182" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/NZ", + "mode": 33188, + "size": 2642, + "digest": { + "algorithm": "sha256", + "value": "6cf0475f637a0105f80af3aed943f6c86ccec3dd8d7aa3a0882147a54001e69a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/NZ-CHAT", + "mode": 33188, + "size": 2242, + "digest": { + "algorithm": "sha256", + "value": "7418e8e399cac56ecc7db3b17dd98b99af2a78c01009f6090b81fa74bb9ed1be" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Navajo", + "mode": 33188, + "size": 2670, + "digest": { + "algorithm": "sha256", + "value": "009b1d983df4e7e214c72eb8b510fb1a7793c6f6765a14fb82d1a00ca1dacf4f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/PRC", + "mode": 33188, + "size": 1110, + "digest": { + "algorithm": "sha256", + "value": "3dabb2cbd654bfeff65ce40f9e3e6e1f8905196bf11dbb7d09da90bfee0902dc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/PST8PDT", + "mode": 33188, + "size": 3062, + "digest": { + "algorithm": "sha256", + "value": "b40a39d8debb895ca0e5ef0cd6bc4521d867c3b45f404d1226a1cb1cda5eb922" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Apia", + "mode": 33188, + "size": 1144, + "digest": { + "algorithm": "sha256", + "value": "9232e8d2e7c4b0851c24b934806eed6ad8c782b70b5f8077ecd085a344cf21a6" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Auckland", + "mode": 33188, + "size": 2642, + "digest": { + "algorithm": "sha256", + "value": "6cf0475f637a0105f80af3aed943f6c86ccec3dd8d7aa3a0882147a54001e69a" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Bougainville", + "mode": 33188, + "size": 800, + "digest": { + "algorithm": "sha256", + "value": "3424ec28a42e16e2aecfedcb0e9460623e322ef6e91b0cbcd0f30ea3f81a38ea" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Chatham", + "mode": 33188, + "size": 2242, + "digest": { + "algorithm": "sha256", + "value": "7418e8e399cac56ecc7db3b17dd98b99af2a78c01009f6090b81fa74bb9ed1be" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Chuuk", + "mode": 33188, + "size": 718, + "digest": { + "algorithm": "sha256", + "value": "dfcbe211275b20b5959c160ac363d99dbd25ef6ae357e2bcf161a9ed9eca6f0d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Easter", + "mode": 33188, + "size": 2420, + "digest": { + "algorithm": "sha256", + "value": "b0635e8bb3a3efb07b5e4955576082a7ea8886d6ccc9a7b7eb80792e75a81aae" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Efate", + "mode": 33188, + "size": 1070, + "digest": { + "algorithm": "sha256", + "value": "2c3fa89e70a1e6f04d32a1425a7c4a17ea831bdb2991e2b2e7a6207eb2a2da34" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Enderbury", + "mode": 33188, + "size": 766, + "digest": { + "algorithm": "sha256", + "value": "0d861c486407a2cfa76dcb792e29ab6b5a7dc23fc88e436fcf0e91aa934ce50f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Fakaofo", + "mode": 33188, + "size": 732, + "digest": { + "algorithm": "sha256", + "value": "310746ea8f1df6f1fda801edfd8bf9dbe668ff0d67fc8f2ee6b09d13e08b1342" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Fiji", + "mode": 33188, + "size": 1110, + "digest": { + "algorithm": "sha256", + "value": "61d9791f14bdcd80003cc510d466349ddddae5425da99a15ff54363e61c82663" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Funafuti", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "a19599331d7971282a3d99d552f3580e18e1a3f291fe1c2a724b732b28d19dda" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Galapagos", + "mode": 33188, + "size": 772, + "digest": { + "algorithm": "sha256", + "value": "e11d59240fad0b7863207bf94d2a3b1a1bee3dd638562cd52ad82dff0c5500cc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Gambier", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "e740a7ffbc13dd2ceba41ad306ef0ea8648404f94647a5f0acb6a53cc7fd07bd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Guadalcanal", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "395078e1bda2f361dadc972e7cac74766378db47e93ab0eb40831c1bd3cd0eb4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Guam", + "mode": 33188, + "size": 1041, + "digest": { + "algorithm": "sha256", + "value": "dd2618ab40e4937e8a7e77ee99cb16850d680dd751fbafbc7f1315910c1c654d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Honolulu", + "mode": 33188, + "size": 878, + "digest": { + "algorithm": "sha256", + "value": "3cd58372124c8149411f3b1e7a923096293afb60d234258ae9230e768f906175" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Johnston", + "mode": 33188, + "size": 878, + "digest": { + "algorithm": "sha256", + "value": "3cd58372124c8149411f3b1e7a923096293afb60d234258ae9230e768f906175" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Kanton", + "mode": 33188, + "size": 766, + "digest": { + "algorithm": "sha256", + "value": "0d861c486407a2cfa76dcb792e29ab6b5a7dc23fc88e436fcf0e91aa934ce50f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Kiritimati", + "mode": 33188, + "size": 770, + "digest": { + "algorithm": "sha256", + "value": "174e89b399cdcb099e3fbdb56726bcd5e4ff5407143375bbe3f325c2d9681ec7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Kosrae", + "mode": 33188, + "size": 883, + "digest": { + "algorithm": "sha256", + "value": "f3e0ee73aa07ea88079d523f04e18013c2faa1f451c16e84d8ce44b508ed1e7c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Kwajalein", + "mode": 33188, + "size": 848, + "digest": { + "algorithm": "sha256", + "value": "fe0269639dfeb4da4a29422764e8ce5d131bceb70eb858288feacb33adb93357" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Majuro", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "a19599331d7971282a3d99d552f3580e18e1a3f291fe1c2a724b732b28d19dda" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Marquesas", + "mode": 33188, + "size": 702, + "digest": { + "algorithm": "sha256", + "value": "ec00139c96225da5c430689485dad62c37f3ea2a44bbfdbba984779ec39898ab" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Midway", + "mode": 33188, + "size": 724, + "digest": { + "algorithm": "sha256", + "value": "123dc0bb0c84f740272684766dfe16f0bc190dbf9c221b944e4df2c98788d95c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Nauru", + "mode": 33188, + "size": 784, + "digest": { + "algorithm": "sha256", + "value": "bd939db4129d29f0b99daaa023926e04a75f26de36dd4bde3af05093998da477" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Niue", + "mode": 33188, + "size": 736, + "digest": { + "algorithm": "sha256", + "value": "30cc62073dfdf73d40c8ba8cac33a52f7313e04a431a48f0576772745565afa4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Norfolk", + "mode": 33188, + "size": 1068, + "digest": { + "algorithm": "sha256", + "value": "5c71894f23b70d59b166ba89cd77cc2f5e04587b07dff3db877ba131ec16e1dd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Noumea", + "mode": 33188, + "size": 836, + "digest": { + "algorithm": "sha256", + "value": "2c0159163af1753811f401a39dec7e715cd509e0240350bf4509319894f09a01" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Pago_Pago", + "mode": 33188, + "size": 724, + "digest": { + "algorithm": "sha256", + "value": "123dc0bb0c84f740272684766dfe16f0bc190dbf9c221b944e4df2c98788d95c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Palau", + "mode": 33188, + "size": 713, + "digest": { + "algorithm": "sha256", + "value": "77b1aa8530b84c1e02080129746a797d03c2b34dab1c40f97067774e13e3c2fc" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Pitcairn", + "mode": 33188, + "size": 736, + "digest": { + "algorithm": "sha256", + "value": "1a54aed7b3405c034a9d551e64c096b46e7edada97236f17844998ea7cd19665" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Pohnpei", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "395078e1bda2f361dadc972e7cac74766378db47e93ab0eb40831c1bd3cd0eb4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Ponape", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "395078e1bda2f361dadc972e7cac74766378db47e93ab0eb40831c1bd3cd0eb4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Port_Moresby", + "mode": 33188, + "size": 718, + "digest": { + "algorithm": "sha256", + "value": "dfcbe211275b20b5959c160ac363d99dbd25ef6ae357e2bcf161a9ed9eca6f0d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Rarotonga", + "mode": 33188, + "size": 1136, + "digest": { + "algorithm": "sha256", + "value": "1a0b149b0644a1079e60c30e2568dc33201afabf080753a8ae61163c9f6614f3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Saipan", + "mode": 33188, + "size": 1041, + "digest": { + "algorithm": "sha256", + "value": "dd2618ab40e4937e8a7e77ee99cb16850d680dd751fbafbc7f1315910c1c654d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Samoa", + "mode": 33188, + "size": 724, + "digest": { + "algorithm": "sha256", + "value": "123dc0bb0c84f740272684766dfe16f0bc190dbf9c221b944e4df2c98788d95c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Tahiti", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "692b326779d3a5f9ce9469353c2646ccfcba1c22ec790d06a76c382d41f8ac7f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Tarawa", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "a19599331d7971282a3d99d552f3580e18e1a3f291fe1c2a724b732b28d19dda" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Tongatapu", + "mode": 33188, + "size": 904, + "digest": { + "algorithm": "sha256", + "value": "c5c1bed0f54f756cff29ebb9d7b1ffef96bd0d121b0cb0dbf9722c9181917601" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Truk", + "mode": 33188, + "size": 718, + "digest": { + "algorithm": "sha256", + "value": "dfcbe211275b20b5959c160ac363d99dbd25ef6ae357e2bcf161a9ed9eca6f0d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Wake", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "a19599331d7971282a3d99d552f3580e18e1a3f291fe1c2a724b732b28d19dda" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Wallis", + "mode": 33188, + "size": 698, + "digest": { + "algorithm": "sha256", + "value": "a19599331d7971282a3d99d552f3580e18e1a3f291fe1c2a724b732b28d19dda" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Pacific/Yap", + "mode": 33188, + "size": 718, + "digest": { + "algorithm": "sha256", + "value": "dfcbe211275b20b5959c160ac363d99dbd25ef6ae357e2bcf161a9ed9eca6f0d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Poland", + "mode": 33188, + "size": 2860, + "digest": { + "algorithm": "sha256", + "value": "9e8225d49707e4b369634eb200212e63222e6ea0a8ef16a346ea6e32a12ca651" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Portugal", + "mode": 33188, + "size": 3734, + "digest": { + "algorithm": "sha256", + "value": "a36f7b5c14745fcf1ce8d81bd69ddf2a5f54acb42ae257b4f9a76979af60d2fd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/ROC", + "mode": 33188, + "size": 1310, + "digest": { + "algorithm": "sha256", + "value": "2e0fab6e1dc06ffab787f03fbedb00bfba79cd7e24111d4bba043941951da401" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/ROK", + "mode": 33188, + "size": 1166, + "digest": { + "algorithm": "sha256", + "value": "ada505a6950423e64d3dc95d6fb5e49035d9c0660f45196f379fb98ef2db464d" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Singapore", + "mode": 33188, + "size": 948, + "digest": { + "algorithm": "sha256", + "value": "9aae6b3d02b5d8e625f614d3db703803868cbfd6307370c1ec8f189d23d38e86" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Turkey", + "mode": 33188, + "size": 2480, + "digest": { + "algorithm": "sha256", + "value": "79e7252772bb1e751c4051a881290654a091b48eb6c5f7e8dbd75b902e9b69e3" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/UCT", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "d8ae7a9298ef0de0e84b7cbe5988f476d9ac76168506ad4a15ba2a4c77d0f882" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/US", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/US/Alaska", + "mode": 33188, + "size": 2579, + "digest": { + "algorithm": "sha256", + "value": "822caa627009cfbaec50af294a81c1e237ac690033f0f424468f1fa29ca60bf8" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/US/Aleutian", + "mode": 33188, + "size": 2565, + "digest": { + "algorithm": "sha256", + "value": "eda5938e2a7bcf04fe49e8f88a54725faa398319b93206dfaeb2d0915887d560" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/US/Arizona", + "mode": 33188, + "size": 910, + "digest": { + "algorithm": "sha256", + "value": "2c497e17c3ec106cd3b05bcc0fc89f225cac710c30874b2443ef5e9247f171cb" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/US/Central", + "mode": 33188, + "size": 3802, + "digest": { + "algorithm": "sha256", + "value": "508cca4fb0cd8f8c0fa7cbcd2bef318dd1c13234733675f18c353e39190888f7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/US/East-Indiana", + "mode": 33188, + "size": 1892, + "digest": { + "algorithm": "sha256", + "value": "95f90a543d0cbb550509c74f43492a26efc3160d4cecf10dc01e4412e0b77d32" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/US/Eastern", + "mode": 33188, + "size": 3762, + "digest": { + "algorithm": "sha256", + "value": "f7f1a62c6b3c2ef445eb4f8e2d79480623b927eb218b5d56c32f4c0bb6747e02" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/US/Hawaii", + "mode": 33188, + "size": 878, + "digest": { + "algorithm": "sha256", + "value": "3cd58372124c8149411f3b1e7a923096293afb60d234258ae9230e768f906175" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/US/Indiana-Starke", + "mode": 33188, + "size": 2654, + "digest": { + "algorithm": "sha256", + "value": "b253321849d846469f82aaabc9024d51a5d9d9255e923dbdd9e87dbfe4417a0b" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/US/Michigan", + "mode": 33188, + "size": 2440, + "digest": { + "algorithm": "sha256", + "value": "36ca32bc9140609c6ebabf35e479741fc2e98fed91eea751fe591e0a26689633" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/US/Mountain", + "mode": 33188, + "size": 2670, + "digest": { + "algorithm": "sha256", + "value": "009b1d983df4e7e214c72eb8b510fb1a7793c6f6765a14fb82d1a00ca1dacf4f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/US/Pacific", + "mode": 33188, + "size": 3062, + "digest": { + "algorithm": "sha256", + "value": "b40a39d8debb895ca0e5ef0cd6bc4521d867c3b45f404d1226a1cb1cda5eb922" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/US/Samoa", + "mode": 33188, + "size": 724, + "digest": { + "algorithm": "sha256", + "value": "123dc0bb0c84f740272684766dfe16f0bc190dbf9c221b944e4df2c98788d95c" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/UTC", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "d8ae7a9298ef0de0e84b7cbe5988f476d9ac76168506ad4a15ba2a4c77d0f882" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Universal", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "d8ae7a9298ef0de0e84b7cbe5988f476d9ac76168506ad4a15ba2a4c77d0f882" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/W-SU", + "mode": 33188, + "size": 2084, + "digest": { + "algorithm": "sha256", + "value": "fbe286e4e8b537f98c782958f935e648f86643a4db89bf8566f4037afe216d15" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/WET", + "mode": 33188, + "size": 3734, + "digest": { + "algorithm": "sha256", + "value": "a36f7b5c14745fcf1ce8d81bd69ddf2a5f54acb42ae257b4f9a76979af60d2fd" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/right/Zulu", + "mode": 33188, + "size": 664, + "digest": { + "algorithm": "sha256", + "value": "d8ae7a9298ef0de0e84b7cbe5988f476d9ac76168506ad4a15ba2a4c77d0f882" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/tzdata.zi", + "mode": 33188, + "size": 109726, + "digest": { + "algorithm": "sha256", + "value": "b707de303ec6cb982b853d30430970fd5cac7cd6086396d911b6fe5e66a746e0" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/zone.tab", + "mode": 33188, + "size": 18822, + "digest": { + "algorithm": "sha256", + "value": "586b4207e6c76722de82adcda6bf49d761f668517f45a673f64da83b333eecc4" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/zoneinfo/zone1970.tab", + "mode": 33188, + "size": 17605, + "digest": { + "algorithm": "sha256", + "value": "e9d9fe30942a880f756b73f649667d8647a1ecf2131149445d9cc24c65e4ee8f" + }, + "userName": "root", + "groupName": "root", + "flags": "" + } + ] + } + }, + { + "id": "f3e667a0375f3959", + "name": "xz-libs", + "version": "5.2.5-8.el9_0", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Public Domain", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:xz-libs:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:xz-libs:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:xz_libs:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:xz_libs:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redhat:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:xz:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:xz:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.7&upstream=xz-5.2.5-8.el9_0.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "xz-libs", + "version": "5.2.5", + "epoch": null, + "architecture": "x86_64", + "release": "8.el9_0", + "sourceRpm": "xz-5.2.5-8.el9_0.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Jun 6 08:11:32 2022", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Mon Jun 6 08:11:32 2022", + "issuer": "199e2f91fd431d51" + } + ], + "size": 181573, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "liblzma.so.5()(64bit)", + "liblzma.so.5(XZ_5.0)(64bit)", + "liblzma.so.5(XZ_5.2)(64bit)", + "xz-libs", + "xz-libs(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.17)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3.2)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.32)(64bit)", + "libc.so.6(GLIBC_2.34)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "libc.so.6(GLIBC_2.6)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/33", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/33/0eb2fe0769e5466e2e0ac1b158e1e8452738c9", + "mode": 41471, + "size": 38, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/liblzma.so.5", + "mode": 41471, + "size": 16, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/liblzma.so.5.2.5", + "mode": 33261, + "size": 178744, + "digest": { + "algorithm": "sha256", + "value": "16125c779c2442c5bc32a3aeded7e6a5e70c9112864eebb5bb061651222a2dda" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/xz-libs", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/xz-libs/COPYING", + "mode": 33188, + "size": 2775, + "digest": { + "algorithm": "sha256", + "value": "bcb02973ef6e87ea73d331b3a80df7748407f17efdb784b61b47e0e610d3bb5c" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + }, + { + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", + "type": "rpm", + "foundBy": "rpm-db-cataloger", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "zlib and Boost", + "spdxExpression": "", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "metadataType": "rpm-db-entry", + "metadata": { + "name": "zlib", + "version": "1.2.11", + "epoch": null, + "architecture": "x86_64", + "release": "40.el9", + "sourceRpm": "zlib-1.2.11-40.el9.src.rpm", + "signatures": [ + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue May 9 12:31:01 2023", + "issuer": "199e2f91fd431d51" + }, + { + "algo": "RSA", + "hash": "SHA256", + "created": "Tue May 9 12:31:01 2023", + "issuer": "199e2f91fd431d51" + } + ], + "size": 202921, + "vendor": "Red Hat, Inc.", + "modularityLabel": "", + "provides": [ + "libz.so.1()(64bit)", + "libz.so.1(ZLIB_1.2.0)(64bit)", + "libz.so.1(ZLIB_1.2.0.2)(64bit)", + "libz.so.1(ZLIB_1.2.0.8)(64bit)", + "libz.so.1(ZLIB_1.2.2)(64bit)", + "libz.so.1(ZLIB_1.2.2.3)(64bit)", + "libz.so.1(ZLIB_1.2.2.4)(64bit)", + "libz.so.1(ZLIB_1.2.3.3)(64bit)", + "libz.so.1(ZLIB_1.2.3.4)(64bit)", + "libz.so.1(ZLIB_1.2.3.5)(64bit)", + "libz.so.1(ZLIB_1.2.5.1)(64bit)", + "libz.so.1(ZLIB_1.2.5.2)(64bit)", + "libz.so.1(ZLIB_1.2.7.1)(64bit)", + "libz.so.1(ZLIB_1.2.9)(64bit)", + "zlib", + "zlib(x86-64)" + ], + "requires": [ + "libc.so.6()(64bit)", + "libc.so.6(GLIBC_2.14)(64bit)", + "libc.so.6(GLIBC_2.2.5)(64bit)", + "libc.so.6(GLIBC_2.3.4)(64bit)", + "libc.so.6(GLIBC_2.4)(64bit)", + "rpmlib(CompressedFileNames)", + "rpmlib(FileDigests)", + "rpmlib(PayloadFilesHavePrefix)", + "rpmlib(PayloadIsZstd)", + "rtld(GNU_HASH)" + ], + "files": [ + { + "path": "/usr/lib/.build-id", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5f", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib/.build-id/5f/930d0fe80b5efae160508f57aed9815c3c2776", + "mode": 41471, + "size": 36, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "a" + }, + { + "path": "/usr/lib64/libz.so.1", + "mode": 41471, + "size": 14, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/lib64/libz.so.1.2.11", + "mode": 33261, + "size": 102552, + "digest": { + "algorithm": "sha256", + "value": "fae9fde931c0df13874fa4cf12cff3047c2570956b496d161fdf4aee7d62b3d7" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/zlib", + "mode": 16877, + "size": 0, + "digest": { + "algorithm": "sha256", + "value": "" + }, + "userName": "root", + "groupName": "root", + "flags": "" + }, + { + "path": "/usr/share/licenses/zlib/README", + "mode": 33188, + "size": 5187, + "digest": { + "algorithm": "sha256", + "value": "7960b6b1cc63e619abb77acaea5427159605afee8c8b362664f4effc7d7f7d15" + }, + "userName": "root", + "groupName": "root", + "flags": "l" + } + ] + } + } + ], + "artifactRelationships": [ + { + "parent": "0215995764e9f654", + "child": "01d4f5973d1c627a", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "022bdd650baaeff4", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "0403744b03ece668", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "07b4d533d94c80f2", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "0215995764e9f654", + "child": "088ade83e6eebed3", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "09084d46a70bf81b", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "0c3e4cf799fcc30f", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "0cb46cc286b242d6", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "0d62abe9ceec72d8", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "0e34fb41de1b62b1", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "0e50753a88851779", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "10b15c7300d1de17", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "10e3777ce389b734", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "117bddb3be9fc6c4", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "11b19e39d79597cb", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "1897f00c748327d1", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "1b17f7a3b989d675", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "1d1a43393b1232b9", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "22d92096b251462b", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "243f7f524d627de6", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "262bec80ab3b6fc9", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "2671778ef1b1ae46", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "27fa8cd5292f5759", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "2d4b5bcf32f6cbc2", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "2d6b3c65dcb51837", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "2f07e6cfdae0c898", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "326ff4dc26b7e7f3", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "358a54515c04e917", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "358e676f3ce16efa", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "36256cdb62622e80", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "37b118056dc26790", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "3a06aa97b9d3c315", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "3a3dd63fc31cf9f0", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "3c671293eaa35b7d", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "3ca2d9bbc94af0e3", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "40c55a7db4a229cd", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "469423e151105775", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "4745f6daad934514", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "478f145eadc35c6e", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "48281070c504d26d", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "49ce661ec5b0e144", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "49fb4120d637fe1a", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "4c763e54c767a733", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "5170d1225175e819", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "523c6606f11f2b6b", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "5517326a8e488359", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "5b03fcebec1ce207", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "5b678d76cc0043bf", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "5bc14091563d357b", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "5c91ea5dfc763123", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "5d67ea35ce22f6ae", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "5dadf1adff8ce7ae", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "62b0b802c45d2d9e", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "63723b0f4336e0db", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "64f587ed99b945e5", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "66aaab4ba24bc5b4", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "68e1197e7698a852", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "6d9636fb6e232098", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "70069cacf08e5836", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "739c4c996183e33c", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "770bb10fedc6e4ed", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "8290f04afbda7365", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "84b5e513d406987a", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "85c3ed778f0ddb90", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "87088da3c73ee47a", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "878ad561b086b8ad", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "8e1d542f8169b000", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "9243f8be77ca5508", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "9343d5cbf9e585e5", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "968fd195a4554675", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "96c8175a8f36d182", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "96eaafd3944dde48", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "97be65b698050a66", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "9927684daea6e98f", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "9a82f7c0ce9888c0", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "9ae4907d5846a39c", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "9ba2547f37f694f8", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "9ce0eef993dd6662", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "9dc1b34cdde2c695", + "type": "dependency-of" + }, + { + "parent": "0215995764e9f654", + "child": "9e7a24f8b9f9a4a0", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "9ed2eb25fdb82770", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "a00981ff8a31aa27", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "a4671eb99dd9ce2d", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "a563a8a6f4101d54", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "a5abdb1170ef5088", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "a968fc110e78a7e9", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "aa00d5296f618d6a", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "ab815bf6c0edffd2", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "ae45f54c300bb636", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "aeb11193f8402ce7", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "b1a9a334edfc782d", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "b2c06c93987dc6df", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "b41a49b6e27da37f", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "b4b0af52e0102e33", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "b6c79f65123c68c7", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "b77f01b69f16a601", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "b8e23a2c85c074aa", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "b93e2d2cfb64bc9b", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "b9c6ec960b364afe", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "ba04e1a02ccf0e79", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "ba2b8aeeed756e4b", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "bb7b9486d2967e4f", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "be6d66b461c658b9", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "be7456704d957929", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "bf552973196385fd", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "bf768e51b1b0694d", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "c159e8b0661e7d06", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "c35dd89b3eb05a79", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "c3c8cf0a40b73304", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "c458e6458e9b08ba", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "c70fed58b78ebdab", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "c8cc24147a716899", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "ca75d7cf751c3a9b", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "d00ddd9f869070e6", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "d58e250ca45ee93a", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "de1aaed71982acfe", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "e218da38269c139b", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "e4b58777688d3db6", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "e58f4643f64e0965", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "e8c64ca72ddad3e6", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "ee7f726c682ba5b0", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "efa0d7dce3147d57", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "f03e4607a68f7fff", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "f0ecee1a41d9766c", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "f1092c0f72a807b1", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "f34d0eb0a29edab3", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "f3f45085dd41c8af", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "f40c1864762c12c0", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "fc15b1cbbbc8b700", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "fc223aa7c8c6f6f1", + "type": "contains" + }, + { + "parent": "0215995764e9f654", + "child": "fff2cc852438009f", + "type": "contains" + }, + { + "parent": "0299e311fe243bca", + "child": "0641d6c97b0ce150", + "type": "contains" + }, + { + "parent": "0299e311fe243bca", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "0299e311fe243bca", + "child": "126ddf605a08aa6f", + "type": "contains" + }, + { + "parent": "0299e311fe243bca", + "child": "4032189b898fefaf", + "type": "contains" + }, + { + "parent": "0299e311fe243bca", + "child": "7e97c46e2ba7aa0e", + "type": "contains" + }, + { + "parent": "0299e311fe243bca", + "child": "9b1fc29507f6153b", + "type": "contains" + }, + { + "parent": "0299e311fe243bca", + "child": "caa129ad797767a7", + "type": "contains" + }, + { + "parent": "0299e311fe243bca", + "child": "f8bdc202e20abd5b", + "type": "dependency-of" + }, + { + "parent": "039e508ce9d5da38", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "039e508ce9d5da38", + "child": "3f743355082e9e4b", + "type": "dependency-of" + }, + { + "parent": "039e508ce9d5da38", + "child": "67ddf331d95fbab9", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "00b2dfb2762e3451", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "0515b52ebbb5144c", + "child": "09371eedc2b9d95d", + "type": "dependency-of" + }, + { + "parent": "0515b52ebbb5144c", + "child": "181d870990e0b987", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "196df9cad96e380f", + "type": "dependency-of" + }, + { + "parent": "0515b52ebbb5144c", + "child": "25e16a00909d33d5", + "type": "dependency-of" + }, + { + "parent": "0515b52ebbb5144c", + "child": "293eafcf9526eaf2", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "35298adfca223979", + "type": "dependency-of" + }, + { + "parent": "0515b52ebbb5144c", + "child": "399960ec84398034", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "457e99e6356b07d9", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "4796aaf427df0782", + "type": "dependency-of" + }, + { + "parent": "0515b52ebbb5144c", + "child": "4eb740e67d5a13d9", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "544a5e04e861b70c", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "546bedf3e2fa6b85", + "type": "dependency-of" + }, + { + "parent": "0515b52ebbb5144c", + "child": "6be629e4a12f87af", + "type": "dependency-of" + }, + { + "parent": "0515b52ebbb5144c", + "child": "6fc4f99cb27a629a", + "type": "dependency-of" + }, + { + "parent": "0515b52ebbb5144c", + "child": "8721732baf3d2db8", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "8b20c49352d19b94", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "8b56bfbdb189c2e3", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "911641d65b7558d3", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "b0144fc5fac67179", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "b3f4e891b12a90bd", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "b6cdb94774d588e9", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "b888bcdc2051543e", + "type": "dependency-of" + }, + { + "parent": "0515b52ebbb5144c", + "child": "bcbac17c560ff49d", + "type": "dependency-of" + }, + { + "parent": "0515b52ebbb5144c", + "child": "c2099ec9fb017164", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "c2b780c83765c415", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "c8e5318148bed297", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "cf2b5514af5f4b1c", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "d567ea1a1bff3f0b", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "daddd35181720871", + "type": "dependency-of" + }, + { + "parent": "0515b52ebbb5144c", + "child": "db4134870a686c23", + "type": "dependency-of" + }, + { + "parent": "0515b52ebbb5144c", + "child": "dcd596fa9d66ed3f", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "0515b52ebbb5144c", + "child": "e7e93dc9a8cd8988", + "type": "contains" + }, + { + "parent": "0515b52ebbb5144c", + "child": "f180d99433c6c3a0", + "type": "dependency-of" + }, + { + "parent": "06e2c48d975ea1da", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "06e2c48d975ea1da", + "child": "220d69e3f8293bbd", + "type": "contains" + }, + { + "parent": "06e2c48d975ea1da", + "child": "32c854c70c4b9bc6", + "type": "dependency-of" + }, + { + "parent": "06e2c48d975ea1da", + "child": "3bba3fa15b959901", + "type": "dependency-of" + }, + { + "parent": "06e2c48d975ea1da", + "child": "56b979a8eab3398a", + "type": "contains" + }, + { + "parent": "06e2c48d975ea1da", + "child": "5cff8fae12ce3677", + "type": "dependency-of" + }, + { + "parent": "06e2c48d975ea1da", + "child": "9564ca1ffe7fce37", + "type": "dependency-of" + }, + { + "parent": "06e2c48d975ea1da", + "child": "b22efca5f0bac92d", + "type": "dependency-of" + }, + { + "parent": "06e2c48d975ea1da", + "child": "b3389bc8d420d9cb", + "type": "dependency-of" + }, + { + "parent": "06e2c48d975ea1da", + "child": "b47dd00953817b05", + "type": "dependency-of" + }, + { + "parent": "06e2c48d975ea1da", + "child": "b82a899b41957e3f", + "type": "contains" + }, + { + "parent": "06e2c48d975ea1da", + "child": "ce9138e160be5543", + "type": "contains" + }, + { + "parent": "06e2c48d975ea1da", + "child": "d57ed1f4490e2301", + "type": "contains" + }, + { + "parent": "06e2c48d975ea1da", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "06e2c48d975ea1da", + "child": "e66b7275c6659e9c", + "type": "dependency-of" + }, + { + "parent": "06e2c48d975ea1da", + "child": "f374ebc3b3ace9d7", + "type": "contains" + }, + { + "parent": "07413682000f3d88", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "07c41562e2bee55f", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "07c41562e2bee55f", + "child": "09371eedc2b9d95d", + "type": "dependency-of" + }, + { + "parent": "07c41562e2bee55f", + "child": "2f4c1c268d776d3e", + "type": "contains" + }, + { + "parent": "07c41562e2bee55f", + "child": "403e3b854fc89f1e", + "type": "dependency-of" + }, + { + "parent": "07c41562e2bee55f", + "child": "5788a17f6149e070", + "type": "contains" + }, + { + "parent": "07c41562e2bee55f", + "child": "d57093f10f5ee2d8", + "type": "contains" + }, + { + "parent": "090027c7d7254e53", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "090027c7d7254e53", + "child": "1961bfa9d1198d5b", + "type": "contains" + }, + { + "parent": "090027c7d7254e53", + "child": "39edf0f240a77402", + "type": "dependency-of" + }, + { + "parent": "090027c7d7254e53", + "child": "6be629e4a12f87af", + "type": "dependency-of" + }, + { + "parent": "090027c7d7254e53", + "child": "a940b80fe4b46c8b", + "type": "dependency-of" + }, + { + "parent": "090027c7d7254e53", + "child": "bcbac17c560ff49d", + "type": "dependency-of" + }, + { + "parent": "090027c7d7254e53", + "child": "c9e0a30b10d2fe01", + "type": "contains" + }, + { + "parent": "09371eedc2b9d95d", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "09371eedc2b9d95d", + "child": "403e3b854fc89f1e", + "type": "dependency-of" + }, + { + "parent": "09371eedc2b9d95d", + "child": "6c3fe7be3bf29827", + "type": "contains" + }, + { + "parent": "09371eedc2b9d95d", + "child": "b3bce0528aee3419", + "type": "contains" + }, + { + "parent": "0fc14552c6652ab5", + "child": "07c7e420648edb7f", + "type": "contains" + }, + { + "parent": "0fc14552c6652ab5", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "0fc14552c6652ab5", + "child": "5fe8b53173092253", + "type": "dependency-of" + }, + { + "parent": "0fc14552c6652ab5", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "102fca6f01ef28cf", + "child": "0022cc837623aa93", + "type": "contains" + }, + { + "parent": "102fca6f01ef28cf", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "102fca6f01ef28cf", + "child": "14d8cebc04906f0a", + "type": "contains" + }, + { + "parent": "102fca6f01ef28cf", + "child": "4796aaf427df0782", + "type": "dependency-of" + }, + { + "parent": "102fca6f01ef28cf", + "child": "506b975f1b474e9c", + "type": "contains" + }, + { + "parent": "102fca6f01ef28cf", + "child": "6b8f40a297fb9256", + "type": "contains" + }, + { + "parent": "102fca6f01ef28cf", + "child": "a799ab1600e49872", + "type": "dependency-of" + }, + { + "parent": "102fca6f01ef28cf", + "child": "b0dd457df676ceac", + "type": "dependency-of" + }, + { + "parent": "102fca6f01ef28cf", + "child": "bdcb3bee3b1ed812", + "type": "dependency-of" + }, + { + "parent": "102fca6f01ef28cf", + "child": "cc8e1d8350367ddf", + "type": "contains" + }, + { + "parent": "102fca6f01ef28cf", + "child": "f1b53ce035ee04b6", + "type": "dependency-of" + }, + { + "parent": "17802e5820eaaec1", + "child": "03fde1b1904f0a48", + "type": "contains" + }, + { + "parent": "17802e5820eaaec1", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "17802e5820eaaec1", + "child": "1d43a3fb8f185afb", + "type": "dependency-of" + }, + { + "parent": "17802e5820eaaec1", + "child": "334ab95186904be9", + "type": "contains" + }, + { + "parent": "17802e5820eaaec1", + "child": "4796aaf427df0782", + "type": "dependency-of" + }, + { + "parent": "17802e5820eaaec1", + "child": "5fe8b53173092253", + "type": "dependency-of" + }, + { + "parent": "17802e5820eaaec1", + "child": "79ba35edcc44da5f", + "type": "dependency-of" + }, + { + "parent": "17802e5820eaaec1", + "child": "81412860457969fe", + "type": "dependency-of" + }, + { + "parent": "196df9cad96e380f", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "196df9cad96e380f", + "child": "0bceaf8088a9ad73", + "type": "contains" + }, + { + "parent": "196df9cad96e380f", + "child": "43e6c2af7d668269", + "type": "contains" + }, + { + "parent": "196df9cad96e380f", + "child": "6be629e4a12f87af", + "type": "dependency-of" + }, + { + "parent": "196df9cad96e380f", + "child": "6c51703fecd14955", + "type": "contains" + }, + { + "parent": "196df9cad96e380f", + "child": "6dba54af8c7facae", + "type": "contains" + }, + { + "parent": "196df9cad96e380f", + "child": "9e6bcbbaf4a27702", + "type": "contains" + }, + { + "parent": "196df9cad96e380f", + "child": "9f5373b01acacc41", + "type": "contains" + }, + { + "parent": "196df9cad96e380f", + "child": "b888bcdc2051543e", + "type": "dependency-of" + }, + { + "parent": "196df9cad96e380f", + "child": "ba105d23baa6b7a7", + "type": "contains" + }, + { + "parent": "196df9cad96e380f", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "196df9cad96e380f", + "child": "e427d65853822d0a", + "type": "contains" + }, + { + "parent": "1d43a3fb8f185afb", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "1d43a3fb8f185afb", + "child": "23ff64af82c9eae7", + "type": "contains" + }, + { + "parent": "1d43a3fb8f185afb", + "child": "4e01ddd4ea86a505", + "type": "dependency-of" + }, + { + "parent": "1d43a3fb8f185afb", + "child": "aa7a3466a80a0996", + "type": "contains" + }, + { + "parent": "1d43a3fb8f185afb", + "child": "ba5945950e24531a", + "type": "contains" + }, + { + "parent": "1d43a3fb8f185afb", + "child": "cc59bee454cfe52c", + "type": "contains" + }, + { + "parent": "1d43a3fb8f185afb", + "child": "f4640f5ead471b71", + "type": "contains" + }, + { + "parent": "22d0e7bdd9bb8c1a", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "22d0e7bdd9bb8c1a", + "child": "546bedf3e2fa6b85", + "type": "dependency-of" + }, + { + "parent": "22d0e7bdd9bb8c1a", + "child": "6a9d7cb03432b94a", + "type": "contains" + }, + { + "parent": "22d0e7bdd9bb8c1a", + "child": "d536adb8f0ad5bbf", + "type": "contains" + }, + { + "parent": "22d0e7bdd9bb8c1a", + "child": "f7da459eec88b367", + "type": "contains" + }, + { + "parent": "23c842a484ebcfd5", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "23c842a484ebcfd5", + "child": "23ce7a6f5cc39317", + "type": "contains" + }, + { + "parent": "23c842a484ebcfd5", + "child": "2b831b50af534f2b", + "type": "contains" + }, + { + "parent": "23c842a484ebcfd5", + "child": "4268922d65c4bac2", + "type": "contains" + }, + { + "parent": "23c842a484ebcfd5", + "child": "6643a17eada4fe22", + "type": "contains" + }, + { + "parent": "23c842a484ebcfd5", + "child": "6be629e4a12f87af", + "type": "dependency-of" + }, + { + "parent": "23c842a484ebcfd5", + "child": "6bec087ae55f3170", + "type": "contains" + }, + { + "parent": "23c842a484ebcfd5", + "child": "7e256dc3c07e3bbf", + "type": "contains" + }, + { + "parent": "23c842a484ebcfd5", + "child": "8666c08c86669390", + "type": "contains" + }, + { + "parent": "23c842a484ebcfd5", + "child": "a222427dafd590d6", + "type": "contains" + }, + { + "parent": "23c842a484ebcfd5", + "child": "a2321d70af729a09", + "type": "contains" + }, + { + "parent": "23c842a484ebcfd5", + "child": "c29277a285f11a54", + "type": "contains" + }, + { + "parent": "23c842a484ebcfd5", + "child": "cb344590729d5a35", + "type": "contains" + }, + { + "parent": "23c842a484ebcfd5", + "child": "de5571141680d5bc", + "type": "contains" + }, + { + "parent": "23c842a484ebcfd5", + "child": "edd5a8e8d4e5104f", + "type": "contains" + }, + { + "parent": "23c842a484ebcfd5", + "child": "f60c8826d1355380", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "00e72aac91d28573", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "01930f5f73b7f35d", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "03b262d8fe93a385", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "04979271e7e61cf1", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "04a987f5b10a610c", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "05269894336f94f1", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "080a70f9a4603dbc", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "08389c7ca7020248", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "25e16a00909d33d5", + "child": "0908fd4fd5f4a818", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "098a7230ad91992c", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "0a2c3c47f7545b9e", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "0a62741227568113", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "0b11dc6ec27fcb50", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "0b3ada17b5808025", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "0d6444570e9a4441", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "0e7e8dc5e9378ef8", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "0f3d7c8384d26afc", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "116612c7f9a4276c", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "1223afc00cf0844c", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "127b13d2bc472163", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "12fb8dcbf17e12f9", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "13b677168cd419ca", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "1530f883db4b364b", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "164f352d72d01539", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "17109a9d9fd0da32", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "18ede0deb982b800", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "1ba2765c720edf90", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "1cf26eb3e5d7d8f4", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "1d83425a6d3a43ed", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "1df1410d70a4f922", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "1fc819056b194ba1", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "21b9bf623e477c9b", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "22a3961e6fdd8f2e", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "22ee4bba12ea0d5a", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "2302c94d9b695ace", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "238f5a7f2c70ae74", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "2492038fe7738f6b", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "26de3af2b0c9031f", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "273a9dd2b508fd4e", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "27d2730b405f40c1", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "2867a7f559c350c2", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "28dfcfd179be0b78", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "2ccf1330944b3911", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "2dda2c3f18ee55a7", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "2e29e91c30514a79", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "2e6e0bd2077d78e3", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "2f61072da3b72ad2", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "30ba784dfcde4319", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "32b179d3dd5804a6", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "32e3efd142dc1df3", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "33151bcb993bbe1b", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "34502f16226e82d3", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "345b04093df8b158", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "34df9b20f6f66964", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "34f86a316b899160", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "35251537084ad631", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "35e43fc4d5dfd95a", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "362858c8cee5ee21", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "368098ac9821757c", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "3717e7a528f67db3", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "380f15a0186b69d1", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "38c9e9de9ef8b1bf", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "3978c1ded75360d2", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "3a7fc15fcc4dadfa", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "3ad33f14bbbecc4f", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "3af3c17164dced1d", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "3b4405ce04b1600e", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "3b7481d6c56feb94", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "3dfdfeadef568451", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "40616822d43702fa", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "40e6051abeb3f042", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "45807708e472faea", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "459e9f148272cee8", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "45bce5e300fd4ccf", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "460d5c116f6223dd", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "467837e1f76df428", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "469a3d0c003455eb", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "4b71fd7f4dd7c76a", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "4c23c7378d159b46", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "4c7ea6934cd41c12", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "4d3db18e5ba09e94", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "4d84e8f5b61a4032", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "4e88db845a1d6c20", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "4f6c8c0223470a84", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "50eb8ce87c65d0b9", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "512d053c17d87ee2", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "525dee4e979d11a3", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "530981cb7fd39695", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "534f9530f3e7d4ef", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "552f5139f3e4f68d", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "557a753af79601d4", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "575440ca93aa9cf3", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "579c5e1799c04e87", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "589755c709a5e68e", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "5debda3dd8c43da2", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "5e03800152dd27d6", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "5e292b3a78fa663e", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "5e55681099c9ac55", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "6003ee08f870b8e0", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "614a1b6a37fae2ab", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "614b857c27a1c5f8", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "64135b28c46f9bb3", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "64f306c08f107916", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "6670e4a5d0e8f7b4", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "6708b04c922a30f8", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "67c6af8d96a64031", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "6c8868eb7d22aacf", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "7075d77f48f819db", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "70a4e9c2614d0bc8", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "757c5e7433c8bba4", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "7682f6723e342eb9", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "77c3c07010d12669", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "7972d18b8c491ea5", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "799e684ab92fe053", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "7dc068014a9b892c", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "7e6f15db1d2d3469", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "7f4b6e2448ed3140", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "807793bc82961c26", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "80a60d7b813a682b", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "840907f3de9baefd", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "862b82be72f04846", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "868a400a31e858b9", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "87fed008d823de82", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "8824c210f678a8fb", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "8b2a0b87a4276bd3", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "8b74dbb9b76ffae7", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "8cb4be846bdf4a6b", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "8e00f1b19b53f224", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "8ee41d4c6e9953ef", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "8f3b76c59363aa11", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "8f48b348d58b0ba4", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "8fecaeade48e90c2", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "90a4241bf68fbfff", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "9198d6c05a6327fb", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "91df02eaeecd459d", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "91f91d555a9103a8", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "9317b3bdb7a401ee", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "9318266d310bb3cb", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "93532361ae12ed8f", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "93aca83efcab4231", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "9405b70229ad2c0a", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "9472f49a2146cbf3", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "953494b038436cb6", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "95755bdbf4c35b87", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "966b775465888454", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "975fffbcfac782eb", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "9850eedf46693151", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "98d38560381f1526", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "9c4dff099946523a", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "9fa5deb8729f3821", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "a0b6c5155090d47d", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "a16275234016a655", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "a1e614a5bfcbaf8b", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "a261c7dda099b902", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "a3f6b17683961d43", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "a5e8bff5370b1e19", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "a90401c687aafd46", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "aa1ee177b72ce245", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "aa543e4068d97fd5", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "ac109f4be4188339", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "ac57a7fab3558da3", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "ac719cc39b9f9075", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "ad000ecdfa943769", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "ad74469e5bea331e", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "ad7650e90c02e7ae", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "ae24ee67d5c58772", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "afa96907b0c15332", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "b03e6f64daabd092", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "b0c8815f33b14bc9", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "b3711aa9269af576", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "b4eb6556380b1ece", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "b5478fdde922a6c2", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "b8889875fe5d8ccc", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "bb179cb5784643e0", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "bd9492321caa4c92", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "c302d53de8a0a610", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "c358961d83fa600f", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "c5d017216849682d", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "c9b816255fc03fd3", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "cb358798958b3813", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "cd89c7149d5b8519", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "ce4f9f095c302b35", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "ceb0217c8a12470b", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "cec6961786f8edc3", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "d07aedc7eebcf38f", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "d0e810fad76c8bcc", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "d2e151662e06a92f", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "d2f4648fd31ce066", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "d3c869f45dc75e7e", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "d40c4d74d5d2e19e", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "d51833fa2e124644", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "d9428be1cfec208f", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "d94a24d38f12eab7", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "d99e42a25be30c76", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "d9f36e6fed776f19", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "db2112de23468a3d", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "dbad20590b337b0b", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "dcfede4baf820cb0", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "dda5f2f598756220", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "ddd66b78c7891cd8", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "dde1ad43ffe850f7", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "de726e601e08077c", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "e0ddeaa423d94e65", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "e35276299485df38", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "e6158bdeccf8b95c", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "e79d0b5e8522462e", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "e7ef7561df01cdbd", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "e851d200f2c305dd", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "e9514150e59eddd1", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "eaf10019bfa53e6c", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "eb4659e903b52f95", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "ec9aa26d671d3eac", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "effd69c97c9344b7", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "f0d5b9184199c52b", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "f2ed5774c659335b", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "f4ae5a8c6162ab46", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "f4cfffc2116f7bfe", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "f7389995945cefc5", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "f8db2e7291900711", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "fa7659be1bbaac1c", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "fa9a2006ebdb8c1b", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "fab0ad695fe86de7", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "fba93cbf0804cffd", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "fcbe3b9c6ec15ddf", + "type": "contains" + }, + { + "parent": "25e16a00909d33d5", + "child": "fe9eae88652d3c8c", + "type": "contains" + }, + { + "parent": "2635452dfff4321d", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "2635452dfff4321d", + "child": "dfd23518c3ae46b3", + "type": "dependency-of" + }, + { + "parent": "27488b456777ffc1", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "27488b456777ffc1", + "child": "66e657ce713db75b", + "type": "contains" + }, + { + "parent": "2baa82c983b30582", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "2baa82c983b30582", + "child": "196df9cad96e380f", + "type": "dependency-of" + }, + { + "parent": "2baa82c983b30582", + "child": "8c8375028cffb497", + "type": "contains" + }, + { + "parent": "2baa82c983b30582", + "child": "9dcf052ea12fdad7", + "type": "dependency-of" + }, + { + "parent": "2baa82c983b30582", + "child": "9f3a8aed149de7d0", + "type": "contains" + }, + { + "parent": "2bd21e0156fe2aa0", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "2bd21e0156fe2aa0", + "child": "33e898c1f45c8cd6", + "type": "contains" + }, + { + "parent": "2bd21e0156fe2aa0", + "child": "42849d310597b27b", + "type": "contains" + }, + { + "parent": "2bd21e0156fe2aa0", + "child": "b47dd00953817b05", + "type": "dependency-of" + }, + { + "parent": "2bd21e0156fe2aa0", + "child": "b8d036a3b338b686", + "type": "contains" + }, + { + "parent": "2bd21e0156fe2aa0", + "child": "cb8e98a52ae7350a", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "0215995764e9f654", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "0299e311fe243bca", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "039e508ce9d5da38", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "0515b52ebbb5144c", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "06e2c48d975ea1da", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "07413682000f3d88", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "07c41562e2bee55f", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "090027c7d7254e53", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "09371eedc2b9d95d", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "0fc14552c6652ab5", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "102fca6f01ef28cf", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "17802e5820eaaec1", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "196df9cad96e380f", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "1d43a3fb8f185afb", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "22d0e7bdd9bb8c1a", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "23c842a484ebcfd5", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "25e16a00909d33d5", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "2635452dfff4321d", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "27488b456777ffc1", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "2baa82c983b30582", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "2bd21e0156fe2aa0", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "2cedbe7bd36d2161", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "2f1e24780cfea663", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "304e2047f10e5c4f", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "32c854c70c4b9bc6", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "32dc8d9385f596a8", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "35298adfca223979", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "394eda196ea9cc18", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "39edf0f240a77402", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "3b95a370d9cbeb72", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "3bba3fa15b959901", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "3f743355082e9e4b", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "403e3b854fc89f1e", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "4422e914738c17ef", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "4796aaf427df0782", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "4e01ddd4ea86a505", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "4fbfd80d85bb460e", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "53232b1db4311718", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "546bedf3e2fa6b85", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "5530ff7e4715e8b5", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "5adaf9930b0243ad", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "5cff8fae12ce3677", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "5e411c4e4f6d3d56", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "5fe8b53173092253", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "6a3c1818891dac67", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "6be629e4a12f87af", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "6fc4f99cb27a629a", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "7069d90382d7c593", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "726407ce9205c669", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "734e3b82978b46ed", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "79b3a388130aa9b9", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "79ba35edcc44da5f", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "79cdbcbd3d61afd9", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "81412860457969fe", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "81dc18ef79d2b2cb", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "86bb1c48d046cf90", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "87ad778255840d3f", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "88eb82cde1f0760c", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "8ef168befafd7b27", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "8f40faa2a3bf3018", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "923f2a036f9ecf65", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "9564ca1ffe7fce37", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "9606bf2c1d407bed", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "9620df42e45abf0c", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "9dc1b34cdde2c695", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "9dcf052ea12fdad7", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "9fcab3ada3c25f5e", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "a08e57c8715e4d05", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "a243d3460507af96", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "a3aa75d8273e1cac", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "a495c2a7de1ac993", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "a65fe92a04ecf6ce", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "a799ab1600e49872", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "a940b80fe4b46c8b", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "af1ef2b90efeccfe", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "b0dd457df676ceac", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "b22efca5f0bac92d", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "b3389bc8d420d9cb", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "b47dd00953817b05", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "b75c9ce4cb4a4d36", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "b888bcdc2051543e", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "b9930935983f5330", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "bace04fe1571465a", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "bcbac17c560ff49d", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "bd201f1503e17989", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "bdcb3bee3b1ed812", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "ccc2461d41d72dde", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "cecb06c03b371de6", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "cf7d0f71948121ea", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "d52857c4436af57f", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "d73e936743b685e7", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "d95be7a40dea16b9", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "daddd35181720871", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "db4134870a686c23", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "dbb58be7b5652cc7", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "df5d3ce64e6dc98c", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "dfd23518c3ae46b3", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "e1c9803b20913af1", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "e21cb9e7dda039e1", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "e28c009b2c72d8a9", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "e2e600817bb6e830", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "e66b7275c6659e9c", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "e8d4429184219587", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "eb5d2c76ed21fa8e", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "ec9dd0ac24b8d8c2", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "eed46dd832bd62c9", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "efaae8c603855dcd", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "f180d99433c6c3a0", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "f1b53ce035ee04b6", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "f3e667a0375f3959", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "f8bdc202e20abd5b", + "type": "contains" + }, + { + "parent": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "child": "fcfdc07fd546a72e", + "type": "contains" + }, + { + "parent": "2cedbe7bd36d2161", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "2cedbe7bd36d2161", + "child": "b22efca5f0bac92d", + "type": "dependency-of" + }, + { + "parent": "2f1e24780cfea663", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "2f1e24780cfea663", + "child": "d1c85f195452933d", + "type": "contains" + }, + { + "parent": "2f1e24780cfea663", + "child": "fd14e35ef9e39d9a", + "type": "contains" + }, + { + "parent": "304e2047f10e5c4f", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "304e2047f10e5c4f", + "child": "37278abcf11da63d", + "type": "contains" + }, + { + "parent": "304e2047f10e5c4f", + "child": "43fea2a5407cf6a0", + "type": "contains" + }, + { + "parent": "304e2047f10e5c4f", + "child": "4e01ddd4ea86a505", + "type": "dependency-of" + }, + { + "parent": "304e2047f10e5c4f", + "child": "8ef168befafd7b27", + "type": "dependency-of" + }, + { + "parent": "304e2047f10e5c4f", + "child": "efaae8c603855dcd", + "type": "dependency-of" + }, + { + "parent": "32c854c70c4b9bc6", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "32c854c70c4b9bc6", + "child": "5cff8fae12ce3677", + "type": "dependency-of" + }, + { + "parent": "32c854c70c4b9bc6", + "child": "bc06f97c1cdad90e", + "type": "contains" + }, + { + "parent": "32c854c70c4b9bc6", + "child": "e47abad8b54b40c6", + "type": "contains" + }, + { + "parent": "32c854c70c4b9bc6", + "child": "f90f9b325a9a1788", + "type": "contains" + }, + { + "parent": "32dc8d9385f596a8", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "32dc8d9385f596a8", + "child": "3bba3fa15b959901", + "type": "dependency-of" + }, + { + "parent": "32dc8d9385f596a8", + "child": "b4b67fbfb5f5e23e", + "type": "contains" + }, + { + "parent": "32dc8d9385f596a8", + "child": "d6e3aa97877dce2f", + "type": "contains" + }, + { + "parent": "32dc8d9385f596a8", + "child": "e43bb769482b55c9", + "type": "contains" + }, + { + "parent": "35298adfca223979", + "child": "0515b52ebbb5144c", + "type": "dependency-of" + }, + { + "parent": "35298adfca223979", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "35298adfca223979", + "child": "2cedbe7bd36d2161", + "type": "dependency-of" + }, + { + "parent": "35298adfca223979", + "child": "9dcf052ea12fdad7", + "type": "dependency-of" + }, + { + "parent": "394eda196ea9cc18", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "394eda196ea9cc18", + "child": "1d43a3fb8f185afb", + "type": "dependency-of" + }, + { + "parent": "394eda196ea9cc18", + "child": "3c3792c46b7bdb52", + "type": "contains" + }, + { + "parent": "394eda196ea9cc18", + "child": "4e01ddd4ea86a505", + "type": "dependency-of" + }, + { + "parent": "394eda196ea9cc18", + "child": "7b984e33ee9bdc53", + "type": "contains" + }, + { + "parent": "394eda196ea9cc18", + "child": "81412860457969fe", + "type": "dependency-of" + }, + { + "parent": "394eda196ea9cc18", + "child": "aa0cee721cb7084a", + "type": "contains" + }, + { + "parent": "394eda196ea9cc18", + "child": "ce2591a5f235263b", + "type": "contains" + }, + { + "parent": "394eda196ea9cc18", + "child": "e3582f67f8651df5", + "type": "contains" + }, + { + "parent": "39edf0f240a77402", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "39edf0f240a77402", + "child": "4b7e13d2d8bedc71", + "type": "contains" + }, + { + "parent": "39edf0f240a77402", + "child": "4c0fede68f0598f1", + "type": "contains" + }, + { + "parent": "39edf0f240a77402", + "child": "546bedf3e2fa6b85", + "type": "dependency-of" + }, + { + "parent": "39edf0f240a77402", + "child": "8696c78b618bb236", + "type": "contains" + }, + { + "parent": "39edf0f240a77402", + "child": "99f0b08099ad078a", + "type": "contains" + }, + { + "parent": "39edf0f240a77402", + "child": "a65fe92a04ecf6ce", + "type": "dependency-of" + }, + { + "parent": "39edf0f240a77402", + "child": "c12db9c09490c941", + "type": "contains" + }, + { + "parent": "39edf0f240a77402", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "3b95a370d9cbeb72", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "3b95a370d9cbeb72", + "child": "2bd21e0156fe2aa0", + "type": "dependency-of" + }, + { + "parent": "3b95a370d9cbeb72", + "child": "4796aaf427df0782", + "type": "dependency-of" + }, + { + "parent": "3b95a370d9cbeb72", + "child": "5fe8b53173092253", + "type": "dependency-of" + }, + { + "parent": "3b95a370d9cbeb72", + "child": "79ba35edcc44da5f", + "type": "dependency-of" + }, + { + "parent": "3b95a370d9cbeb72", + "child": "79cdbcbd3d61afd9", + "type": "dependency-of" + }, + { + "parent": "3b95a370d9cbeb72", + "child": "81412860457969fe", + "type": "dependency-of" + }, + { + "parent": "3b95a370d9cbeb72", + "child": "87ad778255840d3f", + "type": "dependency-of" + }, + { + "parent": "3b95a370d9cbeb72", + "child": "9620df42e45abf0c", + "type": "dependency-of" + }, + { + "parent": "3b95a370d9cbeb72", + "child": "b19008fcaf37b79a", + "type": "contains" + }, + { + "parent": "3b95a370d9cbeb72", + "child": "bcbac17c560ff49d", + "type": "dependency-of" + }, + { + "parent": "3b95a370d9cbeb72", + "child": "c41400570a0ae433", + "type": "contains" + }, + { + "parent": "3b95a370d9cbeb72", + "child": "dbb58be7b5652cc7", + "type": "dependency-of" + }, + { + "parent": "3bba3fa15b959901", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "3bba3fa15b959901", + "child": "4fa97c5130dd81dc", + "type": "contains" + }, + { + "parent": "3bba3fa15b959901", + "child": "5cff8fae12ce3677", + "type": "dependency-of" + }, + { + "parent": "3bba3fa15b959901", + "child": "64b06586db1d77b9", + "type": "contains" + }, + { + "parent": "3f743355082e9e4b", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "3f743355082e9e4b", + "child": "9620df42e45abf0c", + "type": "dependency-of" + }, + { + "parent": "3f743355082e9e4b", + "child": "a38d4d64727600bf", + "type": "contains" + }, + { + "parent": "403e3b854fc89f1e", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "403e3b854fc89f1e", + "child": "93fe09231cb93279", + "type": "contains" + }, + { + "parent": "403e3b854fc89f1e", + "child": "b5f96c6e00d259b3", + "type": "contains" + }, + { + "parent": "403e3b854fc89f1e", + "child": "bcbac17c560ff49d", + "type": "dependency-of" + }, + { + "parent": "403e3b854fc89f1e", + "child": "ebf52dcf4e87c111", + "type": "contains" + }, + { + "parent": "4422e914738c17ef", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "4422e914738c17ef", + "child": "09908bd891f4a1fb", + "type": "contains" + }, + { + "parent": "4422e914738c17ef", + "child": "58e69df7e0409835", + "type": "contains" + }, + { + "parent": "4422e914738c17ef", + "child": "b888bcdc2051543e", + "type": "dependency-of" + }, + { + "parent": "4796aaf427df0782", + "child": "065c6ce3e216c867", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "4796aaf427df0782", + "child": "0b538d4e3bdd8dca", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "11a2f3793b9fe540", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "227900176c400f3a", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "23d7f71ae89b5434", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "2ec5b1c87fd0a215", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "354c42ab720de6f2", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "3803513ccea114ad", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "3cb192baafd3b531", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "42ff3dedd2729016", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "48073038849245c3", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "52874dccfe95c831", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "5db6da7845914c87", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "5f553a8203875941", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "600d18be0a1f4796", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "602a7edba2b31626", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "6b17a25ebe568098", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "7ae425cfbef4d3db", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "8b767435cc79702c", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "b5acc177f3d31ff8", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "c34070cd9804459e", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "d48dfdfee64bde22", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "e199d7c82c646f70", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "e30dfe11fd680ba9", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "e5adbfb76fdfb396", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "ea18bc9bca18857f", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "eacb78f0177ac6e1", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "f1b53ce035ee04b6", + "type": "dependency-of" + }, + { + "parent": "4796aaf427df0782", + "child": "f678176067e0b9ee", + "type": "contains" + }, + { + "parent": "4796aaf427df0782", + "child": "fadfa2cc594e6ac1", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "00e8e8122abacd21", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "0318fa63a12c4a45", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "03871e262f623541", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "04c372714feedfa3", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "04f2af066de0b149", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "4e01ddd4ea86a505", + "child": "0c8befd445f256b3", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "1fac9ba21322fcea", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "20916f2b078a8aad", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "24816b3267972eed", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "2556d4cc0a065d36", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "27ac861c1eb25c36", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "2c3538d1f4b313d8", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "3989eec5a7cefa6c", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "3a93c2921610e609", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "3bc0077c49d2950e", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "4848c9705b78b970", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "4bbbca48a63a9a75", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "4ca44dad5b6c5e5e", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "593678eff8e8e760", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "5b7163d7c563855f", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "5bfd1be1aabee033", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "627e139f8f6ad642", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "687b78fb392028b5", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "74be897ab6c1efcb", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "7780f82722a193f9", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "7f383931a464767c", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "7fecc962fc876f80", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "819bee19751e8fbd", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "84bb3257aae64297", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "8568fb8ca2582731", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "8c6e70c8073dd743", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "8dd999a0604f6b53", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "931f29023ddf6706", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "9339aac8feecce6d", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "99084efb9a55b6ee", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "aaf3bf68249c31a2", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "ab69700c9a4b85fc", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "acd3a81b3ac2b9e0", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "b6b95802760806da", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "bf13bb4fc87a4e51", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "c71bfad7a3472fb5", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "c73f0ac2f71e5768", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "c8eef5d64160aec3", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "c95c777efd3b33f0", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "cc64b9fa91010ff6", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "ccd7ed3375247fe5", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "cdbe43f9ded41de2", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "ce4cf1b303e1f5e7", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "cee3d27dbb7a4d8c", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "d4005ba7fec7534c", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "d666a7310157583d", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "de4502809ef1a91e", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "e7c59d719c145ebe", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "eaaa7709f2e3bb87", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "ec72e729f0fd3a67", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "ec97b8fc62a55343", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "f33afab34bceebb1", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "f6867945d3c955d1", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "f7f5f5ee42ed5718", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "f8bdc202e20abd5b", + "type": "dependency-of" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "f90e01085c96de5d", + "type": "contains" + }, + { + "parent": "4e01ddd4ea86a505", + "child": "fbfd1d356eb4ddb3", + "type": "contains" + }, + { + "parent": "4fbfd80d85bb460e", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "4fbfd80d85bb460e", + "child": "14d6b8c8ff89b95e", + "type": "contains" + }, + { + "parent": "4fbfd80d85bb460e", + "child": "39edf0f240a77402", + "type": "dependency-of" + }, + { + "parent": "4fbfd80d85bb460e", + "child": "546bedf3e2fa6b85", + "type": "dependency-of" + }, + { + "parent": "4fbfd80d85bb460e", + "child": "88e2e21ed60c85a1", + "type": "contains" + }, + { + "parent": "4fbfd80d85bb460e", + "child": "8b10aaeddcc8bbd0", + "type": "contains" + }, + { + "parent": "4fbfd80d85bb460e", + "child": "a2c8b5224135e21a", + "type": "contains" + }, + { + "parent": "4fbfd80d85bb460e", + "child": "a65fe92a04ecf6ce", + "type": "dependency-of" + }, + { + "parent": "4fbfd80d85bb460e", + "child": "a7aebe099275d13d", + "type": "contains" + }, + { + "parent": "4fbfd80d85bb460e", + "child": "d00550d0a2acf914", + "type": "contains" + }, + { + "parent": "4fbfd80d85bb460e", + "child": "e96158079ca16b1c", + "type": "contains" + }, + { + "parent": "53232b1db4311718", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "53232b1db4311718", + "child": "9fcab3ada3c25f5e", + "type": "dependency-of" + }, + { + "parent": "546bedf3e2fa6b85", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "546bedf3e2fa6b85", + "child": "6be629e4a12f87af", + "type": "dependency-of" + }, + { + "parent": "546bedf3e2fa6b85", + "child": "7ef56425a25f608f", + "type": "contains" + }, + { + "parent": "546bedf3e2fa6b85", + "child": "a65fe92a04ecf6ce", + "type": "dependency-of" + }, + { + "parent": "546bedf3e2fa6b85", + "child": "b8e48c126ab0bfb8", + "type": "contains" + }, + { + "parent": "546bedf3e2fa6b85", + "child": "d6f9cc0f25c163fa", + "type": "contains" + }, + { + "parent": "546bedf3e2fa6b85", + "child": "e99e8977d610e2df", + "type": "contains" + }, + { + "parent": "546bedf3e2fa6b85", + "child": "f977a337241b88a6", + "type": "contains" + }, + { + "parent": "5530ff7e4715e8b5", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "5530ff7e4715e8b5", + "child": "3e384d933fad624e", + "type": "contains" + }, + { + "parent": "5530ff7e4715e8b5", + "child": "4d97ae3ae35a9c5a", + "type": "contains" + }, + { + "parent": "5530ff7e4715e8b5", + "child": "6eabae886edadff7", + "type": "contains" + }, + { + "parent": "5530ff7e4715e8b5", + "child": "76096f929a097db2", + "type": "contains" + }, + { + "parent": "5530ff7e4715e8b5", + "child": "9606bf2c1d407bed", + "type": "dependency-of" + }, + { + "parent": "5530ff7e4715e8b5", + "child": "9dcf052ea12fdad7", + "type": "dependency-of" + }, + { + "parent": "5530ff7e4715e8b5", + "child": "ef5630fdf7377aa2", + "type": "contains" + }, + { + "parent": "5530ff7e4715e8b5", + "child": "f8649341444163e6", + "type": "contains" + }, + { + "parent": "5530ff7e4715e8b5", + "child": "f92ef671d1cffb18", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "016345ea3b4fbc1e", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "02257acfd818616a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "0534dc3d0fb74b3b", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "07257989d347eea8", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "07d997f9a0fe5fe4", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "07ef2d1b3dfe929b", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "5adaf9930b0243ad", + "child": "087a30a47e7d2808", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "087d554a60a9e9a2", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "0894711dce7ba59b", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "0a30e333053051f6", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "0be7d3b586c46105", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "0bedf070662f6eed", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "0c56452f190f5e2a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "0d602d287c631d2a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "0dc3369aa146566b", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "0ed734304b626d51", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "0ed8db47d526c931", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "11ad1e501ff5a517", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "131228cffbc275be", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "14542e0fa508d94c", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "14bc4f957f460b86", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "1564dba6a452deef", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "16a3dbb47e4b6133", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "1716f766099ad74e", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "18560ae915b36da4", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "19819003d8ead48e", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "1dd0186f52f33e01", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "1e13f4e55de245d4", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "1e4c3c1d973b97f9", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "1f464d6eeb356353", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "20b5a44a773db525", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "259d2fc8e938cfdc", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "26db2509eb130a1d", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "2c8f934a6186475f", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "2cb886fdfb3311d8", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "3481bc602338f6bc", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "38223e6d17b74cc4", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "385eb7ca2b5df1db", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "399b97a713de04e5", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "3a971696e0257f4b", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "3b774200efaaa5a3", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "3c3157b9737f6049", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "3cd8731281643bb5", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "3efb6f9baf7aa9bc", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "3f4b0a2e212ca8f0", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "3fa74a4ea1c7fe73", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "40007b730202332e", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "4030524a87104fd1", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "41102a2b1e61867a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "4165522a6a93fb52", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "43377cb0de103532", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "443e0595cd752ddb", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "4501793c1c85d97e", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "4579654fe5e2062d", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "45bb161855a3bc8a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "46a2402991369690", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "47048e5e680f4587", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "485db2c8d2fb8138", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "4aa127ec7276729a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "4b970ae23ba68900", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "4cc2957527bb1e76", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "4e0b9ca36bc71db2", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "4fad18e9f1f34949", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "50fae05699f85bc0", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "5256e0f5d831158a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "53a775065e12e26e", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "547f2986d3ed7982", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "5736fecaa205a84a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "5767a909fb45a626", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "5cbf057679313401", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "5cc21ea06b49b59b", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "5dc58b5b9c05615e", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "5e00798fd370e07c", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "5e906942ffbc22ef", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "5eb6f052fdcfeb64", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "5f6ea0b28b89f843", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "622ce1883f901aaa", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "6250bcdea8ac266f", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "63ebf25a5df506e5", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "648b8f4491ceb0cf", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "6504c999649c2c74", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "6528a473bcf2bdad", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "660be2e6c4fdd627", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "676a0168a2d88433", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "6789fad1f0696709", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "680d915f9f7beadd", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "687713fa2fab73f4", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "68c2a41d3a42213a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "69116ebb76b98b3e", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "69516bff7e8fe0b1", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "6b33d60371bcefe8", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "6d52427e28cb797b", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "6da63bba4b634c31", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "6dcc0570c216e03b", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "6dd9f48f9cc7324a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "6e41a6411c90aee3", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "6e606d6a2b91f0ad", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "6f7db9001d123721", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "6f957c50a76c70a2", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "6fa5d65ad06c31be", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "70681bb5f4f5447d", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "72605f986b13ca3d", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "72f7d7071b21f622", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "72f8044f4347f883", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "736190675d602bfa", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "74a5b79731824b85", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "75f6b1f3c8801c49", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "763253821f540b9a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "768f1f699be33ce4", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "76c4882206ff7296", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "782ac26529b02d79", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "7a8af1ed46dd9f8c", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "7c2897b0b8b017d7", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "7e55c4da2785d9b9", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "803e68723aa983bc", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "809dd48a69e97c62", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "83a4c7883cb4c2ba", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "84346be3b5ef9b58", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "84e242430eb68221", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "84ef38a699af04be", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "8591b67cf420ee02", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "881f30e3fe440357", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "884bc5fb76a01df8", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "88501f138668e3e3", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "8946a994e6c14dd9", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "89ef152397566e74", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "8a27c11a8a706d8a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "8a8b42f36b9b8207", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "8b33184254ae6925", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "8b4ee97f654cfb3c", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "8f4f44e4835c3a73", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "8f90cf55604a5833", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "9147bdfb83baaa78", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "926d6657b61c9339", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "9427f51900d8d63a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "94a7ade69d58bff6", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "95dc35df297b0e5a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "96936d9ae77b6b26", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "974130794f3b583f", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "974cb428e9efd99c", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "9782bb361b4231ac", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "9981640786333366", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "9a4111aa70462d0a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "9c6cdd46d7063a23", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "9c721d319e583619", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "9cb0c3f864e39d7d", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "a13db4d8922902a7", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "a17169af35cc9326", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "a2a19081abee02b8", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "a2ba436862b4c3c9", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "a41b1715d686046c", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "a4934c5939380028", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "a657e0e2c72e745a", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "a737b8e0cb054ea5", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "a876f6dda47cbcc0", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "a96471caf25b4001", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "a9e5728cddaab742", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "ac0f215e0c0a19f5", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "ae9324f13db8978d", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "affc307a88d5ffb0", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "b08038c6338b8aaf", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "b22efca5f0bac92d", + "type": "dependency-of" + }, + { + "parent": "5adaf9930b0243ad", + "child": "b311c3d3b34dcedf", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "b6a8d8476886d50c", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "b707b4d2a6ef1129", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "b7fdb8e1cc4478ff", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "bae8bf6c7a730366", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "bc8f80fad7ae69a1", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "bde3bec97649a8ef", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "bef7f4538e099681", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "bfaf25a4fb40dc8f", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "bfda0b536a3e99ef", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "bfea4ce3ba74bdeb", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "c0f9fe8472cd70dd", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "c1473b99cc79f35d", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "c1e5d83ac54e0817", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "c2f201c1032e0240", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "c831e9a251cf8488", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "c86ca3a145e632c3", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "c99cb163821c1258", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "ce57b3ad6cf33a38", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "d12bc318303a114d", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "d3b5eec6478e6b93", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "d4ba241ccd0a78e0", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "d530bfc779b8307b", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "d567e3219baf5464", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "d5da6b7330821348", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "d6412a0d6661438e", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "d6bbe8bd06422fa4", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "d81fac72cfcec764", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "da911527e3f13369", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "dc3dd19625a60d97", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "dccacb9cf76e809c", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "e02fb9f51f91e081", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "e1a4cdd347d804d0", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "e26d1e58e38fc335", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "e2e8cbd2f42860b0", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "e30f4ca4aab12940", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "e4e3ef91e2d6537d", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "e55a1736aab009ee", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "e68b7ef714eb5304", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "e73c68dea9ebd6c3", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "ea26208b08f108be", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "ef62cd45a6099251", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "f0545fa0cad8c392", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "f079b2527f88b717", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "f0ae05c7c5252d2e", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "f18f06f51704cd09", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "f1903afcd8474e29", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "f261aef256ecbb61", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "f3334cd6d5a4e692", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "f3bec4ff8fe53568", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "f470afd6fecb1c57", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "f6c24750a9f85cd6", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "f75c76c71ceede8c", + "type": "contains" + }, + { + "parent": "5adaf9930b0243ad", + "child": "fd5ce8b428ca3c7e", + "type": "contains" + }, + { + "parent": "5cff8fae12ce3677", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "5cff8fae12ce3677", + "child": "2a53cced56358980", + "type": "contains" + }, + { + "parent": "5cff8fae12ce3677", + "child": "2f93b603c0f10ccc", + "type": "contains" + }, + { + "parent": "5cff8fae12ce3677", + "child": "5cf0045bda65895b", + "type": "contains" + }, + { + "parent": "5cff8fae12ce3677", + "child": "9564ca1ffe7fce37", + "type": "dependency-of" + }, + { + "parent": "5cff8fae12ce3677", + "child": "b392fb15dd7ac667", + "type": "contains" + }, + { + "parent": "5cff8fae12ce3677", + "child": "b8f10c1a6f677c7e", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "06f9f967b38cdb1b", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "09d562b678f1e99d", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "0d2d3ea44fec0394", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "14b36bc2e9d50e6f", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "17f0452d88c35045", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "22e48b3787fe754f", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "2ccdba2d440270fd", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "2cedbe7bd36d2161", + "type": "dependency-of" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "309e9a859538dede", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "35298adfca223979", + "type": "dependency-of" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "3fdd477d017dfa61", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "4214e7ba484a297f", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "45437c0792f4c201", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "4765190f6febf036", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "4af50e7c341ae36f", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "4e01ddd4ea86a505", + "type": "dependency-of" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "59b11299ce6d190a", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "5b9e86a686ed2319", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "645eceef84258f08", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "6a0e82cf1b36536f", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "771749e6b4b96062", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "778fd3cc081fcb4b", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "7957bae02b1bafd1", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "8749be7a28c9df79", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "8f747ea6b704da50", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "93adb1065f80dba5", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "baeeddada1c5c95f", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "bd8b17f97c934a0e", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "c84b226abccf7d4b", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "ce2b6455c3786791", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "db4305a1b2dc79a9", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "de86f0e21726089b", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "e97d4e379ab1245e", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "ecd59c27c4d0b4cf", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "f729120a91b21aad", + "type": "contains" + }, + { + "parent": "5e411c4e4f6d3d56", + "child": "fce3874eeffc9682", + "type": "contains" + }, + { + "parent": "5fe8b53173092253", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "5fe8b53173092253", + "child": "31b68411d055e59a", + "type": "contains" + }, + { + "parent": "5fe8b53173092253", + "child": "43476dfef7297d78", + "type": "contains" + }, + { + "parent": "5fe8b53173092253", + "child": "6cc990701a0483cf", + "type": "contains" + }, + { + "parent": "5fe8b53173092253", + "child": "6fc4f99cb27a629a", + "type": "dependency-of" + }, + { + "parent": "5fe8b53173092253", + "child": "93c93a8b98729a8e", + "type": "contains" + }, + { + "parent": "5fe8b53173092253", + "child": "9b76edb27d874f0d", + "type": "contains" + }, + { + "parent": "5fe8b53173092253", + "child": "d445ce13fbbc3dfd", + "type": "contains" + }, + { + "parent": "5fe8b53173092253", + "child": "f244dcf2fc44b61b", + "type": "contains" + }, + { + "parent": "6a3c1818891dac67", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "6a3c1818891dac67", + "child": "1d089c70e8b5b492", + "type": "contains" + }, + { + "parent": "6a3c1818891dac67", + "child": "8394e4bdb23fc3ec", + "type": "contains" + }, + { + "parent": "6a3c1818891dac67", + "child": "9216d49d4ce2eff9", + "type": "contains" + }, + { + "parent": "6a3c1818891dac67", + "child": "a65fe92a04ecf6ce", + "type": "dependency-of" + }, + { + "parent": "6a3c1818891dac67", + "child": "b8438551fa0dad99", + "type": "contains" + }, + { + "parent": "6a3c1818891dac67", + "child": "f25c4208eeb070b6", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "0015d10e62088f4c", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "0582c63d360ee85d", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "079c21d9907f9cfd", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "07a27c099fae9123", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "6be629e4a12f87af", + "child": "09545d087772de76", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "0ac3ffc119e413fa", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "0b4db8d1d6ef42ec", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "0ba8180fa6f35a3e", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "0f1557987e632aa7", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "13f76655123400bf", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "14f7f0a29e08b2ce", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "150c1fcead3a7969", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "16cb119ab1193d7c", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "16f766edb35bbce4", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "17b9d60e0e1b35df", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "17d06a4ad7f9687a", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "182fdfb202e298d5", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "1927e8c59b24fe60", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "193a2581250f135d", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "1a3ccf2e951b28df", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "1d227a39ec963bc2", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "1e18b66e6564af0a", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "1e55eed924243527", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "1f640a80eae5d75b", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "1fe092df0653a342", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "21294e0d0b121cda", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "227a51e35002cabe", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "2394e5f517192d0e", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "23b3a0ffd6f381af", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "27274b78fdb5b66a", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "2af87fae7d870d72", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "2c52da743358feab", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "2cd277574bf2ef9e", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "2f1754af535cdc5d", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "30ef2bfd0f1a0e58", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "32c35a9235c07703", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "353e4439f2dd7f41", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "37231c1c1b691ada", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "3759503d470d31ea", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "385bef3e509708fa", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "39143e0586bda8fb", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "3952cf141f7a7988", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "3cbd859f9017a22b", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "3de4fa7dcd29bf21", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "3e0c91ae1e25cc84", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "4075c56de1d4abc7", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "413fb225936be2cf", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "45839436149b96de", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "47f5221ea947fdb1", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "48be61ae1c21cf77", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "4970fec0edea6086", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "49990674bf8a8995", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "4a0e3fa71c05dd54", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "4ae49a9e734148b6", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "50a066f8ec10e833", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "51636301020480a2", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "530a86f1b4192055", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "561baef31372130f", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "591a41db9b79af5d", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "59abd7dfd624e787", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "5ae379d9c156a3ef", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "5d8a2d8699ed9ee4", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "5ee359e70fde1643", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "62810776df7db742", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "62bdfcdf58cd874c", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "642256529f0ff6ab", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "656c280d47bd952e", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "65cf00dde68b5145", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "671ef7876e00725f", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "677e7b3acd57270a", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "68b4d5db7e9b5c5e", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "68df5c1193377790", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "6a975a110e918ef8", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "6d32fab6df045544", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "6dfd0beaa799ad0e", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "6eb5b07c16b5c623", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "70d5705ef7765b89", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "71894ac0e3522f7c", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "73f4503d64a66d9a", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "744baa7aa5e8d192", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "74985de09ec98764", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "7753c8e8ea6b2b66", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "78447ed4edd2842a", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "79585666e0964d2e", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "7b1cb270c9065cd2", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "7bc3fbae8531dfa6", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "7d7490fa611754ad", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "81c2c135a68d29f4", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "81eb54b3f8a738b9", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "85bd2ba5b1ebf7e9", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "89aa76251ced5286", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "8e9fafe6e242e811", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "8ec53f46a05edb5f", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "91233860774a931b", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "91b647bbbba6deb5", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "940ffac4f8480d15", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "9620df42e45abf0c", + "type": "dependency-of" + }, + { + "parent": "6be629e4a12f87af", + "child": "979f7169936e88d6", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "98bc80b97ed6f71e", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "9bf39454af476ddf", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "9d9e9158a6244e83", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "9fa29831a822e32d", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "a07cb8e47e12414f", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "a1ad3775f61392a3", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "a1ff587af407dfb7", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "a3595503d07fec00", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "a4045bf2b74d58b0", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "a56ebf7e9a40fb59", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "a6a99cfab1fecb9b", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "a7d187c4307ab11e", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "a814f6702809f1e3", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "a8c2e1a2264357bd", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "a9b76305742edafb", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "aa7d9b28187b65d2", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "ab7f88149ec866dc", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "ae69d9be7bd46a62", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "afc79d5859e4f1d4", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "b03b81b90f9917f2", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "b0bfd10354716753", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "b14405cc33922027", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "b63a0a7b01d148eb", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "b83f8e631682a492", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "b94eaca0dedd811c", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "b9b3c747a4031e46", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "bd5228ada8121d91", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "bdc8668c4b51e731", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "bdced0d08b9f3b29", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "bdf32f5d5416ab16", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "c045464a7d75f70d", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "c2d37f13fff878bb", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "c6f78a73469f9f35", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "c75545382b15487f", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "c7ae26ddbcb34411", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "c89156f9c954187b", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "c954bd9a6a034eae", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "cb569fa58f58ac94", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "cbca403cefeaf0aa", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "cc1dd49bb25490aa", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "ce2bebc2a583aca5", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "cf78c0304a8231d0", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "d158af0f907a075a", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "d361bb2407bda534", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "d49d21277e12004a", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "d4c5db59ee201691", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "d65a8a096859eeaa", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "d6f8ea519d12a481", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "d72a35ab6edac53b", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "d9444c634712dee5", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "d968bac0a3f46c58", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "dc13bf6b2a6e2b69", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "dc3665da59955d9a", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "decd17b619f52264", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "e413eb82e4aedb71", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "e4e29ef2803ed609", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "e633bee8f313f043", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "e7307252140f3444", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "e89e0020249dd0a9", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "ea3e1340c08ef25b", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "ebbd0474709b5396", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "edfdbd6d1f4c0ab6", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "ee0231f8dab414d5", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "ee1f4013048d2e22", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "ef27b9cf22a1df17", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "efa0302dda182d8b", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "f0e1ebbf7474881e", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "f534115f859e6e48", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "f53cc7a5ec5dce3e", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "f54bda09b2c311df", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "f64ff4bd865c88b8", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "fa50ef55337074f9", + "type": "contains" + }, + { + "parent": "6be629e4a12f87af", + "child": "fe69c5fb98d90ec5", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "00af1ed07291d251", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "01af87c9c3234fd9", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "04748987cd664b77", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "06f279013c2ddb0d", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "07c5e413293f46fb", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "084238eeedbaeb04", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "6fc4f99cb27a629a", + "child": "0948aa0248ac39c0", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "0cdf4ec6c911c167", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "0d7c62d8d6903a19", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "11b67fdacd5bd84b", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "123eb4726fd7bb4f", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "19f0134bc73caf69", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "1c6f39b2f2e1a424", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "22f163cb88120aae", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "24395998c3835017", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "28a09a6d00e432e5", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "29f580ed6ad02546", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "34bd4326f0fa931f", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "35b8382e49af6760", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "3647d85aef6052d4", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "3e134d92deb588cf", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "42347261e3296811", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "42c3a29c5226055c", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "48ede018fe652204", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "4ce658f7dd104e72", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "4d3fbd7f2e338bf8", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "5060c67d3dd6ce6e", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "55e972a9bd3adf7d", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "58a9573d6a5680b7", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "60cda47c3612fb98", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "618be8f32a42d98b", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "619f55068291b7e3", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "65b422093ea150ab", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "6d23106926cedc71", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "6eb3a51250acad08", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "70e0901d857c8852", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "71149ce0d4fa13e8", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "71a974a45dfc01c1", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "72c27738e94dc409", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "72c84a7592207973", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "777fc75ff71407e0", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "77d382b59680ea33", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "7867fc44f8e31937", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "78dfd94ad0b5da76", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "7a845028b5bae0d1", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "7b0dc52e202d93a3", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "7e9fece2ad52f597", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "8044442fd16feb3e", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "81412860457969fe", + "type": "dependency-of" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "835a22ca7f6e2af6", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "84af44f4271d45ac", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "8668e791af9c87d4", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "8a7fa34a163d0e10", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "8b391ec87ce7b62d", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "8ea6468decc16ca3", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "97eb1dd3d3eee063", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "9a358b3dc9139fab", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "9bac7949c43d359d", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "9c61ea48cb83168a", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "9e643efa3244df62", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "9e87c4f4f5dd7f9d", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "a0780dbff54c9fb1", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "a191e74827a4d174", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "a22a3cb85a3df386", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "a4781691b8b11ddb", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "a49c7cc8554394e4", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "a7befdb346e36827", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "aba75d947d4bd17c", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "ad0dd43970cd551f", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "aff45e84ed41704c", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "b0fc8d476106d1c3", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "b26a6304c1ef0500", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "b2d20e1e334c8352", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "b3e0fcdc8aede938", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "b76704d083cdc036", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "b9040db32c3f5e83", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "ba367ba1a6a17446", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "bcd59c395dbe89c5", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "bd62974511ef530e", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "bed470dfb0bbe7a6", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "c0694eb564b439d2", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "c15c94c1738fbcb5", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "c5b4b4c9ca497091", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "c6ff9f920ab2b11a", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "c72cc34a7734b8ad", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "c8315aa5258a6107", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "c8721f07ccd27587", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "c9c46e2fd50b9998", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "ca069608975818cd", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "cc0097a1fbc291ca", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "cc798dcb38eba1a3", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "ce9dbdde35edfecd", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "d0ceb81547867a2e", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "d1aa45670f4ecf3f", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "d2e455bcbb756676", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "d31e7007a922c92f", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "d56bf495cf13bf7f", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "dc644502f7b052c1", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "e0f6dc1403a7fc83", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "e53bc700ab48c604", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "e6b76fb248e9f89d", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "e7e92d3264e62f48", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "ea9a00cfc2cc63bf", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "f003e31ecf7ad578", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "f0b4bee997df3a24", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "f4d41badd69d9d18", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "f8dfa8c598243359", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "f93d74998c6599d7", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "fd26c3eb3403b2b5", + "type": "contains" + }, + { + "parent": "6fc4f99cb27a629a", + "child": "fe23acc7f29f87b0", + "type": "contains" + }, + { + "parent": "7069d90382d7c593", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "7069d90382d7c593", + "child": "10fc03496e85dae5", + "type": "contains" + }, + { + "parent": "7069d90382d7c593", + "child": "1bc7f120ce61e78d", + "type": "contains" + }, + { + "parent": "7069d90382d7c593", + "child": "3c0ea2891a5411af", + "type": "contains" + }, + { + "parent": "7069d90382d7c593", + "child": "5cff8fae12ce3677", + "type": "dependency-of" + }, + { + "parent": "7069d90382d7c593", + "child": "9564ca1ffe7fce37", + "type": "dependency-of" + }, + { + "parent": "726407ce9205c669", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "726407ce9205c669", + "child": "0b17479f01b63ffd", + "type": "contains" + }, + { + "parent": "726407ce9205c669", + "child": "1f2e76756034330a", + "type": "contains" + }, + { + "parent": "726407ce9205c669", + "child": "4e01ddd4ea86a505", + "type": "dependency-of" + }, + { + "parent": "726407ce9205c669", + "child": "64898a35c1ce7274", + "type": "contains" + }, + { + "parent": "726407ce9205c669", + "child": "bace04fe1571465a", + "type": "dependency-of" + }, + { + "parent": "726407ce9205c669", + "child": "c1d8fac200470efc", + "type": "contains" + }, + { + "parent": "726407ce9205c669", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "726407ce9205c669", + "child": "e6f45669dd679452", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "02b145a905282982", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "734e3b82978b46ed", + "child": "093ca300cfa0cb3e", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "17eac59ecc5bec3f", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "1bdf5fe48c4bd4d0", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "2460ffdfcb2fe6c9", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "2d96fcb60e6d6812", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "39590e9e4490af42", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "3aa1742f2e3585c3", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "402ed8348f10e3ff", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "436b1621020334c0", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "5e411c4e4f6d3d56", + "type": "dependency-of" + }, + { + "parent": "734e3b82978b46ed", + "child": "5fc131a7cd3b5997", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "62536104a97be853", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "71df7a257a3f5f8b", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "74da127c15a13fa0", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "99c1b98e096be416", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "a6efd6855e2f7c11", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "aab8806f5eb00d9d", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "ba08977cca6b4d95", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "cc275f3ce8421483", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "e797ce9f0d1cdb1c", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "ecc1c4f163b4ad49", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "f1544ef0e6f4315a", + "type": "contains" + }, + { + "parent": "734e3b82978b46ed", + "child": "ff6a3189201331ec", + "type": "contains" + }, + { + "parent": "79b3a388130aa9b9", + "child": "058a5272ca28051a", + "type": "contains" + }, + { + "parent": "79b3a388130aa9b9", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "79b3a388130aa9b9", + "child": "95b49113891e48c8", + "type": "contains" + }, + { + "parent": "79b3a388130aa9b9", + "child": "d52857c4436af57f", + "type": "dependency-of" + }, + { + "parent": "79ba35edcc44da5f", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "79ba35edcc44da5f", + "child": "49c83cbafb892a3c", + "type": "contains" + }, + { + "parent": "79ba35edcc44da5f", + "child": "5cff8fae12ce3677", + "type": "dependency-of" + }, + { + "parent": "79ba35edcc44da5f", + "child": "c1271ae5fbf0e0c3", + "type": "contains" + }, + { + "parent": "79ba35edcc44da5f", + "child": "c47cc5d32f44cc87", + "type": "contains" + }, + { + "parent": "79cdbcbd3d61afd9", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "79cdbcbd3d61afd9", + "child": "26101b2a73c22813", + "type": "contains" + }, + { + "parent": "79cdbcbd3d61afd9", + "child": "32c854c70c4b9bc6", + "type": "dependency-of" + }, + { + "parent": "79cdbcbd3d61afd9", + "child": "518d26076223bf16", + "type": "contains" + }, + { + "parent": "79cdbcbd3d61afd9", + "child": "5600ce50a10eb4d4", + "type": "contains" + }, + { + "parent": "79cdbcbd3d61afd9", + "child": "5673356a70c66fd3", + "type": "contains" + }, + { + "parent": "79cdbcbd3d61afd9", + "child": "5fe8b53173092253", + "type": "dependency-of" + }, + { + "parent": "79cdbcbd3d61afd9", + "child": "79ba35edcc44da5f", + "type": "dependency-of" + }, + { + "parent": "79cdbcbd3d61afd9", + "child": "9548eb24c8261a07", + "type": "contains" + }, + { + "parent": "79cdbcbd3d61afd9", + "child": "a568d61394aed97b", + "type": "contains" + }, + { + "parent": "79cdbcbd3d61afd9", + "child": "d63ae4c3c914d90e", + "type": "contains" + }, + { + "parent": "79cdbcbd3d61afd9", + "child": "dda0ae07e7341f9a", + "type": "contains" + }, + { + "parent": "79cdbcbd3d61afd9", + "child": "e57ad82a664df51c", + "type": "contains" + }, + { + "parent": "79cdbcbd3d61afd9", + "child": "f3ff4aa1233cced7", + "type": "contains" + }, + { + "parent": "81412860457969fe", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "81412860457969fe", + "child": "5cff8fae12ce3677", + "type": "dependency-of" + }, + { + "parent": "81412860457969fe", + "child": "5d732d586d21e1a2", + "type": "contains" + }, + { + "parent": "81412860457969fe", + "child": "6fc4f99cb27a629a", + "type": "dependency-of" + }, + { + "parent": "81412860457969fe", + "child": "79ba35edcc44da5f", + "type": "dependency-of" + }, + { + "parent": "81412860457969fe", + "child": "9564ca1ffe7fce37", + "type": "dependency-of" + }, + { + "parent": "81412860457969fe", + "child": "b47dd00953817b05", + "type": "dependency-of" + }, + { + "parent": "81412860457969fe", + "child": "b7a5e9efcb9b8596", + "type": "contains" + }, + { + "parent": "81dc18ef79d2b2cb", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "81dc18ef79d2b2cb", + "child": "5563d371a9f13ec7", + "type": "contains" + }, + { + "parent": "81dc18ef79d2b2cb", + "child": "6fc4f99cb27a629a", + "type": "dependency-of" + }, + { + "parent": "81dc18ef79d2b2cb", + "child": "81412860457969fe", + "type": "dependency-of" + }, + { + "parent": "81dc18ef79d2b2cb", + "child": "f36b0135a6b24d42", + "type": "contains" + }, + { + "parent": "86bb1c48d046cf90", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "86bb1c48d046cf90", + "child": "315872dd93390c03", + "type": "contains" + }, + { + "parent": "86bb1c48d046cf90", + "child": "4796aaf427df0782", + "type": "dependency-of" + }, + { + "parent": "86bb1c48d046cf90", + "child": "5a61db40e1e1ecca", + "type": "contains" + }, + { + "parent": "86bb1c48d046cf90", + "child": "877484d5d72064a0", + "type": "contains" + }, + { + "parent": "86bb1c48d046cf90", + "child": "9dcf052ea12fdad7", + "type": "dependency-of" + }, + { + "parent": "86bb1c48d046cf90", + "child": "cf56343ce42be2bf", + "type": "contains" + }, + { + "parent": "87ad778255840d3f", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "87ad778255840d3f", + "child": "4796aaf427df0782", + "type": "dependency-of" + }, + { + "parent": "87ad778255840d3f", + "child": "5cff8fae12ce3677", + "type": "dependency-of" + }, + { + "parent": "87ad778255840d3f", + "child": "81412860457969fe", + "type": "dependency-of" + }, + { + "parent": "87ad778255840d3f", + "child": "9e76aa220f9aaf91", + "type": "contains" + }, + { + "parent": "87ad778255840d3f", + "child": "d50f1628fdf00808", + "type": "contains" + }, + { + "parent": "88eb82cde1f0760c", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "88eb82cde1f0760c", + "child": "4ddb6a5846d7bb35", + "type": "contains" + }, + { + "parent": "88eb82cde1f0760c", + "child": "5fe8b53173092253", + "type": "dependency-of" + }, + { + "parent": "88eb82cde1f0760c", + "child": "69c16800ed95c329", + "type": "contains" + }, + { + "parent": "88eb82cde1f0760c", + "child": "79ba35edcc44da5f", + "type": "dependency-of" + }, + { + "parent": "88eb82cde1f0760c", + "child": "81412860457969fe", + "type": "dependency-of" + }, + { + "parent": "88eb82cde1f0760c", + "child": "cd4bf5eeea9572a1", + "type": "contains" + }, + { + "parent": "88eb82cde1f0760c", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "8ef168befafd7b27", + "child": "0165175e69387e89", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "039e508ce9d5da38", + "type": "dependency-of" + }, + { + "parent": "8ef168befafd7b27", + "child": "045839e332bd074b", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "056f2a85423da82f", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "06cf40470ae4ac57", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "06db0d5547f53281", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "071dc954e7781a30", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "078a87259774791f", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "8ef168befafd7b27", + "child": "08d5dce244fc18f7", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "09371eedc2b9d95d", + "type": "dependency-of" + }, + { + "parent": "8ef168befafd7b27", + "child": "0c56734d7fa5e5cc", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "0d4ca6c562d852f9", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "0f394e0e6d66cadc", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "10e9321605ed3b26", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "111b65a59d05de01", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "1636a85d52c489d5", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "18bdae839efdebc0", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "18d4b98cd33be63a", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "1be594e56e910cf5", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "1d7f2b7ddde30ecf", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "1f88fb5719c35c4f", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "25202def2b28cd94", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "25c8cb45e6ef8bc8", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "25e16a00909d33d5", + "type": "dependency-of" + }, + { + "parent": "8ef168befafd7b27", + "child": "265ca13d36eb9a9f", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "26fb773c19e548c0", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "27557935309fffaf", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "2957aae07091a3ba", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "2c9b2ae407d86fc3", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "2e22b86fe576d2fc", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "2f7824beeae17415", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "33fcc6393c0ff3b9", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "3808baf814d3a75c", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "3a804ac96191b8e8", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "3e0a0208162355ef", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "40060b01d4e80f69", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "4356d92199f25d2e", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "461b28a03c440a0d", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "492ba4e8343fe476", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "52eab4688d6b3751", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "544b26d2152532b2", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "5c1ca5b1d84a25fe", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "6028286556616715", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "6551339451ed4e59", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "668fe15830d11a98", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "6818434c95393f5e", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "6a36f3048b5f9e23", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "6be629e4a12f87af", + "type": "dependency-of" + }, + { + "parent": "8ef168befafd7b27", + "child": "6f704900967b5d77", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "6fc4f99cb27a629a", + "type": "dependency-of" + }, + { + "parent": "8ef168befafd7b27", + "child": "71b77256524029a4", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "73eba117e1b20f85", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "744b5a4693813695", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "754a39ec4d130e17", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "7728a96ffaeb0a44", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "78c64b29850751ed", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "7997369f78b8711f", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "7be78d5770955fa8", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "8174a59113d54fa2", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "82c2f6b68752383b", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "83a5e806ca6828ee", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "88a6c97c9d25b4c6", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "88c5c7b7b7f31d92", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "88f4bc5e0bfe84ef", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "8ca713d9ce28c6c8", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "8da665206da2605c", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "8e0bbaa4e4ba02c6", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "8e68499e4c58f652", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "9020f49b86409025", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "941b8b9c01250526", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "9558b322aefc819c", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "9d343b0c0a3dc26b", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "9e37c41b16242727", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "9e82d0c55444d9af", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "9f1055e6d4762493", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "9f99ca58212d2c01", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "9fd078013bce73a3", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "a19b4b04eca0119a", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "a58763c7570727c9", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "a7684040d49bc8e4", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "a8f59c988de64619", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "aa95fe9a066fd0be", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "ab85920cb956969e", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "aca89e9d60961302", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "b315a3fe6e89f6af", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "b888bcdc2051543e", + "type": "dependency-of" + }, + { + "parent": "8ef168befafd7b27", + "child": "b8f0751fbb447dc8", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "b9c731f240f51940", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "b9ef157d7a552dc5", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "bc17b45a7346d4d6", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "bc40c98387d40c0b", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "bea301c1054368b7", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "c08b9f0c72a8631c", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "c15a9f36bca77f3f", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "c5e667d66df5bd48", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "cb618c4b8c037138", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "ceacea456c269068", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "d3dfe363c4518619", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "d467c883214fdfaf", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "d9e693836ef87035", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "dd8cd37050122d84", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "dea9371d2e47745d", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "df0d483d6d8698cc", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "dfad1fe2d91edeb0", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "8ef168befafd7b27", + "child": "e3c4434cb39b0d8d", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "e3d3859fc36afde9", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "e9bd0e2c33303c2f", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "ead172520b1e7e9b", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "f411654f922fadee", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "f922a4af4b958b54", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "f99398e3fee4fde9", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "fcb63864518bbdb3", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "fe9db330a6ced29d", + "type": "contains" + }, + { + "parent": "8ef168befafd7b27", + "child": "ff21bbd88cf7b191", + "type": "contains" + }, + { + "parent": "8f40faa2a3bf3018", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "8f40faa2a3bf3018", + "child": "1848dc41d7411a55", + "type": "contains" + }, + { + "parent": "8f40faa2a3bf3018", + "child": "a2d7e7570645fbd9", + "type": "contains" + }, + { + "parent": "8f40faa2a3bf3018", + "child": "dbb58be7b5652cc7", + "type": "dependency-of" + }, + { + "parent": "923f2a036f9ecf65", + "child": "02b5faaa0d20cf40", + "type": "contains" + }, + { + "parent": "923f2a036f9ecf65", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "923f2a036f9ecf65", + "child": "0d3040dbb5de38e4", + "type": "contains" + }, + { + "parent": "923f2a036f9ecf65", + "child": "f8bdc202e20abd5b", + "type": "dependency-of" + }, + { + "parent": "9564ca1ffe7fce37", + "child": "047e6b67f6510fd7", + "type": "contains" + }, + { + "parent": "9564ca1ffe7fce37", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "9564ca1ffe7fce37", + "child": "282764f7cd534318", + "type": "contains" + }, + { + "parent": "9606bf2c1d407bed", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "9606bf2c1d407bed", + "child": "3159c5c8e6dbee23", + "type": "contains" + }, + { + "parent": "9606bf2c1d407bed", + "child": "929c01b4e14e02b9", + "type": "contains" + }, + { + "parent": "9606bf2c1d407bed", + "child": "9dcf052ea12fdad7", + "type": "dependency-of" + }, + { + "parent": "9606bf2c1d407bed", + "child": "c430935fd8f2dc21", + "type": "contains" + }, + { + "parent": "9620df42e45abf0c", + "child": "0299e311fe243bca", + "type": "dependency-of" + }, + { + "parent": "9620df42e45abf0c", + "child": "074d9b8ca153069f", + "type": "contains" + }, + { + "parent": "9620df42e45abf0c", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "9620df42e45abf0c", + "child": "112e864d5ac992aa", + "type": "contains" + }, + { + "parent": "9620df42e45abf0c", + "child": "21294e0d0b121cda", + "type": "contains" + }, + { + "parent": "9620df42e45abf0c", + "child": "25e16a00909d33d5", + "type": "dependency-of" + }, + { + "parent": "9620df42e45abf0c", + "child": "27b4483b3942a858", + "type": "contains" + }, + { + "parent": "9620df42e45abf0c", + "child": "32c854c70c4b9bc6", + "type": "dependency-of" + }, + { + "parent": "9620df42e45abf0c", + "child": "3bba3fa15b959901", + "type": "dependency-of" + }, + { + "parent": "9620df42e45abf0c", + "child": "5fe8b53173092253", + "type": "dependency-of" + }, + { + "parent": "9620df42e45abf0c", + "child": "600acfaadf45a128", + "type": "contains" + }, + { + "parent": "9620df42e45abf0c", + "child": "79ba35edcc44da5f", + "type": "dependency-of" + }, + { + "parent": "9620df42e45abf0c", + "child": "81412860457969fe", + "type": "dependency-of" + }, + { + "parent": "9620df42e45abf0c", + "child": "8e5de5fe02f24a18", + "type": "contains" + }, + { + "parent": "9620df42e45abf0c", + "child": "a07cb8e47e12414f", + "type": "contains" + }, + { + "parent": "9620df42e45abf0c", + "child": "b888bcdc2051543e", + "type": "dependency-of" + }, + { + "parent": "9620df42e45abf0c", + "child": "c1f88b3854213579", + "type": "contains" + }, + { + "parent": "9620df42e45abf0c", + "child": "c302ae351fd4cf79", + "type": "contains" + }, + { + "parent": "9620df42e45abf0c", + "child": "d32171e48673fb5e", + "type": "contains" + }, + { + "parent": "9620df42e45abf0c", + "child": "da22838b523ebb31", + "type": "contains" + }, + { + "parent": "9620df42e45abf0c", + "child": "dbb58be7b5652cc7", + "type": "dependency-of" + }, + { + "parent": "9620df42e45abf0c", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "9620df42e45abf0c", + "child": "f8bdc202e20abd5b", + "type": "dependency-of" + }, + { + "parent": "9dc1b34cdde2c695", + "child": "0515b52ebbb5144c", + "type": "dependency-of" + }, + { + "parent": "9dc1b34cdde2c695", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "9dc1b34cdde2c695", + "child": "180fe3cdf9d49788", + "type": "contains" + }, + { + "parent": "9dc1b34cdde2c695", + "child": "2187328ae913998e", + "type": "contains" + }, + { + "parent": "9dc1b34cdde2c695", + "child": "21e1efe3fc994cb7", + "type": "contains" + }, + { + "parent": "9dc1b34cdde2c695", + "child": "2669fc1c6862e336", + "type": "contains" + }, + { + "parent": "9dc1b34cdde2c695", + "child": "61853170048c8d39", + "type": "contains" + }, + { + "parent": "9dc1b34cdde2c695", + "child": "620ece52533dccad", + "type": "contains" + }, + { + "parent": "9dc1b34cdde2c695", + "child": "7f4d4f7aa9afb6fb", + "type": "contains" + }, + { + "parent": "9dc1b34cdde2c695", + "child": "86bb1c48d046cf90", + "type": "dependency-of" + }, + { + "parent": "9dc1b34cdde2c695", + "child": "92877ee769577e05", + "type": "contains" + }, + { + "parent": "9dc1b34cdde2c695", + "child": "a49ecb62b0ebac88", + "type": "contains" + }, + { + "parent": "9dc1b34cdde2c695", + "child": "abab580ee1866cde", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "03ded06f5978a219", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "0459a6aa08d9b230", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "06978697a3279859", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "9dcf052ea12fdad7", + "child": "0a88a27a0a532250", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "21f69a66a8e1f30d", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "23d013f0de6bb227", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "2a9ba5e47a1caf49", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "3ce5c71bd91a6fb8", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "3f9e7beb12691dc7", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "43f5c8e2c050e9b4", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "4faae474a1995428", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "504ece9f854051a7", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "57a23fddeb51a231", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "604ed35d2e3c3905", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "6459258497686318", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "64d9d5371892c01a", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "75de514af4a6a058", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "7b5244660b3ff49f", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "86a9e363787cae70", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "89e5a19c73e3c007", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "9177f91992e80c85", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "9a3472e293b9bde1", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "9b4fdfd089bd0f72", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "9eebb7943e5997ad", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "a586091b446e0346", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "a7ff93fae1c38258", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "af1939bedac4fc42", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "af584ef6a682393d", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "b888bcdc2051543e", + "type": "dependency-of" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "c57d87b0b5a2fdf1", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "c5d5d77dbb5b491d", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "c668344a0bca4102", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "c7221a3ee9652521", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "c9e4b809beaa97bd", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "cad2d692d922a012", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "cc34ed57e626e93f", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "d548c3c0c2e1c5f3", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "d64f3b4ac3fb03ad", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "db8886a0050e15b4", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "e01b45f2896e2b8f", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "e1955cc8bd7d7354", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "e2d294e2988586b1", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "e7b09fa086b60c5a", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "e91e2e6213b87b0b", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "eb8d2881557e6d12", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "eeb961a2a9d5084b", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "f68d462d6f0dec41", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "ff0ea36e439da173", + "type": "contains" + }, + { + "parent": "9dcf052ea12fdad7", + "child": "ffd67d68e23c19c8", + "type": "contains" + }, + { + "parent": "9fcab3ada3c25f5e", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "9fcab3ada3c25f5e", + "child": "0df328b7f8c16083", + "type": "contains" + }, + { + "parent": "9fcab3ada3c25f5e", + "child": "5cc4a51ee7c8655e", + "type": "contains" + }, + { + "parent": "9fcab3ada3c25f5e", + "child": "69a1f8b190180ac2", + "type": "contains" + }, + { + "parent": "9fcab3ada3c25f5e", + "child": "8c585fd49a1add6b", + "type": "contains" + }, + { + "parent": "9fcab3ada3c25f5e", + "child": "9564ca1ffe7fce37", + "type": "dependency-of" + }, + { + "parent": "9fcab3ada3c25f5e", + "child": "dc88753ee1f91b36", + "type": "contains" + }, + { + "parent": "9fcab3ada3c25f5e", + "child": "df0de9d0d9d031e1", + "type": "contains" + }, + { + "parent": "9fcab3ada3c25f5e", + "child": "e45b53ec2f0ac0a0", + "type": "contains" + }, + { + "parent": "9fcab3ada3c25f5e", + "child": "e715eea96e3656d1", + "type": "contains" + }, + { + "parent": "9fcab3ada3c25f5e", + "child": "f2a10369c567f48e", + "type": "contains" + }, + { + "parent": "9fcab3ada3c25f5e", + "child": "f3601cef86b4f2cd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0011d80650bd57b7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "006b1ef26c19fa86", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "009ece66b505db9a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "00a4fc892c991cfb", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "013750e15c50f33e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "01626c7aa79391d6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "016d8025fd9f110b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "01757da876968567", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "01ce09736956ec2d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "020b84622fb900db", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0212eb2afb4e13a0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "023abd2d44bed68c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0277a7b6c13e0e18", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "028dadd23d403b43", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "02ad88301776db65", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0373ef1d181d86a6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "043695b356310635", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "043fb5366c6c3f62", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0486da6e1e56e929", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0488de992cd66915", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "049b90f71d2fe7e8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "05042171f6eec703", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "050892a3c53da237", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "05134288540b9a17", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0515ffe984f626d8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0554a04109a113fa", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "057a5f6ec928791d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0654d6e280f96ad4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "066e06135920a3fe", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0687579881861600", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "06c8dae4fcda6094", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "07a3a3a51a8e3f6c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "07d76771e560a228", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "07dd2930e1b6b74f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "07ed7d3b280f15db", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "a08e57c8715e4d05", + "child": "085b8e3d17b13241", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "08c0d75a4724966d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0939219069390b95", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "097d210877f6bbc8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "09ccf06d5abdc234", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "09d951f943e65978", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0a387cdfe63b745c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0a7fb6e5bfc5fc19", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0aab09bf1271c5bd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0ab86e68732c77f6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0ade089dd60c5f85", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0b6064d0ab67205f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0ba296fdbd0793ad", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0bf6c8d5e79525f9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0caf887c9a2180c1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0d8efe1900de9bc8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0d9243f8d38fed47", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0d9f97c062a39e17", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0e1e1c595cca2f74", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0e3d7fa5ccaa00b8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0e4d5e3dea1ba873", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0e64f6f90d9e0545", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0ee4e00c20eb77b0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "0fb73c464008585a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "108c1e7b2a68808d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "10db08e203dc8002", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "10ecd7443a2e0f8d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1118f4bdea71fa15", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "11347187883af73d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1146b88da7a69dde", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1184d1f54fa15648", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "11b695663ecd0f36", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1246b723e35244d7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "124763e4f24095a1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "124bba0ca3ded7a4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "12a05d87e75dab27", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "12ae5e9461e3b5ae", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "12d1add738110cee", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "13197f3fca74319d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "13240979e9b0a02b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "132a3666861a86da", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "14653b642de8a981", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "14a8522223084a28", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1514165139b117f0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "155deab0d1b75139", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "15aec7429804cc49", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "15cafed9eea83afd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "15e0b2f49afa5fb8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "16588574ba987865", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "169a1f9cb1911cff", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "178617aa61acb30a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "179ea1c3ef1bc59c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "179ff93f13c1cfb2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "17c26a924f613a8f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "17d210f51ceceff4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "17da2ac5fdcc25a6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "17dfdf30d4d5c5f2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "17f16514685ef7f0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "180c377ec849fba4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "181ac7465d94e356", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "185090340733aeea", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "18a968f29e5740c6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "18b452a763fa2e4f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "18dea002d13130a1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "194c99d5c6dfd860", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1977e82ca78998ff", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1a08dc105bfa3288", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1a84896fd2eb9d3e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1ac51dcf88d495c2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1ac852847005acbb", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1b00c1885d3691e0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1b1888dd3d110bb1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1b6367971456eec2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1bfda69ae0d15947", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1c1c8c076ee8a8fd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1c5427fce54bfbeb", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1d82694b1ecba6e9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1da72657d491b1fe", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1da9452bc193c348", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1dad11ed20ccd12e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1dafda874efa42e4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1e12e2b7baffc502", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1e4ac086c3c7f220", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1ea40f38c3af340f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1ecc2805c23bda81", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1ee20c6134fae95f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1f5e8f8731296243", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "1f9eb38b4f39d50b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "201518c5bc694622", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "20811c14c8ff84dd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "20897921da67aa61", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "20b7ddeebb4a8e6b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "20d6cf74fbe318d1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2112b844bdb7263e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2116c5a9302e3f0a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "211f559c0f4bbf4a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2137faa0e906ad55", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "21aebeff396d90d6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "21e63581b7b02e9f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2214a1edfbca4d81", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2262e80d8459d76e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "226ab5fdc7401d2f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2311536ec353a770", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "238cecb2a77ae8a6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2390dfa51e4ff768", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "23c601af39604c0a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "23e1dd3ee39e9c2e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2419686c77b5d0d7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "24d0eefe07c685d5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "24faa7550e718ffd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "259405cab0d1a560", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "25a4abe4eaf7d07e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "26a99c7d4a95e43a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "26f1e9f423da2438", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "26f75c5ac6f16539", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "27b60de34eee0b61", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "27b7ebcc965ed969", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "27e20379fcc146d1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "27e84291ee71ad39", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "27f5c384e6257312", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2835b9af3f19e1d2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "287406beb3a9c308", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "28a58a71753afd9d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "28b506d95f98eff8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "29bc63839999e78e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "29d9570982072ae4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "29e48de2cfb8b31b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2a187ef845ab494a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2a7a7d29536a09d1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2af6995ed37d66e2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2b2e27e3c71746d4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2b395eebcb4a67ff", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2b4e7cf7323c8867", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2b506f7f2e1c9f60", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2ba0227f0817622e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2ba37f18f5bf7884", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2cf98fe7a8654079", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2d4abebbc2b2bf97", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2da65ec945716182", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2e3d233ce4bf3668", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2e80788a46bd1d3a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2eac927b46cddaa0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2eb23f6b7c6b479e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2eb274251cae73a6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2ee3a5a33392d02c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2f0f0490c9bb437a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2f19b94e364a70a5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2f2ed61fb4309f30", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2f7d8e71fee1aaef", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "2fcff6eb734c19f3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "307bb7c30af3573a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3090009812f92579", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3110956f3338d30e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "312cc6f73b42ebc3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "318d6eab1c4b4756", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "31b6aed83a59a4d7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "322000192658f13d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "322f6ad2ea49ba49", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3289702b1d71d398", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "32fa3bb6af7e7c21", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3347c3874ec8f3f8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "337818befc3ad70c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "33a9f4a242c7ac02", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "33b6e90ad7e50c5c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "340e43cc61beadc0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "340f6ac7059eaca6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "35312210bdc0464f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3589032a6e7d507f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "35cd04a7b1fcde3f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "35ec5541946df3cd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "366e61f85b8f86e1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3698970716458c61", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "36c654c8c660a279", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "371522ecf1be2592", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "371e66a63ad5cb5d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "373ae748a8cbcd46", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "37dbd70f590af32f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "38303342a053167e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "385ad24ba0f04bad", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "385f39c9f2fe1333", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "38955202e36be11d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "38c3fabbad78e2b0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "38c93329f777744a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "38d0fbbdf89964cf", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "394f853a78e79d09", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "395ebb726ab52116", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "398efbbacb77ff35", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3994723bfb139261", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "39a1cf12e24e2f4f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "39ac364a9c3507b7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3a22b177ad565097", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3ad1c8c3c0c61955", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3b0bede735021781", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3b1a0b290e22f7ce", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3b2083b83dd7a371", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3b945d58d746a6b6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3bc3cdb4c0d18237", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3c1113be1893fc56", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3c1f0c7b44068f06", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3c62995ac83b64e2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3c8284764dc0f389", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3cb1bec0eab9a923", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3d034132e6079387", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3d4aa454e7520182", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3d800320aae0d855", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3dc2ade608bb09da", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3dca7d224d87d7d8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3dd26d3784448dae", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3df03911c231f0a6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3e09cd0ce754bdbf", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3e1cf308907ffd0d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3e587927663bf2d2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3e7aad594196cf97", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3ebb04112fa6864c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3ed169a32febde4c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3eda3ebfd73285c0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3ee9e9bc94152cab", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3efdc5b032bda724", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3f71bb83b42bf7fe", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "3ff198d678ddcf52", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4000effc7cb0f74d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4007c15f993f184f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4014146544af9f8f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4032531ee2615597", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "403b6dd2aea67f45", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "404e0f2c906fcf3e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4054b00b1ba2fbcf", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "40bd8c2c972b948c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "41310208a3651bff", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4156ca814b032d3f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "418571b0a4cdaf67", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4195cb7a999e6f5f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "41a5726c799af744", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "41c24463c1caeb9c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "41cde13c4321af41", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "41e55d95d3e71834", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4205f8b4e25f7938", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4293d64c3fcafdb2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4312a77b0dee8bd3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "43b40b3dc6d5af7f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "43c2072ca7c33906", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "43db8d93cbb13f3c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "43dbbaa7ed552857", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "43ecffc436a18913", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "44028b6bb5dd7fc0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "451a2d4d79e5ff2f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4599e19ac72591d0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "45d19be0cbb7d625", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "45e7be0fc4d7ce7b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "462943816575345e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "463fd1185acb3ea7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "46d8ffd21be5a635", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "47389c1f2788315a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4773fa53cdd52e44", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "47b76754d929de5f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "47d47bfe9daa28df", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "47eaba1f98f04820", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4834666be23b0336", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "48f50aeeac70e98a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "48f69c3bd2c4dfe3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "48f8c2a987661df7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "491311a52b2465d3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4983ebde4b36d4bd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4a3eda6da3ff252c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4a547b957bb16238", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4ae492f507985141", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4af1abc60ed4b3ae", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4b434e46d7216259", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4bb7d8e23c355cf0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4bd39480910fe7cd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4bf08701e5e976fd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4c04952207bfba6c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4c1da9027422da97", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4c4c00f75a1b2521", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4c6b58c8cfeb69bb", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4cab43b7a6d64883", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4cc17f4e31664845", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4cd086e938b5d439", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4cf67b5bdef43c1e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4dde89b97050f0d3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4df260a5a6d61b81", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4e0485fa464e8a3a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4e0f832ccffb5bf8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4e1ca7b19d9ea1e5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4e8cc4fdeeac808a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4ea56c2152db1aaf", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4eb3fe00ba14e9c4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4f0e212bbcaed305", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4f17e9450cb616ff", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4f2072b67274b92c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4f21c2134ca3699d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4f362059c2bd5a60", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4f7ebf154c9dee62", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "4fdb123fe106361d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "503e22ea1ae00bff", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "50f76fc25a911876", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "514cb52107ce34ed", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "51bd19b360dbd27e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "51cdda05f997befc", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "51e5cd74bb2ff2b6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "522bcaed0e9fdeef", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "531fb4d3a25e9d01", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "532e2f858590f4ad", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "536a0170a2e837ec", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5447e42cb615d2d3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "545524b58c8b745e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "54c6380fa829bb2d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "54e7b7be1b3ae175", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "551a77d088635f9b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "551b0b4dd1919168", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "55db14dcae4a215e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "566978418a8582b5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "56962c5b00032699", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "56f140668c930944", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "57174e40dd79a7b8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "57338feedf76dae2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "574ad9a4c8b3c8b5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "576fa0b745d60603", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5786305fa98ec735", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "57ebb2104f6050b6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5815083ad3d1b4cd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5828e12a7f5886ad", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5871dfbf7874cae3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5895d89acd4e3705", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "593cb16b27097278", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "598379db727de0c1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "59b4af6842b248c3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "59bc2fa9b50cd094", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "59e5eb2178088d7e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "59f00c4a6afaeca3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5a07402af5bd1e09", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5a5b31c6ed441c58", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5abb4c317c67493e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5afcb57400b1d273", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5b3923f8e2b41631", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5b7463d3a87f99ef", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5bbdcf82423f512e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5c026a85d6a1887f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5c421e73c56aad12", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5c6bfcdbc4578b60", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5cddee3c98d816cc", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5d03d5cceb52edcb", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5d2df31116d2dd9b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5d4a7c3f72373cd3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5d624fa9a429b1e6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5d7943c7e30119bb", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5de4946ca871786c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5e58792604a2de92", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5e7841414f3ab611", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5ea9fa5ae87e7aed", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5eaa64d615bfbbf6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5eaeeecf47e10af1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5eb1e4f5972cf9c2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5ed840c9cb2b6f34", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5f259ebabd9e8726", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5f2e5395ca7b421f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5f6f49aadfb5db41", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5fb2236f15b7246f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5fb70be249c632ec", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5fc0468959b8e2ca", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5fd92881aac7828d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "5fec325ab2367c56", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "60abe0e813d2f612", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6106ccc4337dac51", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "611985209674e281", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "61870667349de61b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6191b262893eb64a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "61975e0fc245b5fd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "61c77f2293826510", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "62a35e2874bfe2d7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "62d6b89873f37a68", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "634e2721b391cd86", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "636826ee7c43e6fa", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "637c30cb07068c21", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6396e1bb85ca2420", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "63f5243af314e0b5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "641ee0288cbb8df5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "644aa8c946738c20", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "645ebfede035aaea", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "64947a93aceb9392", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "64ec135af71c4d24", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "64fd9f51d9d2fe9a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6506494742ab1f9e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "659a69b949b557bc", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "66332fc00e499578", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6669f53a5e886496", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "66ccf3fa33e02a87", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "66e3e42e88e3467b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "670e6465ecf7620e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "673d21dbd2158552", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6741fb1bc0959778", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "67626b40a8ea206b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "67a4fe6b7b5e0b6a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "67c098182522533e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "680b9e96e231e221", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "68dc887745847a95", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "698282e99a14057e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "69d0293d392d7b80", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6a3f7d2a8302e01a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6a58270c4e19e86c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6a7104b310debc0d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6b00277688781bab", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6b2728a383c7712f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6ba30209572ae26e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6ba439dbb90f5c3f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6bd19075def974a6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6c1e03e0ff4c5fc4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6c7ce05349566d0b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6c7dffa3a28243d1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6cad865e5e3d3d96", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6cec62463126b762", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6d6688aea27fa8fa", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6d7e70e2ecdac341", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6d909f42127f418d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6da615580f542f67", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6db85fd6485015b1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6dc93bf4829cb8ce", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6dd7c3f7988a57c3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6df7fa08b1ea1e63", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6df9f4201e1bd0e4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6ef6737447295ce7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6ef9a3f0d37591ae", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6f27318e991b55ff", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6f773f10edc48288", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "6fcc59ea1daed1c0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7052a3c37eb89373", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "706b737aa97ab26b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7081a0e34a6b350e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "708dd170b218f2c7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "70ae1d36282a9c44", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "70b83a93e0a21641", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "70bcd976ef21e4ce", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "70dad2ef15073618", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "713b27e7e4132849", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7206f4575066d8b5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "722044944ad58575", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "722217af7e61be0e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "72bbfbf43a13bdfd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "72bd1bf6a1f8325a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "734f0946a03d7707", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7354ff083fb2caea", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7366e6a01808526e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7375efccc3679997", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7439d6928726b505", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7481b9a678cfb593", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "749cbcc52c60375e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "74a1c70f5b7de613", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "74c4ec0cba7629ee", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "74fcc1b62422ba79", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "75275687a666710d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "760e015bda49528c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "762dee584417a829", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "765160302ae1e137", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "76c0c45bbfc61e39", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7730cbb1fd359e9b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "773da227ed26a95c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7775c68823622bef", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "77b6dbb3b0b69bc1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "77dec77de21ce078", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "781ba5c6912c8771", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "783ef47a4b6cc7c7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7846ce6f1446a572", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "78855593e2583a9e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "78a9c1310740c8aa", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "78ccdae019d28585", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "78f5d71f306ef4ce", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "78fcf48c6bbbb712", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "79077984a7a6c0be", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "790fa2b99a8abe0b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "796657e2d7cc9dcf", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "797ef78fce0668f0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "798f2ecf54223fbe", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "799f8d5301678c96", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "79a942968674b495", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "79b1a23ae343c28d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "79bced351aedbd0c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "79f74fce7309437f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7a1210001590214a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7a903f7a2c9d5ba9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7ae7878adef825f3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7b0126f480a1d35a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7b07abce48102625", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7b2ab2deee4bf264", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7b4af5d654131a8d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7b73295968c5c5b6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7b7d0bc6cc970d9d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7bdec1c6f9ad7660", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7c03028642527858", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7c204caa0f4f162d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7cb88702cda86e95", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7cd97aee09ee2a47", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7d23b4abca3bf0cf", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7d27e81560137a98", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7d447b2ce9446c96", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7d5d839b76215ad9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7daee65cf4a04418", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7e295ef0c947ca85", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7e585fce630f1e19", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7ead89c2b331912b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7f11aa76fb1d8e80", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7f2410592e4e0a98", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "7f9562764d10c0b9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "800aa6d1893bdd9e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "801d2a76dc576570", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8048172bf741c0f9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "807df220f5b72e03", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "80b12f5602f95d7f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "81ab02364bf1f697", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "81b79f4927e50813", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8211995d747ee077", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "823bd205cf39249a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "82bdd4a41a73e93f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "82f885559c79e03e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "83090e6d3da79b8e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "831849ec1a38a628", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "831f0664c5476a76", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "834807d11e38bf7d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8369533c70045307", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "83cd44460d30719d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "84289022f58576ce", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "84989d803046a4cc", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "84d8c27f9fc6385d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8521e77186536070", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "85439c400bbc86d5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "85e8535fbb307dd2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "863e3e46bb44ff41", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "86462bf7cfae9fca", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "86808dddd6ed4312", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8697e4a748fbd08f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "86b1760d0094da18", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "86d26aeda90b4234", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8750144d13781f83", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "87a32bf8148754ae", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8822a65fabe47778", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "88f0454222a38655", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "891be320c08c7dcc", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "89257e7dc821cd7b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "893640ffaadb3fd7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8979cba7762ce8f1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8a0f58a73f65f6b8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8a4a91898f4982f7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8a8d315146c83b5b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8abee6515b5f03b5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8aca294312e655c7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8bacd41007b5e109", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8bdfa32e69de48fa", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8bed8fda8c543629", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8c8ab4bea52abb5b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8d2a9e70b1763d0f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8d77a21b60654221", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8dce2c711372eb31", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8ea257eac59089ca", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8f7068be9c87455e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8f71ccf80b2ad19b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8f79201038155384", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8fac2a05f0ced3b9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "8ff5c8f99542c1c7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "90771ac81ab468b8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "909799b37a21942e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "909c114e91953fa5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "90d2820f5da684dd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "91327d43c35f78a6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "91442d4b20abbb1f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9168bad0b03ce195", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9188cae0e2d7e66c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "91904eed74ebab7c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "91a6a39db5404ccc", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "920898bb95373af4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "926b2a78a71c5bdd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "92b007f40eddfeb5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "92cfdd5827806bea", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "932e0a15f794d6ea", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "93a77504158cd24d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "93e44073edf8bfa8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9447ec7fc9baea14", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "947292ead3b1c9f5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "948a7edf6e965ad2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "94958ba44fa043aa", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "949f877ffcc782bd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "94d8f29154035f0e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "94da58a2c071562e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9583da24d1cf6bdb", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9621ef6c92b03c21", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9623aead673ec6f5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "967e3a10ec37458f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "96c7c4394fb89eb7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "971b147bcac60dc4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9794c76a6eab5ba0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "97ed177bcc7d9709", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "97f3937e1790735c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "980393f7bdf1e927", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "98e838ae849e045b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "98fb9bceea211a42", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "996f559bdbcdf702", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "99aca4dbfb4ccfdb", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "99ada4e07c31c653", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "99b2bdbf14ff57d8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "99c5c1db23551e10", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9a10afe86413fe1b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9a76fb50afdcaa0e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9aae9fa192834b5f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9aed0a30b0b87a05", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9afaa370e1493930", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9b647f55ebb0b60b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9c17adc7a7394b19", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9c27a24c4e4022cf", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9c5a7e6750b42fe2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9c820b6005b1fd42", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9d50067b8f8ca339", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9da0d06e1fcead8c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9da9e525e01ac96a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9e2ad02256d0b761", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9e4be64056e719aa", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9e8d2102ea28598a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9e8e0dcd6461e814", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9f0583310b4acb5b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9f207aa74c31f0b8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9f2344594005c427", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9f28d3c8d4d5de91", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "9f31d5e035978451", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a040004dfdfc4b8f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a07326b416b47314", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a09763c9eea2c126", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a0e0fb0ab31ce0e1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a0e66e6c4fdddb35", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a0f2d7770002fb9c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a0fa56c69164af96", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a179fa54cf5c4c26", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a183734120280e91", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a1df52b82f376959", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a1f9e28be9e1515a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a2ed9481b9ffb2f0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a318b559e8ec5e01", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a41093a0e71bc7c5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a446144c2a8db246", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a4f511e1a2654e3c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a59b7b888d5b4655", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a5d6c087f1ce0421", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a64a0b29550b0350", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a6a2bc1498452340", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a6d8fd571d0c2a85", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a7047fe6e2fe36b1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a7395e2e631fe286", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a8012fc33e8f27f8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a80940ed5b5ba2cc", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a80c7b5ed6f75459", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a82580e6f79f5ff5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a8c22c4c598830b6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a8f39bbe81d9520e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a9190084e3644c0e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a94c967281cc09b1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "a9fee61f29c681de", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "aa7c6fe4e206bc29", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "aa8af4fed1af33d2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "aaf8680b8bfcb498", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "abb8a442c65a8e3d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "abd2c8452b9b1897", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ac38ff5072279c22", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ac44cca1e7a44914", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ac44ce4edaa057c8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ac704fff8d045cef", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "acaf22218730a5df", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "acdc2927b4f053b0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ad6d58d932f042d8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ad88d08f39df0077", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "adba9de770a57ed4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ae535b182d40b06e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ae752373b648ec23", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ae8194cca135c514", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "aea59607411935a9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "aeb4b9efd34fc302", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "af2692a760bcc3d7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "af2f85e92c305a99", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "af4a7dc03fc61093", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "af628877550cb038", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "af64189d59f68a6c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "afd4814904e23921", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b0545a2e8bf99f5a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b0b15fae3ce98719", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b0ce1cac5c29fc5c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b0e384f6d27da550", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b0f960fcd690076b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b0fa9cbd276df6bd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b1a17607f30e3edf", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b1bc1a2041ffcfa5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b1c6be64f1598066", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b1d2358a79ff3e1f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b22d792fc4fc1316", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b2853301acd2fdab", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b2cfd17a18d5a1bd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b2e4e38ed8791f04", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b2ebeea47dd5475f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b2efc539cf50ff1e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b30ea32dd3503666", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b31d04042b9abaf5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b32984eb37225c93", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b350ce7ab7810a11", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b3b0e2f90433506e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b3ff2a61ff5b4796", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b426a0890ba8c900", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b47ee08b9c7d4905", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b491273c5071c377", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b4ccccec0713b3e6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b4f91d8034801ec4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b527118fa63d4dce", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b53344cb3ffb3226", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b567b01303e388da", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b57a36a92b5eb980", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b57e758310e08e08", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b58b430e813e1e19", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b5b43a537b956807", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b5e862a573d7ed9f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b6134efb4ea8a235", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b678bb63d669a6a1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b6b2b2ff2c14c4f7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b6d69186fa08c51a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b6e3181a3e6614ee", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b6f45f1dbbc5ee47", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b73e44fe1c60ab9b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b79fe7da5b4023c6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b7f83def08194949", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b7ff261fe1222dc9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b8952e82b53fd6c8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b8afad39a9ebfd7c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b91225324d6263a0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b92545c8f9a22670", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b941d058a9e60caf", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b94bacb68e7641d6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "b97a7a2f3fbf4c36", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ba21fd1aa2af3853", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ba42caa71e93d958", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ba53573b9cfd0fcb", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "bab9e9f85c79c245", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "bad99f1041412d06", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "badb4b2cb912dd47", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "bb847c5ee50cdda3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "bbb1f2b3570b915e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "bbc47973b9d50f9f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "bbd67870ff51785b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "bbd8826fbc7d4c0b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "bc1dc5a11617ff3b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "bc4114dabf5c1926", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "bc7a57e20262ee4f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "bc8d998b99a817ae", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "bd312d7e54bbf346", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "bd9dbbf07eac4f97", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "bda3f09d4ce029a2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "be051504c746aade", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "be1fb51e4d61dcd6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "be5bb17b40fd50c2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "be96d0167c0ac1f9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "bef62ea9048f0f45", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c0252d612386b659", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c10ae445b88bd9c2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c1243c1120ba7c56", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c1c398fa2c623ea8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c276e24691787eff", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c2a8edf6c75a67a6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c2f4ae12b0131be4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c3326ed61922a612", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c38520c3d5cfe803", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c3b81e97789af4f1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c52ed71aa894aa39", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c63555534c04dfd9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c66466b6e18873a5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c67e353ca5e7bbeb", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c69343349cab865d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c6c2b5321e7e8d16", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c6d0dd5d4cf5c061", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c6de8cfabb0d2d20", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c6e59beebb7b1c28", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c709cc0873ef5444", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c7583b1a24cdbb05", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c817df2401644d95", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c8310a6caaf65f94", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c89f38590453da25", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c8e1ea9e021b8c14", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c8ee22b893a72c95", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c9676d8f122f5c89", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c985cb2dc1a169bc", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c9d4c510e981e36d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "c9f88fd6c52d991f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ca000ca372e4d431", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ca05fe3e6305beea", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ca1e99cc58ec3d45", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ca432ae695acaa61", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ca71f5553b5d6b00", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cabaebda56dc9639", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "caf0ea4d1eb037ab", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cb22050893636562", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cb5ca6e7813dea77", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cb7e4d427ef498c2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cb8e9eb83e52c3ea", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cbb0ce76dec7a451", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cbf72f5b9543b190", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ccc7cbc8cf1cb1bb", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ccf81edcc32a4f29", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cd4926f945491db3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cd5cef0f0e983751", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cd64b079efb31e36", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cd840c892dbec610", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cd9b726fe5f144e5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cdb7c18c637626be", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ce26ee87860739cc", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ce3dfe4995c8f24f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ce5074f2b7cd35e5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ce9e052bb4f505ea", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ce9ff7ae1a540ba3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cec5d92d2742b191", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ced3c624b6bc6637", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cf7f960b881084d1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cfcf3b57eca8267c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "cff69e2dbc82f86c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d02947be782f9df4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d033123020293d3c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d056db3910810802", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d0e7561284493ba4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d1bfaa52e4bebb5c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d1c10e34d3aafde3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d1c1756746a5da30", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d21755e322b75c3f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d229438e006fa531", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d2b2ca8e16fefbdf", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d306fdcd238494dd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d31a81ab8db21c1e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d33f966ebcd34c24", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d34abf13f23fa547", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d34cf2a21c861c20", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d35cc7feb6820a60", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d3868b101b37c63b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d3edd44f6865e2b6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d4614fe385f00f79", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d477339a413ab91d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d4d597f6762866c3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d4e57dbd2e2c4a50", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d5106c46a9567f39", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d527689295f8a310", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d551f7fcc01926ec", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d582b81e5c24dbe2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d60a955930ff4a3f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d67ac102d34d7339", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d6f4c046a9800974", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d6fa85942ba9725e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d705fc609541cf5f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d755b234f0f5e121", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d759c5b545415d1d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d75f7a1687554234", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d7982316838b14d5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d7c5fd0bd56e8a21", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d8442b79c9bb211f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d93c522207cbf1bf", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "d97d6872449d4e6a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "da2575a45478ba4c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "da56e399ea6614c0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "daddd35181720871", + "type": "dependency-of" + }, + { + "parent": "a08e57c8715e4d05", + "child": "db3b41478abd19c9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "db9ed6006ae2095f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "dbc117de4035649c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "dbdc3b07da2deabb", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "dbf2cd9405019f59", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "dc2b397038a0500b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "dc37220cbb44f0d2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "dc9f06d4ba7b9f7c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "dd7c01fb057a54fc", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "dd83a8010444a199", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "dd8aa6a155f509af", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "dda9eee877f7aecc", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ddf4a0d970493a4c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "de70877551d180b8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "df34fa3daf0ac99c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "dfee78d6cc699226", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e0797c1b8a059c87", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e0ede8868e534771", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e10bb262a37a0d1a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e17549bc40721333", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e187e467e11bb275", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e1ede9996d1494c2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e2295f10ac3fcc40", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e26f98fd4ad10e74", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e32f01816e708557", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e366832f15f000fb", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e3be249111356540", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e3cc6d32a56f65b7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e3f08a267b684227", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e4284902313b756c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e46d52a77ffd2012", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e475ca363045a9d6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e4917ad7e3741dd9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e4a6f4a56ddcfb16", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e5b54b73ef3461ad", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e5b5caa8f8fc650a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e64353ec62870cf0", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e6730eb41efbdecf", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e679befc0207bb79", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e75e96a04cbc7bad", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e7a70bbb02e6931f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e7bbcf8faecb67e1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e7bef37a1e89212c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e7e899b1ce982e9c", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e930291958ab98ae", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e9a7daefbb8b52fc", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e9aee5bc271dcd1a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e9b0a023122242cd", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e9d853b7613e991d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e9f26b2889649ba5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "e9f47ff9032019c5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ea0f3b8bf78643a2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ea46ed9196f3d64d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "eacd3bb0a1f85734", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "eafe51e1e824cc94", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "eba681381951981d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ebdf0273c85b7f11", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ec0a17f08b1c7038", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ec2603cc92b83da1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ec55daf0b0767148", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ecf9f03cf839599b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ed031e2497e62995", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ed3622667116df82", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ed6e7e869c1525c3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "edd8438e8eab25c7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ee089b91a7005898", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ee1f0d09827619d5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ee42227bc84df0ea", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ee5d12e425b2a4f6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ee9fd2a420997207", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "eebe74989742d15d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "eef0a08628daad13", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ef3d410ae8f703b8", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ef4b2ad66ec4cf22", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "efd33b0c03f7f2d1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f024214f6c82dc25", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f03b09dbcd6e79f9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f049ddb3599ce35d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f07efa25045dc460", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f08e65df79237a22", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f130723512533721", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f13a66478d1d4f7f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f17c51d39cbe85b7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f184a8de6446ce39", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f1956bd1a3691380", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f1b33c0757415541", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f1dd28afef6d6466", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f225389200f0e315", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f232ff6f62af2a7b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f27d0499d3b1c954", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f297d7e288331d68", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f2d3cfaacbb01880", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f2d63fcbed1ebf04", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f3259f345ccd3b65", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f385e92015c773bf", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f3cd5fc16ded8e9f", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f3e2614697a555d3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f3ee23e99741aee9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f4063f58b813e126", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f42ed6977c96b3f6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f477ad75112e2997", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f5a1cbbac5704326", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f62c57c5ad5fd2a6", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f63f6f85c3f220a3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f6488689362ca2d1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f6e3d69d53a65a0e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f6f403ed0f9f3203", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f6fd23d435484c92", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f742ec86d0af67ef", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f754203069453f64", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f78d3bb4be66b75b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f79fda36a0e19923", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f7a89b46185949c9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f887330ad2508114", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f889562e18d25a1a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f895d61410f55511", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f8e012ae6fbc2748", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f98ad82667182c2e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f9a9c4bb9f9dbc98", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "f9fb5ff594c9fda7", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fa1a0ca8233565f2", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fa4e8eab62182cad", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fa730dd75d64d5a3", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fb61b3c1d01776f4", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fba5531118eb4f00", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fba6ced282174415", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fba85d57dfe36e70", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fbb68aefc6ca041b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fc2d9d293f0e545b", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fc2e43f73453940e", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fc3b98a8f6d637fb", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fc4b946bb5757bb5", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fcef089df6ff596a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fd29287444e98f95", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fd82b327989fca18", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fe7a4a0368fdcf2a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fe919bc0bce64ff9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fedcac4633f1430a", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fef4f22ce4e0a641", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ff3491878d8985ba", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ff72e7d686c2154d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ff7c90f720c54752", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ffa40bf00111bcc1", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ffd04305e07a420d", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "ffd566d34fc1d2f9", + "type": "contains" + }, + { + "parent": "a08e57c8715e4d05", + "child": "fffd5cb4f74e83f6", + "type": "contains" + }, + { + "parent": "a243d3460507af96", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "a3aa75d8273e1cac", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "a3aa75d8273e1cac", + "child": "394eda196ea9cc18", + "type": "dependency-of" + }, + { + "parent": "a3aa75d8273e1cac", + "child": "873c917cafce7f50", + "type": "contains" + }, + { + "parent": "a3aa75d8273e1cac", + "child": "874052fff98a4177", + "type": "contains" + }, + { + "parent": "a3aa75d8273e1cac", + "child": "98fcd3e601d40fd1", + "type": "contains" + }, + { + "parent": "a495c2a7de1ac993", + "child": "05062048799b19bf", + "type": "contains" + }, + { + "parent": "a495c2a7de1ac993", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "a495c2a7de1ac993", + "child": "4958c0305cc0c1c1", + "type": "contains" + }, + { + "parent": "a495c2a7de1ac993", + "child": "b47dd00953817b05", + "type": "dependency-of" + }, + { + "parent": "a65fe92a04ecf6ce", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "a65fe92a04ecf6ce", + "child": "09778ad4d5c0d6cc", + "type": "contains" + }, + { + "parent": "a65fe92a04ecf6ce", + "child": "4796aaf427df0782", + "type": "dependency-of" + }, + { + "parent": "a65fe92a04ecf6ce", + "child": "58756d9f36396527", + "type": "contains" + }, + { + "parent": "a65fe92a04ecf6ce", + "child": "72fed51334ae231b", + "type": "contains" + }, + { + "parent": "a65fe92a04ecf6ce", + "child": "7846d632fac88d93", + "type": "contains" + }, + { + "parent": "a65fe92a04ecf6ce", + "child": "9664c43dc87b8ed4", + "type": "contains" + }, + { + "parent": "a65fe92a04ecf6ce", + "child": "a04110cf28fb5340", + "type": "contains" + }, + { + "parent": "a65fe92a04ecf6ce", + "child": "bcaf00ba173110fe", + "type": "contains" + }, + { + "parent": "a65fe92a04ecf6ce", + "child": "bcbac17c560ff49d", + "type": "dependency-of" + }, + { + "parent": "a65fe92a04ecf6ce", + "child": "d0738c4e72c4921b", + "type": "contains" + }, + { + "parent": "a65fe92a04ecf6ce", + "child": "d68d8112761d584e", + "type": "contains" + }, + { + "parent": "a799ab1600e49872", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "a799ab1600e49872", + "child": "177ad30b4dd8175d", + "type": "contains" + }, + { + "parent": "a799ab1600e49872", + "child": "20166f892a70cb1d", + "type": "contains" + }, + { + "parent": "a799ab1600e49872", + "child": "4796aaf427df0782", + "type": "dependency-of" + }, + { + "parent": "a799ab1600e49872", + "child": "97780ed7a4226be7", + "type": "contains" + }, + { + "parent": "a799ab1600e49872", + "child": "f1b53ce035ee04b6", + "type": "dependency-of" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "a940b80fe4b46c8b", + "child": "0ddc9dba708b678b", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "18cf06d4abbb39ce", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "1a3133d2f0305784", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "21aedef33c6a13c9", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "3203fde87778c9ed", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "32a0c00ecef8529c", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "47daa9b0930ea0f5", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "67c5ab204d910f75", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "7ab7f3522d309852", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "838664dccf164d17", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "85e93a42c71df820", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "8a3d13c3ee10bc95", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "9e393ba47e750cde", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "a6ecbe53b00c0170", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "a9674222eadcd7f2", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "bd201f1503e17989", + "type": "dependency-of" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "bf0b590157599e95", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "c5fd943acd121228", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "c6783499aa12b204", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "c9e7cc7fd09f7054", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "d9ff4f32eeb17c6b", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "e69d26bcb0a24e1b", + "type": "contains" + }, + { + "parent": "a940b80fe4b46c8b", + "child": "ec87058761e8948b", + "type": "contains" + }, + { + "parent": "af1ef2b90efeccfe", + "child": "886a39eba3384970", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "b0dd457df676ceac", + "child": "025702a1e5b63e69", + "type": "contains" + }, + { + "parent": "b0dd457df676ceac", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "b0dd457df676ceac", + "child": "1e29db6133907052", + "type": "contains" + }, + { + "parent": "b0dd457df676ceac", + "child": "1e41d52c1fd496c7", + "type": "contains" + }, + { + "parent": "b0dd457df676ceac", + "child": "4796aaf427df0782", + "type": "dependency-of" + }, + { + "parent": "b0dd457df676ceac", + "child": "50368cb4892a7855", + "type": "contains" + }, + { + "parent": "b0dd457df676ceac", + "child": "ab7413a242ae644a", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "023549e866ed57ef", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "0299e311fe243bca", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "039e508ce9d5da38", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "0515b52ebbb5144c", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "06e2c48d975ea1da", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "076c827c3f1dc44e", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "07c41562e2bee55f", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "b22efca5f0bac92d", + "child": "090027c7d7254e53", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "09371eedc2b9d95d", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "0c6263baa58699ee", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "0fc14552c6652ab5", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "102fca6f01ef28cf", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "10db71b631af3760", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "13a9f52f69916435", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "148a25b1c2d99bc2", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "164c9dcdd18d1fc9", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "1716d1a69e4531ec", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "17802e5820eaaec1", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "196df9cad96e380f", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "1d43a3fb8f185afb", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "22d0e7bdd9bb8c1a", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "23c842a484ebcfd5", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "25e16a00909d33d5", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "2990c286d4a80ee1", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "2baa82c983b30582", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "2bd21e0156fe2aa0", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "2f1e24780cfea663", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "304e2047f10e5c4f", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "32c854c70c4b9bc6", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "32dc8d9385f596a8", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "32ec75dedc8ed09d", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "367d12ccb8f871f1", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "394eda196ea9cc18", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "39edf0f240a77402", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "3b95a370d9cbeb72", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "3bba3fa15b959901", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "3d05d8fb200663bd", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "403e3b854fc89f1e", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "4422e914738c17ef", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "4796aaf427df0782", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "4c3362aa50faa23f", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "4e01ddd4ea86a505", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "4fbfd80d85bb460e", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "546bedf3e2fa6b85", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "5530ff7e4715e8b5", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "5adaf9930b0243ad", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "5cff8fae12ce3677", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "5fe8b53173092253", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "6310624b78c38417", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "640d7278e8974c51", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "64575dd9d0be23a4", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "664d277def349e86", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "6a3c1818891dac67", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "6e1ba648d2b11550", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "6e267a1855234be9", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "6fc4f99cb27a629a", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "7069d90382d7c593", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "726407ce9205c669", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "7536453ef2a26c46", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "76f1c9985254e2be", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "7907305384f2540e", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "79ba35edcc44da5f", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "79cdbcbd3d61afd9", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "81412860457969fe", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "81dc18ef79d2b2cb", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "86bb1c48d046cf90", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "87ad778255840d3f", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "88eb82cde1f0760c", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "898c7000b5881f61", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "8dcdbc2daec313fa", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "8ef168befafd7b27", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "8f40faa2a3bf3018", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "9195ac6a4e9b45d6", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "923f2a036f9ecf65", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "9564ca1ffe7fce37", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "9606bf2c1d407bed", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "9620df42e45abf0c", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "9679b18dcdd53e17", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "99df092f7bb8222f", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "9c5b99a9203f7dc7", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "9dc1b34cdde2c695", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "9dcf052ea12fdad7", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "a3aa75d8273e1cac", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "a495c2a7de1ac993", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "a536ab71c04de1d4", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "a65fe92a04ecf6ce", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "a6f9568da893cbea", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "a799ab1600e49872", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "a940b80fe4b46c8b", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "ac52326c6010ee90", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "ae3fc97113fbe7ca", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "b0dd457df676ceac", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "b3389bc8d420d9cb", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "b47dd00953817b05", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "b75c9ce4cb4a4d36", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "b888bcdc2051543e", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "b9930935983f5330", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "bace04fe1571465a", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "bcbac17c560ff49d", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "bd201f1503e17989", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "bdcb3bee3b1ed812", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "bf18eec22303c1b8", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "cb11cdc4189fc7fb", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "cc6fde5122ccb21c", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "ccc2461d41d72dde", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "cecb06c03b371de6", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "cf7d0f71948121ea", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "d19d670da6254e2f", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "d52857c4436af57f", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "d95be7a40dea16b9", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "daddd35181720871", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "dbb58be7b5652cc7", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "dcb109d4616daae5", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "e1c9803b20913af1", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "e21cb9e7dda039e1", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "e2e600817bb6e830", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "e4935d5aa0ba62ff", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "e66b7275c6659e9c", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "e71a752222ab1cf0", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "e8d4429184219587", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "eb199925a99265ef", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "eb5d2c76ed21fa8e", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "ec9dd0ac24b8d8c2", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "eed46dd832bd62c9", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "efaae8c603855dcd", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "f1b53ce035ee04b6", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "f3e667a0375f3959", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "f7b1ca91de4b87e3", + "type": "contains" + }, + { + "parent": "b22efca5f0bac92d", + "child": "f8bdc202e20abd5b", + "type": "dependency-of" + }, + { + "parent": "b22efca5f0bac92d", + "child": "fcfdc07fd546a72e", + "type": "dependency-of" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "b3389bc8d420d9cb", + "child": "0f0ce024c81213be", + "type": "contains" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "1897bbb4f7efd63c", + "type": "contains" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "1cb31a5be70c0358", + "type": "contains" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "34f8467e3a606deb", + "type": "contains" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "508f3556caa1e8ec", + "type": "contains" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "55feb480571762d8", + "type": "contains" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "6e696beaf5a6f45a", + "type": "contains" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "7b4d7d0f77ce8dc2", + "type": "contains" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "81412860457969fe", + "type": "dependency-of" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "8a707565ca91434e", + "type": "contains" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "8ef168befafd7b27", + "type": "dependency-of" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "ae8e6fdb3bff5894", + "type": "contains" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "b0a10e424e7b1086", + "type": "contains" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "c1427ebe890dcc80", + "type": "contains" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "d8bdde81208a0a93", + "type": "contains" + }, + { + "parent": "b3389bc8d420d9cb", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "b47dd00953817b05", + "child": "026e9bfa4e973170", + "type": "contains" + }, + { + "parent": "b47dd00953817b05", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "b47dd00953817b05", + "child": "27ae868c8ec36403", + "type": "contains" + }, + { + "parent": "b47dd00953817b05", + "child": "5cff8fae12ce3677", + "type": "dependency-of" + }, + { + "parent": "b47dd00953817b05", + "child": "88ecb7a06373bb64", + "type": "contains" + }, + { + "parent": "b47dd00953817b05", + "child": "df99bd0ce5d10c31", + "type": "contains" + }, + { + "parent": "b75c9ce4cb4a4d36", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "b75c9ce4cb4a4d36", + "child": "b22efca5f0bac92d", + "type": "dependency-of" + }, + { + "parent": "b888bcdc2051543e", + "child": "001812e01c9af599", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "b888bcdc2051543e", + "child": "0c15dc319b7ac053", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "142bc36112f14a35", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "396f3170300f5eac", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "3f42f7a518ff9cd2", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "40cfbade72a94901", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "485cebdb5c8d2a32", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "55ae2bfbc993fb90", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "65c571a404e6bbe2", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "6a6b8cc19b094b2c", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "6dd72dec86149806", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "6ee3a0391f2a137d", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "7dc959edf743cd9a", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "810479e6a3eae050", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "a123f7eee70c72eb", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "bace04fe1571465a", + "type": "dependency-of" + }, + { + "parent": "b888bcdc2051543e", + "child": "bfcafeb6183520a2", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "d36ea61b0f7b6a70", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "dab0f87cf2057742", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "dbb58be7b5652cc7", + "type": "dependency-of" + }, + { + "parent": "b888bcdc2051543e", + "child": "e66eb4f8be4409fb", + "type": "contains" + }, + { + "parent": "b888bcdc2051543e", + "child": "f11be3044d82d8b0", + "type": "contains" + }, + { + "parent": "b9930935983f5330", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "b9930935983f5330", + "child": "81412860457969fe", + "type": "dependency-of" + }, + { + "parent": "b9930935983f5330", + "child": "f18c9f92057ac960", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "bace04fe1571465a", + "child": "14a117e88aabf24b", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "348d1f812826c9f4", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "3ba77e6bd881631f", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "479cbc92a7a36509", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "524d8032f81017af", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "636f619f9c1536be", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "67d38e340f4577d3", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "7e81ec7a8f66c3ca", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "86bf2ecd1788501f", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "9e66ce4e0a6eb3cb", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "a2f54b1b196c86e0", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "a903dcfa92379f1c", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "ac8c81ddb4590392", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "b50526e63108f8d2", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "c2da83b6c923127b", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "d20220678434ab7f", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "d92702dbbda7e1c4", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "e5fec12d1cea722f", + "type": "contains" + }, + { + "parent": "bace04fe1571465a", + "child": "f8bdc202e20abd5b", + "type": "dependency-of" + }, + { + "parent": "bcbac17c560ff49d", + "child": "06db0aac5cdcba72", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "bcbac17c560ff49d", + "child": "09b75c7c7656032e", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "11302a785a1ce540", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "1280ca8837f1e5f5", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "2d800e884032c615", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "32c854c70c4b9bc6", + "type": "dependency-of" + }, + { + "parent": "bcbac17c560ff49d", + "child": "32dc8d9385f596a8", + "type": "dependency-of" + }, + { + "parent": "bcbac17c560ff49d", + "child": "34f393bc80919207", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "3bba3fa15b959901", + "type": "dependency-of" + }, + { + "parent": "bcbac17c560ff49d", + "child": "47a82969cc47629d", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "47c400f5c24f856f", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "552d2c53a768d981", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "558485814f2546ce", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "5cff8fae12ce3677", + "type": "dependency-of" + }, + { + "parent": "bcbac17c560ff49d", + "child": "63fcf5c880513783", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "77cbc96976386886", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "832a99d51bcc976c", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "887e3b3e646d1504", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "8b573813f1675648", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "9177b59dbe124c50", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "9564ca1ffe7fce37", + "type": "dependency-of" + }, + { + "parent": "bcbac17c560ff49d", + "child": "9992a8eaecbbd713", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "9a640bfc7a35e27b", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "a940b80fe4b46c8b", + "type": "dependency-of" + }, + { + "parent": "bcbac17c560ff49d", + "child": "aa17c20def3d2ed1", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "b47dd00953817b05", + "type": "dependency-of" + }, + { + "parent": "bcbac17c560ff49d", + "child": "b73ccb7a63516532", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "b92d7f889edab03c", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "bd201f1503e17989", + "type": "dependency-of" + }, + { + "parent": "bcbac17c560ff49d", + "child": "d6f141d5e13b0ae0", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "d74bc027ece3129e", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "d99f54c344ef6351", + "type": "contains" + }, + { + "parent": "bcbac17c560ff49d", + "child": "f7346e98a83a716a", + "type": "contains" + }, + { + "parent": "bd201f1503e17989", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "bd201f1503e17989", + "child": "196b545787abaf02", + "type": "contains" + }, + { + "parent": "bd201f1503e17989", + "child": "81bbe926b6aead1e", + "type": "contains" + }, + { + "parent": "bd201f1503e17989", + "child": "8238f8f0844d48b1", + "type": "contains" + }, + { + "parent": "bd201f1503e17989", + "child": "9564ca1ffe7fce37", + "type": "dependency-of" + }, + { + "parent": "bdcb3bee3b1ed812", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "bdcb3bee3b1ed812", + "child": "4796aaf427df0782", + "type": "dependency-of" + }, + { + "parent": "bdcb3bee3b1ed812", + "child": "64405ea653cfe62f", + "type": "contains" + }, + { + "parent": "bdcb3bee3b1ed812", + "child": "afa1339ce3d11f25", + "type": "contains" + }, + { + "parent": "bdcb3bee3b1ed812", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "ccc2461d41d72dde", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "ccc2461d41d72dde", + "child": "1d43a3fb8f185afb", + "type": "dependency-of" + }, + { + "parent": "ccc2461d41d72dde", + "child": "23c842a484ebcfd5", + "type": "dependency-of" + }, + { + "parent": "ccc2461d41d72dde", + "child": "32c854c70c4b9bc6", + "type": "dependency-of" + }, + { + "parent": "ccc2461d41d72dde", + "child": "403e3b854fc89f1e", + "type": "dependency-of" + }, + { + "parent": "ccc2461d41d72dde", + "child": "4e01ddd4ea86a505", + "type": "dependency-of" + }, + { + "parent": "ccc2461d41d72dde", + "child": "5cff8fae12ce3677", + "type": "dependency-of" + }, + { + "parent": "ccc2461d41d72dde", + "child": "87bcdfdfb15d3488", + "type": "contains" + }, + { + "parent": "ccc2461d41d72dde", + "child": "89115b1e9262abe4", + "type": "contains" + }, + { + "parent": "ccc2461d41d72dde", + "child": "8ef168befafd7b27", + "type": "dependency-of" + }, + { + "parent": "ccc2461d41d72dde", + "child": "b888bcdc2051543e", + "type": "dependency-of" + }, + { + "parent": "ccc2461d41d72dde", + "child": "bcbac17c560ff49d", + "type": "dependency-of" + }, + { + "parent": "ccc2461d41d72dde", + "child": "e21cb9e7dda039e1", + "type": "dependency-of" + }, + { + "parent": "ccc2461d41d72dde", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "ccc2461d41d72dde", + "child": "f41eeeb12e786c07", + "type": "contains" + }, + { + "parent": "cecb06c03b371de6", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "cecb06c03b371de6", + "child": "1d43a3fb8f185afb", + "type": "dependency-of" + }, + { + "parent": "cecb06c03b371de6", + "child": "840c32fd3150949d", + "type": "contains" + }, + { + "parent": "cecb06c03b371de6", + "child": "ccc2461d41d72dde", + "type": "dependency-of" + }, + { + "parent": "cecb06c03b371de6", + "child": "de37ebc778a4b974", + "type": "contains" + }, + { + "parent": "cf7d0f71948121ea", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "cf7d0f71948121ea", + "child": "3aa74c97ee3ced19", + "type": "contains" + }, + { + "parent": "cf7d0f71948121ea", + "child": "96396d4d262bdabc", + "type": "contains" + }, + { + "parent": "cf7d0f71948121ea", + "child": "b888bcdc2051543e", + "type": "dependency-of" + }, + { + "parent": "cf7d0f71948121ea", + "child": "bace04fe1571465a", + "type": "dependency-of" + }, + { + "parent": "cf7d0f71948121ea", + "child": "dbb58be7b5652cc7", + "type": "dependency-of" + }, + { + "parent": "d52857c4436af57f", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "d52857c4436af57f", + "child": "11d09b8e145a45b4", + "type": "contains" + }, + { + "parent": "d52857c4436af57f", + "child": "225f79c9b0575a25", + "type": "contains" + }, + { + "parent": "d52857c4436af57f", + "child": "ccc2461d41d72dde", + "type": "dependency-of" + }, + { + "parent": "d73e936743b685e7", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "d73e936743b685e7", + "child": "df5d3ce64e6dc98c", + "type": "dependency-of" + }, + { + "parent": "d73e936743b685e7", + "child": "e98ab666782456f4", + "type": "contains" + }, + { + "parent": "d95be7a40dea16b9", + "child": "04915934a2e73e28", + "type": "contains" + }, + { + "parent": "d95be7a40dea16b9", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "d95be7a40dea16b9", + "child": "4614cea04c46ab52", + "type": "contains" + }, + { + "parent": "d95be7a40dea16b9", + "child": "59528e0c83849368", + "type": "contains" + }, + { + "parent": "d95be7a40dea16b9", + "child": "72c25efc2e6e63cc", + "type": "contains" + }, + { + "parent": "d95be7a40dea16b9", + "child": "80154d44abd9a5df", + "type": "contains" + }, + { + "parent": "d95be7a40dea16b9", + "child": "a65fe92a04ecf6ce", + "type": "dependency-of" + }, + { + "parent": "d95be7a40dea16b9", + "child": "b38fb49ec7a7ad9a", + "type": "contains" + }, + { + "parent": "d95be7a40dea16b9", + "child": "baeb2ef9e81c6f00", + "type": "contains" + }, + { + "parent": "d95be7a40dea16b9", + "child": "d8440719a2647712", + "type": "contains" + }, + { + "parent": "d95be7a40dea16b9", + "child": "e6663d1e664c7729", + "type": "contains" + }, + { + "parent": "d95be7a40dea16b9", + "child": "eb67df499c22e945", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "0162f52421956672", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "01e3295cf525038a", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "daddd35181720871", + "child": "24b7a789ea1de86d", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "3a77f0eb2f121f92", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "402379cda2734cb1", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "44461ef359eebd22", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "5a3f08ff2ba7eb83", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "5adaf9930b0243ad", + "type": "dependency-of" + }, + { + "parent": "daddd35181720871", + "child": "6492c40f18325b8f", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "64fe31773eb4999e", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "74a5b79731824b85", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "75601b8758c5c606", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "7ac217344c32a4d0", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "879ec3ccb9c2d440", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "9195ac6a4e9b45d6", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "923c136f4c5de86a", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "9c64a140bb800cff", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "a9dcf0efdca030d9", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "ab10c6584b53de9d", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "ab68aceb1603e266", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "b22efca5f0bac92d", + "type": "dependency-of" + }, + { + "parent": "daddd35181720871", + "child": "b436ec625d3e4637", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "b75c9ce4cb4a4d36", + "type": "dependency-of" + }, + { + "parent": "daddd35181720871", + "child": "bc498e83cc41964a", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "c0765b8dd9f14fd4", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "c71625ca0ae03d90", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "cbd26163fa70927c", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "cc81a1d8e7798571", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "da6893d8b64d3642", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "daddd35181720871", + "child": "fb7925b2ec23b7e9", + "type": "contains" + }, + { + "parent": "daddd35181720871", + "child": "fc282208ed48aa6f", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "0522bcec26e6a026", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "053bcf254f43a96f", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "db4134870a686c23", + "child": "1044ecf2ad0ce2c4", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "14f5ce0d98a90b87", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "1d7fd03128d7e4d2", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "2065aab50b73cc76", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "29b57084e873a85b", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "2cc560a83b80dd47", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "2db41ac88cdf8431", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "38ecd8c72b7eea92", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "3f42f7a518ff9cd2", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "410c97f05ec8cc4e", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "44833f78acc30bc1", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "4e0814ecba9a840f", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "4ee5f68b748edff0", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "4f619fe86f82aca9", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "51a16dd2240268af", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "561140d4efe66e37", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "57dc34cef5fc7029", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "5903baac62ef6626", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "5d0c649679feae87", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "5e724ac7dc6c5896", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "60b3bbf1dc150e29", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "6595665567b15dfd", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "65edcd9856a2ba28", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "6cff7cc34969a538", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "6e35e39585ba7d79", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "72c4214de7eaf7c3", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "72f663c04a0c56fc", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "7702c5c821e9f285", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "8380dd3e428b0f55", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "86552a9b61a01a58", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "869d689a25f2e1d8", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "8711641c4e8bbd25", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "878ecff90dec0cfb", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "882e9fef471425f7", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "888b6b58afbd2377", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "8bf3176e21b3abc5", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "8e3c16288ba60b3a", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "8e3c8bdb7f75bd5d", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "90ab5cddee596df7", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "913208470fae46ec", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "9133809489ed5bd0", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "9197b3a790c9df93", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "9620df42e45abf0c", + "type": "dependency-of" + }, + { + "parent": "db4134870a686c23", + "child": "9672f29db1784412", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "9d3c270b586cf9e8", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "a38e5ca8cef6d8f6", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "a392553ad2d8f3f6", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "a65fe92a04ecf6ce", + "type": "dependency-of" + }, + { + "parent": "db4134870a686c23", + "child": "abe5d35fd9e4b896", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "afdd73f093ebb639", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "b0484622aa727260", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "b307e99b0bf1a901", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "b34e1538c9281ef1", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "b80049f0c6041e3f", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "b888bcdc2051543e", + "type": "dependency-of" + }, + { + "parent": "db4134870a686c23", + "child": "b8bc1d0869ed022a", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "b8d925cbba552dae", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "bb6f1a66cbc46ca9", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "c102b34d4850f420", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "c5064e1c6b2b82fd", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "c84674aa2b18f5e3", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "cfea9a73750a32b2", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "d1f527359f518a57", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "d876baa9427407a2", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "da0bddfcd645ebdf", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "da22838b523ebb31", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "db84aa46836bf358", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "dcff234cc54fd81f", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "df6d8ed5a12429b0", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "e70790cfb823b2ce", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "e805870ce82f9ddf", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "e911694cbc73fcea", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "eb3af61ac7994eee", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "f2121e401df4d509", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "f72f9876da0bf51a", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "f807571eba875c73", + "type": "contains" + }, + { + "parent": "db4134870a686c23", + "child": "fdd5ef7ec49ba6bf", + "type": "contains" + }, + { + "parent": "dbb58be7b5652cc7", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "dbb58be7b5652cc7", + "child": "32c854c70c4b9bc6", + "type": "dependency-of" + }, + { + "parent": "dbb58be7b5652cc7", + "child": "b0fa0980073d1886", + "type": "contains" + }, + { + "parent": "dbb58be7b5652cc7", + "child": "eb5d2c76ed21fa8e", + "type": "dependency-of" + }, + { + "parent": "dbb58be7b5652cc7", + "child": "fab1deefcb5e0964", + "type": "contains" + }, + { + "parent": "df5d3ce64e6dc98c", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "df5d3ce64e6dc98c", + "child": "27488b456777ffc1", + "type": "dependency-of" + }, + { + "parent": "df5d3ce64e6dc98c", + "child": "c3b61ebf351721f4", + "type": "contains" + }, + { + "parent": "dfd23518c3ae46b3", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "dfd23518c3ae46b3", + "child": "10e1abf320fef787", + "type": "contains" + }, + { + "parent": "dfd23518c3ae46b3", + "child": "1e810aa32799dda1", + "type": "contains" + }, + { + "parent": "dfd23518c3ae46b3", + "child": "4ec017684ca0701e", + "type": "contains" + }, + { + "parent": "dfd23518c3ae46b3", + "child": "68a7a1aecef0f0bb", + "type": "contains" + }, + { + "parent": "dfd23518c3ae46b3", + "child": "82c2c4328ac0b8d1", + "type": "contains" + }, + { + "parent": "dfd23518c3ae46b3", + "child": "8f422b316d200560", + "type": "contains" + }, + { + "parent": "dfd23518c3ae46b3", + "child": "b23178d125545f49", + "type": "contains" + }, + { + "parent": "dfd23518c3ae46b3", + "child": "b6ef71dfaf54dd21", + "type": "contains" + }, + { + "parent": "dfd23518c3ae46b3", + "child": "be8b1ad0cdc10508", + "type": "contains" + }, + { + "parent": "dfd23518c3ae46b3", + "child": "c3d987af03b2c23d", + "type": "contains" + }, + { + "parent": "dfd23518c3ae46b3", + "child": "d73e936743b685e7", + "type": "dependency-of" + }, + { + "parent": "dfd23518c3ae46b3", + "child": "e03106a16175f05c", + "type": "contains" + }, + { + "parent": "dfd23518c3ae46b3", + "child": "f38158a60f58dcf7", + "type": "contains" + }, + { + "parent": "dfd23518c3ae46b3", + "child": "f868e0e9521cbfd9", + "type": "contains" + }, + { + "parent": "e1c9803b20913af1", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "e1c9803b20913af1", + "child": "24d9c2015a515f85", + "type": "contains" + }, + { + "parent": "e1c9803b20913af1", + "child": "6a3c1818891dac67", + "type": "dependency-of" + }, + { + "parent": "e1c9803b20913af1", + "child": "a65fe92a04ecf6ce", + "type": "dependency-of" + }, + { + "parent": "e1c9803b20913af1", + "child": "bf3b33b89a3fbb84", + "type": "contains" + }, + { + "parent": "e1c9803b20913af1", + "child": "d43cff324ed877ee", + "type": "contains" + }, + { + "parent": "e21cb9e7dda039e1", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "e21cb9e7dda039e1", + "child": "6be629e4a12f87af", + "type": "dependency-of" + }, + { + "parent": "e21cb9e7dda039e1", + "child": "7522e277c19c73d2", + "type": "contains" + }, + { + "parent": "e21cb9e7dda039e1", + "child": "9d448763622f504d", + "type": "contains" + }, + { + "parent": "e21cb9e7dda039e1", + "child": "b888bcdc2051543e", + "type": "dependency-of" + }, + { + "parent": "e21cb9e7dda039e1", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "e28c009b2c72d8a9", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "e28c009b2c72d8a9", + "child": "2f1e24780cfea663", + "type": "dependency-of" + }, + { + "parent": "e28c009b2c72d8a9", + "child": "32ecdc00bc8f1320", + "type": "contains" + }, + { + "parent": "e28c009b2c72d8a9", + "child": "37b798076510be9c", + "type": "contains" + }, + { + "parent": "e28c009b2c72d8a9", + "child": "5109f754756ed3e7", + "type": "contains" + }, + { + "parent": "e28c009b2c72d8a9", + "child": "6756fb3d8b92dd02", + "type": "contains" + }, + { + "parent": "e28c009b2c72d8a9", + "child": "8913e02f37ae1f62", + "type": "contains" + }, + { + "parent": "e28c009b2c72d8a9", + "child": "a5e14019242958a4", + "type": "contains" + }, + { + "parent": "e28c009b2c72d8a9", + "child": "c941dd2fee8bc9dc", + "type": "contains" + }, + { + "parent": "e28c009b2c72d8a9", + "child": "d9bf5c868eb88dae", + "type": "contains" + }, + { + "parent": "e28c009b2c72d8a9", + "child": "f94fae61ddaf4f6c", + "type": "contains" + }, + { + "parent": "e2e600817bb6e830", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "e2e600817bb6e830", + "child": "5cff8fae12ce3677", + "type": "dependency-of" + }, + { + "parent": "e2e600817bb6e830", + "child": "77c9b4d0917880dc", + "type": "contains" + }, + { + "parent": "e2e600817bb6e830", + "child": "867f228cd495980e", + "type": "contains" + }, + { + "parent": "e2e600817bb6e830", + "child": "8a3cb5a87d8b3cc3", + "type": "contains" + }, + { + "parent": "e66b7275c6659e9c", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "e66b7275c6659e9c", + "child": "0fe68e1bb714f0e3", + "type": "contains" + }, + { + "parent": "e66b7275c6659e9c", + "child": "23259e543780ca49", + "type": "contains" + }, + { + "parent": "e66b7275c6659e9c", + "child": "24b3a3f969bb4ffc", + "type": "contains" + }, + { + "parent": "e66b7275c6659e9c", + "child": "37aa0a1b0543f751", + "type": "contains" + }, + { + "parent": "e66b7275c6659e9c", + "child": "395fbd00f29f7d3c", + "type": "contains" + }, + { + "parent": "e66b7275c6659e9c", + "child": "5cff8fae12ce3677", + "type": "dependency-of" + }, + { + "parent": "e66b7275c6659e9c", + "child": "6de1484d06c4f0ad", + "type": "contains" + }, + { + "parent": "e66b7275c6659e9c", + "child": "6f49fe62ba8d300d", + "type": "contains" + }, + { + "parent": "e66b7275c6659e9c", + "child": "7048897fa7034e19", + "type": "contains" + }, + { + "parent": "e66b7275c6659e9c", + "child": "9a675f46f0e5bbd6", + "type": "contains" + }, + { + "parent": "e66b7275c6659e9c", + "child": "b17c36bfeff5fe18", + "type": "contains" + }, + { + "parent": "e66b7275c6659e9c", + "child": "f8f393ad0c1f8e18", + "type": "contains" + }, + { + "parent": "e8d4429184219587", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "e8d4429184219587", + "child": "4796aaf427df0782", + "type": "dependency-of" + }, + { + "parent": "e8d4429184219587", + "child": "cb56001146a5f57c", + "type": "contains" + }, + { + "parent": "e8d4429184219587", + "child": "ee2836613968619b", + "type": "contains" + }, + { + "parent": "eb5d2c76ed21fa8e", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "eb5d2c76ed21fa8e", + "child": "3c8b941fb8090d67", + "type": "contains" + }, + { + "parent": "eb5d2c76ed21fa8e", + "child": "6fc4f99cb27a629a", + "type": "dependency-of" + }, + { + "parent": "eb5d2c76ed21fa8e", + "child": "f8133b91a4a284c4", + "type": "contains" + }, + { + "parent": "ec9dd0ac24b8d8c2", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "ec9dd0ac24b8d8c2", + "child": "4a37b99f0e0affbc", + "type": "contains" + }, + { + "parent": "ec9dd0ac24b8d8c2", + "child": "6bd46b35ec7e0e19", + "type": "contains" + }, + { + "parent": "ec9dd0ac24b8d8c2", + "child": "b888bcdc2051543e", + "type": "dependency-of" + }, + { + "parent": "eed46dd832bd62c9", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "eed46dd832bd62c9", + "child": "196df9cad96e380f", + "type": "dependency-of" + }, + { + "parent": "eed46dd832bd62c9", + "child": "61217bc8d6063ca5", + "type": "contains" + }, + { + "parent": "eed46dd832bd62c9", + "child": "86721dcc9a419b3e", + "type": "contains" + }, + { + "parent": "eed46dd832bd62c9", + "child": "a0aff6935cc99500", + "type": "contains" + }, + { + "parent": "eed46dd832bd62c9", + "child": "ba67a519ab935fa6", + "type": "contains" + }, + { + "parent": "eed46dd832bd62c9", + "child": "bcbac17c560ff49d", + "type": "dependency-of" + }, + { + "parent": "efaae8c603855dcd", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "efaae8c603855dcd", + "child": "4e01ddd4ea86a505", + "type": "dependency-of" + }, + { + "parent": "efaae8c603855dcd", + "child": "5fe8b53173092253", + "type": "dependency-of" + }, + { + "parent": "efaae8c603855dcd", + "child": "81412860457969fe", + "type": "dependency-of" + }, + { + "parent": "efaae8c603855dcd", + "child": "8ef168befafd7b27", + "type": "dependency-of" + }, + { + "parent": "efaae8c603855dcd", + "child": "e21cb9e7dda039e1", + "type": "dependency-of" + }, + { + "parent": "efaae8c603855dcd", + "child": "ee957d0fd6dceb6b", + "type": "contains" + }, + { + "parent": "f180d99433c6c3a0", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "f180d99433c6c3a0", + "child": "1cf7480adb1b706a", + "type": "contains" + }, + { + "parent": "f180d99433c6c3a0", + "child": "396b6bea574d6036", + "type": "contains" + }, + { + "parent": "f180d99433c6c3a0", + "child": "684ba92e32e6b8db", + "type": "contains" + }, + { + "parent": "f180d99433c6c3a0", + "child": "7cb64c7e18cde43e", + "type": "contains" + }, + { + "parent": "f180d99433c6c3a0", + "child": "88819ffead5dde14", + "type": "contains" + }, + { + "parent": "f180d99433c6c3a0", + "child": "a3ec0861f75a8a31", + "type": "contains" + }, + { + "parent": "f180d99433c6c3a0", + "child": "b70ce668c38e8866", + "type": "contains" + }, + { + "parent": "f180d99433c6c3a0", + "child": "d81651ac3ba0104d", + "type": "contains" + }, + { + "parent": "f180d99433c6c3a0", + "child": "e190ef15bc4d4bad", + "type": "contains" + }, + { + "parent": "f180d99433c6c3a0", + "child": "f2709836d058e8a6", + "type": "contains" + }, + { + "parent": "f180d99433c6c3a0", + "child": "f406f3d9e22dd9bc", + "type": "contains" + }, + { + "parent": "f1b53ce035ee04b6", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "f1b53ce035ee04b6", + "child": "32c854c70c4b9bc6", + "type": "dependency-of" + }, + { + "parent": "f1b53ce035ee04b6", + "child": "3c3cb91a078fde6e", + "type": "contains" + }, + { + "parent": "f1b53ce035ee04b6", + "child": "5cff8fae12ce3677", + "type": "dependency-of" + }, + { + "parent": "f1b53ce035ee04b6", + "child": "87ae451c23a5ef8a", + "type": "contains" + }, + { + "parent": "f1b53ce035ee04b6", + "child": "c80a36e5dd926d46", + "type": "contains" + }, + { + "parent": "f1b53ce035ee04b6", + "child": "d615f7deb40d8890", + "type": "contains" + }, + { + "parent": "f1b53ce035ee04b6", + "child": "e68c533bd3284ce0", + "type": "contains" + }, + { + "parent": "f3e667a0375f3959", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "f3e667a0375f3959", + "child": "5fe8b53173092253", + "type": "dependency-of" + }, + { + "parent": "f3e667a0375f3959", + "child": "79ba35edcc44da5f", + "type": "dependency-of" + }, + { + "parent": "f3e667a0375f3959", + "child": "79cdbcbd3d61afd9", + "type": "dependency-of" + }, + { + "parent": "f3e667a0375f3959", + "child": "81412860457969fe", + "type": "dependency-of" + }, + { + "parent": "f3e667a0375f3959", + "child": "d1548084e38b4f04", + "type": "contains" + }, + { + "parent": "f3e667a0375f3959", + "child": "d25c76d984b3aa3b", + "type": "contains" + }, + { + "parent": "f3e667a0375f3959", + "child": "e28c009b2c72d8a9", + "type": "dependency-of" + }, + { + "parent": "f8bdc202e20abd5b", + "child": "06ddd2c5ab1466d1", + "type": "contains" + }, + { + "parent": "f8bdc202e20abd5b", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "f8bdc202e20abd5b", + "child": "2a65f2229e73080a", + "type": "contains" + }, + { + "parent": "f8bdc202e20abd5b", + "child": "331465f839b11ac2", + "type": "contains" + }, + { + "parent": "f8bdc202e20abd5b", + "child": "4796aaf427df0782", + "type": "dependency-of" + }, + { + "parent": "f8bdc202e20abd5b", + "child": "57cbd1b8c9f3214c", + "type": "contains" + }, + { + "parent": "f8bdc202e20abd5b", + "child": "5ee50c5b622f51d8", + "type": "contains" + }, + { + "parent": "f8bdc202e20abd5b", + "child": "9e9bb1f6d2ddc650", + "type": "contains" + }, + { + "parent": "f8bdc202e20abd5b", + "child": "a3d4d44688c63b2c", + "type": "contains" + }, + { + "parent": "f8bdc202e20abd5b", + "child": "af87b9e7aabb7c0d", + "type": "contains" + }, + { + "parent": "f8bdc202e20abd5b", + "child": "bf8b332a7275c03b", + "type": "contains" + }, + { + "parent": "f8bdc202e20abd5b", + "child": "c9e25f63de34d365", + "type": "contains" + }, + { + "parent": "f8bdc202e20abd5b", + "child": "e3c8722270703b1f", + "type": "contains" + }, + { + "parent": "f8bdc202e20abd5b", + "child": "f31ba919b023de20", + "type": "contains" + }, + { + "parent": "fcfdc07fd546a72e", + "child": "084238eeedbaeb04", + "type": "evident-by", + "metadata": { + "kind": "primary" + } + }, + { + "parent": "fcfdc07fd546a72e", + "child": "62aab177572c81d2", + "type": "contains" + }, + { + "parent": "fcfdc07fd546a72e", + "child": "bace04fe1571465a", + "type": "dependency-of" + }, + { + "parent": "fcfdc07fd546a72e", + "child": "bea130dbfc935616", + "type": "contains" + }, + { + "parent": "fcfdc07fd546a72e", + "child": "c85e4b9dfd628442", + "type": "contains" + } + ], + "files": [ + { + "id": "e427d65853822d0a", + "location": { + "path": "/etc/GREP_COLORS", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 94 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3e31ab9b1a70f6dbf441b2cb6fe9b6f6f8497c07" + }, + { + "algorithm": "sha256", + "value": "e94e50735e137e769b40e230f019d5be755571129e0f7669c4570bb45c5c162e" + } + ] + }, + { + "id": "2ccdba2d440270fd", + "location": { + "path": "/etc/aliases", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1529 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "41b96f30cc6b111373281bb4a549d252acff8d61" + }, + { + "algorithm": "sha256", + "value": "a4c569569f893bc22fbe696c459f8fba0fe4565022637300b705b54a95c47bce" + } + ] + }, + { + "id": "4214e7ba484a297f", + "location": { + "path": "/etc/bashrc", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2658 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7743c11f20d32680eab82e12b8042792c263dd67" + }, + { + "algorithm": "sha256", + "value": "bb091ed0ed1cbf1cd40cd3da60a4a994e2246c551ab086e96f43fefca197f75e" + } + ] + }, + { + "id": "c84674aa2b18f5e3", + "location": { + "path": "/etc/crypto-policies/config", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 8 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3e0085ee611a9cf4ff7133da0360718b436baaeb" + }, + { + "algorithm": "sha256", + "value": "ecae097fb02a733ac98c03d7527fd923d5c9607c6a02feb5f0d388375f3e70dc" + } + ] + }, + { + "id": "dcff234cc54fd81f", + "location": { + "path": "/etc/crypto-policies/state/current", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 8 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3e0085ee611a9cf4ff7133da0360718b436baaeb" + }, + { + "algorithm": "sha256", + "value": "ecae097fb02a733ac98c03d7527fd923d5c9607c6a02feb5f0d388375f3e70dc" + } + ] + }, + { + "id": "e97d4e379ab1245e", + "location": { + "path": "/etc/csh.cshrc", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1401 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8107c5537407a77fe092c0431351c59a9f5b1a1f" + }, + { + "algorithm": "sha256", + "value": "441b02ec287f3bd2b94e2df4462e29f1f2f49d5fa41b8cce9dddd7865775868d" + } + ] + }, + { + "id": "6a0e82cf1b36536f", + "location": { + "path": "/etc/csh.login", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1112 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5d131e943a6965da06cd60b4dce9a4fcbd77b371" + }, + { + "algorithm": "sha256", + "value": "c9ea846975d2c90ac93c86ff6b04566f2b1d15c705ab62ec467c194b8a242f0e" + } + ] + }, + { + "id": "e715eea96e3656d1", + "location": { + "path": "/etc/dnf/dnf.conf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 108 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "aeefb5d8201390aee81435c2a048dca74c462bcb" + }, + { + "algorithm": "sha256", + "value": "1557f960a39d444375a3a28994eb082fdab2887a16da2b677ba181658f2512b7" + } + ] + }, + { + "id": "df0de9d0d9d031e1", + "location": { + "path": "/etc/dnf/protected.d/dnf.conf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 4 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "44802b4599dd6b62d00636f397c973d81ae1942a" + }, + { + "algorithm": "sha256", + "value": "b6f0d7b9f4d69e86833ec77802d3af8e5ecc5b9820e1fe0d774b7922e1da57fe" + } + ] + }, + { + "id": "baeeddada1c5c95f", + "location": { + "path": "/etc/dnf/protected.d/setup.conf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 6 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "da041fe15ae9d8b17172d1a52a6621b25436d1f8" + }, + { + "algorithm": "sha256", + "value": "9752eb62a6845a78a9e2eaeb4a6eb2d93a1b654ee8665f71d516cfaca3e7cf57" + } + ] + }, + { + "id": "93adb1065f80dba5", + "location": { + "path": "/etc/environment", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "", + "size": 0 + } + }, + { + "id": "3fdd477d017dfa61", + "location": { + "path": "/etc/ethertypes", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1362 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "07eb268f4ccd95249f0e5b62e73c546d2d213cba" + }, + { + "algorithm": "sha256", + "value": "ed38f9d644befc87eb41a8649c310073240d9a8cd75b2f9c115b5d9d7e5d033c" + } + ] + }, + { + "id": "bd8b17f97c934a0e", + "location": { + "path": "/etc/exports", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "", + "size": 0 + } + }, + { + "id": "fce3874eeffc9682", + "location": { + "path": "/etc/filesystems", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 66 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f27be95d40c6cdd69350ca46e1d5a186d7212b9b" + }, + { + "algorithm": "sha256", + "value": "ba1ed4fe76cd63c37dbd44a040921db7810c4b63f46ee6635779627a4a36a196" + } + ] + }, + { + "id": "771749e6b4b96062", + "location": { + "path": "/etc/host.conf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 9 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b10cafadc043aec4056a948914f011bc39d2ec13" + }, + { + "algorithm": "sha256", + "value": "380f5fe21d755923b44203b58ca3c8b9681c485d152bd5d7e3914f67d821d32a" + } + ] + }, + { + "id": "22e48b3787fe754f", + "location": { + "path": "/etc/hosts", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 158 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7335999eb54c15c67566186bdfc46f64e0d5a1aa" + }, + { + "algorithm": "sha256", + "value": "498f494232085ec83303a2bc6f04bea840c2b210fbbeda31a46a6e5674d4fc0e" + } + ] + }, + { + "id": "59b11299ce6d190a", + "location": { + "path": "/etc/inputrc", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 943 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9482ed88a6779f0c14eb00e2e667960664dfcb98" + }, + { + "algorithm": "sha256", + "value": "e016c93c4ded93c7e08e92957345746618c5893eae0c8528b0392a6e0d6e447a" + } + ] + }, + { + "id": "32ec75dedc8ed09d", + "location": { + "path": "/etc/ld.so.conf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 28 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "52ab6b95985c3fb925765d081bc9b36a048ec825" + }, + { + "algorithm": "sha256", + "value": "239c865e4c0746a01f82b03d38d620853bab2a2ba8e81d6f5606c503e0ea379f" + } + ] + }, + { + "id": "69a1f8b190180ac2", + "location": { + "path": "/etc/libreport/events.d/collect_dnf.conf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 813 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d19eba9f751edaf8120bb8b9b722cea99fb4f60f" + }, + { + "algorithm": "sha256", + "value": "cc0feca59af66ea18656fc5774b78f586b97864965cf1add75b3f9944678e999" + } + ] + }, + { + "id": "8c585fd49a1add6b", + "location": { + "path": "/etc/logrotate.d/dnf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 88 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2b0735c29b53a2561a3f5047bdf4c3a619d3f31e" + }, + { + "algorithm": "sha256", + "value": "6d02a56605a12e2dd3e05da2ab86ef77d013af53c31f2b8cf5c7c69288ee3387" + } + ] + }, + { + "id": "ce2b6455c3786791", + "location": { + "path": "/etc/motd", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "", + "size": 0 + } + }, + { + "id": "778fd3cc081fcb4b", + "location": { + "path": "/etc/networks", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 58 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5c3cb9c5e7b7f4a6a1929c35727da7651e6c5bf4" + }, + { + "algorithm": "sha256", + "value": "ae89ab2e35076a070ae7cf5b0edf600c3ea6999e15db9b543ef35dfc76d37cb1" + } + ] + }, + { + "id": "dcb109d4616daae5", + "location": { + "path": "/etc/nsswitch.conf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2124 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4854b8c739119e4997f9f002b88dbb8985135821" + }, + { + "algorithm": "sha256", + "value": "c1cc473688f64942669ee7eb72b262103db75498d9236356bdf25289828f5b46" + } + ] + }, + { + "id": "ba08977cca6b4d95", + "location": { + "path": "/etc/pki/swid/CA/redhat.com/redhatcodesignca.cert", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 7346 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d0748b117f3a53df2e67c8fa9586d7c67133a2be" + }, + { + "algorithm": "sha256", + "value": "b0cf509b823e9b89c43bc373229f87d3cfee4264c35c6ac82b58e5251c3e8c39" + } + ] + }, + { + "id": "de86f0e21726089b", + "location": { + "path": "/etc/printcap", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 233 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "72ebd61cd29193f572f2f0f4aa8a5a121ae10dd4" + }, + { + "algorithm": "sha256", + "value": "f809352567a37d932b014311cf626774b97b63ec06d4f7bdd8a9cfcc34c691d9" + } + ] + }, + { + "id": "09d562b678f1e99d", + "location": { + "path": "/etc/profile", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1899 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d862efffc6a2f64d3a065606fe23508e711e5adc" + }, + { + "algorithm": "sha256", + "value": "304bbca429881a74f3e8f8b1c003b29020c635b83661492accd576c99baf9f30" + } + ] + }, + { + "id": "ba105d23baa6b7a7", + "location": { + "path": "/etc/profile.d/colorgrep.csh", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 196 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6da63d9debe9ce564bac9e533288cc14f1d74d04" + }, + { + "algorithm": "sha256", + "value": "74d270fe4476fdcba60df7d00c808e11681ac918f335c951cba4f118532a4b8c" + } + ] + }, + { + "id": "43e6c2af7d668269", + "location": { + "path": "/etc/profile.d/colorgrep.sh", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 201 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1e39e9c628803da5b6f5a5d9e77fbe3cfefc996a" + }, + { + "algorithm": "sha256", + "value": "89008d115c5bbd783b985d8cab18e935978c83e362043ffc981063ffed74e1c7" + } + ] + }, + { + "id": "309e9a859538dede", + "location": { + "path": "/etc/profile.d/csh.local", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 80 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "13f50b8589668cb1e668ece7d5907fc3a3b88901" + }, + { + "algorithm": "sha256", + "value": "07a2a80f1386c89941b3da4cda68790afe19f7425a14e01acdc2fbddb73b5508" + } + ] + }, + { + "id": "75de514af4a6a058", + "location": { + "path": "/etc/profile.d/gawk.csh", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1107 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8885907baec3899ef96764a08bbe053455224b76" + }, + { + "algorithm": "sha256", + "value": "9ba2af9853121df6dd5edff9254a2946e39eab8dc6513348fea28f739ee96648" + } + ] + }, + { + "id": "c7221a3ee9652521", + "location": { + "path": "/etc/profile.d/gawk.sh", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 757 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e69dfc5c1b719471f65c11b88325b80ae7e373e7" + }, + { + "algorithm": "sha256", + "value": "70621a3b586d3d523b020e76977633b444a70013ba50e1ea901a3a07a676f15f" + } + ] + }, + { + "id": "8749be7a28c9df79", + "location": { + "path": "/etc/profile.d/lang.csh", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3424 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1acf946eb09ca7854cc0c2389b284a061a4fb0fc" + }, + { + "algorithm": "sha256", + "value": "5486ae2358f54ba086017a5a7d89fc71855e4071c06fe1866a278838b465b161" + } + ] + }, + { + "id": "ecd59c27c4d0b4cf", + "location": { + "path": "/etc/profile.d/lang.sh", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3187 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cda23d45cf45e4fdc5f907e460e35b502b9a4285" + }, + { + "algorithm": "sha256", + "value": "58bf8b07428754b273560c5ea4040c672440b2bb04709842cf94163e15dc144f" + } + ] + }, + { + "id": "f729120a91b21aad", + "location": { + "path": "/etc/profile.d/sh.local", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 81 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4008fb3787fe37f16b9530eccfdaa4563c93b920" + }, + { + "algorithm": "sha256", + "value": "3c5de252d65ae8c40e54c21be09dc574ca3641d036d7b44174939a7e64863920" + } + ] + }, + { + "id": "8f747ea6b704da50", + "location": { + "path": "/etc/protocols", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/tab-separated-values", + "size": 6568 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f72135c1eae65b2eff3217cb656ec1101ddb892e" + }, + { + "algorithm": "sha256", + "value": "d0e614d3ac7c6d9f6fe7b6c8ac678f26cca185de66f5dd34b56e634b2398a8cd" + } + ] + }, + { + "id": "eb199925a99265ef", + "location": { + "path": "/etc/rpc", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1634 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8c68c8283757db3e910865b245077387f9166a08" + }, + { + "algorithm": "sha256", + "value": "3b24a975dcde688434258566813a83ce256a4c73efd7a8a9c3998327b0b4de68" + } + ] + }, + { + "id": "06f9f967b38cdb1b", + "location": { + "path": "/etc/services", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 692252 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2c36cb01508c1050c2f0e82a25e1dff777d58a25" + }, + { + "algorithm": "sha256", + "value": "ac7ed9a0608f2ee925d17dfa8154102f56d863e0ab53f39053ff27120ce571ce" + } + ] + }, + { + "id": "4af50e7c341ae36f", + "location": { + "path": "/etc/shells", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 44 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "23c79830c4c6cdaf90348347e9c982c28708b315" + }, + { + "algorithm": "sha256", + "value": "4ec4e8c524a4f10ca5898ccfaa6d29e7e08aff3a681f6bafbb62e7bec91aa154" + } + ] + }, + { + "id": "b3f4e891b12a90bd", + "location": { + "path": "/etc/skel/.bash_logout", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "66296908ae73bd0b72b71fb15b413e9c7b81c69d" + }, + { + "algorithm": "sha256", + "value": "2584c4ba8b0d2a52d94023f420b7e356a1b1a3f2291ad5eba06683d58c48570d" + } + ] + }, + { + "id": "e7e93dc9a8cd8988", + "location": { + "path": "/etc/skel/.bash_profile", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 141 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3dd5fa8ddb34c23b4c2bac9754004e2a3aa01605" + }, + { + "algorithm": "sha256", + "value": "28bc81aadfd6e6639675760dc11dddd4ed1fcbd08f423224a93c09802552b87e" + } + ] + }, + { + "id": "8b56bfbdb189c2e3", + "location": { + "path": "/etc/skel/.bashrc", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 492 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "80081f668a345bec7a41424edd6c60e82315ee6d" + }, + { + "algorithm": "sha256", + "value": "b152cd21940a5775052414906ab7473a62b69da2300bbf541ce8e10f00c487d5" + } + ] + }, + { + "id": "43fea2a5407cf6a0", + "location": { + "path": "/etc/xattr.conf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 817 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cf60c512782375f738c3b989b24a72729693fcf2" + }, + { + "algorithm": "sha256", + "value": "b159c32d33b2ef8a2edac38d0a1bb1254376ee9fef939af190e0535f1f4d06a0" + } + ] + }, + { + "id": "7cb64c7e18cde43e", + "location": { + "path": "/root/.bash_logout", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "66296908ae73bd0b72b71fb15b413e9c7b81c69d" + }, + { + "algorithm": "sha256", + "value": "2584c4ba8b0d2a52d94023f420b7e356a1b1a3f2291ad5eba06683d58c48570d" + } + ] + }, + { + "id": "f2709836d058e8a6", + "location": { + "path": "/root/.bash_profile", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 141 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3dd5fa8ddb34c23b4c2bac9754004e2a3aa01605" + }, + { + "algorithm": "sha256", + "value": "28bc81aadfd6e6639675760dc11dddd4ed1fcbd08f423224a93c09802552b87e" + } + ] + }, + { + "id": "f406f3d9e22dd9bc", + "location": { + "path": "/root/.bashrc", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 429 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "11ca3585a568f82dad333b5ac15937c738d4e864" + }, + { + "algorithm": "sha256", + "value": "7e5d5df65ced1e47aee7b016d405ace4298fd9134d6caef45e1c835078c79aec" + } + ] + }, + { + "id": "e190ef15bc4d4bad", + "location": { + "path": "/root/.cshrc", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 100 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ea145e5186958c0c70514ab1eab4ce9cc9f71073" + }, + { + "algorithm": "sha256", + "value": "4e9418cde048f912e4aadb76ba55045b5d9af0e0565f7091bfc752154451eca9" + } + ] + }, + { + "id": "396b6bea574d6036", + "location": { + "path": "/root/.tcshrc", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 129 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2c691d1108be15163e3211776730031b40641d96" + }, + { + "algorithm": "sha256", + "value": "1bb91935e2cee1d5d2ab7e8d92125acbfac12d9bf3f1c7922aa4ce77ae7ea131" + } + ] + }, + { + "id": "7957bae02b1bafd1", + "location": { + "path": "/run/motd", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "", + "size": 0 + } + }, + { + "id": "b0144fc5fac67179", + "location": { + "path": "/usr/bin/alias", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 33 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "289a406fd8600b2d75723e3757e88166ca880ca0" + }, + { + "algorithm": "sha256", + "value": "c277897660adddce26a75871188bdae7ffa73f571a6fb779090a4c92df33988d" + } + ] + }, + { + "id": "457e99e6356b07d9", + "location": { + "path": "/usr/bin/bash", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1389072 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "53d87a944dddbb3d8cbd26ff61e4753bdd989469" + }, + { + "algorithm": "sha256", + "value": "97995faa249e5706dd0b0373c9da547709bf7349755d5fc8e52f97a4bd04feaf" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libtinfo.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "b6cdb94774d588e9", + "location": { + "path": "/usr/bin/bashbug-64", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 7079 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "246466f1716587250062fc2b3bd8d67a2f8c4600" + }, + { + "algorithm": "sha256", + "value": "5588678b4cf9d513e85c908fad23ed079135656be7b79559570b23f4c3433022" + } + ] + }, + { + "id": "dcd596fa9d66ed3f", + "location": { + "path": "/usr/bin/bg", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 30 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6acece014fee3a6a99a7c8127876e3ed5675aede" + }, + { + "algorithm": "sha256", + "value": "5a864f2047a83aa767ac1a3fca577e5f3a8eb4d129b4b1974fb2009960a9a0be" + } + ] + }, + { + "id": "8721732baf3d2db8", + "location": { + "path": "/usr/bin/cd", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 30 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "00c2f95c966b664793bb6b27b56b81a2fdd0a58d" + }, + { + "algorithm": "sha256", + "value": "3f794988bc9b6e734d06c6507b4335054d01760a741b60104a49543cf7a964ed" + } + ] + }, + { + "id": "d567ea1a1bff3f0b", + "location": { + "path": "/usr/bin/command", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "47e25f606eaf2eccca20ccb92aaf0ad751d6e49e" + }, + { + "algorithm": "sha256", + "value": "aafc06c6657ccf32c0af350777aa38537ff90685345dc19078afaa26bbe4412a" + } + ] + }, + { + "id": "5f553a8203875941", + "location": { + "path": "/usr/bin/dirmngr", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 450512 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7e919ec37b01d322ca530e0f86e3943c3ef09ccc" + }, + { + "algorithm": "sha256", + "value": "bba4fd4ea202c0d57474a0703900134b1e442971c7b81a2119c1a48bbd64c750" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libassuan.so.0", + "libgcrypt.so.20", + "libksba.so.8", + "libgpg-error.so.0", + "libnpth.so.0", + "libgnutls.so.30", + "libldap.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "42ff3dedd2729016", + "location": { + "path": "/usr/bin/dirmngr-client", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 57464 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9787998a6afc8b8b932874bc731c4f0739c06605" + }, + { + "algorithm": "sha256", + "value": "da3ec27493d1d28cc1e1d3916a209754005b0e882873ae14a8d3aad115b98e20" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libassuan.so.0", + "libgpg-error.so.0", + "libgcrypt.so.20", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "6c51703fecd14955", + "location": { + "path": "/usr/bin/egrep", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 32 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8b6fb94569c007bf7a2bfb8d3a69dcdf0e28f4b4" + }, + { + "algorithm": "sha256", + "value": "50496c34633635bf3fe9c108ae26c26f8871ffc35f741b9e1426897a1e65f263" + } + ] + }, + { + "id": "cf2b5514af5f4b1c", + "location": { + "path": "/usr/bin/fc", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 30 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c4a74b311a6ea7e521c1abf779399fc8b3ac2270" + }, + { + "algorithm": "sha256", + "value": "86495d1781eeec50764ce4e629f316087c2b53054b999308f40580633601b270" + } + ] + }, + { + "id": "4eb740e67d5a13d9", + "location": { + "path": "/usr/bin/fg", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 30 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8edc00bfce83f8c865185c188a0643eeeefb8559" + }, + { + "algorithm": "sha256", + "value": "0af28b724b8b1850fa6b4f232cf51229b2efed0333ebfb51d940798e28e0d625" + } + ] + }, + { + "id": "9e6bcbbaf4a27702", + "location": { + "path": "/usr/bin/fgrep", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 32 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "81d09de7d53ee725afdb9bcae8a9a61915e12a22" + }, + { + "algorithm": "sha256", + "value": "a35795589500118708cb879c5678c1daa0dc3c636c7dbad172a6a5918ae91c5b" + } + ] + }, + { + "id": "e30dfe11fd680ba9", + "location": { + "path": "/usr/bin/g13", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 112936 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a1859526c18480bbdc14dcdfb4edae02064daefb" + }, + { + "algorithm": "sha256", + "value": "7e3482ba95fcd94bc0392c732fc5ef8afc0f67d493d006cc318aede7680ec4e2" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgcrypt.so.20", + "libassuan.so.0", + "libnpth.so.0", + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "06978697a3279859", + "location": { + "path": "/usr/bin/gawk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 714976 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "01959f306d180b3a6d35ec523c6f0a1a9b4c9334" + }, + { + "algorithm": "sha256", + "value": "b374177d6c91dad7eafe4d89ecfc414aa8e2bafb06b1f94d6f6d1d41dfad10ff" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libsigsegv.so.2", + "libreadline.so.8", + "libmpfr.so.6", + "libgmp.so.10", + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "8b20c49352d19b94", + "location": { + "path": "/usr/bin/getopts", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "25e71412ce313beaeed25e28ea82dca878eddfc8" + }, + { + "algorithm": "sha256", + "value": "7f1a970be00f749e2c9a820592e8109ddb7efc76cd8f8f47b748a16feab8cabb" + } + ] + }, + { + "id": "ea18bc9bca18857f", + "location": { + "path": "/usr/bin/gpg", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1123664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f7278aa72c89349d5b91dd566f2cae8a2b29ed19" + }, + { + "algorithm": "sha256", + "value": "88c20ca1458b62385cf987b91cf4f0354a31c2eac7bc1da48321255520406652" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libz.so.1", + "libbz2.so.1", + "libsqlite3.so.0", + "libgcrypt.so.20", + "libreadline.so.8", + "libassuan.so.0", + "libnpth.so.0", + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "f678176067e0b9ee", + "location": { + "path": "/usr/bin/gpg-agent", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 350464 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "248f3e2a12c9d99f247f42132a694563d75d7f78" + }, + { + "algorithm": "sha256", + "value": "db012878c08be000f0406b1a83debcf65ae313580d399b61f10ce74792e529c1" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgcrypt.so.20", + "libassuan.so.0", + "libnpth.so.0", + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "7ae425cfbef4d3db", + "location": { + "path": "/usr/bin/gpg-card", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 174208 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "72df5c93591e340d17adcf91f8802cf6179710ae" + }, + { + "algorithm": "sha256", + "value": "103b35b82e7fc9a6924d621cf1695a709fcbff1430b7e708b1c76dd3c0d37298" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libassuan.so.0", + "libgcrypt.so.20", + "libgpg-error.so.0", + "libreadline.so.8", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "6b17a25ebe568098", + "location": { + "path": "/usr/bin/gpg-connect-agent", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 86776 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9d686ed777e5a1742263776247f439e6ec166a9f" + }, + { + "algorithm": "sha256", + "value": "e049b637aa178619761bddfb52f8f531f097e6d70f4cf53312c897f98bd07cc0" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libassuan.so.0", + "libgcrypt.so.20", + "libgpg-error.so.0", + "libreadline.so.8", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "506b975f1b474e9c", + "location": { + "path": "/usr/bin/gpg-error", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 36992 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e695c139ca1e552d5d50289ace4c3ab966316634" + }, + { + "algorithm": "sha256", + "value": "5804e22c791634c44d17cb8cd342e7951bed5397eeb809f7f15b2674830529c4" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "3803513ccea114ad", + "location": { + "path": "/usr/bin/gpg-wks-client", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 132648 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f352442ba2b781949cdc9d6e0549d7fe40518538" + }, + { + "algorithm": "sha256", + "value": "1ebcab7126f7329fe2af9c331766d95d4d66bf633032024e3b2e00392b5fb5f2" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libassuan.so.0", + "libgcrypt.so.20", + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "600d18be0a1f4796", + "location": { + "path": "/usr/bin/gpg-wks-server", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 116040 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3faaa8ce65fc3d04b68600de14d8c8341836e40b" + }, + { + "algorithm": "sha256", + "value": "04460084c5f70a7cf12cd1205c7055816193f9c1567353371dde856bc7d2bf3c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgcrypt.so.20", + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "48073038849245c3", + "location": { + "path": "/usr/bin/gpgconf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 103408 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b11a25aeb96759201ac6be29ea48de7d91d6e1ee" + }, + { + "algorithm": "sha256", + "value": "112a23ac806fedacd6084f3ba54eba0f1f79412844e3de265400cee64b987348" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgcrypt.so.20", + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "e68c533bd3284ce0", + "location": { + "path": "/usr/bin/gpgme-json", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 86656 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1cdfaef616e271850763e5291b8f6f85444aa156" + }, + { + "algorithm": "sha256", + "value": "70b4e73c0e5da91aa071f364f45893229ae1153d3a25ed01720843d941388063" + } + ], + "executable": { + "format": "elf", + "hasExports": false, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libgpgme.so.11", + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "e5adbfb76fdfb396", + "location": { + "path": "/usr/bin/gpgparsemail", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 36176 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8184387dfbf4798e9e4389c220a50c4218e55c16" + }, + { + "algorithm": "sha256", + "value": "9f040dc684184a0eec5ea42930f7795589bca34f8dc5f7def3248174412a6051" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "8b767435cc79702c", + "location": { + "path": "/usr/bin/gpgsplit", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 28160 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4d8ce8db146ee1887ec6adb79a059e89c0ff39ba" + }, + { + "algorithm": "sha256", + "value": "82bed8e53bf3a8b52611e9361a3585609a39fbafd90a7a0c28dbc1c1429fe553" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgcrypt.so.20", + "libgpg-error.so.0", + "libz.so.1", + "libbz2.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "b5acc177f3d31ff8", + "location": { + "path": "/usr/bin/gpgtar", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 66424 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "36f3a80c0313d4784b75fba9b901f0254def3a19" + }, + { + "algorithm": "sha256", + "value": "7df3103946b96d3888fc36ffd874ff00c6effebfb5361867809b0e59f4181c36" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgcrypt.so.20", + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "d48dfdfee64bde22", + "location": { + "path": "/usr/bin/gpgv", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 302512 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c528684214a72707d1374d95e919e8fb0fe2d7b9" + }, + { + "algorithm": "sha256", + "value": "3a4a2b6c85d77f396f6ff7bdbcb4be58c3c81ecd26fc2f3e43ecb01b1a4ba4d5" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libz.so.1", + "libbz2.so.1", + "libgcrypt.so.20", + "libassuan.so.0", + "libnpth.so.0", + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "0bceaf8088a9ad73", + "location": { + "path": "/usr/bin/grep", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 158176 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7a0ccd7dd389bfc3dd6a50f375767177520034b1" + }, + { + "algorithm": "sha256", + "value": "b9ae1630da770fa343c346c97f081ba6a4350f569f27205dc37a8953715564fb" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libpcre.so.1", + "libsigsegv.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "544a5e04e861b70c", + "location": { + "path": "/usr/bin/hash", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 32 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "72baf7f3448f4cdccad27005032868973a557d29" + }, + { + "algorithm": "sha256", + "value": "a5c3efd29eb134da49b68b78155c0338ab614eec99094bd07cdda7e99e53ddca" + } + ] + }, + { + "id": "c2099ec9fb017164", + "location": { + "path": "/usr/bin/jobs", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 32 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ed10dcf4f9065c771147428a413ddaf035d220d4" + }, + { + "algorithm": "sha256", + "value": "1e4046021f3ae7abb820a995c8572cda3f3b4a4d14cb50e3bcb0f50f391a5bd2" + } + ] + }, + { + "id": "047e6b67f6510fd7", + "location": { + "path": "/usr/bin/microdnf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 104904 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9c612e21a0453ab31f81f6feaaeb8d6ba3a52267" + }, + { + "algorithm": "sha256", + "value": "725a49a7f9f827c96e9166259cbfb217fdc02a0e842707a7f8e42e764b1b82df" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libglib-2.0.so.0", + "libgobject-2.0.so.0", + "libpeas-1.0.so.0", + "libgio-2.0.so.0", + "libdnf.so.2", + "librpmio.so.9", + "libsmartcols.so.1", + "libgcc_s.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "026e9bfa4e973170", + "location": { + "path": "/usr/bin/modulemd-validator", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 29056 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "33c2811ff007a946d429e90e83235e5860fa1fb6" + }, + { + "algorithm": "sha256", + "value": "b9f45047a342934d5aee3d2d068d5c158328200069855057af25f5e582c57e2e" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libmodulemd.so.2", + "libgobject-2.0.so.0", + "libglib-2.0.so.0", + "libyaml-0.so.2", + "libgcc_s.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "4c0fede68f0598f1", + "location": { + "path": "/usr/bin/p11-kit", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 192832 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c8001800fef6c4e3f15f559d3418352ae2683f34" + }, + { + "algorithm": "sha256", + "value": "d543651b76dc84c8179e1de487101a4906be24767cfcb8136835fafbd7b79a8a" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libp11-kit.so.0", + "libtasn1.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "00b2dfb2762e3451", + "location": { + "path": "/usr/bin/read", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 32 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bf8e3fc1852d2925f2cba52fb1be0c94a8e76ac5" + }, + { + "algorithm": "sha256", + "value": "f0f717be7c907acc0c1c4b489d619663076e5f08ed56257d647d192d492a147b" + } + ] + }, + { + "id": "7522e277c19c73d2", + "location": { + "path": "/usr/bin/sed", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 116728 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "83637685db51755643a782f122bfb7a8a4f52b87" + }, + { + "algorithm": "sha256", + "value": "094185ede26906ce24155af7d04ed766bb854e4061a52cd8a063e23e98cfaa76" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libacl.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "b8e48c126ab0bfb8", + "location": { + "path": "/usr/bin/trust", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 226368 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "73218ce5ea376d2ebc2019b093f36c94bb32eed6" + }, + { + "algorithm": "sha256", + "value": "577085f236a406b2115922ac26e739fc88189affee2d255681b34b64684807a8" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libp11-kit.so.0", + "libtasn1.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "c2b780c83765c415", + "location": { + "path": "/usr/bin/type", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 32 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "339eedcc50d7b24c3c15e056ca79a2a6394f0811" + }, + { + "algorithm": "sha256", + "value": "36d5d35fee92010a0869fa9229d201b54f795217557105409e381f471a8038cd" + } + ] + }, + { + "id": "399960ec84398034", + "location": { + "path": "/usr/bin/ulimit", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 34 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "09651176811817d03591ae8c4258d04a01562e67" + }, + { + "algorithm": "sha256", + "value": "d66bfb63a8afcea2c6d17561f27f8d3ddb49062f221c9b18d64e7c846c34ff94" + } + ] + }, + { + "id": "c8e5318148bed297", + "location": { + "path": "/usr/bin/umask", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 33 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4e230e28dcb60d5587a12f9e7ad9920846cfb113" + }, + { + "algorithm": "sha256", + "value": "975d986bf2124069a5781239ba169c894f3c0c152e3262cbddd64fff74e88171" + } + ] + }, + { + "id": "911641d65b7558d3", + "location": { + "path": "/usr/bin/unalias", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f4a3cff8af1e0bdee91fe52da50c184e4c4db4c4" + }, + { + "algorithm": "sha256", + "value": "9631a027d22e68cb01c9753dc6cd44b9b210007cb0c1162cab12a715a2bcef60" + } + ] + }, + { + "id": "293eafcf9526eaf2", + "location": { + "path": "/usr/bin/wait", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 32 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5626cfe4711da11e9b207d8c920364138af94d3d" + }, + { + "algorithm": "sha256", + "value": "238e0bce60ea5baff73d00fe4bb580335c5fb2c50fc3d9527f80fa57f5648550" + } + ] + }, + { + "id": "5db6da7845914c87", + "location": { + "path": "/usr/bin/watchgnupg", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 23752 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "92c2b0ab2051c9c1055ea87014cb9325197d88fe" + }, + { + "algorithm": "sha256", + "value": "d8594b5e2e73de2573e250e395cf5eb30de8c6b852fc6b8cb2cb30a47d202596" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "c84b226abccf7d4b", + "location": { + "path": "/usr/lib/motd", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "", + "size": 0 + } + }, + { + "id": "cc798dcb38eba1a3", + "location": { + "path": "/usr/lib/rpm/rpm.log", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 61 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "29c0990a863f9f69f4ab26b4a0c31b3eff432a5a" + }, + { + "algorithm": "sha256", + "value": "ed0a8b7f8ec41ea0d6d8d7ccdc698d216cd7a7154e77bbdaf8eb02bc4535ab0a" + } + ] + }, + { + "id": "8044442fd16feb3e", + "location": { + "path": "/usr/lib/rpm/rpm.supp", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 688 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9b3ed20f6fdb44d14c2d2087c012d137a8d33acf" + }, + { + "algorithm": "sha256", + "value": "d88d7b62b79bf754a47ba69d0997ae82c4f0e5ea6af3f8fe2e40ffb1fc3fe054" + } + ] + }, + { + "id": "6d23106926cedc71", + "location": { + "path": "/usr/lib/rpm/rpmdb_dump", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 41 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b598461dc785d6c9758bbebd2430571099d12605" + }, + { + "algorithm": "sha256", + "value": "bf09433a9284ba72a3e7e698d74f7d3873dab852d4aa4a0e1ef78b2a1711c96c" + } + ] + }, + { + "id": "d0ceb81547867a2e", + "location": { + "path": "/usr/lib/rpm/rpmdb_load", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 41 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "22634bc843cf4129f9a6197031f9c3975ad59acf" + }, + { + "algorithm": "sha256", + "value": "9e924a2590ec3c4322f07e24f1ed7f3aa16f13e2c38496a78f7ab873d238b27e" + } + ] + }, + { + "id": "65b422093ea150ab", + "location": { + "path": "/usr/lib/rpm/tgpg", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 937 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "65838988252004b9373bb969e44be70f95e868d9" + }, + { + "algorithm": "sha256", + "value": "2301f06a63659cc2acd2f8c3c00f19a4cfeb427b916345299a3112844ae2b5b0" + } + ] + }, + { + "id": "f1544ef0e6f4315a", + "location": { + "path": "/usr/lib/swidtag/redhat.com/com.redhat.RHEL-9-x86_64.swidtag", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/xml", + "size": 6796 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "68b18fb7002f6d32299e0d3bc253f188894e0b1d" + }, + { + "algorithm": "sha256", + "value": "d6edae22d91b9a245159ebd816e61b855571c620cf56e68cbf6d0b177cf0cf06" + } + ] + }, + { + "id": "f3601cef86b4f2cd", + "location": { + "path": "/usr/lib/tmpfiles.d/dnf.conf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 188 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ad2b4fc104428f80282f94f4b925ff12ba92aba7" + }, + { + "algorithm": "sha256", + "value": "365360de240de77d77843de09d14272cb91fe853400473178f44903de4949b68" + } + ] + }, + { + "id": "db4305a1b2dc79a9", + "location": { + "path": "/usr/lib/tmpfiles.d/setup.conf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 60 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e4d485145026d758bcf51aa356aa1795981e3ab5" + }, + { + "algorithm": "sha256", + "value": "b1a7958d03497b0e231f8f14ee501ebb4d15a822d096c180226af5429df15f78" + } + ] + }, + { + "id": "ef5630fdf7377aa2", + "location": { + "path": "/usr/lib64/.libgmp.so.10.4.0.hmac", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 65 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6e6c4061b34937a88c91be5a9219abe8d626e0db" + }, + { + "algorithm": "sha256", + "value": "fd921c4a661f25dee6ec4d8de64d92baf7a61ddd3f33694da12f83b43fd534b9" + } + ] + }, + { + "id": "e6f45669dd679452", + "location": { + "path": "/usr/lib64/fipscheck/libcrypt.so.2.0.0.hmac", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 65 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5c04277c82d9b718135c58aa07fa2de027d1bcc9" + }, + { + "algorithm": "sha256", + "value": "bdba59b24107da95ade6c1a6c359861baec8182ae70e871424578ef9c61cd389" + } + ] + }, + { + "id": "3e384d933fad624e", + "location": { + "path": "/usr/lib64/fipscheck/libgmp.so.10.4.0.hmac", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 65 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6e6c4061b34937a88c91be5a9219abe8d626e0db" + }, + { + "algorithm": "sha256", + "value": "fd921c4a661f25dee6ec4d8de64d92baf7a61ddd3f33694da12f83b43fd534b9" + } + ] + }, + { + "id": "86a9e363787cae70", + "location": { + "path": "/usr/lib64/gawk/filefuncs.so", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 41000 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "37eaa70235c34188b98e5202fa9bb1fbbfa06593" + }, + { + "algorithm": "sha256", + "value": "08daf63964a4da243a342a71cd900b6bbc536d63e65b3fa200cdf30febe56063" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "6459258497686318", + "location": { + "path": "/usr/lib64/gawk/fnmatch.so", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15968 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "11719811351f67dca282058ef12e299dc047e266" + }, + { + "algorithm": "sha256", + "value": "6fc76e3013bedf78d4bece60f60bcc9bfdbef00c659513337f2398907108d1c8" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "7b5244660b3ff49f", + "location": { + "path": "/usr/lib64/gawk/fork.so", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 16080 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7c6054c5a245ffece9e055c31b1826a4c6c7e6b1" + }, + { + "algorithm": "sha256", + "value": "ecad486105c51fa598dd4b727e3734d4655f242174d2b31c5e04c1e2f5b43193" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "2a9ba5e47a1caf49", + "location": { + "path": "/usr/lib64/gawk/inplace.so", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 20176 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "85cda1a73ff8d854c57fcb7f89ac239da07d6616" + }, + { + "algorithm": "sha256", + "value": "7e9fc9a7602dd997b880518d70bc7bc32d6929b96f939b4359c019543a72d1f1" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "e1955cc8bd7d7354", + "location": { + "path": "/usr/lib64/gawk/intdiv.so", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15992 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c21b8aba737e1b229cc92f34416c7b2ca80276bc" + }, + { + "algorithm": "sha256", + "value": "89b8ccda8a2bbba4276f13ecdf6ef8bd9419d73b5c860ad8f02c3d6ee9dd0193" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libmpfr.so.6", + "libgmp.so.10", + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "d548c3c0c2e1c5f3", + "location": { + "path": "/usr/lib64/gawk/ordchr.so", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 16000 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "196f7a4cb44e703e50c9b884a4f77cb24aafc125" + }, + { + "algorithm": "sha256", + "value": "fe87bf2d1356a8d568a47705a26f59c589011c819fa8a433b50999f76822932f" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "e91e2e6213b87b0b", + "location": { + "path": "/usr/lib64/gawk/readdir.so", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 16000 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3d521cd923eb6ca57db65ef29afa0cab9d3309cb" + }, + { + "algorithm": "sha256", + "value": "8553215e8ffebdcc353bc16e15ff10abb538d07def13488ad19f1ef80eb8d07d" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "23d013f0de6bb227", + "location": { + "path": "/usr/lib64/gawk/readfile.so", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 16080 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7a013b78afc9a3d8c4ffedd8ac551fba321d9ca4" + }, + { + "algorithm": "sha256", + "value": "5ce8ed25ccc02ae960b6123cf804cd43bd2d165962e907a0ba311b8785531370" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "64d9d5371892c01a", + "location": { + "path": "/usr/lib64/gawk/revoutput.so", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15992 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "576dc35ec1edb574756b1bafb77d5ae087791e18" + }, + { + "algorithm": "sha256", + "value": "46dca6dece20b4bb37cb091a82ca6e4ffd32398e2d1b4669327b335ed359dea1" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "9eebb7943e5997ad", + "location": { + "path": "/usr/lib64/gawk/revtwoway.so", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 16040 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "32af370c9708b622c8f64b8b8388de36eec592b7" + }, + { + "algorithm": "sha256", + "value": "f1cc9a475e8154da632614e48fb8836b994643947582eb0dc5486a5a105e0b8b" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "9b4fdfd089bd0f72", + "location": { + "path": "/usr/lib64/gawk/rwarray.so", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 20128 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "232077fc412b5fa8cdeb7c2ce5f2537365d0fcc6" + }, + { + "algorithm": "sha256", + "value": "395be1e8e158672cbe30547f78daa93d1b7525a5bb893ae36b66fc9f2c81fa72" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "d64f3b4ac3fb03ad", + "location": { + "path": "/usr/lib64/gawk/time.so", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 16008 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3a9feb12a625c8b025e6fff008d799913f86b873" + }, + { + "algorithm": "sha256", + "value": "17df1cec822ba1dd53c9c5a4f5ba9c880c6362a68ecf76671b7b9c6fb5947056" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "3203fde87778c9ed", + "location": { + "path": "/usr/lib64/girepository-1.0/DBus-1.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 712 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a0c3dd54e7942d3f60f78f581572c2f0539832e9" + }, + { + "algorithm": "sha256", + "value": "0843f4d6a549703df7c07f8e96d3c47752123ecf910c7571d786f5347fa02234" + } + ] + }, + { + "id": "0ddc9dba708b678b", + "location": { + "path": "/usr/lib64/girepository-1.0/DBusGLib-1.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 560 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "35bfa94bd1942481f5fab66ea134badddf242eea" + }, + { + "algorithm": "sha256", + "value": "2aa3277d88103f0c475700cd56fcadbcd7ddb2a588cff93696efd4922e151807" + } + ] + }, + { + "id": "c9e7cc7fd09f7054", + "location": { + "path": "/usr/lib64/girepository-1.0/GIRepository-2.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 28216 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b3800c684c910bdee152fa2cd1eb4d1333b2d6a4" + }, + { + "algorithm": "sha256", + "value": "c9a2d028aa8df8bf3bab2c192f2622e6c9c9b10869b7153a69b861776b95662f" + } + ] + }, + { + "id": "a6ecbe53b00c0170", + "location": { + "path": "/usr/lib64/girepository-1.0/GL-1.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 948 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2764e078b231ca64f9ee887829caf33ad16b5fda" + }, + { + "algorithm": "sha256", + "value": "e6677facd41cc99b3e3e1a9007d9762b00a446b42206d78dd28ea2653478bc80" + } + ] + }, + { + "id": "bf0b590157599e95", + "location": { + "path": "/usr/lib64/girepository-1.0/GLib-2.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 204696 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4ddd34f845a98636f83726958b81a068d10fed07" + }, + { + "algorithm": "sha256", + "value": "fba14550feaa86c2c00a0f36bdb6aa30ae4ad45a103b909929c326804f96117f" + } + ] + }, + { + "id": "838664dccf164d17", + "location": { + "path": "/usr/lib64/girepository-1.0/GModule-2.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1340 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d4b6921ffe93cef4846e7513049fb788ab2b6106" + }, + { + "algorithm": "sha256", + "value": "7bc362f60318f3a313498585ee80c9d70ea64d81e6f913b17a094dd92f2d86c6" + } + ] + }, + { + "id": "47daa9b0930ea0f5", + "location": { + "path": "/usr/lib64/girepository-1.0/GObject-2.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 59588 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4653544a623da01fe9f97f47f200d4fe3800fcc5" + }, + { + "algorithm": "sha256", + "value": "0b8b1f8589a4664de9d45e3104c84ef1007142f268c86cd74ec3d41dba7ede07" + } + ] + }, + { + "id": "8a3d13c3ee10bc95", + "location": { + "path": "/usr/lib64/girepository-1.0/Gio-2.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 356860 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e52f933b9d3633a31c6876ab3db469a11baf6d6e" + }, + { + "algorithm": "sha256", + "value": "23f713c670592ea3a475a841c2390a686426f6f08575e9d2aa4ab9a9f4d2d63f" + } + ] + }, + { + "id": "e43bb769482b55c9", + "location": { + "path": "/usr/lib64/girepository-1.0/Json-1.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 25972 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6adeb0eb8aa9915248b546ad5025aa99dfb344eb" + }, + { + "algorithm": "sha256", + "value": "7a33c50a8748297d29811226528c592ce323a80d024c898c03bc0c59e8ec169b" + } + ] + }, + { + "id": "27ae868c8ec36403", + "location": { + "path": "/usr/lib64/girepository-1.0/Modulemd-2.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 53304 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b94ae13c66d2ad4460f3e81e1a65732168e90b06" + }, + { + "algorithm": "sha256", + "value": "b2efe05bbd9a1fccb5399815baa12ae9fb7f5776b30ea63517abda946089f4a0" + } + ] + }, + { + "id": "81bbe926b6aead1e", + "location": { + "path": "/usr/lib64/girepository-1.0/Peas-1.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 9364 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f55cba402d91bddda9b68ebcf939968f85b32ad3" + }, + { + "algorithm": "sha256", + "value": "f565f6faf06dd6ab0d48b8222c9a57f8afd8fb3acac9b63bd72955c05854702b" + } + ] + }, + { + "id": "1a3133d2f0305784", + "location": { + "path": "/usr/lib64/girepository-1.0/Vulkan-1.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 59380 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "990f50121bdb450e7cc284416847f9ec12e4d667" + }, + { + "algorithm": "sha256", + "value": "c90a6028c5b4903ca95569cce7068138396c68d86a7d029755efc97c8b7b4640" + } + ] + }, + { + "id": "ec87058761e8948b", + "location": { + "path": "/usr/lib64/girepository-1.0/cairo-1.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 14344 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e078bece9d494ab88f1fb1df74f825f2080c5a12" + }, + { + "algorithm": "sha256", + "value": "73a442091999a33cb0927163aaa2052bb2c62dd5a2921e616168ed2e73edf582" + } + ] + }, + { + "id": "d9ff4f32eeb17c6b", + "location": { + "path": "/usr/lib64/girepository-1.0/fontconfig-2.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 348 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4f49aa46670adb0309fd3d7dea310f413ea08a60" + }, + { + "algorithm": "sha256", + "value": "17dd220833e93884c4b261336c9bcd1bd546ed2c10920d578de04138182debec" + } + ] + }, + { + "id": "7ab7f3522d309852", + "location": { + "path": "/usr/lib64/girepository-1.0/freetype2-2.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 420 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "56fa561a33b695289715386cf38125a2d491a13c" + }, + { + "algorithm": "sha256", + "value": "03a385fb9e769b084d5df54aae60bbcfa7ca06b14d5a514f5251a175ddb77b3d" + } + ] + }, + { + "id": "18cf06d4abbb39ce", + "location": { + "path": "/usr/lib64/girepository-1.0/libxml2-2.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 668 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d82473e07cb70a82563b48efb1973b02bc28fdfd" + }, + { + "algorithm": "sha256", + "value": "428ea3f8b393c44b7682acdcad718d5f6dc87ca6adc6417af06e3f22d8f2aa1b" + } + ] + }, + { + "id": "c6783499aa12b204", + "location": { + "path": "/usr/lib64/girepository-1.0/win32-1.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 176 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5f289edeef92d2fdfd6ed220ebcc517e9d56fd21" + }, + { + "algorithm": "sha256", + "value": "f58e32852eeba023aa69ffc0a384452a99df362d91c17ebf1c7e6d72baa8b75c" + } + ] + }, + { + "id": "67c5ab204d910f75", + "location": { + "path": "/usr/lib64/girepository-1.0/xfixes-4.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 240 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "87adc0f52a16dabaf8d2bb73ef670644af6c6676" + }, + { + "algorithm": "sha256", + "value": "e55b4e0489c9aac5c7f055f4a1b40e0f92417e0db7c02d1611d342a3396c0890" + } + ] + }, + { + "id": "85e93a42c71df820", + "location": { + "path": "/usr/lib64/girepository-1.0/xft-2.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 464 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7458fb1126bafae2ab26b5fc526db68eba7dc844" + }, + { + "algorithm": "sha256", + "value": "aa4e253474c1084af97eeec58108590488d2b4e82cf9d37c57160c01e6480a6e" + } + ] + }, + { + "id": "32a0c00ecef8529c", + "location": { + "path": "/usr/lib64/girepository-1.0/xlib-2.0.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 836 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a1904a60e3355033ed511e7e60912d2b51c23812" + }, + { + "algorithm": "sha256", + "value": "4450fa0426b410db5a219f64b4e0d7f9b0be17ae81b9a6947045aeaacf417f91" + } + ] + }, + { + "id": "9e393ba47e750cde", + "location": { + "path": "/usr/lib64/girepository-1.0/xrandr-1.3.typelib", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 640 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7e2fc5c059b74dc675e5b84eafa4937ab3adc31b" + }, + { + "algorithm": "sha256", + "value": "860b43fd4ff40bae47b48111ff49d432acf96c0211a95b26df5ae8c32179591e" + } + ] + }, + { + "id": "ee957d0fd6dceb6b", + "location": { + "path": "/usr/lib64/libacl.so.1.1.2301", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 40496 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "94d85a7ef951984cc7d9337ba6f4adf1b09a74dc" + }, + { + "algorithm": "sha256", + "value": "4894d693ef1fd6acbd95a8ef1873716b6086523084fceca0b16f430acb2d67c7" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libattr.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "20166f892a70cb1d", + "location": { + "path": "/usr/lib64/libassuan.so.0.8.5", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 86944 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d7073b36a9259025a56139b223bd1b266dc3154b" + }, + { + "algorithm": "sha256", + "value": "2802ab456d7ce9730af980620dc280917270b33efb514af96ed9fafd4f7237d9" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "37278abcf11da63d", + "location": { + "path": "/usr/lib64/libattr.so.1.1.2501", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 28552 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cf304368638fcb8aef50f0e1ded25deadb64b33c" + }, + { + "algorithm": "sha256", + "value": "944c2763b2c727d3126e9f60edac6189d9ac072cb91538eda0f4cc55bc24a5a0" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "03fde1b1904f0a48", + "location": { + "path": "/usr/lib64/libbz2.so.1.0.8", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 76280 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7b74c640e36fea8d0196a28e381a00684c488bf5" + }, + { + "algorithm": "sha256", + "value": "0be7c010debc1bc5b53f59449ee204e5f927978439e6bd5df256cd36c288272d" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "874052fff98a4177", + "location": { + "path": "/usr/lib64/libcap-ng.so.0.0.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 32528 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "98046eaa771d306fe8be38bfff4913df74f41283" + }, + { + "algorithm": "sha256", + "value": "0f03248a4184699f298d006c36cad963dba065d451ed8dc187aceb7c1e3fff81" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "c1d8fac200470efc", + "location": { + "path": "/usr/lib64/libcrypt.so.2.0.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 201808 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ac63dc058acacd5935ff0887b206e6a2f76816bb" + }, + { + "algorithm": "sha256", + "value": "67847e804cdd224fc438207e6919a69ce03cdede0fa3f3467fbd09b554640667" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "2a53cced56358980", + "location": { + "path": "/usr/lib64/libdnf/plugins/README", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 194 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "557ca9f62680017df81311fafa956b9baa3e036b" + }, + { + "algorithm": "sha256", + "value": "73532ee155af95978529b5d896ed657ac8823a3ab32959bdde9719b35e6a7ae6" + } + ] + }, + { + "id": "873c917cafce7f50", + "location": { + "path": "/usr/lib64/libdrop_ambient.so.0.0.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15632 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3e283fefd85ac380b7c83f9e9bd3c6319ce3cca4" + }, + { + "algorithm": "sha256", + "value": "37552076c61781047d691ace88972921141f471ca1c76f223b48331d6350c70f" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "caa129ad797767a7", + "location": { + "path": "/usr/lib64/libevent-2.1.so.7.0.1", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 365360 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f20129854c8aeac2120d5b8e20203cbca02b65de" + }, + { + "algorithm": "sha256", + "value": "bb9471ece95b9eed40f0a6b30d90305f8586573ef511945d0852aab8cd544c6f" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "0641d6c97b0ce150", + "location": { + "path": "/usr/lib64/libevent_core-2.1.so.7.0.1", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 231848 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "88dd27a01a0563fb9334fbcd29474d0d4db5ed7e" + }, + { + "algorithm": "sha256", + "value": "62e6a6c76d6478a2c2aa9548c5e8ee62d51fb2b9c3f59fdf773f3a8d7cab6b38" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "7e97c46e2ba7aa0e", + "location": { + "path": "/usr/lib64/libevent_extra-2.1.so.7.0.1", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 157248 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8e4573d1ff82fb9911793412593a90beee3914b9" + }, + { + "algorithm": "sha256", + "value": "55995d6af18cb176d702d4f5ac0cc88816d91121b213425d688ddfe4520877d5" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "126ddf605a08aa6f", + "location": { + "path": "/usr/lib64/libevent_openssl-2.1.so.7.0.1", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 36216 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1d4c956778f6b27e5d8fb61d75e5c7ef21d86436" + }, + { + "algorithm": "sha256", + "value": "639f118b45454cf12f92f9cb4ef1ffce8ac016729fb7c6089328859d54b25394" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libssl.so.3", + "libcrypto.so.3", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "4032189b898fefaf", + "location": { + "path": "/usr/lib64/libevent_pthreads-2.1.so.7.0.1", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15296 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a22122596aeaf38cde41102703db1dce48a55755" + }, + { + "algorithm": "sha256", + "value": "65bdebb29d7a1b9b3704d9e0a626d372548dcbae9e606282ece94ed4149c4569" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "c9e0a30b10d2fe01", + "location": { + "path": "/usr/lib64/libffi.so.8.1.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 44784 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "652d8774241577295e1ee6a0d2e57a6d5d1a1331" + }, + { + "algorithm": "sha256", + "value": "c575bec3faae030f61b7dd26a40480e60e6f0060e2b4d3a6f3cacd6da9fc01ff" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "64405ea653cfe62f", + "location": { + "path": "/usr/lib64/libgcrypt.so.20.4.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1304856 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "62a55f264e929f20ab20ad8dfea9b94e6d8047c8" + }, + { + "algorithm": "sha256", + "value": "ad3532c2f6a3bb7bf5d4cf3b5014e3db23a99ae4d7876882ccf56e898af6e81d" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "62aab177572c81d2", + "location": { + "path": "/usr/lib64/libgdbm.so.6.0.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 78136 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "788eaf9def72fe7cf0b5b0df4ca3e4443c30ee60" + }, + { + "algorithm": "sha256", + "value": "bdc7274699add513c815dae574464f2dd2c5d25ac0365cb840d55faad3551989" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "bea130dbfc935616", + "location": { + "path": "/usr/lib64/libgdbm_compat.so.4.0.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15256 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a5ae97bd3dbe08e0eb1ae86220f534bd5425b547" + }, + { + "algorithm": "sha256", + "value": "0b6e593bcda737cc2634fbf08b69f7cd12d01bc1db04ff7d95e2cecca0394463" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgdbm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "e69d26bcb0a24e1b", + "location": { + "path": "/usr/lib64/libgirepository-1.0.so.1.0.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 143200 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ba9788ef4fdfb288815525c1c74afbf8fa2d5557" + }, + { + "algorithm": "sha256", + "value": "20c154e743cea2df90cec58d41e9b5e26bc10cd1a0cb9f616d81e48cabf4e0fe" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libglib-2.0.so.0", + "libgobject-2.0.so.0", + "libgmodule-2.0.so.0", + "libgio-2.0.so.0", + "libffi.so.8", + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "76096f929a097db2", + "location": { + "path": "/usr/lib64/libgmp.so.10.4.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 677824 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "32475e5d51d9b9b5b2bd99731601e258d65627b1" + }, + { + "algorithm": "sha256", + "value": "b9d1265de01c92a6565272aa3ffa30034fe3656c73c348fc988a2e65389d6782" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "6b8f40a297fb9256", + "location": { + "path": "/usr/lib64/libgpg-error.so.0.32.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 153600 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0c197bcbbd57299c70775b9a50ec2a8f5f33e8b8" + }, + { + "algorithm": "sha256", + "value": "7c35a3105985309405449a6f609cab1b0971fd65d44d70c4780106c12673ba08" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "3c3cb91a078fde6e", + "location": { + "path": "/usr/lib64/libgpgme.so.11.24.1", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 350864 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "732b6788c2f9089361158c53f5c147fbc39935cf" + }, + { + "algorithm": "sha256", + "value": "0ba972ec6ce71ecb0d07f1a5fa318c2f498eb671327ba444393cb3a1b6b497a4" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libassuan.so.0", + "libgpg-error.so.0", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "315872dd93390c03", + "location": { + "path": "/usr/lib64/libhistory.so.8.1", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 53400 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ee35f373b496c24e9b0eb04c51f51ff141c2ec16" + }, + { + "algorithm": "sha256", + "value": "1624092f4c9c1b6dba385d4a2acf707f02620f4ea6e4de478887f9dbae31c66a" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "f25c4208eeb070b6", + "location": { + "path": "/usr/lib64/libidn2.so.0.3.7", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 130952 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "885dcf79a492efb10cb15e13ad80a0f889cbd09c" + }, + { + "algorithm": "sha256", + "value": "dc245bad13edbcd52b6f654a3de2ddcb017c92590e0b7b473b8a69a3db3a2b9c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libunistring.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "77c9b4d0917880dc", + "location": { + "path": "/usr/lib64/libjson-c.so.5.0.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 75928 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5cb568c7b5fbd446a520efe927ff3dee04b6da8d" + }, + { + "algorithm": "sha256", + "value": "8aa6483f266303dd0116a85882806382c9e254bceeb17be1c1f8933a1ea9f33e" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "b4b67fbfb5f5e23e", + "location": { + "path": "/usr/lib64/libjson-glib-1.0.so.0.600.6", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 183520 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a24f2e1e611e1ebeed67b9bcf2c3e2e6615e02c9" + }, + { + "algorithm": "sha256", + "value": "9ffe45c8c5b88fabf34a007c4b0ccc0322728f5790e43e11785ccdad64557a0e" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgio-2.0.so.0", + "libgobject-2.0.so.0", + "libglib-2.0.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "09908bd891f4a1fb", + "location": { + "path": "/usr/lib64/libkeyutils.so.1.10", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 23992 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b80385902e58f095f0f4b2f4e7707e38152bc853" + }, + { + "algorithm": "sha256", + "value": "b0aaec55115d2ab97e1a70cb4c9a1b036d839d7922e67d3e610cd3ccd58521e3" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "1e29db6133907052", + "location": { + "path": "/usr/lib64/libksba.so.8.13.1", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 268760 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b75cef0731f4977cfbcda33d8458b37fcf05ce8e" + }, + { + "algorithm": "sha256", + "value": "081792cc346461618b8723abc84afe792870d36452f47a3c2e7acab017c1021b" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "f18c9f92057ac960", + "location": { + "path": "/usr/lib64/liblua-5.4.so", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 287296 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2c34f6a723b87db49b380ae747c19c134f5daa38" + }, + { + "algorithm": "sha256", + "value": "a51bea6a192c1ae861b20f871fca5e3ea4751b9ad31ca448d9799965d4b208fc" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "07c7e420648edb7f", + "location": { + "path": "/usr/lib64/liblz4.so.1.9.3", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 144120 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9d7a2adf1f1ad3f6c1a57fc2fb4fc136e97a307c" + }, + { + "algorithm": "sha256", + "value": "cd2cd6b9b4ddc0fda8eb8bd2597566f50efd4848ce24f071c88385bae200e166" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "d25c76d984b3aa3b", + "location": { + "path": "/usr/lib64/liblzma.so.5.2.5", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 178744 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1c20beff7a63fea7251efb9f1435c619828244dd" + }, + { + "algorithm": "sha256", + "value": "16125c779c2442c5bc32a3aeded7e6a5e70c9112864eebb5bb061651222a2dda" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "33e898c1f45c8cd6", + "location": { + "path": "/usr/lib64/libmagic.so.1.0.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 185544 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "228ac994fe088a510f8caa60e52052573e5ee01d" + }, + { + "algorithm": "sha256", + "value": "a0909463137c552f416e7438e4f97beaef6940154c17a974467d339618ad70c2" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libz.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "88ecb7a06373bb64", + "location": { + "path": "/usr/lib64/libmodulemd.so.2.13.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 634720 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1b941e764c69a1b87880d5f18d6dde61c61daec9" + }, + { + "algorithm": "sha256", + "value": "55d52f9d60881e172cfdea50c658d4890e2d5fd0cc9bc5bc69b3955514f0ff0d" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgobject-2.0.so.0", + "libglib-2.0.so.0", + "libmagic.so.1", + "librpmio.so.9", + "libyaml-0.so.2", + "libgcc_s.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "c430935fd8f2dc21", + "location": { + "path": "/usr/lib64/libmpfr.so.6.1.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 726864 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "04bc73f1550e9d40f9582f2d7e84e5ea7d989917" + }, + { + "algorithm": "sha256", + "value": "737d4ad1015f97e0bfa59cc62d79e2a5fe7ac62148fd7f2826977de75f2f9ba4" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgmp.so.10", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "a2d7e7570645fbd9", + "location": { + "path": "/usr/lib64/libnghttp2.so.14.20.1", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 168672 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "67566f22812d095385f7f0bd5d5c12ffa53cef33" + }, + { + "algorithm": "sha256", + "value": "04be3e1e30dc721889595dfc826aefb82d84994218b1e433f81f7e727c39791c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "cb56001146a5f57c", + "location": { + "path": "/usr/lib64/libnpth.so.0.1.2", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 24040 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "42eedfa668f126069ef7b65e06610e02484dda2d" + }, + { + "algorithm": "sha256", + "value": "a90bc7657c5f2a4aeee8e6068c4e7318e856d5870e59203cc0f38e0d3e27ed78" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "4b7e13d2d8bedc71", + "location": { + "path": "/usr/lib64/libp11-kit.so.0.3.1", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1714240 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ddd78d6340c805bf19000f4bf16f8f198fb8cc95" + }, + { + "algorithm": "sha256", + "value": "9eec2de8301813279c4ade5b8705229d75eebd3d55d28bf42141d61a43055be0" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libffi.so.8", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "61217bc8d6063ca5", + "location": { + "path": "/usr/lib64/libpcre.so.1.2.12", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 488664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "342f304c2c94ed6be689e3d6a4bf43f3f9dd013e" + }, + { + "algorithm": "sha256", + "value": "853849dc5e7393ec3451683443d164b12783019e1b68bc64b49c64812886364d" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "11d09b8e145a45b4", + "location": { + "path": "/usr/lib64/libpcre2-8.so.0.11.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 636848 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "db7a2cef3127771056ee892267c25685dc314eb9" + }, + { + "algorithm": "sha256", + "value": "9a7c5324aa19b789ec6451fac312238ba8b266886e37f2dcad51b612deaae96c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "225f79c9b0575a25", + "location": { + "path": "/usr/lib64/libpcre2-posix.so.3.0.2", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15320 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a3e8ef0589686f39054ecb031e75898288209b3d" + }, + { + "algorithm": "sha256", + "value": "cd07b910ec2713c62bd756ca1b5b1b33822fe53b0c22b57bb21a7277c6d38664" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libpcre2-8.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "ba67a519ab935fa6", + "location": { + "path": "/usr/lib64/libpcreposix.so.0.0.7", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15352 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a9aaf3592a59f95df4797d0b993e3aafbe66373f" + }, + { + "algorithm": "sha256", + "value": "a829890434a50682fa95b2278d8daf3037a6bb195c4ad31d7c14901168ba6a7d" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libpcre.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "196b545787abaf02", + "location": { + "path": "/usr/lib64/libpeas-1.0.so.0.3000.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 98720 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5dd09d787c6efcc89059b45c90cd5d371505c8c4" + }, + { + "algorithm": "sha256", + "value": "f8b1dc530521545628192a831eaf36cc36499bd1ac28c8241bc6f2d114753df9" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libglib-2.0.so.0", + "libgobject-2.0.so.0", + "libgmodule-2.0.so.0", + "libgio-2.0.so.0", + "libgirepository-1.0.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "5563d371a9f13ec7", + "location": { + "path": "/usr/lib64/libpopt.so.0.0.1", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 58368 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "aa7f191ea0894ab9c74aa189e905a7cfacad919e" + }, + { + "algorithm": "sha256", + "value": "5e9f3f8a88255fcb88220f7af51a96fb7328a2ea73154dd306277271571acffd" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "cf56343ce42be2bf", + "location": { + "path": "/usr/lib64/libreadline.so.8.1", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 358128 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d7042d8c19057b1da6d78ae87c60cc937b0e764a" + }, + { + "algorithm": "sha256", + "value": "cd005d15fd3c6546b1ce73e629e516a421c9b0776cb7a0609f45c5c2f8d395bb" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libtinfo.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "64b06586db1d77b9", + "location": { + "path": "/usr/lib64/librhsm.so.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 52864 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7c40890f3df5a0abb1902afa7024f877eaf13b77" + }, + { + "algorithm": "sha256", + "value": "a5e26140e65f99559e39b6d532399de433af5e0eac6020301f98cdf2a1323977" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libglib-2.0.so.0", + "libgobject-2.0.so.0", + "libgio-2.0.so.0", + "libjson-glib-1.0.so.0", + "libcrypto.so.3", + "libgcc_s.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "9f3a8aed149de7d0", + "location": { + "path": "/usr/lib64/libsigsegv.so.2.0.6", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 20192 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c406b306355f1c1c06880f216c6b43f8c08a7d7a" + }, + { + "algorithm": "sha256", + "value": "ed87f1cc009a33dec708be009dee5f66ac26f2b5e1638d8ff2c460e8c34f3375" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "c1271ae5fbf0e0c3", + "location": { + "path": "/usr/lib64/libsolv.so.1", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 639960 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6e7c34a210e2d38bd03b23ee88a5e4e9d3a86267" + }, + { + "algorithm": "sha256", + "value": "073f24f7025c724f73f34a4657a56144ed6ecb2dd2a2a711d44302f92f4738a5" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libcrypto.so.3", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "c47cc5d32f44cc87", + "location": { + "path": "/usr/lib64/libsolvext.so.1", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 274536 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1a06ee428720abbf5e2935058cfcefaafee33547" + }, + { + "algorithm": "sha256", + "value": "5b399a58080823e1a335fea1e445adb5c4b862bd6421840d5273e64f85463962" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libsolv.so.1", + "librpmio.so.9", + "librpm.so.9", + "libxml2.so.2", + "libz.so.1", + "liblzma.so.5", + "libbz2.so.1", + "libzstd.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "24d9c2015a515f85", + "location": { + "path": "/usr/lib64/libunistring.so.2.1.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1591920 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "011b23aeff6c2a0d175aebc8729a23a863566974" + }, + { + "algorithm": "sha256", + "value": "70b4c4050c4319fb109a3cf5745f9a6ab2e5862c6bc809aea0e4cb94c87978ef" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "d1c85f195452933d", + "location": { + "path": "/usr/lib64/libusb-1.0.so.0.3.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 124512 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a3555cf89d10c168db67ef5600c57a756ef416c2" + }, + { + "algorithm": "sha256", + "value": "09b5033698a18d0a8c10869482ebb4b6a978d8066d3f62e73c62def304a3ceeb" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libudev.so.1", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "4a37b99f0e0affbc", + "location": { + "path": "/usr/lib64/libverto.so.1.0.0", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 28472 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ca3544d440ec0e684380ab8377f2a0a3951d12ed" + }, + { + "algorithm": "sha256", + "value": "958431bde9ce05c76a54d56ed3a89fae93704e62d7e5c697ed9816c256611efc" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "4958c0305cc0c1c1", + "location": { + "path": "/usr/lib64/libyaml-0.so.2.0.9", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 136048 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b735b32b9f03ca776b34dabfe5ba03ba49d44c2c" + }, + { + "algorithm": "sha256", + "value": "65b0fa7db95791f0b54442efde3dda6c81704eb0c0134e9371cfc76bd349f67c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "b19008fcaf37b79a", + "location": { + "path": "/usr/lib64/libz.so.1.2.11", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 102552 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "293a86297efce3f36c02972678590049bc8882ab" + }, + { + "algorithm": "sha256", + "value": "fae9fde931c0df13874fa4cf12cff3047c2570956b496d161fdf4aee7d62b3d7" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "d6f9cc0f25c163fa", + "location": { + "path": "/usr/lib64/pkcs11/p11-kit-trust.so", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 248448 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "24c4f04076d3fc00ffe57132d886e5095530c047" + }, + { + "algorithm": "sha256", + "value": "f3cf20976d79dc24c45caa5fc941b954680f634a7fd7fb5101c94025de77f23c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libtasn1.so.6", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "e7b09fa086b60c5a", + "location": { + "path": "/usr/libexec/awk/grcat", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 16056 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "759442278b5e8da98d08e4d4f452e42c35bf794d" + }, + { + "algorithm": "sha256", + "value": "01b5deef8969921f03e9f272b9503238c633c2f346806f2ba7f9ae22df6c7782" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "c668344a0bca4102", + "location": { + "path": "/usr/libexec/awk/pwcat", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 16048 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "11c01eabcee7e5a115eff682afa4ab36ce1705fe" + }, + { + "algorithm": "sha256", + "value": "e77e5d5f4347b0c44c70c9320fe5276215bab80bd1f75db796520ecf24da029b" + } + ], + "executable": { + "format": "elf", + "hasExports": false, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "c34070cd9804459e", + "location": { + "path": "/usr/libexec/dirmngr_ldap", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 40992 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "45403f9f9fd294d93e2aecb0a9e7da4bc6fb2a22" + }, + { + "algorithm": "sha256", + "value": "b6ee806155d883a9a6809a25f6fd05e76ed29a6206c7b19ade7cf8050ebccb90" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgpg-error.so.0", + "libgcrypt.so.20", + "libldap.so.2", + "liblber.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "0b538d4e3bdd8dca", + "location": { + "path": "/usr/libexec/gpg-check-pattern", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 61344 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "942e225856be050a94df58a50baf8a85a0f1fd9f" + }, + { + "algorithm": "sha256", + "value": "6c5199a71deb82996d035c4622891ab1a9e93cde709733e68a03571ff8cb1a4b" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgcrypt.so.20", + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "52874dccfe95c831", + "location": { + "path": "/usr/libexec/gpg-pair-tool", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 66024 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4f1326d87ef00379a30534c1fa6048c1f7d901d5" + }, + { + "algorithm": "sha256", + "value": "a33a4303e9f9a5232c7fa52d5c7d3c74f70e830d2e96d9fd1f9b042f9c025675" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgcrypt.so.20", + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "23d7f71ae89b5434", + "location": { + "path": "/usr/libexec/gpg-preset-passphrase", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 36592 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bb48fdf4bdd230a0328514ddd7adffd449658376" + }, + { + "algorithm": "sha256", + "value": "69c20fb4a9ccc913661f0e23df84ecbf10c8ea4bfd3d8ae8ddb6b144747edbbc" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libassuan.so.0", + "libgcrypt.so.20", + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "3cb192baafd3b531", + "location": { + "path": "/usr/libexec/gpg-protect-tool", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 86704 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "234503e2e761a9c4d7454ce7e37ffcc67fa91658" + }, + { + "algorithm": "sha256", + "value": "bc423e2f7d0daf95dc36e7952a788764a512aed6e899a6ff57c63890112374c4" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgcrypt.so.20", + "libassuan.so.0", + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "11a2f3793b9fe540", + "location": { + "path": "/usr/libexec/gpg-wks-client", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fbe48d6a850791aad7e41ba92583ca7260e89ab5" + }, + { + "algorithm": "sha256", + "value": "3f1de40f9613d4dcd75a04578bca75cce9225eef0c4bb79e7efd9bcf528ce6d6" + } + ] + }, + { + "id": "9f5373b01acacc41", + "location": { + "path": "/usr/libexec/grepconf.sh", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 257 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "676e6b27856f77ef2f4d401fdcfc8ed46c25020b" + }, + { + "algorithm": "sha256", + "value": "b91c10cb140a1593b37fba2dcab5cddf53c8e2c5104980b2ed7a1b42b7aa7d1b" + } + ] + }, + { + "id": "065c6ce3e216c867", + "location": { + "path": "/usr/libexec/keyboxd", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 162032 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "79a0b70430cde458073e8a60ced78ddb0801be94" + }, + { + "algorithm": "sha256", + "value": "15c1d0a42e84a5094d429b93f37186220a4288173fa2c5bc9a8d2a5b8af6587b" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libksba.so.8", + "libgpg-error.so.0", + "libgcrypt.so.20", + "libassuan.so.0", + "libnpth.so.0", + "libsqlite3.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "c12db9c09490c941", + "location": { + "path": "/usr/libexec/p11-kit/p11-kit-remote", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15784 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "22308d08d710fef01c0d86b09bb62b73dc5fb85e" + }, + { + "algorithm": "sha256", + "value": "0cdd6b349a22932ae1021cae38105908711ecd6ae77c0054838033a5d7bedec7" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libp11-kit.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "7ef56425a25f608f", + "location": { + "path": "/usr/libexec/p11-kit/trust-extract-compat", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 275 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0901ecfb340c91cb7f8b0d6ae6a73a1fd7309290" + }, + { + "algorithm": "sha256", + "value": "e3b9b63689b120e461687c7febc6ab0c3d33d6acd6f943c46113c9ed284b49ac" + } + ] + }, + { + "id": "354c42ab720de6f2", + "location": { + "path": "/usr/libexec/scdaemon", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 437600 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7f055ca27a54d3fb3a7dbf140bc836ec0864982d" + }, + { + "algorithm": "sha256", + "value": "46c51066517183a224049cfc8303c3af8c7df759e9036f01d76abbfc7fd79ded" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgcrypt.so.20", + "libksba.so.8", + "libgpg-error.so.0", + "libassuan.so.0", + "libnpth.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "602a7edba2b31626", + "location": { + "path": "/usr/sbin/addgnupghome", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3079 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ec930db595f079fefc1def3f6345e06dc5b2f8b5" + }, + { + "algorithm": "sha256", + "value": "5a0b0b80fb7121d408fbd732f278ddaa93dd092bd5551b9b42dfffa5ac28199a" + } + ] + }, + { + "id": "2ec5b1c87fd0a215", + "location": { + "path": "/usr/sbin/applygnupgdefaults", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2221 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "19b7b3ffe3e69f6b17f3bc4f6d6717ea843bf735" + }, + { + "algorithm": "sha256", + "value": "27c38fc03c86c8712ecbaf1ff689ef8061c0e9ab9ca5cf9d98a35b0c49a34a33" + } + ] + }, + { + "id": "e199d7c82c646f70", + "location": { + "path": "/usr/sbin/g13-syshelp", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 90720 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "39e5e1e65b4fe341ab0bed190e21b7855b2e6ca1" + }, + { + "algorithm": "sha256", + "value": "98e57e6a162f9cd1b8f0472277ad359fb16c241e854a9d5d3815b0774326d72f" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgcrypt.so.20", + "libassuan.so.0", + "libgpg-error.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "43f5c8e2c050e9b4", + "location": { + "path": "/usr/share/awk/assert.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 383 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "988b7bae890aa00936e30a528cd282f35463b5cc" + }, + { + "algorithm": "sha256", + "value": "07f9e0362956d40ea6a92bedd4f292666185d038885387cb00adb5ade1582d93" + } + ] + }, + { + "id": "a7ff93fae1c38258", + "location": { + "path": "/usr/share/awk/bits2str.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 334 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f0e66d5f21580eabedb241107bfa7f84598144eb" + }, + { + "algorithm": "sha256", + "value": "d7529387edb12e4054b384e96bc4911cb3b0e544602fb1e9de8a983f5fd46c5a" + } + ] + }, + { + "id": "3f9e7beb12691dc7", + "location": { + "path": "/usr/share/awk/cliff_rand.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 307 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "83aae44c23414de4e961a5899e5bc83f09649fda" + }, + { + "algorithm": "sha256", + "value": "41b20eba1d788cdc7d64c3860315b3bb8613f80b5f7d8f04774c31caef64dd42" + } + ] + }, + { + "id": "03ded06f5978a219", + "location": { + "path": "/usr/share/awk/ctime.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 234 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "995c25fb72416266c582c23f0c7430ffb8cc1acd" + }, + { + "algorithm": "sha256", + "value": "cf1b816f600516ec0a4f84901e12c48f44c5309bd6bd7b32f9a17abd026f2b86" + } + ] + }, + { + "id": "9177f91992e80c85", + "location": { + "path": "/usr/share/awk/ftrans.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 315 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6754f46ec10f7681756924cc2ff2901576174412" + }, + { + "algorithm": "sha256", + "value": "9957afaddfec5f2c6bc4f9cb12c576e6c367c1b681a472e91ced9caff5292722" + } + ] + }, + { + "id": "e01b45f2896e2b8f", + "location": { + "path": "/usr/share/awk/getopt.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3278 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c219bd8577d864cfbcce5383b71d0fcd2d613ab3" + }, + { + "algorithm": "sha256", + "value": "0144e3be4c5abc67bdace3b41a03cfea94a778268ca4df7efe5931737306e888" + } + ] + }, + { + "id": "3ce5c71bd91a6fb8", + "location": { + "path": "/usr/share/awk/gettime.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2491 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8b5f919aaa995229b3d35bd3dcf6a55a272ae637" + }, + { + "algorithm": "sha256", + "value": "7baacb670919547d1fc2ec186d6ad937c6f7cc2d03e0b2e8f6802742dc7c6023" + } + ] + }, + { + "id": "f68d462d6f0dec41", + "location": { + "path": "/usr/share/awk/group.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1765 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "59f1283139b9ede22bb4946159a57db2ab950206" + }, + { + "algorithm": "sha256", + "value": "dcabe4d2e2f93972471e7eade26a7779e0c160c23570d3b32509433756083073" + } + ] + }, + { + "id": "504ece9f854051a7", + "location": { + "path": "/usr/share/awk/have_mpfr.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 221 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b333a7cb12ddbf6625f3cb68321296aa490063d1" + }, + { + "algorithm": "sha256", + "value": "40d45f7e243e4f7faa1335852c5839fa80c60d70eccd94918cee7edbc58fd9a4" + } + ] + }, + { + "id": "21f69a66a8e1f30d", + "location": { + "path": "/usr/share/awk/inplace.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2340 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "49af3c8ab5fc51ce3bf9644a8902cc5aaac828bc" + }, + { + "algorithm": "sha256", + "value": "c9420b8b4cef25e7f7982800a24d7ecdf2708e9514e8d0f48f471b6bdfec7f1e" + } + ] + }, + { + "id": "cad2d692d922a012", + "location": { + "path": "/usr/share/awk/intdiv0.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 462 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b0b21f70c7b88ac4e15570af9fdbf58736a7acf0" + }, + { + "algorithm": "sha256", + "value": "c184f8a175c7226e9c567a8bb91e5e67ed8e239769012ad16f93c48f8e328bfd" + } + ] + }, + { + "id": "57a23fddeb51a231", + "location": { + "path": "/usr/share/awk/join.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 378 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "66c87357ce4c55e201e7e6ff5cfbc1795875f30c" + }, + { + "algorithm": "sha256", + "value": "9af26157a40c1e1c09dfa73152e07cbff4c4f4b31b7bf8132572270da6dfc052" + } + ] + }, + { + "id": "c5d5d77dbb5b491d", + "location": { + "path": "/usr/share/awk/libintl.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 238 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d38956139eb1f3848b26e10cac26951fcb637a09" + }, + { + "algorithm": "sha256", + "value": "2b3a65b9053d2f4f08733870ef2cf1b5ee8aeba74dc6b9b1d1610fc0d9ac0eee" + } + ] + }, + { + "id": "0a88a27a0a532250", + "location": { + "path": "/usr/share/awk/noassign.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 422 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "286163f5748bd207c1cccec304db9dbb3745515d" + }, + { + "algorithm": "sha256", + "value": "7ffc84e6d111aaf56cb0d3756bbcbd73e2510069ee6fc05bc1ea0e412884663e" + } + ] + }, + { + "id": "af584ef6a682393d", + "location": { + "path": "/usr/share/awk/ns_passwd.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1282 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7c7e1715594a43efb0ce3190414dedc5817cf8b5" + }, + { + "algorithm": "sha256", + "value": "65670dbe643091de33dd490b71609677c875166d0aa59378a6576f979ba9886a" + } + ] + }, + { + "id": "e2d294e2988586b1", + "location": { + "path": "/usr/share/awk/ord.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 937 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "87c053430fed042fc413fdbb2f1a9a2f228f4f81" + }, + { + "algorithm": "sha256", + "value": "e7d37acc67a101dd2e23c19ed3f9dfd5d01ea93af63b2ebc8679976e1ef051ce" + } + ] + }, + { + "id": "604ed35d2e3c3905", + "location": { + "path": "/usr/share/awk/passwd.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1199 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "94fe0019f12e4cca0bb6995655363e14b3a71a7a" + }, + { + "algorithm": "sha256", + "value": "bdaf71595b473e0cfffaa426f451e1cbeae6d8a9047c5e78cf254b33586ac5eb" + } + ] + }, + { + "id": "db8886a0050e15b4", + "location": { + "path": "/usr/share/awk/processarray.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 355 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a55964177451767adb55da211e29b1fffbf3134c" + }, + { + "algorithm": "sha256", + "value": "ac1e8e8dee8105c5c1ab2a1b87fcb668885473b7e90b7b0c137275742c704166" + } + ] + }, + { + "id": "eeb961a2a9d5084b", + "location": { + "path": "/usr/share/awk/quicksort.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1031 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5f0f77de69c1cca88a9b36fb65c527a3cb612ee8" + }, + { + "algorithm": "sha256", + "value": "b769b7a892acedcdb98d18c3cf05544d4d85488a0378aaacba0c6e2ddb71bf35" + } + ] + }, + { + "id": "c57d87b0b5a2fdf1", + "location": { + "path": "/usr/share/awk/readable.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 489 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "16d49f6cc9809e837c041e15c1bbea974ee48e34" + }, + { + "algorithm": "sha256", + "value": "06e27abeb78eff929cb1f44256f195fe2d86ebb62814f731f420df286c8f1094" + } + ] + }, + { + "id": "89e5a19c73e3c007", + "location": { + "path": "/usr/share/awk/readfile.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 267 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ba25be8407fcb21803e70800e33cc66e4c56f9df" + }, + { + "algorithm": "sha256", + "value": "751d619465eb57c9d6314eb2a97e783ff84ff108cd1c4efeff8f62400dd77609" + } + ] + }, + { + "id": "a586091b446e0346", + "location": { + "path": "/usr/share/awk/rewind.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 404 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a981bfceae29b029950fcd889e9e9af0a163fd68" + }, + { + "algorithm": "sha256", + "value": "878279434b70956b26eca128a0939c1a14da97b1626fe402eb76d44485fbc268" + } + ] + }, + { + "id": "4faae474a1995428", + "location": { + "path": "/usr/share/awk/round.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 661 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ac2465e7f1e5316549d445a12a21896e989e4afe" + }, + { + "algorithm": "sha256", + "value": "28b705d2e2b01cc3ed450cc42e2ff99b058b55ef5a49cbc483aded7bdfa58aff" + } + ] + }, + { + "id": "ffd67d68e23c19c8", + "location": { + "path": "/usr/share/awk/shellquote.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 472 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e843b07b4988ab9f6b9f847d7f891a281f7383b2" + }, + { + "algorithm": "sha256", + "value": "78e7df6e31f55536a4c3853f6d54644877aa892ed7fc6e1d4dc9080284d78565" + } + ] + }, + { + "id": "ff0ea36e439da173", + "location": { + "path": "/usr/share/awk/strtonum.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1454 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4b66da8d9923f57e8da8ce6746cdd007c939f1e9" + }, + { + "algorithm": "sha256", + "value": "abd27d285278e83655617efbd8e09b5f5271dd6ede37847b0ebd6632be2dde74" + } + ] + }, + { + "id": "af1939bedac4fc42", + "location": { + "path": "/usr/share/awk/walkarray.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 214 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "54771f1379f65d9b1d01550d191d624d8afe0293" + }, + { + "algorithm": "sha256", + "value": "3a7f02f135e91bbf1c1cd498ea0e1489802d58c83bb4d112c0a407593db31dd8" + } + ] + }, + { + "id": "0459a6aa08d9b230", + "location": { + "path": "/usr/share/awk/zerofile.awk", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 424 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b34e3b5801b20cfe2f3d3188058b5b7b8a7f3c71" + }, + { + "algorithm": "sha256", + "value": "c20a5e00b43fbfb9ea420da93f64422ce13d4aebb3b725e2ac3ba0102f169bee" + } + ] + }, + { + "id": "558485814f2546ce", + "location": { + "path": "/usr/share/bash-completion/completions/gapplication", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1389 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a8ce8d6253282622367216c4103e99a4627122f8" + }, + { + "algorithm": "sha256", + "value": "199885a791120de218784b28d189becea2cdbdd1c297e8a4a92602a969857fe7" + } + ] + }, + { + "id": "63fcf5c880513783", + "location": { + "path": "/usr/share/bash-completion/completions/gdbus", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 935 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b10d7ce36f18627e7610b5fa1f9f56526cb4b645" + }, + { + "algorithm": "sha256", + "value": "819c76693b994a291c175c3d7a394022b7429644794816071ae40b5ca405105e" + } + ] + }, + { + "id": "2d800e884032c615", + "location": { + "path": "/usr/share/bash-completion/completions/gio", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3830 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a134f412a1a77a1f7ae2a996bf5f96064341695a" + }, + { + "algorithm": "sha256", + "value": "5da96db9ea9295e068a1c6c046b5ee32718489af43a949425b7d8c6cdc2ca493" + } + ] + }, + { + "id": "47a82969cc47629d", + "location": { + "path": "/usr/share/bash-completion/completions/gsettings", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2829 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "26096b914c674eb35632b2dad7ed967726dee6aa" + }, + { + "algorithm": "sha256", + "value": "8b0b278b6e20a401e94afb6164f99f73ee49af70e12e6c7c054a48fc8dccb552" + } + ] + }, + { + "id": "8696c78b618bb236", + "location": { + "path": "/usr/share/bash-completion/completions/p11-kit", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 674 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cc2413a2f6841811720c23b832d2fee9f9737273" + }, + { + "algorithm": "sha256", + "value": "eb0648a5487f28baa01ac6247de2fc187a25745159bf017054b04e1ce8cc6411" + } + ] + }, + { + "id": "f977a337241b88a6", + "location": { + "path": "/usr/share/bash-completion/completions/trust", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2053 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8cbc3774e9ff169e5d4a6ec0036636726fe61530" + }, + { + "algorithm": "sha256", + "value": "c4304c6b8c8af29909280a836e26cc6072f6d6994bab6a23efefc4fd7655f03a" + } + ] + }, + { + "id": "f38158a60f58dcf7", + "location": { + "path": "/usr/share/fontconfig/conf.avail/20-unhint-small-dejavu-sans.conf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/xml", + "size": 868 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "efe047199a3154ded7927e855b0faf545f608f66" + }, + { + "algorithm": "sha256", + "value": "9fd242f22463300d6e365ece9d7a74c9a5442d29bf0c67b2b58f64b8c0303a76" + } + ] + }, + { + "id": "1e810aa32799dda1", + "location": { + "path": "/usr/share/fontconfig/conf.avail/57-dejavu-sans-fonts.conf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/xml", + "size": 2657 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "18779a612da3014b2f6392da793723d741176b32" + }, + { + "algorithm": "sha256", + "value": "f0decf1d9c3c25bae3db27516c40ce3f80616362942c5cf1a3b9a21a1de1a0c8" + } + ] + }, + { + "id": "4ec017684ca0701e", + "location": { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSans-Bold.ttf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "font/ttf", + "size": 705684 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "87d3dcf4b666f77c320bd30dcdc8ade33d08c160" + }, + { + "algorithm": "sha256", + "value": "6e118ccd0d61f948ee8fe7674efd977e319929a81c0a92bd3081676cbd9e7d6e" + } + ] + }, + { + "id": "68a7a1aecef0f0bb", + "location": { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSans-BoldOblique.ttf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "font/ttf", + "size": 643288 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ef1263ea79b647e190cee127cab9a1447ff08032" + }, + { + "algorithm": "sha256", + "value": "02eb8bf872f5d62748c2e5580378ea505f0bc64ebfc96ff1f2e1555a7081b09f" + } + ] + }, + { + "id": "8f422b316d200560", + "location": { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSans-ExtraLight.ttf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "font/ttf", + "size": 356756 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "068605e7bfe415e5f349a763aafdf6c19b417689" + }, + { + "algorithm": "sha256", + "value": "baea85ba0e558d3999b672844170bee9d43a4d107bbf85a41bc436d0ea1f2ac2" + } + ] + }, + { + "id": "10e1abf320fef787", + "location": { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSans-Oblique.ttf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "font/ttf", + "size": 635412 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d1f533943748a5794c7d591ec37ed6a2a9edd796" + }, + { + "algorithm": "sha256", + "value": "b7f32088fac05f585418f7c6d93951f08968e987a877b4fba96384eb55211181" + } + ] + }, + { + "id": "b23178d125545f49", + "location": { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSans.ttf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "font/ttf", + "size": 757076 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1678de3625fee2cb91585ac30add82f1be092400" + }, + { + "algorithm": "sha256", + "value": "66b8a8ee0a4d1d46ff40f3352b05dbaffb63669c0577096f4a513772d21290f1" + } + ] + }, + { + "id": "b6ef71dfaf54dd21", + "location": { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed-Bold.ttf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "font/ttf", + "size": 703880 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "83f785c82118cb52a1e3806663e882161a895d3d" + }, + { + "algorithm": "sha256", + "value": "f24a0c5afd58a647df07b1cd259b87d597fb1b21c76926d227c520321579c1c7" + } + ] + }, + { + "id": "c3d987af03b2c23d", + "location": { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed-BoldOblique.ttf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "font/ttf", + "size": 641696 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "78371892eac1374124d067ac681e8bca7b1cec71" + }, + { + "algorithm": "sha256", + "value": "f1bd593e64d302b1e776d0fee1db207f8ce77c3bfaf13e98fffca246ebece1eb" + } + ] + }, + { + "id": "f868e0e9521cbfd9", + "location": { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed-Oblique.ttf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "font/ttf", + "size": 633824 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7f0b43f650a6e29b3b4e2f0e3e1bce28eae42774" + }, + { + "algorithm": "sha256", + "value": "62770f2d0218fb5e839dac94fce530e305aea2c995e688313127b14ba51a8a73" + } + ] + }, + { + "id": "e03106a16175f05c", + "location": { + "path": "/usr/share/fonts/dejavu-sans-fonts/DejaVuSansCondensed.ttf", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "font/ttf", + "size": 755124 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b44a6621929bfe826924a50b48083b641a6e4ab6" + }, + { + "algorithm": "sha256", + "value": "16b971ef662a96d3e2d65d1756674c510c3af4dfddd99083dcdfb7aa2acd57c2" + } + ] + }, + { + "id": "eacb78f0177ac6e1", + "location": { + "path": "/usr/share/gnupg/distsigkey.gpg", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3385 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7f622e5d2234f119ac15213b7d3b300f536803dd" + }, + { + "algorithm": "sha256", + "value": "7f04a82407e2074d57efbac9487b4f1ef9bc23c2a55a44ab4b1c396050251bef" + } + ] + }, + { + "id": "fadfa2cc594e6ac1", + "location": { + "path": "/usr/share/gnupg/sks-keyservers.netCA.pem", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1984 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ce86fdbc099e5607ea8a149d760b30c725e299e6" + }, + { + "algorithm": "sha256", + "value": "0666ee848e03a48f3ea7bb008dbe9d63dfde280af82fb4412a04bf4e24cab36b" + } + ] + }, + { + "id": "0022cc837623aa93", + "location": { + "path": "/usr/share/libgpg-error/errorref.txt", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 38982 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "297b1d47f27ecf5f2b4b625984bf85b85781c103" + }, + { + "algorithm": "sha256", + "value": "feddde721e0488a9ea06eed9d12628ed156ca7645fcbc50f6405f16d858ef908" + } + ] + }, + { + "id": "6a9d7cb03432b94a", + "location": { + "path": "/usr/share/licenses/alternatives/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18092 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "id": "181d870990e0b987", + "location": { + "path": "/usr/share/licenses/bash/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35147 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "sha256", + "value": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ] + }, + { + "id": "334ab95186904be9", + "location": { + "path": "/usr/share/licenses/bzip2-libs/LICENSE", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1896 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ddf157bc55ed6dec9541e4af796294d666cd0926" + }, + { + "algorithm": "sha256", + "value": "c6dbbf828498be844a89eaa3b84adbab3199e342eb5cb2ed2f0d4ba7ec0f38a3" + } + ] + }, + { + "id": "83a5e806ca6828ee", + "location": { + "path": "/usr/share/licenses/coreutils-single/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35149 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "algorithm": "sha256", + "value": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ] + }, + { + "id": "524d8032f81017af", + "location": { + "path": "/usr/share/licenses/cyrus-sasl-lib/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1861 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "86af2c4321b2d4b4f092b31fd897444a701c0085" + }, + { + "algorithm": "sha256", + "value": "9d6e5d1632140a6c135b251260953650d17d87cd1124f87aaf72192aa4580d4b" + } + ] + }, + { + "id": "82c2c4328ac0b8d1", + "location": { + "path": "/usr/share/licenses/dejavu-sans-fonts/LICENSE", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 8816 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2cba132501cc69b943061ac075153ad475c7e72a" + }, + { + "algorithm": "sha256", + "value": "7a083b136e64d064794c3419751e5c7dd10d2f64c108fe5ba161eae5e5958a93" + } + ] + }, + { + "id": "5cc4a51ee7c8655e", + "location": { + "path": "/usr/share/licenses/dnf/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18092 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "id": "dc88753ee1f91b36", + "location": { + "path": "/usr/share/licenses/dnf/PACKAGE-LICENSING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 415 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0445a12ba82a08be59bde464a61176dca779d9d4" + }, + { + "algorithm": "sha256", + "value": "c06f0c7eb611c6d77892bd02832dcae01c9fac292ccd55d205924388e178a35c" + } + ] + }, + { + "id": "cb8e98a52ae7350a", + "location": { + "path": "/usr/share/licenses/file-libs/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1649 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9f5bf317af31a6dac50b5f5504aa63b59d05442c" + }, + { + "algorithm": "sha256", + "value": "0bfa856a9930bddadbef95d1be1cf4e163c0be618e76ea3275caaf255283e274" + } + ] + }, + { + "id": "cc34ed57e626e93f", + "location": { + "path": "/usr/share/licenses/gawk/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35147 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "sha256", + "value": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ] + }, + { + "id": "c9e4b809beaa97bd", + "location": { + "path": "/usr/share/licenses/gawk/LICENSE.BSD", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1508 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f6e5b0b0e8a21707c3c149e15189e9d9d073e6e9" + }, + { + "algorithm": "sha256", + "value": "fea62a56afb45d77d33fd57599d5936d01bdda60d738e869df795a7392b1b320" + } + ] + }, + { + "id": "9a3472e293b9bde1", + "location": { + "path": "/usr/share/licenses/gawk/LICENSE.GPLv2", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18092 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "id": "eb8d2881557e6d12", + "location": { + "path": "/usr/share/licenses/gawk/LICENSE.LGPLv2", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "id": "c85e4b9dfd628442", + "location": { + "path": "/usr/share/licenses/gdbm-libs/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35072 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "70e64fe9090c157e441681779e0f31aad34f35cb" + }, + { + "algorithm": "sha256", + "value": "690d762f2e8e149ab1e2d6a409a3853b6151a2533b2382fae549a176d6bedecf" + } + ] + }, + { + "id": "34f393bc80919207", + "location": { + "path": "/usr/share/licenses/glib2/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "id": "4c3362aa50faa23f", + "location": { + "path": "/usr/share/licenses/glibc/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18092 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "id": "0c6263baa58699ee", + "location": { + "path": "/usr/share/licenses/glibc/COPYING.LIB", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "id": "6e267a1855234be9", + "location": { + "path": "/usr/share/licenses/glibc/LICENSES", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18943 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7a61ff17323319d01ed2cae913a5febc968d29f3" + }, + { + "algorithm": "sha256", + "value": "b33d0bd9f685b46853548814893a6135e74430d12f6d94ab3eba42fc591f83bc" + } + ] + }, + { + "id": "4d97ae3ae35a9c5a", + "location": { + "path": "/usr/share/licenses/gmp/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35147 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "sha256", + "value": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ] + }, + { + "id": "6eabae886edadff7", + "location": { + "path": "/usr/share/licenses/gmp/COPYING.LESSERv3", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 7639 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e7d563f52bf5295e6dba1d67ac23e9f6a160fab9" + }, + { + "algorithm": "sha256", + "value": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + } + ] + }, + { + "id": "f92ef671d1cffb18", + "location": { + "path": "/usr/share/licenses/gmp/COPYINGv2", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18092 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "id": "f8649341444163e6", + "location": { + "path": "/usr/share/licenses/gmp/COPYINGv3", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35150 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e88f6aea9379eb98a7bbea965fc7127a64b41ad9" + }, + { + "algorithm": "sha256", + "value": "e6037104443f9a7829b2aa7c5370d0789a7bda3ca65a0b904cdc0c2e285d9195" + } + ] + }, + { + "id": "227900176c400f3a", + "location": { + "path": "/usr/share/licenses/gnupg2/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35069 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4bc05f7560e1e3ced08b71c93f10abe9e702c3ee" + }, + { + "algorithm": "sha256", + "value": "bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357" + } + ] + }, + { + "id": "bcaf00ba173110fe", + "location": { + "path": "/usr/share/licenses/gnutls/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35149 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "algorithm": "sha256", + "value": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ] + }, + { + "id": "d68d8112761d584e", + "location": { + "path": "/usr/share/licenses/gnutls/COPYING.LESSER", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "id": "d0738c4e72c4921b", + "location": { + "path": "/usr/share/licenses/gnutls/LICENSE", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 936 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1f511bc8132f3904e090af21d25ef3453314b910" + }, + { + "algorithm": "sha256", + "value": "3e043d77917e48e262301b8f880812fcd82236482630a421d555a38804eee643" + } + ] + }, + { + "id": "21aedef33c6a13c9", + "location": { + "path": "/usr/share/licenses/gobject-introspection/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 552 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "80fe7119545c554233bbac373a7d8b0104e45cd1" + }, + { + "algorithm": "sha256", + "value": "1b3275b028bcaa77e4580a302ae80473abb97139b84a0e48618be34cd65f8aaa" + } + ] + }, + { + "id": "a9674222eadcd7f2", + "location": { + "path": "/usr/share/licenses/gobject-introspection/COPYING.GPL", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 17992 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dfac199a7539a404407098a2541b9482279f690d" + }, + { + "algorithm": "sha256", + "value": "32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670" + } + ] + }, + { + "id": "c5fd943acd121228", + "location": { + "path": "/usr/share/licenses/gobject-introspection/COPYING.LGPL", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 25292 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bf50bac24e7ec325dbb09c6b6c4dcc88a7d79e8f" + }, + { + "algorithm": "sha256", + "value": "d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5" + } + ] + }, + { + "id": "c80a36e5dd926d46", + "location": { + "path": "/usr/share/licenses/gpgme/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 17992 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dfac199a7539a404407098a2541b9482279f690d" + }, + { + "algorithm": "sha256", + "value": "32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670" + } + ] + }, + { + "id": "d615f7deb40d8890", + "location": { + "path": "/usr/share/licenses/gpgme/COPYING.LESSER", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26536 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0bf81afbc585fd8fa3a9267d33498831f5a5c9c2" + }, + { + "algorithm": "sha256", + "value": "ca0061fc1381a3ab242310e4b3f56389f28e3d460eb2fd822ed7a21c6f030532" + } + ] + }, + { + "id": "87ae451c23a5ef8a", + "location": { + "path": "/usr/share/licenses/gpgme/LICENSES", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1694 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7f6d7039cb982a2acec77a9d337942283a3875a0" + }, + { + "algorithm": "sha256", + "value": "950fbc07a2b8e34514936ad591544e6857b8e68079c92b78b5f8e997f415208a" + } + ] + }, + { + "id": "6dba54af8c7facae", + "location": { + "path": "/usr/share/licenses/grep/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35149 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "algorithm": "sha256", + "value": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ] + }, + { + "id": "867f228cd495980e", + "location": { + "path": "/usr/share/licenses/json-c/AUTHORS", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1091 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "939188993bbdabcd7bcdabedd1728ae6c474cffd" + }, + { + "algorithm": "sha256", + "value": "d9efaaada6d8c2d533cfabaf29bcf27dd987a53166b7e1d447cb2656f47b49ea" + } + ] + }, + { + "id": "8a3cb5a87d8b3cc3", + "location": { + "path": "/usr/share/licenses/json-c/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2205 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0cd23537e3c32497c7b87157b36f9d2eb5fca64b" + }, + { + "algorithm": "sha256", + "value": "74c1e6ca5eba76b54d0ad00d4815c8315c1b3bc45ff99de61d103dc92486284c" + } + ] + }, + { + "id": "d6e3aa97877dce2f", + "location": { + "path": "/usr/share/licenses/json-glib/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26430 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e60c2e780886f95df9c9ee36992b8edabec00bcc" + }, + { + "algorithm": "sha256", + "value": "a190dc9c8043755d90f8b0a75fa66b9e42d4af4c980bf5ddc633f0124db3cee7" + } + ] + }, + { + "id": "58e69df7e0409835", + "location": { + "path": "/usr/share/licenses/keyutils-libs/LICENCE.LGPL", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26450 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1c39e1d1004475e1237555e21dc8e0a3b70d3ff1" + }, + { + "algorithm": "sha256", + "value": "0d15593e3a8ad90917f8509b5ac1e4b5e5d196434a68029aa9dc0858a4a4c521" + } + ] + }, + { + "id": "f11be3044d82d8b0", + "location": { + "path": "/usr/share/licenses/krb5-libs/LICENSE", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 64121 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "63254f2d180b67ee59eeaf23bbe986c939888482" + }, + { + "algorithm": "sha256", + "value": "0d5373486138cb176c063db98274b4c4ab6ef3518c4191360736384b780306c2" + } + ] + }, + { + "id": "43476dfef7297d78", + "location": { + "path": "/usr/share/licenses/libarchive/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3086 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "90ba482db24552fe26fffe459bbc350224a79b3a" + }, + { + "algorithm": "sha256", + "value": "b2cdf763345de2de34cebf54394df3c61a105c3b71288603c251f2fa638200ba" + } + ] + }, + { + "id": "97780ed7a4226be7", + "location": { + "path": "/usr/share/licenses/libassuan/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35068 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "842745cb706f8f2126506f544492f7a80dbe29b3" + }, + { + "algorithm": "sha256", + "value": "fc82ca8b6fdb18d4e3e85cfd8ab58d1bcd3f1b29abe782895abd91d64763f8e7" + } + ] + }, + { + "id": "177ad30b4dd8175d", + "location": { + "path": "/usr/share/licenses/libassuan/COPYING.LIB", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26527 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9a1929f4700d2407c70b507b3b2aaf6226a9543c" + }, + { + "algorithm": "sha256", + "value": "a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861" + } + ] + }, + { + "id": "98fcd3e601d40fd1", + "location": { + "path": "/usr/share/licenses/libcap-ng/COPYING.LIB", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26542 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3ac522f07da0f346b37b29cd73a60f79e992ffba" + }, + { + "algorithm": "sha256", + "value": "f18a0811fa0e220ccbc42f661545e77f0388631e209585ed582a1c693029c6aa" + } + ] + }, + { + "id": "1cb31a5be70c0358", + "location": { + "path": "/usr/share/licenses/libcap/License", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 20240 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1f65128ca2bb6715d81ca6c60f997c997d0ac69e" + }, + { + "algorithm": "sha256", + "value": "088cabde4662b4121258d298b0b2967bc1abffa134457ed9bc4a359685ab92bc" + } + ] + }, + { + "id": "96396d4d262bdabc", + "location": { + "path": "/usr/share/licenses/libcom_err/NOTICE", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 44585 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e7b0a43ab2f7a589ca3bf497fe86e52b15502355" + }, + { + "algorithm": "sha256", + "value": "5da5ef153e559c1d990d4c3eedbedd4442db892d37eae1f35fff069de8ec9020" + } + ] + }, + { + "id": "b0fa0980073d1886", + "location": { + "path": "/usr/share/licenses/libcurl-minimal/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1088 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "73bcd04aed1c45b611fd34aaa29e72069a49049b" + }, + { + "algorithm": "sha256", + "value": "6fd1a1c008b5ef4c4741dd188c3f8af6944c14c25afa881eb064f98fb98358e7" + } + ] + }, + { + "id": "b8f10c1a6f677c7e", + "location": { + "path": "/usr/share/licenses/libdnf/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "id": "9b1fc29507f6153b", + "location": { + "path": "/usr/share/licenses/libevent/LICENSE", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 4528 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0f375374b877550ade2e001905a1f9c9b7128714" + }, + { + "algorithm": "sha256", + "value": "ff02effc9b331edcdac387d198691bfa3e575e7d244ad10cb826aa51ef085670" + } + ] + }, + { + "id": "1961bfa9d1198d5b", + "location": { + "path": "/usr/share/licenses/libffi/LICENSE", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1132 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bda021b14478d294f531de3766f201960a0bf274" + }, + { + "algorithm": "sha256", + "value": "a61d06e8f7be57928e71e800eb9273b05cb8868c484108afe41e4305bb320dde" + } + ] + }, + { + "id": "ce9138e160be5543", + "location": { + "path": "/usr/share/licenses/libgcc/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18002 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "68c94ffc34f8ad2d7bfae3f5a6b996409211c1b1" + }, + { + "algorithm": "sha256", + "value": "231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c" + } + ] + }, + { + "id": "b82a899b41957e3f", + "location": { + "path": "/usr/share/licenses/libgcc/COPYING.LIB", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26440 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "597bf5f9c0904bd6c48ac3a3527685818d11246d" + }, + { + "algorithm": "sha256", + "value": "32434afcc8666ba060e111d715bfdb6c2d5dd8a35fa4d3ab8ad67d8f850d2f2b" + } + ] + }, + { + "id": "f374ebc3b3ace9d7", + "location": { + "path": "/usr/share/licenses/libgcc/COPYING.RUNTIME", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3324 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c0ad296b24f96e7c77ce564cad2fa1a4f76024d8" + }, + { + "algorithm": "sha256", + "value": "9d6b43ce4d8de0c878bf16b54d8e7a10d9bd42b75178153e3af6a815bdc90f74" + } + ] + }, + { + "id": "d57ed1f4490e2301", + "location": { + "path": "/usr/share/licenses/libgcc/COPYING3", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35147 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "sha256", + "value": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ] + }, + { + "id": "220d69e3f8293bbd", + "location": { + "path": "/usr/share/licenses/libgcc/COPYING3.LIB", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 7639 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e7d563f52bf5295e6dba1d67ac23e9f6a160fab9" + }, + { + "algorithm": "sha256", + "value": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + } + ] + }, + { + "id": "afa1339ce3d11f25", + "location": { + "path": "/usr/share/licenses/libgcrypt/COPYING.LIB", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26536 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0bf81afbc585fd8fa3a9267d33498831f5a5c9c2" + }, + { + "algorithm": "sha256", + "value": "ca0061fc1381a3ab242310e4b3f56389f28e3d460eb2fd822ed7a21c6f030532" + } + ] + }, + { + "id": "cc8e1d8350367ddf", + "location": { + "path": "/usr/share/licenses/libgpg-error/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18002 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "68c94ffc34f8ad2d7bfae3f5a6b996409211c1b1" + }, + { + "algorithm": "sha256", + "value": "231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c" + } + ] + }, + { + "id": "14d8cebc04906f0a", + "location": { + "path": "/usr/share/licenses/libgpg-error/COPYING.LIB", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26527 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9a1929f4700d2407c70b507b3b2aaf6226a9543c" + }, + { + "algorithm": "sha256", + "value": "a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861" + } + ] + }, + { + "id": "b8438551fa0dad99", + "location": { + "path": "/usr/share/licenses/libidn2/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1555 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f134eeebdc065e961a7935729cd6fd8fee3a50f2" + }, + { + "algorithm": "sha256", + "value": "73483f797a83373fca1b968c11785b98c4fc4803cdc7d3210811ca8b075d6d76" + } + ] + }, + { + "id": "8394e4bdb23fc3ec", + "location": { + "path": "/usr/share/licenses/libidn2/COPYING.LESSERv3", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 7651 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f45ee1c765646813b442ca58de72e20a64a7ddba" + }, + { + "algorithm": "sha256", + "value": "da7eabb7bafdf7d3ae5e9f223aa5bdc1eece45ac569dc21b3b037520b4464768" + } + ] + }, + { + "id": "9216d49d4ce2eff9", + "location": { + "path": "/usr/share/licenses/libidn2/COPYING.unicode", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 8782 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "33ad3570b2dc646e18e97171233bfceda6f7f088" + }, + { + "algorithm": "sha256", + "value": "01d621eef165cf4d3d3dbb737aa0699178d94c6f18cf87e9dde6db3ca7790f46" + } + ] + }, + { + "id": "1d089c70e8b5b492", + "location": { + "path": "/usr/share/licenses/libidn2/COPYINGv2", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18092 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "id": "ab7413a242ae644a", + "location": { + "path": "/usr/share/licenses/libksba/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 198 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "767d6751e4be6cc860d77a9a8229faae2f25b8cf" + }, + { + "algorithm": "sha256", + "value": "6197b98c6bf69838c624809c509d84333de1bc847155168c0e84527446a27076" + } + ] + }, + { + "id": "025702a1e5b63e69", + "location": { + "path": "/usr/share/licenses/libksba/COPYING.GPLv2", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18092 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "id": "50368cb4892a7855", + "location": { + "path": "/usr/share/licenses/libksba/COPYING.GPLv3", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35064 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e31db874e5b375f0592b02e3e450c9e94086e661" + }, + { + "algorithm": "sha256", + "value": "0abbff814cd00e2b0b6d08395af2b419c1a92026c4b4adacbb65ccda45fa58cf" + } + ] + }, + { + "id": "1e41d52c1fd496c7", + "location": { + "path": "/usr/share/licenses/libksba/COPYING.LGPLv3", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 7651 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f45ee1c765646813b442ca58de72e20a64a7ddba" + }, + { + "algorithm": "sha256", + "value": "da7eabb7bafdf7d3ae5e9f223aa5bdc1eece45ac569dc21b3b037520b4464768" + } + ] + }, + { + "id": "df99bd0ce5d10c31", + "location": { + "path": "/usr/share/licenses/libmodulemd/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1101 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "df8b6951986b90ed530a771fd3419725f7eaa4fb" + }, + { + "algorithm": "sha256", + "value": "40afccd95484d483800c17dd18a734518ba36e832841579a1f21dc94fb73bbdf" + } + ] + }, + { + "id": "b5f96c6e00d259b3", + "location": { + "path": "/usr/share/licenses/libmount/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 355 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "66319e97eda8747087e9c5292f31c8bc5153c3c8" + }, + { + "algorithm": "sha256", + "value": "5f12c2408a84be40fbff8ad7e281aa4e884fb92ee3f9a61aedf886a9503d3500" + } + ] + }, + { + "id": "ebf52dcf4e87c111", + "location": { + "path": "/usr/share/licenses/libmount/COPYING.LGPL-2.1-or-later", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "id": "1848dc41d7411a55", + "location": { + "path": "/usr/share/licenses/libnghttp2/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1156 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7f6f3c0c08925232459e499d66231cb5da01d811" + }, + { + "algorithm": "sha256", + "value": "6b94f3abc1aabd0c72a7c7d92a77f79dda7c8a0cb3df839a97890b4116a2de2a" + } + ] + }, + { + "id": "8238f8f0844d48b1", + "location": { + "path": "/usr/share/licenses/libpeas/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26521 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3704f4680301a60004b20f94e0b5b8c7ff1484a9" + }, + { + "algorithm": "sha256", + "value": "592987e8510228d546540b84a22444bde98e48d03078d3b2eefcd889bec5ce8c" + } + ] + }, + { + "id": "bc06f97c1cdad90e", + "location": { + "path": "/usr/share/licenses/librepo/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "id": "4fa97c5130dd81dc", + "location": { + "path": "/usr/share/licenses/librhsm/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "id": "f41eeeb12e786c07", + "location": { + "path": "/usr/share/licenses/libselinux/LICENSE", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1034 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "16900937e2ec3e0e96dee637f81ad8ef9265605f" + }, + { + "algorithm": "sha256", + "value": "86657b4c0fe868d7cbd977cb04c63b6c667e08fa51595a7bc846ad4bed8fc364" + } + ] + }, + { + "id": "ba5945950e24531a", + "location": { + "path": "/usr/share/licenses/libsemanage/LICENSE", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26432 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "545f380fb332eb41236596500913ff8d582e3ead" + }, + { + "algorithm": "sha256", + "value": "6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3" + } + ] + }, + { + "id": "de37ebc778a4b974", + "location": { + "path": "/usr/share/licenses/libsepol/LICENSE", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26432 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "545f380fb332eb41236596500913ff8d582e3ead" + }, + { + "algorithm": "sha256", + "value": "6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3" + } + ] + }, + { + "id": "8c8375028cffb497", + "location": { + "path": "/usr/share/licenses/libsigsegv/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18154 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c481619eb74665fe9da7bef63c644e302c904459" + }, + { + "algorithm": "sha256", + "value": "8f2983e9a940367f48999881c14775db725ee643bce1e2f1ba195eb629a33cde" + } + ] + }, + { + "id": "3c0ea2891a5411af", + "location": { + "path": "/usr/share/licenses/libsmartcols/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 361 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "93e45afdb0d7c3fdd6dfcc951b8a3421660f2811" + }, + { + "algorithm": "sha256", + "value": "f03b01c1251bc3bfee959aea99ed7906a0b08a2ff132d55a1ece18ee573a52a1" + } + ] + }, + { + "id": "1bc7f120ce61e78d", + "location": { + "path": "/usr/share/licenses/libsmartcols/COPYING.LGPL-2.1-or-later", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "id": "49c83cbafb892a3c", + "location": { + "path": "/usr/share/licenses/libsolv/LICENSE.BSD", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1381 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b965854f0ddcbff41631dee1f018ba72e2f248ff" + }, + { + "algorithm": "sha256", + "value": "57f15acfb29fbef7749779e096a5885c60b716633e34484a21bb717554c0198f" + } + ] + }, + { + "id": "88e2e21ed60c85a1", + "location": { + "path": "/usr/share/licenses/libtasn1/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35147 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "sha256", + "value": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ] + }, + { + "id": "14d6b8c8ff89b95e", + "location": { + "path": "/usr/share/licenses/libtasn1/COPYING.LESSER", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "id": "d00550d0a2acf914", + "location": { + "path": "/usr/share/licenses/libtasn1/LICENSE", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 605 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "42d6b117e9e1eee10eb77f99b640d1667417b19e" + }, + { + "algorithm": "sha256", + "value": "7446831f659f7ebfd8d497acc7f05dfa8e31c6cb6ba1b45df33d4895ab80f5a6" + } + ] + }, + { + "id": "d43cff324ed877ee", + "location": { + "path": "/usr/share/licenses/libunistring/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35147 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "sha256", + "value": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ] + }, + { + "id": "bf3b33b89a3fbb84", + "location": { + "path": "/usr/share/licenses/libunistring/COPYING.LIB", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 7639 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e7d563f52bf5295e6dba1d67ac23e9f6a160fab9" + }, + { + "algorithm": "sha256", + "value": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + } + ] + }, + { + "id": "fd14e35ef9e39d9a", + "location": { + "path": "/usr/share/licenses/libusbx/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26436 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "caeb68c46fa36651acf592771d09de7937926bb3" + }, + { + "algorithm": "sha256", + "value": "5df07007198989c622f5d41de8d703e7bef3d0e79d62e24332ee739a452af62a" + } + ] + }, + { + "id": "d57093f10f5ee2d8", + "location": { + "path": "/usr/share/licenses/libuuid/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 224 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0f9bab778ad683b9046a4c2a69e12fcc1e0144e1" + }, + { + "algorithm": "sha256", + "value": "5068749ee9c2f2c545af4a4de9fde3c39dc8d90af47cc0b3a42700116f9b7e71" + } + ] + }, + { + "id": "5788a17f6149e070", + "location": { + "path": "/usr/share/licenses/libuuid/COPYING.BSD-3-Clause", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1391 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e5c9f3867b9251dcd2d97a4d1dffaa38afe6625d" + }, + { + "algorithm": "sha256", + "value": "9b718a9460fed5952466421235bc79eb49d4e9eacc920d7a9dd6285ab8fd6c6d" + } + ] + }, + { + "id": "6bd46b35ec7e0e19", + "location": { + "path": "/usr/share/licenses/libverto/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1054 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4178c9d72828ce9f35fa1e7e6756d66ced8caef3" + }, + { + "algorithm": "sha256", + "value": "ee2f49235ed5947ace182dcb3aba92655aeafab4f3a33c98a9c6d75a6a238480" + } + ] + }, + { + "id": "0b17479f01b63ffd", + "location": { + "path": "/usr/share/licenses/libxcrypt/AUTHORS", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1850 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a8337508003a9e67120868b03893f75b57287d35" + }, + { + "algorithm": "sha256", + "value": "6d1e45c055b6d9e9bf4e9521419eb3dee4ca42a02dd4d824beaaad476dacfdca" + } + ] + }, + { + "id": "1f2e76756034330a", + "location": { + "path": "/usr/share/licenses/libxcrypt/COPYING.LIB", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "id": "64898a35c1ce7274", + "location": { + "path": "/usr/share/licenses/libxcrypt/LICENSING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 5534 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0ad959fc0079aa1dd3ec87113680c7fce48f19f9" + }, + { + "algorithm": "sha256", + "value": "f8198fcc4f002bf54512bac2e68e1e3f04af7d105f4f4f98d7d22cb110e04715" + } + ] + }, + { + "id": "a568d61394aed97b", + "location": { + "path": "/usr/share/licenses/libxml2/Copyright", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1289 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3c21506a45e8d0171fc92fd4ff6903c13adde660" + }, + { + "algorithm": "sha256", + "value": "c5c63674f8a83c4d2e385d96d1c670a03cb871ba2927755467017317878574bd" + } + ] + }, + { + "id": "05062048799b19bf", + "location": { + "path": "/usr/share/licenses/libyaml/License", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1101 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e99e74d048726c39136dc992f1fb5998972e3b4e" + }, + { + "algorithm": "sha256", + "value": "c40112449f254b9753045925248313e9270efa36d226b22d82d4cc6c43c57f29" + } + ] + }, + { + "id": "282764f7cd534318", + "location": { + "path": "/usr/share/licenses/microdnf/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18092 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "id": "929c01b4e14e02b9", + "location": { + "path": "/usr/share/licenses/mpfr/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35149 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "algorithm": "sha256", + "value": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ] + }, + { + "id": "3159c5c8e6dbee23", + "location": { + "path": "/usr/share/licenses/mpfr/COPYING.LESSER", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 7652 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a8a12e6867d7ee39c21d9b11a984066099b6fb6b" + }, + { + "algorithm": "sha256", + "value": "e3a994d82e644b03a792a930f574002658412f62407f5fee083f2555c5f23118" + } + ] + }, + { + "id": "5b03fcebec1ce207", + "location": { + "path": "/usr/share/licenses/ncurses-base/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1447 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6fa46ec6c9af4633d29bdc2bf91e56c93c6431e3" + }, + { + "algorithm": "sha256", + "value": "87a4c4442337b8968ef956031c406b74f9cb7149b7ba87311bdaba534816201c" + } + ] + }, + { + "id": "ee2836613968619b", + "location": { + "path": "/usr/share/licenses/npth/COPYING.LIB", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26525 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2c378b484c6da96db8f05f9bd795fcf5ddad0205" + }, + { + "algorithm": "sha256", + "value": "ce64d5f7b49ea6d80fdb6d4cdee6839d1a94274f7493dc797c3b55b65ec8e9ed" + } + ] + }, + { + "id": "99f0b08099ad078a", + "location": { + "path": "/usr/share/licenses/p11-kit/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1447 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6745330da3e7bde244b20b96a42eae659644e731" + }, + { + "algorithm": "sha256", + "value": "2e1ba993904df807a10c3eda1e5c272338edc35674b679773a8b3ad460731054" + } + ] + }, + { + "id": "86721dcc9a419b3e", + "location": { + "path": "/usr/share/licenses/pcre/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 95 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "495a1e12b07adcc0ff0eb6fad218539bb9fc805d" + }, + { + "algorithm": "sha256", + "value": "17abe1dbb92b21ab173cf9757dd57b0b15cd8d863b2ccdef635fdbef03077fb0" + } + ] + }, + { + "id": "a0aff6935cc99500", + "location": { + "path": "/usr/share/licenses/pcre/LICENCE", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3182 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "11ff082389982b8168263850db69199065f2028d" + }, + { + "algorithm": "sha256", + "value": "0dd9c13864dbb9ee4d77a1557e96be29b2d719fb6584192ee36611aae264c4a3" + } + ] + }, + { + "id": "058a5272ca28051a", + "location": { + "path": "/usr/share/licenses/pcre2-syntax/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 97 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "13294eaa0d7dc726a2fa73eef7a4a140cd9630f4" + }, + { + "algorithm": "sha256", + "value": "99272c55f3dcfa07a8a7e15a5c1a33096e4727de74241d65fa049fccfdd59507" + } + ] + }, + { + "id": "95b49113891e48c8", + "location": { + "path": "/usr/share/licenses/pcre2-syntax/LICENCE", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3477 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1e8d975c810890664d6ed3700fa41e135563bda6" + }, + { + "algorithm": "sha256", + "value": "87d884eceb7fc54611470ce9f74280d28612b0c877adfc767e9676892a638987" + } + ] + }, + { + "id": "f36b0135a6b24d42", + "location": { + "path": "/usr/share/licenses/popt/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1277 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "61bb7a8ea669080cfc9e7dbf37079eae70b535fb" + }, + { + "algorithm": "sha256", + "value": "518d4f2a05064cb9a8ec0ea02e86408af4feed6916f78ef42171465db8b383c5" + } + ] + }, + { + "id": "877484d5d72064a0", + "location": { + "path": "/usr/share/licenses/readline/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35147 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8624bcdae55baeef00cd11d5dfcfa60f68710a02" + }, + { + "algorithm": "sha256", + "value": "8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903" + } + ] + }, + { + "id": "5a61db40e1e1ecca", + "location": { + "path": "/usr/share/licenses/readline/USAGE", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2025 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "246e63b4576f6b9d3d78dcc61552641fe6316cc4" + }, + { + "algorithm": "sha256", + "value": "0759c74d61889b687f33cb03899630d8ecc09c5ebe7cedd2dd2e17eeef193f93" + } + ] + }, + { + "id": "78dfd94ad0b5da76", + "location": { + "path": "/usr/share/licenses/rpm/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 44182 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "588760a9f446cebfc4b61485cd09cd768908337f" + }, + { + "algorithm": "sha256", + "value": "171d94d9f1641316bff7f157a903237dc69cdb5fca405fed8c832c76ed8370f9" + } + ] + }, + { + "id": "9d448763622f504d", + "location": { + "path": "/usr/share/licenses/sed/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35151 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0dd432edfab90223f22e49c02e2124f87d6f0a56" + }, + { + "algorithm": "sha256", + "value": "e79e9c8a0c85d735ff98185918ec94ed7d175efc377012787aebcf3b80f0d90b" + } + ] + }, + { + "id": "5b9e86a686ed2319", + "location": { + "path": "/usr/share/licenses/setup/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 118 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "205c331ae337b00f56204126f4e3195adba32c7b" + }, + { + "algorithm": "sha256", + "value": "628095e1ef656bbe9034cf5bfa3c220880a16cd0ceea25b17cd2198ea3503e03" + } + ] + }, + { + "id": "f94fae61ddaf4f6c", + "location": { + "path": "/usr/share/licenses/systemd/LICENSE.LGPL2.1", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "id": "d1548084e38b4f04", + "location": { + "path": "/usr/share/licenses/xz-libs/COPYING", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2775 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "66933e63e70616b43f1dc60340491f8e050eedfd" + }, + { + "algorithm": "sha256", + "value": "bcb02973ef6e87ea73d331b3a80df7748407f17efdb784b61b47e0e610d3bb5c" + } + ] + }, + { + "id": "c41400570a0ae433", + "location": { + "path": "/usr/share/licenses/zlib/README", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 5187 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e1e1b075ae4ad6d628468e7dd40d9ec512ff9d10" + }, + { + "algorithm": "sha256", + "value": "7960b6b1cc63e619abb77acaea5427159605afee8c8b362664f4effc7d7f7d15" + } + ] + }, + { + "id": "e98ab666782456f4", + "location": { + "path": "/usr/share/metainfo/org.fedoraproject.LangPack-Core-Font-en.metainfo.xml", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/xml", + "size": 351 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6494351e87c01b3e4409e333e7c8e87b5f950732" + }, + { + "algorithm": "sha256", + "value": "be64c7e7cca4e95d49d067a22b0bc30622349d798696271a15759b7008f08fde" + } + ] + }, + { + "id": "c3b61ebf351721f4", + "location": { + "path": "/usr/share/metainfo/org.fedoraproject.LangPack-Core-en.metainfo.xml", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/xml", + "size": 398 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bbbd19e285d8d567a19b58c9267ed68f04abf5d0" + }, + { + "algorithm": "sha256", + "value": "d0ba061c715c73b91d2be66ab40adfab510ed4e69cf5d40970733e211de38ce6" + } + ] + }, + { + "id": "66e657ce713db75b", + "location": { + "path": "/usr/share/metainfo/org.fedoraproject.LangPack-en.metainfo.xml", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/xml", + "size": 400 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3898c0c6353d8d4871e89dbb04f05e5bdb11fa4c" + }, + { + "algorithm": "sha256", + "value": "3d8d5f74443d23b5a2d5f36ffa1937389d8960cdc748a1a1a88d061fd0e6e13b" + } + ] + }, + { + "id": "be8b1ad0cdc10508", + "location": { + "path": "/usr/share/metainfo/org.fedoraproject.dejavu-sans-fonts.metainfo.xml", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/xml", + "size": 5271 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "43b7e5d1ba4b65989a5bfbaed80e762da82b7883" + }, + { + "algorithm": "sha256", + "value": "32c72364ee554c4809cb06a4e4550d8cb5670b50648f0f3981a94dbfbb79efce" + } + ] + }, + { + "id": "42849d310597b27b", + "location": { + "path": "/usr/share/misc/magic", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1177332 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0c15e6f907cc38c8aeaabc907639717d9ab2caaf" + }, + { + "algorithm": "sha256", + "value": "61779c6b6e4d51b0d16cc256bac9eb5b2f19bdf06b718e95778509c92b7b569d" + } + ] + }, + { + "id": "b8d036a3b338b686", + "location": { + "path": "/usr/share/misc/magic.mgc", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 6650688 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "251b1c0acb6ee1b8025186460dacfc73f9be8e7a" + }, + { + "algorithm": "sha256", + "value": "56fece27ef5fb57bbec05f9b0964ad3af68723e85d4271cf4dc7b489038b6b2a" + } + ] + }, + { + "id": "e99e8977d610e2df", + "location": { + "path": "/usr/share/p11-kit/modules/p11-kit-trust.module", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 902 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4e42aebedeb09380a0dee0d9520dfe5a1f3f1e44" + }, + { + "algorithm": "sha256", + "value": "c9bcaa8b0366e2bef1e89fb6af4f084932d53c76da846100824015f89ff75b31" + } + ] + }, + { + "id": "3647d85aef6052d4", + "location": { + "path": "/var/lib/rpm/.rpm.lock", + "layerID": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "", + "size": 0 + } + }, + { + "id": "3bc0077c49d2950e", + "location": { + "path": "/etc/default/useradd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 119 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6f1f531b22afb49512a303bfb127274372543352" + }, + { + "algorithm": "sha256", + "value": "b121fd1b90c1a2fb6081a137dd7b441c7e7fec61bc17ca60db401a952d7b8825" + } + ] + }, + { + "id": "3aa1742f2e3585c3", + "location": { + "path": "/etc/dnf/protected.d/redhat-release.conf", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 15 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "058cfa312d9fd6a38756cea360ad03dbd6f2fcdd" + }, + { + "algorithm": "sha256", + "value": "942298c770f9afd8303dffda64d89fb57c8d06e8a37fcc285951682afc5a88b7" + } + ] + }, + { + "id": "e797ce9f0d1cdb1c", + "location": { + "path": "/etc/issue", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 23 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5c76e3b565c91e21bee303f15c728c71e6b39540" + }, + { + "algorithm": "sha256", + "value": "188029a4a5fc320b6157195899bf6d424610d385949a857a811d992602fa48c9" + } + ] + }, + { + "id": "402ed8348f10e3ff", + "location": { + "path": "/etc/issue.net", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 22 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "95fee903a60d67d0bc0f1c11b909ec0527c2b39d" + }, + { + "algorithm": "sha256", + "value": "17657f4ee63966a9c7687e97028b9ca514f6e9bcbefec4b7f4e81ac861eb3483" + } + ] + }, + { + "id": "485cebdb5c8d2a32", + "location": { + "path": "/etc/krb5.conf", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 880 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1e0f9955d21eebb477f02328e9789d5ab53d643e" + }, + { + "algorithm": "sha256", + "value": "87fa5619a6494774d5ea569df972a95691974cfed439f1e0f0e8dcb54cac5cb4" + } + ] + }, + { + "id": "ce2591a5f235263b", + "location": { + "path": "/etc/libaudit.conf", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 640, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 191 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f86b14eb6371b0d99b968dabc1b853b99530cb8a" + }, + { + "algorithm": "sha256", + "value": "d48318c90620fde96cb6a8e6eb1eb64663b21200f9d1d053f9e3b4fce24a2543" + } + ] + }, + { + "id": "4bbbca48a63a9a75", + "location": { + "path": "/etc/login.defs", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 7779 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2daf6aa2130e0d1585d2f4336a65275adf67d9c3" + }, + { + "algorithm": "sha256", + "value": "b8caab091c2b4a4b8194a438ff5df718d3c469362ac92a1901dc308eeac5a91e" + } + ] + }, + { + "id": "bf8b332a7275c03b", + "location": { + "path": "/etc/openldap/ldap.conf", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 900 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "767578de65b6f21acb7d5299881e9e00b6cad314" + }, + { + "algorithm": "sha256", + "value": "3bea281bbd267ed31c02249d9ce4c7659d764c6c36b0f0c81a39e4c810236eb2" + } + ] + }, + { + "id": "cc1dd49bb25490aa", + "location": { + "path": "/etc/pki/ca-trust/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 166 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4c0ea7b4623886d2246b9b113fafd1670ba42cb1" + }, + { + "algorithm": "sha256", + "value": "6c7b9287c41c171c64b358fc7331b8a9ae969fc2d00d997d88bcbf4da0de598a" + } + ] + }, + { + "id": "59abd7dfd624e787", + "location": { + "path": "/etc/pki/ca-trust/ca-legacy.conf", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 980 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b28450f457cc833ecf7af7dbe4d6c1feb0ec4208" + }, + { + "algorithm": "sha256", + "value": "400b96da374503fa6b6350a867347082d0c90e05ba4d02cc6b51b11229199c4d" + } + ] + }, + { + "id": "91b647bbbba6deb5", + "location": { + "path": "/etc/pki/ca-trust/extracted/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 560 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3c68219ad0bbe17c9773c5701ab34ad4d08a01a6" + }, + { + "algorithm": "sha256", + "value": "146ff96c60a8ee32bbcf2da59d624d6ecfbab7ef7442529d46d8d63064d8ca58" + } + ] + }, + { + "id": "9fa29831a822e32d", + "location": { + "path": "/etc/pki/ca-trust/extracted/edk2/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 566 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "751dd2582a3cc4bbb46f9ea1145bd8e3f59c6e6f" + }, + { + "algorithm": "sha256", + "value": "757c28eddb0634b74e6482d16324193be27eee41864c1f96c447020dae14b44f" + } + ] + }, + { + "id": "0015d10e62088f4c", + "location": { + "path": "/etc/pki/ca-trust/extracted/edk2/cacerts.bin", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 162348 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "932b7df8a8175341fdceda0ad888ce8cbf3ed356" + }, + { + "algorithm": "sha256", + "value": "10d123f5c252a9b611aeda90281aca0dcf1b6c63698e6a5ae7080fe36ff83801" + } + ] + }, + { + "id": "0b4db8d1d6ef42ec", + "location": { + "path": "/etc/pki/ca-trust/extracted/java/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 726 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6f501ecef2660fe2ad027b83a8165fbfce71ea27" + }, + { + "algorithm": "sha256", + "value": "7bb8781320fb3ff84e76c7e7e4a9c3813879c4f1943710a3b0140b31efacfd32" + } + ] + }, + { + "id": "32c35a9235c07703", + "location": { + "path": "/etc/pki/ca-trust/extracted/java/cacerts", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 162985 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "12e619fb3488b917f364d5baed4ce3df0b481dcc" + }, + { + "algorithm": "sha256", + "value": "ac3d53042f3cb667a779807a09226c3be396ceeb9d11943ade3208d5a6058b07" + } + ] + }, + { + "id": "c75545382b15487f", + "location": { + "path": "/etc/pki/ca-trust/extracted/openssl/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 787 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1b007d0cde2d4791df3363c6fa6a22f0263031a4" + }, + { + "algorithm": "sha256", + "value": "6c812d1ec8ce5bde2216cc42be33021d6345fbea05c14f50c52191a38c175ea9" + } + ] + }, + { + "id": "1927e8c59b24fe60", + "location": { + "path": "/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 676522 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "55e15e632fb262a4a6d9850a764aceaabc47ab9c" + }, + { + "algorithm": "sha256", + "value": "5a8e566a20336ec17ea7c0d71b8749f03b29f9ddf77ff733dfaf6782c28c56e6" + } + ] + }, + { + "id": "7d7490fa611754ad", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 898 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2e9c850350cb6adc069c023f9a619d08377bdcbd" + }, + { + "algorithm": "sha256", + "value": "27362e773c8b6bb065a455a66badb05e2652720bab8ade9ab91f0404cf827dab" + } + ] + }, + { + "id": "e89e0020249dd0a9", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ACCVRAIZ1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2772 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "620fa298774c61bc147e4766753252267a4d9c9d" + }, + { + "algorithm": "sha256", + "value": "04846f73d9d0421c60076fd02bad7f0a81a3f11a028d653b0de53290e41dcead" + } + ] + }, + { + "id": "ae69d9be7bd46a62", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/AC_RAIZ_FNMT-RCM.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1972 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ceb43c8ebea65e461729f071ad2f4ef62a831ba1" + }, + { + "algorithm": "sha256", + "value": "aa18ea4c9a8441a461bb436a1c90beb994ac841980b8fd62c72de9a62ddf8ae3" + } + ] + }, + { + "id": "a1ad3775f61392a3", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 904 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4f6fa356c7ad3ab1ddee68e9d4a43d76aebed253" + }, + { + "algorithm": "sha256", + "value": "8e3f237813d3f3e2f5767bc2a694a7557f84bb79fd60ef1adc25afd0c1fc5ef6" + } + ] + }, + { + "id": "d361bb2407bda534", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ANF_Secure_Server_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2118 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "86c697b354c67874c5fffdadca5d70896d23730c" + }, + { + "algorithm": "sha256", + "value": "efb2df6e0075fa74e448077e402d171851b2ffe4668a614adc00dcbc75633afd" + } + ] + }, + { + "id": "0582c63d360ee85d", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Actalis_Authentication_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2049 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "511ca95607022a99ed8e68bd63f136c4854cefcb" + }, + { + "algorithm": "sha256", + "value": "c6d25347727f267774611677588d76f8a54a6e14d3e99dd69ef2c20612ed87c5" + } + ] + }, + { + "id": "8ec53f46a05edb5f", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Commercial.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1204 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "31629611efda355cdc62783bd61e91aa0ba20aa6" + }, + { + "algorithm": "sha256", + "value": "7108110fdaf19e3e5a7ed8fa38557248e79fe78bb2e9eefe7a0bb801cbfd2db7" + } + ] + }, + { + "id": "182fdfb202e298d5", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Networking.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1204 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "87a9857563967d59ccbe51e4a8fc2ba2fda1e919" + }, + { + "algorithm": "sha256", + "value": "b68109f50ba0abed3b938afebd2ab42a2f5089062c59e9fc74425e2742d894bc" + } + ] + }, + { + "id": "71894ac0e3522f7c", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Premium.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1891 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2a47bba1a7198f3b61b179239dadc8b6d9555887" + }, + { + "algorithm": "sha256", + "value": "94c88202bf2c13c68b90d124f93f62374f36776b0bfbc110c6d06f829290b580" + } + ] + }, + { + "id": "744baa7aa5e8d192", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/AffirmTrust_Premium_ECC.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 753 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4078832c8e87e1552a61d2f27e38917f143c8919" + }, + { + "algorithm": "sha256", + "value": "42f0e946149ae0e0c6a1fb0e33150ce863479b2ef7b3c700161102ad1dcb34c1" + } + ] + }, + { + "id": "09545d087772de76", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1188 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f0d2d251ef5ee84b8e05d8012056a1495fcf34b3" + }, + { + "algorithm": "sha256", + "value": "2c43952ee9e000ff2acc4e2ed0897c0a72ad5fa72c3d934e81741cbd54f05bd1" + } + ] + }, + { + "id": "b94eaca0dedd811c", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1883 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "323b7b4a10c0d8da198a3e8c059c9bec24f4932d" + }, + { + "algorithm": "sha256", + "value": "a3a7fe25439d9a9b50f60af43684444d798a4c869305bf615881e5c84a44c1a2" + } + ] + }, + { + "id": "62810776df7db742", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_3.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 656 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2e7153a81fb98a0fbb508b3b93829e4e9eda5d23" + }, + { + "algorithm": "sha256", + "value": "3eb7c3258f4af9222033dc1bb3dd2c7cfa0982b98e39fb8e9dc095cfeb38126c" + } + ] + }, + { + "id": "aa7d9b28187b65d2", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Amazon_Root_CA_4.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 737 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d9ac8e9773360d16d95225747626873e81aa9fd6" + }, + { + "algorithm": "sha256", + "value": "b0b7961120481e33670315b2f843e643c42f693c7a1010eb9555e06ddc730214" + } + ] + }, + { + "id": "561baef31372130f", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Atos_TrustedRoot_2011.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1261 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3e7bf149a7cd32271ef18328a22c766bdb192c76" + }, + { + "algorithm": "sha256", + "value": "79e9f88ab505186e36f440c88bc37e103e1a9369a0ebe382c4a04bd70b91c027" + } + ] + }, + { + "id": "78447ed4edd2842a", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 782 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "21d7491620f569f125ea6750fbc51e0d68865eaf" + }, + { + "algorithm": "sha256", + "value": "970d70366b2f8c29ac71c8f71689ddd8fd321208a5ededbb2d784af33799a0f6" + } + ] + }, + { + "id": "50a066f8ec10e833", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1931 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8943e4a8481b0339e69f0e7cd54c324eb3cbb03f" + }, + { + "algorithm": "sha256", + "value": "980dc408dd2def2d7930bec10c48e256d115f636c403b631ffb93558dacf5571" + } + ] + }, + { + "id": "14f7f0a29e08b2ce", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2167 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d0cd024f9827c0b9834235e9517e932ce76009a0" + }, + { + "algorithm": "sha256", + "value": "a618213c5dd7cbb59b3154de7241d7255333a0619cf434329becae876ce6e331" + } + ] + }, + { + "id": "d158af0f907a075a", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/BJCA_Global_Root_CA1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1952 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "22841f1345277d606ed6dd3c42565e0ca907cc76" + }, + { + "algorithm": "sha256", + "value": "08e1a8115accf7ce400a3f98fc31dbab522a3ed3644ca48389b4899e2d794f1a" + } + ] + }, + { + "id": "cb569fa58f58ac94", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/BJCA_Global_Root_CA2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 806 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ba8137e853314ecd084532bfa3e5d63c79a3ec29" + }, + { + "algorithm": "sha256", + "value": "6c58125f88a4ff83d40e6b58c5532ea905be4daf1ec7da7f4542af3d34855340" + } + ] + }, + { + "id": "d49d21277e12004a", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Buypass_Class_2_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1915 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0a3e41e74e9a4137036525f0c2fd6d8edfdc7c39" + }, + { + "algorithm": "sha256", + "value": "9c2a7510e01aec2c9b8cc2c9d03b16576858a93863a6d0a31a2ac05f47f5dbe1" + } + ] + }, + { + "id": "85bd2ba5b1ebf7e9", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Buypass_Class_3_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1915 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5b889430b7dd1517c94f87b77175c5af957b15a4" + }, + { + "algorithm": "sha256", + "value": "8db5b7c8f058c56a8d033c2443d34fdfd3656150eaa73fe63c65161e7063ce99" + } + ] + }, + { + "id": "e7307252140f3444", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/CA_Disig_Root_R2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1935 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "71a23868abee32d53d2573dc73b82e0b77d76fb8" + }, + { + "algorithm": "sha256", + "value": "8adefca890c92e6d0877fdcba07655296852217da657026aea69ee547642528c" + } + ] + }, + { + "id": "73f4503d64a66d9a", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/CFCA_EV_ROOT.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1984 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "96828202bc5c8db6f4f56b4d81a2553c108ce23a" + }, + { + "algorithm": "sha256", + "value": "94e4ab21333740d7ed0f2b5007744e5cf6792c0ddf4c6bdfb3ce8333010e7306" + } + ] + }, + { + "id": "940ffac4f8480d15", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/COMODO_Certification_Authority.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1489 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b4b9dc9cf470c66b1e9e53c3029a07a941898185" + }, + { + "algorithm": "sha256", + "value": "e273097c7c57cb7cbb908057991ae1774d4e1e8c6a062fb6be9e6645b32fb431" + } + ] + }, + { + "id": "d65a8a096859eeaa", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/COMODO_ECC_Certification_Authority.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 940 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e99968bdee964aeabd2f025ccabe1d1085b2f88c" + }, + { + "algorithm": "sha256", + "value": "d69f7b57250536f57ffba92cffe82a8bbcb16e03a9a2607ec967f362ce83f9ce" + } + ] + }, + { + "id": "68df5c1193377790", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/COMODO_RSA_Certification_Authority.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2086 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f406946f4a9b379d4af9847451ca01dc40cfb968" + }, + { + "algorithm": "sha256", + "value": "24b0d4292dacb02efc38542838e378bc35f040dcd21bebfddbc82dc7feb2876d" + } + ] + }, + { + "id": "23b3a0ffd6f381af", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certainly_Root_E1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 741 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bcbe678ccaafd4dafae76ff27858163acdad7d0a" + }, + { + "algorithm": "sha256", + "value": "1b28a5568648fef0d3faeb916cb7bdb054724cb3b5a00c6bfd3d8a2fba7a8bba" + } + ] + }, + { + "id": "2af87fae7d870d72", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certainly_Root_R1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1891 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f2a61f2c7fcc32cf79611fdc2e1a1a774922dfc7" + }, + { + "algorithm": "sha256", + "value": "0c78902126532fde9eed4b2d8b6a2c9bbaa8b3abc59f233c45c6cb5514a9f808" + } + ] + }, + { + "id": "ee1f4013048d2e22", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certigna.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1330 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fe5df407c4cba70f49928410bf55df03d1e2732f" + }, + { + "algorithm": "sha256", + "value": "d1e1969cdbc656bb4c568116fe2d9b4f8b02b170dc20193b86a26c046f4b35a7" + } + ] + }, + { + "id": "b0bfd10354716753", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certigna_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2264 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "55d0638baee7a6144b8e3c028c24ee1127202c3c" + }, + { + "algorithm": "sha256", + "value": "fe3b44c18182e167121a2c645cecc4817441d469dc00633e60fe8476f9e1ad96" + } + ] + }, + { + "id": "656c280d47bd952e", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certum_EC-384_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 891 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "22dbd35fe494149e558aa745ec3114396ce7788a" + }, + { + "algorithm": "sha256", + "value": "c4a426fe57a7e4e6966e2103f2941eb7263e7c35727dd0f412bd593467304999" + } + ] + }, + { + "id": "a4045bf2b74d58b0", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certum_Trusted_Network_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1354 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "76c3afd5eaf8d5cbf250f08b923fbf9085c6793e" + }, + { + "algorithm": "sha256", + "value": "43f1bade6454349c258017cc99113f8b6a5712e3807e82ad9371348d52d60190" + } + ] + }, + { + "id": "6eb5b07c16b5c623", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certum_Trusted_Network_CA_2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2078 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "164db231827f86d73012dc6680fb6be777f205ac" + }, + { + "algorithm": "sha256", + "value": "9dd4cbb6d2c29cbb3ca98da02c042a690c0ef4c0521d98aae37e0a704c4bf210" + } + ] + }, + { + "id": "1a3ccf2e951b28df", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Certum_Trusted_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2053 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "224c9274d5af21d3cee7eb1b143d471be19e1b4d" + }, + { + "algorithm": "sha256", + "value": "e6c62d3f63ba03f4dac458b7dac6c09eb4d71cc3c6621769c3883ed51677c01c" + } + ] + }, + { + "id": "b03b81b90f9917f2", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_ECC_Root-01.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 794 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "37575d65f82284bd61f2bfce0820c8c3a7da69a3" + }, + { + "algorithm": "sha256", + "value": "a5e66a87e60e17b9aac2d825c9b898ce4bb635dd6e8a137c0dd2ca761b6165ce" + } + ] + }, + { + "id": "2394e5f517192d0e", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_ECC_Root-02.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 794 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bbdb4d47a7949fa7542f754f329b7602064fff8c" + }, + { + "algorithm": "sha256", + "value": "80eda3bc1316bbb2c18df887c7a30a40ace97146471337e06bfdd46337a688c3" + } + ] + }, + { + "id": "27274b78fdb5b66a", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_RSA_Root-01.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1939 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e6d40ed9e062ff5e9fc2c14c5a5dff81fea212f3" + }, + { + "algorithm": "sha256", + "value": "ee459c64139faa1fb8d90a9195022aaca51808c62bb374afa2a26b50875346b1" + } + ] + }, + { + "id": "9d9e9158a6244e83", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/CommScope_Public_Trust_RSA_Root-02.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1939 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "749aa8aa41aa221ac66106efb8d60e0705945fb1" + }, + { + "algorithm": "sha256", + "value": "fed2654034ede8dc7677c5e06d4b583bcb0ae352f03cd16111d34c854bbffbbc" + } + ] + }, + { + "id": "7bc3fbae8531dfa6", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_BR_Root_CA_1_2020.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1050 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "90be8e8f64cca12962624e98b8d9174373ee0e89" + }, + { + "algorithm": "sha256", + "value": "ae927c01e73470cfc89943b5cd8f26e481d55c833517c1017f3fef404a38a317" + } + ] + }, + { + "id": "671ef7876e00725f", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_BR_Root_CA_2_2023.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2025 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0071016c046d1407424d80aa71c640a0e3d3db17" + }, + { + "algorithm": "sha256", + "value": "2754e50d3377d6613e95df6d7a40150bb3a1fa1ae35382af96c7be58cdcbeb14" + } + ] + }, + { + "id": "d968bac0a3f46c58", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_EV_Root_CA_1_2020.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1050 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9751a120d60bb07072c400729f0245903faab22b" + }, + { + "algorithm": "sha256", + "value": "0b83e3ece7c33128cc31ac97595ce1bdb524db3f924623093b64e6a96ffb4b9b" + } + ] + }, + { + "id": "b14405cc33922027", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_EV_Root_CA_2_2023.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2025 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "59f7fa35fd3098f51913b9213729a30e92964735" + }, + { + "algorithm": "sha256", + "value": "268e32f39fb4f9316d0680fde4eb479bbe8c4093193551c4b388f703ada60eca" + } + ] + }, + { + "id": "37231c1c1b691ada", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_Root_Class_3_CA_2_2009.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1517 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0955eda0b9f35d8915cfc5decba0fdeffa307a15" + }, + { + "algorithm": "sha256", + "value": "a00b8aa918457f5e7e58457b5e2f80d640fa77cc290572aaab1ae7b4734a9528" + } + ] + }, + { + "id": "1e18b66e6564af0a", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/D-TRUST_Root_Class_3_CA_2_EV_2009.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1537 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9b3af04c571ba2783543c5ab5193aa279398fa76" + }, + { + "algorithm": "sha256", + "value": "f81ceeaf6341513ef391ab3ea3302e8b2fb2c1527752797bba9b20ca22048b3c" + } + ] + }, + { + "id": "1f640a80eae5d75b", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Assured_ID_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1350 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d636a2396e29b4e91e00106a183938a6d746f716" + }, + { + "algorithm": "sha256", + "value": "b52fae9cd8dcf49285f0337cd815deca13fedd31f653bf07f61579451517e18c" + } + ] + }, + { + "id": "f53cc7a5ec5dce3e", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Assured_ID_Root_G2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1306 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9662d04625b183655fdb0304f644865a28a2af7c" + }, + { + "algorithm": "sha256", + "value": "660b5aa96668c5162f4af6b0a01241d8527aef8fa8a5307a7033b83c3de4a72d" + } + ] + }, + { + "id": "f54bda09b2c311df", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Assured_ID_Root_G3.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 851 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "07683ac24e071f61794b8ef1d77fa9096b8d6a90" + }, + { + "algorithm": "sha256", + "value": "c4fa4cc30be6aee0a4c0dff81f28768eedd83e8d4934a42f82179cbfa61f13ad" + } + ] + }, + { + "id": "91233860774a931b", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Global_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1338 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4418290c0af661843b28c70f4eb728f4cc462960" + }, + { + "algorithm": "sha256", + "value": "39fdcf28aeffe08d03251fccaf645e3c5de19fa4ebbafc89b4ede2a422148bab" + } + ] + }, + { + "id": "81c2c135a68d29f4", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Global_Root_G2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1294 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bcd60f07008eed3bd1d16a974fff0b93ce68110b" + }, + { + "algorithm": "sha256", + "value": "5d550643b6400d4341550a9b14aedd0b4fac33ae5deb7d8247b6b4f799c13306" + } + ] + }, + { + "id": "c6f78a73469f9f35", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Global_Root_G3.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 839 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ee09b75a1fb80f76354f45dace36fa5174d96bb0" + }, + { + "algorithm": "sha256", + "value": "1914cd2d4cde263315f9e32c7683fc0e1b921919ad12b256d49bf782011c03cc" + } + ] + }, + { + "id": "8e9fafe6e242e811", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_High_Assurance_EV_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1367 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ff242a82d695ca1e476ec5a465cb44f0747edb58" + }, + { + "algorithm": "sha256", + "value": "d98f681c3a7dce812b90bf7c68046827f3bf5607357f1e4918c5dc813b359bf1" + } + ] + }, + { + "id": "530a86f1b4192055", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_TLS_ECC_P384_Root_G5.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 790 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "02326c81a98c8914ec59c4be2817b6f2177e8033" + }, + { + "algorithm": "sha256", + "value": "05161ad2ac04a0df956ef803e127aa877cc5131e0a727ed8e5de43f02e8868c4" + } + ] + }, + { + "id": "5ae379d9c156a3ef", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_TLS_RSA4096_Root_G5.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1931 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b6c7cf76bffe105afc7255951b70fa1b140c452e" + }, + { + "algorithm": "sha256", + "value": "fe64d4b3ae749db5ec57b04ed9203c748fff446f57b9665fad988435d89c9e43" + } + ] + }, + { + "id": "bdc8668c4b51e731", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/DigiCert_Trusted_Root_G4.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1988 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e18e58c72171c631853f21ddeeef0f3eddff113c" + }, + { + "algorithm": "sha256", + "value": "ce7d6b44f5d510391be98c8d76b18709400a30cd87659bfebe1c6f97ff5181ee" + } + ] + }, + { + "id": "4075c56de1d4abc7", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Entrust_Root_Certification_Authority.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1643 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "84c2702946b6895ac09e25fc4eccd685129a2e27" + }, + { + "algorithm": "sha256", + "value": "745bd29be45667514b4000e9cdb70cdecad0f02c78232ed722f64f7f80436e35" + } + ] + }, + { + "id": "413fb225936be2cf", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Entrust_Root_Certification_Authority_-_EC1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1090 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bec0efa7b5d94664b6427d0bdc22e77ae6ed1d6b" + }, + { + "algorithm": "sha256", + "value": "a0d7e56b32b767e076bd7d05ce1779dbe3656d0a02a9abe711fc79640b9f7fbe" + } + ] + }, + { + "id": "e633bee8f313f043", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Entrust_Root_Certification_Authority_-_G2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1533 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6030dacb6bb4c3acd58b528313a6b417cddbcdb8" + }, + { + "algorithm": "sha256", + "value": "646db48fa7794bcab4581f264ff3fad4cff7bbd24f5e8bb170d4f602b6caf828" + } + ] + }, + { + "id": "a6a99cfab1fecb9b", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/FIRMAPROFESIONAL_CA_ROOT-A_WEB.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 920 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e5f6f17a920cdad0d8c904f0705f94e58964e7e6" + }, + { + "algorithm": "sha256", + "value": "9f9228cfb1ba0c6c9cd1c7b35437272b5fad8259e5205e6af57ab50edeb22e2d" + } + ] + }, + { + "id": "d4c5db59ee201691", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GDCA_TrustAUTH_R5_ROOT.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1980 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "276ef0193f9ff2a5ee437acaa4069c8d4c41851e" + }, + { + "algorithm": "sha256", + "value": "b0bf3a444f89d8be7db120bfecaa2f94d9e49ede21f680d674c1e8d839d8a9a2" + } + ] + }, + { + "id": "6d32fab6df045544", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GLOBALTRUST_2020.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1972 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4996eba7b2b212547bffe74e8cf38cb9e03411b6" + }, + { + "algorithm": "sha256", + "value": "b3bcd05e1b177130f6888fcc1cff4e01cff44ef8e6b0d035f04ad6a71dd0879c" + } + ] + }, + { + "id": "0f1557987e632aa7", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1911 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5aab042e2987dbf2849f05194800ee162c6a5fd7" + }, + { + "algorithm": "sha256", + "value": "4195ea007a7ef8d3e2d338e8d9ff0083198e36bfa025442ddf41bb5213904fc2" + } + ] + }, + { + "id": "b83f8e631682a492", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1911 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "299af0bfcb2f6fde42b5cb1eaf9d6c07a44e9b14" + }, + { + "algorithm": "sha256", + "value": "1a49076630e489e4b1056804fb6c768397a9de52b236609aaf6ec5b94ce508ec" + } + ] + }, + { + "id": "3de4fa7dcd29bf21", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R3.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 765 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "953c8337aa79ca983beabb59e85a75a7f35f310e" + }, + { + "algorithm": "sha256", + "value": "39238e09bb7d30e39fbf87746ceac206f7ec206cff3d73c743e3f818ca2ec54f" + } + ] + }, + { + "id": "a7d187c4307ab11e", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GTS_Root_R4.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 765 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "54b519a7faeeae1f2d777d3fa2ce998d6a31d9ac" + }, + { + "algorithm": "sha256", + "value": "7e8b80d078d3dd77d3ed2108dd2b33412c12d7d72cb0965741c70708691776a2" + } + ] + }, + { + "id": "79585666e0964d2e", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_ECC_Root_CA_-_R4.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 704 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d62a5e3304792e3f8c9f9bd5eaa74cf3a4b37961" + }, + { + "algorithm": "sha256", + "value": "d1b69887f73444c0fc0a6f22a2fe961c2423275f9c38ba7d50da2a4ba75394f1" + } + ] + }, + { + "id": "d9444c634712dee5", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_ECC_Root_CA_-_R5.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 794 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b5303a6a94db2ee51ce9b07ce05700a6839c4d0c" + }, + { + "algorithm": "sha256", + "value": "80eeafa5039f282345129a81ace7e1c1e1d4fd826f1eb3391a4ea56f38a6e3d8" + } + ] + }, + { + "id": "9bf39454af476ddf", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_CA_-_R3.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1229 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1b094f057de5fa44d7958268d93ed5f4d6c5dbdc" + }, + { + "algorithm": "sha256", + "value": "6bdc59f897631af7811e3201cbc58e5999de2600ae8667454a34514eecfd8381" + } + ] + }, + { + "id": "0ac3ffc119e413fa", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_CA_-_R6.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1972 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a5f84689d3eeeb0c0cf67dd0bcfa7e873b3553b3" + }, + { + "algorithm": "sha256", + "value": "5ff8425be71c1805446bf10601ce3cb9619889866766fc9285583ca5a4a7de94" + } + ] + }, + { + "id": "62bdfcdf58cd874c", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_E46.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 769 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "00097313addec897465681955d57c936f62fc8c3" + }, + { + "algorithm": "sha256", + "value": "5bd16128d0934629c2e1713140a6f97c9828dbb5429ab5797b2573efc71de1a1" + } + ] + }, + { + "id": "2c52da743358feab", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_R46.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1915 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d72a96202dd7467dcffc0a7772ca7c4a8c4c1cbc" + }, + { + "algorithm": "sha256", + "value": "dcc1a6246e13880ca5b73ef547e082dd0401e4d8837b6d211be82f7be791ac65" + } + ] + }, + { + "id": "3952cf141f7a7988", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Go_Daddy_Root_Certificate_Authority_-_G2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1367 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "760fbb36cfb55a67c71cac3dcf0d368ea9f98ee7" + }, + { + "algorithm": "sha256", + "value": "500329abac100a953a7396b54b36be57d333022f17401bc948248ea179cf1784" + } + ] + }, + { + "id": "7b1cb270c9065cd2", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/HARICA_TLS_ECC_Root_CA_2021.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 867 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7e50045e60b63c8690a29d8f434f9a740f926120" + }, + { + "algorithm": "sha256", + "value": "c6dc63e98b3a5e6a595c7d583a9c47c5efb6d316957466fd16c785b423eacf37" + } + ] + }, + { + "id": "591a41db9b79af5d", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/HARICA_TLS_RSA_Root_CA_2021.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2017 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a551003c7ed1fee9ad3015fbaa3139a856d28174" + }, + { + "algorithm": "sha256", + "value": "05e0ebf9643197ccf8036cdd86a2ee14292c2a077dbe06435ed30369b8762564" + } + ] + }, + { + "id": "a1ff587af407dfb7", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1017 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fc2c55eb2428f256ff55b96c2123a828e98f1a66" + }, + { + "algorithm": "sha256", + "value": "1cdd90d42b48cced8f5ecbff087c49da56b224f0272e4b5074e63b82fff5fb16" + } + ] + }, + { + "id": "13f76655123400bf", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2155 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "22d9fe83302ff06ae25e6efb8cc1fa21dfaf0e72" + }, + { + "algorithm": "sha256", + "value": "677160e6297b48b87ede98ab7b4f2be55894491776f6191937ea397d01a6fb4b" + } + ] + }, + { + "id": "48be61ae1c21cf77", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/HiPKI_Root_CA_-_G1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1939 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f9c9b3d9baa557bf26ce840730a726c74aa721f9" + }, + { + "algorithm": "sha256", + "value": "c3f06f635f1939ebeb125e5c1f030e329b63dd808d3ce803b1b1794bc78b253a" + } + ] + }, + { + "id": "efa0302dda182d8b", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Hongkong_Post_Root_CA_3.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2074 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d5c78ce39f6d7ca7b589017ebb57a6da21fa8fca" + }, + { + "algorithm": "sha256", + "value": "1fd9801787f30a4ab835b1462afc3f71473a5eacc74c0a22ed392bc3da9362f3" + } + ] + }, + { + "id": "4ae49a9e734148b6", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ISRG_Root_X1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1939 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4de9627fe9ace4acce27eaa1a0837cd3db55704b" + }, + { + "algorithm": "sha256", + "value": "22b557a27055b33606b6559f37703928d3e4ad79f110b407d04986e1843543d1" + } + ] + }, + { + "id": "079c21d9907f9cfd", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ISRG_Root_X2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 790 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bd49d42c1fbb733120cd260418ac892a6954d54c" + }, + { + "algorithm": "sha256", + "value": "a13d881e11fe6df181b53841f9fa738a2d7ca9ae7be3d53c866f722b4242b013" + } + ] + }, + { + "id": "6dfd0beaa799ad0e", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/IdenTrust_Commercial_Root_CA_1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1923 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4fa701bf556b8d2fb78fa8f47643a212523f1a77" + }, + { + "algorithm": "sha256", + "value": "1d03b965511ce50d0a0bae1b549ed7048c783cfcba9aa40ea11d355b1889657c" + } + ] + }, + { + "id": "07a27c099fae9123", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/IdenTrust_Public_Sector_Root_CA_1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1931 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b613bb3a6dcc2ee7ac62d0951e0ea9bcbd48ff8c" + }, + { + "algorithm": "sha256", + "value": "9b4282f5a402e19016c4874a52df3367eabccf05be851ad03039f777a602d30a" + } + ] + }, + { + "id": "193a2581250f135d", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Izenpe.com.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2122 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "19e6885c728173659551480ce51ddd2680c6805b" + }, + { + "algorithm": "sha256", + "value": "1d37341b099afc610bf4feb387096577a0dc61bb8fd09444f1a199a1b1b117e3" + } + ] + }, + { + "id": "16cb119ab1193d7c", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Microsec_e-Szigno_Root_CA_2009.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1460 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d8616f439458366e6a5a94d2c72713c0c8ffcd3b" + }, + { + "algorithm": "sha256", + "value": "4f670affee7b14140a6d20937db6e991102d5f8bac1d2562ebf20a1afda94d73" + } + ] + }, + { + "id": "2f1754af535cdc5d", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Microsoft_ECC_Root_Certificate_Authority_2017.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 875 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "69d23ec7c71994b1b2ccbad0fda4c17db22541d2" + }, + { + "algorithm": "sha256", + "value": "b4ee8ed700b7abe4836d119c8113bc8b717f4f1568abd7edd81f2526c5836983" + } + ] + }, + { + "id": "353e4439f2dd7f41", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Microsoft_RSA_Root_Certificate_Authority_2017.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2021 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f644c114129ef405b4b513787f189e78f398f0e9" + }, + { + "algorithm": "sha256", + "value": "626d330f6a8944fa4245f02f9795668e25a40b29b4cc5206bee73337b7dcd4d5" + } + ] + }, + { + "id": "dc13bf6b2a6e2b69", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/NAVER_Global_Root_Certification_Authority.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2013 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3319083d34cb6e52c0df4d4cdbebfb065c6b8b4f" + }, + { + "algorithm": "sha256", + "value": "9848c94859f83e48defe0b25a0f4347480b56ea2bb3336fe6d4dcf00d0d6031d" + } + ] + }, + { + "id": "39143e0586bda8fb", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1476 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3c1c0175e7f82dfa6aa6f6cc32aaed15ac50f42d" + }, + { + "algorithm": "sha256", + "value": "40f60f2e2f83fb6c63ddefeba7939a7852b2d468183ea939cc4dcac8fe4cc87d" + } + ] + }, + { + "id": "227a51e35002cabe", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/OISTE_WISeKey_Global_Root_GB_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1346 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fce2c0dc059c1ad3ac93d416b6baaebb5e97b75f" + }, + { + "algorithm": "sha256", + "value": "2dc52d373089ff5173ac392a464746dd066aaa3b7d1b3494a473c96686666fce" + } + ] + }, + { + "id": "4970fec0edea6086", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/OISTE_WISeKey_Global_Root_GC_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 895 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b3dcfd843dff566af4ef0a483e6579ffb512cc37" + }, + { + "algorithm": "sha256", + "value": "17b98c4d832e8349ecb55f1f90e41dfc7bcd9410d1e925ccd06612cd3b9b9a54" + } + ] + }, + { + "id": "c954bd9a6a034eae", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_1_G3.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1923 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "77445cf9c00088588d0e7c3306625389c30ff4be" + }, + { + "algorithm": "sha256", + "value": "4db45324410a01a7023b038e5da7d7274d3cfd392565c351cf3d297fd7664c73" + } + ] + }, + { + "id": "677e7b3acd57270a", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2041 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1c8d7a40a564fb59ea180802042d8b82a8aeda38" + }, + { + "algorithm": "sha256", + "value": "8c4220477ed85355fa380466aa8f559106d8a39fc90d3e0c121749e19444064f" + } + ] + }, + { + "id": "ee0231f8dab414d5", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_2_G3.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1923 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5f3fde19cf8ffc60385575b98975644b7b7ff031" + }, + { + "algorithm": "sha256", + "value": "825c67f5583131425c4e33275cc8e5c9dfd02cd190c6d71e1d335621e82965a8" + } + ] + }, + { + "id": "17b9d60e0e1b35df", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_3.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2354 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c85dd47ad4764e2aaf33e28b676fb5038c0568a8" + }, + { + "algorithm": "sha256", + "value": "a2ae0b4ec9d2a4c4e150756a3defabd15bcaa75ee2b599e722b27c6a2998d00b" + } + ] + }, + { + "id": "47f5221ea947fdb1", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/QuoVadis_Root_CA_3_G3.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1923 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7c769d9fdb4df4d743ac9db8fd263763e1e9e49e" + }, + { + "algorithm": "sha256", + "value": "198cfe560c191a800cbe923ceca0a4e4f3d5a0d7ff9316b47998765fdc0897be" + } + ] + }, + { + "id": "ce2bebc2a583aca5", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_EV_Root_Certification_Authority_ECC.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 956 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c3d015aa3924c34077dbe7f578d6ce389b919d71" + }, + { + "algorithm": "sha256", + "value": "662d60a283f416d888ff18831009e2cba95c61377f648beeed91a3dea12ac286" + } + ] + }, + { + "id": "1e55eed924243527", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_EV_Root_Certification_Authority_RSA_R2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2114 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2c4144422efd3d778cf5f3c280724e612ed89b29" + }, + { + "algorithm": "sha256", + "value": "a0681f1a11d5c02760bcb68b61b0d332f6c197e239c4b30dc47f91a79a73282b" + } + ] + }, + { + "id": "30ef2bfd0f1a0e58", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_Root_Certification_Authority_ECC.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 944 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d0f278d2129baf0d1be707831136f5ce16dec98e" + }, + { + "algorithm": "sha256", + "value": "b68d02ce35bd02123cf5fcd329bdd33640214715dae0442a97782a4471e9b292" + } + ] + }, + { + "id": "98bc80b97ed6f71e", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_Root_Certification_Authority_RSA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2094 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7bff96214a4f9251fe6af524ce5e9b2a4216144e" + }, + { + "algorithm": "sha256", + "value": "2e368debd3626ea9c5d94c582d80050a530b505aa77ba231eb13e4d208c36d67" + } + ] + }, + { + "id": "5d8a2d8699ed9ee4", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_TLS_ECC_Root_CA_2022.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 834 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6c37f0f346f759c198895674e9ffc53193e2423d" + }, + { + "algorithm": "sha256", + "value": "cf03adad817ae999648c5182ac996fc0682aeda4329c783756aa1c5c3d92eff9" + } + ] + }, + { + "id": "a56ebf7e9a40fb59", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SSL.com_TLS_RSA_Root_CA_2022.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1980 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "82fb99b1b29e3e21da6a144496831bf9ed5b250f" + }, + { + "algorithm": "sha256", + "value": "e1c93696d4de9125e49f6a12b97a1cbcf8ce7331bc8268f1fe7b6ab447cc14cf" + } + ] + }, + { + "id": "c7ae26ddbcb34411", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SZAFIR_ROOT_CA2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1257 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "03d3c9a01229ecce2908287bc53f5f8b2cfa36e2" + }, + { + "algorithm": "sha256", + "value": "cbe8a1eec737c93d1c1cc54e31421f81bf358aa43fbc1ac763d80ce61a17fce0" + } + ] + }, + { + "id": "c2d37f13fff878bb", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Sectigo_Public_Server_Authentication_Root_E46.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 834 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "323c21e30628ec823ce32209214a1526cce65e22" + }, + { + "algorithm": "sha256", + "value": "808130157f570b7640069852c88e256738007811a64c3aa9a4c31038347dc19c" + } + ] + }, + { + "id": "1d227a39ec963bc2", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Sectigo_Public_Server_Authentication_Root_R46.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1980 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fb39baf23f5d3ab1f981ec407992211a3d2518ba" + }, + { + "algorithm": "sha256", + "value": "7eaaf8c5047d5dbb4f3d7f173318ee936b09da4f0ceb5f3beb45c277480836eb" + } + ] + }, + { + "id": "dc3665da59955d9a", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SecureSign_Root_CA12.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1257 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "72f425a92ba7123ac007c3fc631b63e12bb745c4" + }, + { + "algorithm": "sha256", + "value": "74e98caeaa30bc2828e7610aef3fbbe845a715367011598b4bec5fa65d9af0db" + } + ] + }, + { + "id": "a3595503d07fec00", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SecureSign_Root_CA14.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1948 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "63c5444db460856bd137353481114907fd2853b7" + }, + { + "algorithm": "sha256", + "value": "1ad476fd9bf167e89bf98f13e9aec59a03443cf6e3d6645b1210fb1e7c702f88" + } + ] + }, + { + "id": "642256529f0ff6ab", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SecureSign_Root_CA15.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 802 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ff5f5d95c4a822783ba1041e2f90c2c24d534fae" + }, + { + "algorithm": "sha256", + "value": "6198c864eaffa477ee9cf9aa10b534f022230e3129f99168962dc06358b4c9af" + } + ] + }, + { + "id": "edfdbd6d1f4c0ab6", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SecureTrust_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1350 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "627699850d19c89f6e0cb7494d77cb0c6c2b81ce" + }, + { + "algorithm": "sha256", + "value": "a3e70af2c4b48562b61fe858d9d30f073f2cf2136f2af01ab5a966673e70af4b" + } + ] + }, + { + "id": "45839436149b96de", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Secure_Global_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1354 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "86aed091506a5bd64805bd433054905c39a42c10" + }, + { + "algorithm": "sha256", + "value": "7ee52fb3a5afacd55a7a2e00f057f7f64776ea0d536036f54c57694961e25179" + } + ] + }, + { + "id": "bd5228ada8121d91", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Security_Communication_ECC_RootCA1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 830 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "375dabb1d954f8e0411289425ddf969da3bd6a7b" + }, + { + "algorithm": "sha256", + "value": "ef94d474067b306c482dfd066130f04855f50faecd461cee2964ce6c7260000e" + } + ] + }, + { + "id": "17d06a4ad7f9687a", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Security_Communication_RootCA2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1261 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "68510d0792e95592dcfe3ead230a58096cf4df7e" + }, + { + "algorithm": "sha256", + "value": "39ad3110b8f84821ca22cfbd995914f2149521d27ce576e743de6a00dc39d9db" + } + ] + }, + { + "id": "0ba8180fa6f35a3e", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Starfield_Root_Certificate_Authority_-_G2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1399 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6594be3a70dfaa9cbb9b486dbc6e0271647fb61a" + }, + { + "algorithm": "sha256", + "value": "ca3760ba63bf0a2c5dd0dc7fe897838cc58f12a386b4ee53d2065229848e96a3" + } + ] + }, + { + "id": "f64ff4bd865c88b8", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Starfield_Services_Root_Certificate_Authority_-_G2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1424 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "29091b76a08e520486579e758ac6c4a09ea0fe0e" + }, + { + "algorithm": "sha256", + "value": "870f56d009d8aeb95b716b0e7b0020225d542c4b283b9ed896edf97428d6712e" + } + ] + }, + { + "id": "e413eb82e4aedb71", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SwissSign_Gold_CA_-_G2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2045 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5bb45a16db10a4908960e5127689313fff442208" + }, + { + "algorithm": "sha256", + "value": "0ebb1a5d93b86ad9dcbd294413f272817fe3bb8ba46f4ec8192b3b805f2fa8ae" + } + ] + }, + { + "id": "e4e29ef2803ed609", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/SwissSign_RSA_TLS_Root_CA_2022_-_1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1992 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ab11381efea715809db63b99349e38e036a027c0" + }, + { + "algorithm": "sha256", + "value": "d7a20d19e788235a092dcbd33831c59280ea01a9a7a7f663a8c41bf753df2c71" + } + ] + }, + { + "id": "fa50ef55337074f9", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/T-TeleSec_GlobalRoot_Class_2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1367 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7f1b1e428ac6d2cce6ea3ee106cddd6d5686eeee" + }, + { + "algorithm": "sha256", + "value": "b30989fd9e45c74bf417df74d1da639d1f04d4fd0900be813a2d6a031a56c845" + } + ] + }, + { + "id": "70d5705ef7765b89", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/T-TeleSec_GlobalRoot_Class_3.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1367 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2a83caf5351d413d44bff9b7ea3e06cf6240eee4" + }, + { + "algorithm": "sha256", + "value": "1cb130a113f4e8502517a679808a98bf076d59bdb223bfc61cd224b8e1abda49" + } + ] + }, + { + "id": "49990674bf8a8995", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1582 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "205ecf6e40d8f9dc700b932ce6a3a26836994652" + }, + { + "algorithm": "sha256", + "value": "c6904218e180fbfb0ed91d81e892c2dd983c4a3404617cb36aeb3a434c3b9df0" + } + ] + }, + { + "id": "d72a35ab6edac53b", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TWCA_CYBER_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1984 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e6b4f879a7ed34e42b54d759a12fc9ba067fc9f6" + }, + { + "algorithm": "sha256", + "value": "68a5f526d2e08c363444536b22a8d4ebfff72d7810ba26dc47711bb6cbc39d50" + } + ] + }, + { + "id": "f534115f859e6e48", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TWCA_Global_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1883 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "387f72838755cd50ba19d2fb29c1f03803776ed8" + }, + { + "algorithm": "sha256", + "value": "5dadc31b57074a3168d1df23bb8b6b920acae1d426bf2288fc2de53cdd571089" + } + ] + }, + { + "id": "7753c8e8ea6b2b66", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TWCA_Root_Certification_Authority.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1269 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "60c33e855789106bf75a3c97696fdd2d58890467" + }, + { + "algorithm": "sha256", + "value": "b69a59344e58615a691fa9567d55ad6337f09b57647a389242cbf43716575559" + } + ] + }, + { + "id": "2cd277574bf2ef9e", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Telekom_Security_TLS_ECC_Root_2020.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 843 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "621ba40b628552f82543e4af88de8c084e0fd860" + }, + { + "algorithm": "sha256", + "value": "a5ea4e7d6673e4d8cebbcbee010cce2f97b720ed2691abb35a119227c5dc0135" + } + ] + }, + { + "id": "c89156f9c954187b", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Telekom_Security_TLS_RSA_Root_2023.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2037 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7aef4f441e0bcb1c26731cebff6d3717b83577e8" + }, + { + "algorithm": "sha256", + "value": "899d7d6cc867b2bdf51250f88c9ab9e1e96aac5d59b51c93b3b0c69e96792b7c" + } + ] + }, + { + "id": "6a975a110e918ef8", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TeliaSonera_Root_CA_v1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1870 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a2219a7fd0a77be7422a02049b8d27805c0250ba" + }, + { + "algorithm": "sha256", + "value": "303c346ece82ca4f6713ac176164285d0469f326b6f12a787e11f5d702529277" + } + ] + }, + { + "id": "81eb54b3f8a738b9", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Telia_Root_CA_v2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1952 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "049de12dad62e4a31318fe6b024a88b645830daa" + }, + { + "algorithm": "sha256", + "value": "bf3bd189c3dd33bc81635d60284461f0d937c2c1d51cc4d7851c13466419fcb0" + } + ] + }, + { + "id": "16f766edb35bbce4", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_Global_Root_CA_G3.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2017 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "629795d39048cd6b1935e43ef4f116e38914dad8" + }, + { + "algorithm": "sha256", + "value": "d729fda98d8a3bf0d657b93fe0f70e22437359ef0de4ac5b4abcf3ef3667613a" + } + ] + }, + { + "id": "afc79d5859e4f1d4", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_Global_Root_CA_G4.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 871 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "50260e64112522593a87b32ec81c2a850b915878" + }, + { + "algorithm": "sha256", + "value": "fc9662ebcadeb2c0a804bdb6503d0c23976c638cf73ff95ffafd33ead680e73d" + } + ] + }, + { + "id": "cbca403cefeaf0aa", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_TLS_ECC_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 822 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b7f6405d86b918a47392233b4050bad2a57cf9d3" + }, + { + "algorithm": "sha256", + "value": "4e68d469799a26c10aea3f2ff350af434033d4a2914ba6aaccc27a34fe24005e" + } + ] + }, + { + "id": "bdced0d08b9f3b29", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TrustAsia_TLS_RSA_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1968 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "49d03150fceed000d89a6af305412d999e7b25ec" + }, + { + "algorithm": "sha256", + "value": "76ae2d0df1228b565cf3533a7c22d59fc3683f240ce7192201072260fc6f0e27" + } + ] + }, + { + "id": "ab7f88149ec866dc", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Trustwave_Global_Certification_Authority.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2090 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8747f89bcc06ba119cac723e990ffdb2ead7a6ac" + }, + { + "algorithm": "sha256", + "value": "0c7ffc481084cad9ccd3402eba9401b0f5abea0917d985e9ce401c8efbad4b04" + } + ] + }, + { + "id": "65cf00dde68b5145", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Trustwave_Global_ECC_P256_Certification_Authority.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 883 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a2ac2145ffcc590d436350abc22ea825f15e3b9f" + }, + { + "algorithm": "sha256", + "value": "f08c4d2b700f7cd5da4dc1b60f4c57090fdc692cde8a7221f35b70abb4cec363" + } + ] + }, + { + "id": "a8c2e1a2264357bd", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/Trustwave_Global_ECC_P384_Certification_Authority.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 969 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "364fbd20e4805c74239f70e46e8f4a3ecde50386" + }, + { + "algorithm": "sha256", + "value": "a83c5b6097b03509711c9cd8de59def7ecf99ed72b4076dc33f5b2e35545b3b3" + } + ] + }, + { + "id": "89aa76251ced5286", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/TunTrust_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2037 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9f7b67a59f43b598f0cfcb0cbf495358b8485b28" + }, + { + "algorithm": "sha256", + "value": "8a852f7182753cb0193299c6cb2b4a106b1c38a789217b5eb380d736c5cc0081" + } + ] + }, + { + "id": "ebbd0474709b5396", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/UCA_Extended_Validation_Root.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1915 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "736c6d8fa36e3487b463b5c148dd6a0a8b39a99c" + }, + { + "algorithm": "sha256", + "value": "eaa3be600a842e5b603316ed14e9ae11a43003f68a8317f0f2c01a516da4e586" + } + ] + }, + { + "id": "74985de09ec98764", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/UCA_Global_G2_Root.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1891 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "140c027384371f293098c5c93c9388d9fde22595" + }, + { + "algorithm": "sha256", + "value": "de2e7b1bc7a2aed4e5866d3655d1041206c27caf376ee81bfc4012e8225e0e7c" + } + ] + }, + { + "id": "a814f6702809f1e3", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/USERTrust_ECC_Certification_Authority.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 948 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d9ce0ff56c71bb4091388ea38e01d97565a7557f" + }, + { + "algorithm": "sha256", + "value": "08fb40ba4144166f6ae80c7ab60be23e97e5083836d45fa85a33a5d0bfec10f8" + } + ] + }, + { + "id": "ea3e1340c08ef25b", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/USERTrust_RSA_Certification_Authority.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2094 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2f2380685be0ea8c1be1e1a8496ff9f220c4f61c" + }, + { + "algorithm": "sha256", + "value": "8a3dbcb92ab1c6277647fe2ab8536b5c982abbfdb1f1df5728e01b906aba953a" + } + ] + }, + { + "id": "cf78c0304a8231d0", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/certSIGN_ROOT_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1176 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "37268bb31073e1fb5d7e3221c203d27033886e72" + }, + { + "algorithm": "sha256", + "value": "cf339eae15268aff66148f3bcdf112a7700eafded3edcb3f86c60133b10e03f8" + } + ] + }, + { + "id": "51636301020480a2", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/certSIGN_Root_CA_G2.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1891 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2ef9f1bb072e0524043c63a27e6ff39da6a6bd32" + }, + { + "algorithm": "sha256", + "value": "80eee369aa5b29931209226fcb4b014ba31daa7f630d44a196817c1bb6b334f1" + } + ] + }, + { + "id": "fe69c5fb98d90ec5", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/e-Szigno_Root_CA_2017.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 843 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0eec6464c1065a3b1e5866580e2fdcd47494c870" + }, + { + "algorithm": "sha256", + "value": "8c1306d5c64b43ce6c189b8450f27160aaff3f504211ca6819af6035ae1a7d73" + } + ] + }, + { + "id": "150c1fcead3a7969", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/ePKI_Root_Certification_Authority.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2033 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ba48acec12fa6a0e8a29ad8801825c6d0a2b85e9" + }, + { + "algorithm": "sha256", + "value": "d22b235421616835f68d15801d82b44e7c463433f8bbdcc92f9c023fafcb2bf2" + } + ] + }, + { + "id": "3e0c91ae1e25cc84", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/emSign_ECC_Root_CA_-_C3.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 814 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cd8b037030f190cb1312b8747f3cd1841586abb2" + }, + { + "algorithm": "sha256", + "value": "b1d0ac5a261e857409cc921acb515796538b48847722f0a00ddccbf60bccec81" + } + ] + }, + { + "id": "4a0e3fa71c05dd54", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/emSign_ECC_Root_CA_-_G3.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 859 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3f5b8aa141a7ca8dae71d86b7074790717ffbe76" + }, + { + "algorithm": "sha256", + "value": "36e68e205b53c67c7a013894e0d5c8583063468118d1ce78ecbc2200d1dd185c" + } + ] + }, + { + "id": "f0e1ebbf7474881e", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/emSign_Root_CA_-_C1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1257 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "99b8162c32f3ecf05806112baa77ab7230e998d5" + }, + { + "algorithm": "sha256", + "value": "fb98230f8746d60429c20f8ce04254384337b479a77698939f7041d0c0eb4289" + } + ] + }, + { + "id": "d6f8ea519d12a481", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/emSign_Root_CA_-_G1.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1302 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6f86ddb585d2f516b028fa21958f09abe463b8cc" + }, + { + "algorithm": "sha256", + "value": "8d390d4c54f6a4a040b04413f1f002192027c66a2a835741f78a152074584a27" + } + ] + }, + { + "id": "1fe092df0653a342", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/vTrus_ECC_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 774 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "05320440f6f2b0315ac23191bc6f7ef427e2f673" + }, + { + "algorithm": "sha256", + "value": "2ce349e2da9df497cc62aca37b009a2c3261ccdbe06a4c4a063f8105da40eb5d" + } + ] + }, + { + "id": "3cbd859f9017a22b", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/directory-hash/vTrus_Root_CA.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1911 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c9204a1166c493bf25596573a2206d808c5b154f" + }, + { + "algorithm": "sha256", + "value": "8cc726cf62c554561e89e1237495bea3026b1709ba7153fed3401fcd489b5aaf" + } + ] + }, + { + "id": "decd17b619f52264", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 156456 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5911289576a01c2d470059d497fada90f8a04487" + }, + { + "algorithm": "sha256", + "value": "2f2d6a53cb9542ceeccf82a2ffa7d53c24043b75b43f1623ff1266806583d1ca" + } + ] + }, + { + "id": "b9b3c747a4031e46", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 505352 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3517fefcd7d440000f627d78a35356c3922bd404" + }, + { + "algorithm": "sha256", + "value": "4d96c990d2089ccdf288c5c1fd759a58216d7257d43b929e82bbd32126307357" + } + ] + }, + { + "id": "a9b76305742edafb", + "location": { + "path": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 444, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 223752 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f447b81237b8976f13fc8ab4e3c9c8f8a937c502" + }, + { + "algorithm": "sha256", + "value": "00411c197b16f659945fba3c2f970a26030f56eef5d445c913cb59a089c813b9" + } + ] + }, + { + "id": "bdf32f5d5416ab16", + "location": { + "path": "/etc/pki/ca-trust/source/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 932 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1b475ca8d961e4afc37af6483ff75322cdf28692" + }, + { + "algorithm": "sha256", + "value": "86184318d451bec55d70c84e618cbfe10c8adb7dc893964ce4aaecff99d83433" + } + ] + }, + { + "id": "2460ffdfcb2fe6c9", + "location": { + "path": "/etc/pki/product-default/479.pem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2171 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "560764b8b286afc7ad61727e30af467dc536fb06" + }, + { + "algorithm": "sha256", + "value": "fa4cf63de35ddc6f097442d33226c5ae7ca2c90496af26d9db3d84133a7f855c" + } + ] + }, + { + "id": "cc275f3ce8421483", + "location": { + "path": "/etc/pki/rpm-gpg/ISV-Container-signing-key", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1923 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "03c3761c23c90492c6cfc9d707440bf7241f374a" + }, + { + "algorithm": "sha256", + "value": "ce344c927483de60ed60bf4956aaee0dfa7e9433e0f43c58ce64378d761bf724" + } + ] + }, + { + "id": "02b145a905282982", + "location": { + "path": "/etc/pki/rpm-gpg/RPM-GPG-KEY-PQC-redhat-release", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 16886 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4034db2f50bc28c3cca21cb8af1c04b25ea2ba5f" + }, + { + "algorithm": "sha256", + "value": "c876fba00febd04b3cef2a1815031775dcad550e5a8276b4d8474aa0b67239ba" + } + ] + }, + { + "id": "1bdf5fe48c4bd4d0", + "location": { + "path": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1669 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a72daf8585b41529269cdffcca3a0b3d4e2f21cd" + }, + { + "algorithm": "sha256", + "value": "3f8644b35db4197e7689d0a034bdef2039d92e330e6b22217abfa6b86a1fc0fa" + } + ] + }, + { + "id": "a6efd6855e2f7c11", + "location": { + "path": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3682 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9333c0a06770787f21a1fe9f7c17484cfbd3a818" + }, + { + "algorithm": "sha256", + "value": "0db3dc1b6228f29d60f37c5ad91d9f4cd3547895e8ebedb242469b1c0a0cdf08" + } + ] + }, + { + "id": "21294e0d0b121cda", + "location": { + "path": "/etc/pki/tls/ct_log_list.cnf", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 412 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a2587c4e97408b64274e5e052b74e3754892c13a" + }, + { + "algorithm": "sha256", + "value": "f1c1803d13d1d0b755b13b23c28bd4e20e07baf9f2b744c9337ba5866aa0ec3b" + } + ] + }, + { + "id": "a07cb8e47e12414f", + "location": { + "path": "/etc/pki/tls/openssl.cnf", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 12412 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b58b0cc147105bc23e24ed71b1cd9ebc21f51616" + }, + { + "algorithm": "sha256", + "value": "34108f65c3c759083f6b2d8ff8c509e3504aa78e5180b197827d90827ddc663f" + } + ] + }, + { + "id": "17eac59ecc5bec3f", + "location": { + "path": "/etc/redhat-release", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 44 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "10c591ed64070058c93b341b45fc722bbe0cc984" + }, + { + "algorithm": "sha256", + "value": "7305823adb43789c44b57edeaf463a39acbdd12646d60140f2b251c28f2a966c" + } + ] + }, + { + "id": "23ff64af82c9eae7", + "location": { + "path": "/etc/selinux/semanage.conf", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2668 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "818de80347135853e805039d17b17f8a8641add6" + }, + { + "algorithm": "sha256", + "value": "8ba0df9a109dd136f1e8827343806ced9a0652c670c2572b4dd8642c67c27734" + } + ] + }, + { + "id": "62536104a97be853", + "location": { + "path": "/etc/system-release-cpe", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 41 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8a5a439873e6ead211cbdd78589eaafa1d4260e3" + }, + { + "algorithm": "sha256", + "value": "ab138ea78c1167ddf9cd17736d43f89283e66c20ed4ff63183bfd2989bc7259a" + } + ] + }, + { + "id": "0f394e0e6d66cadc", + "location": { + "path": "/usr/bin/[", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 48 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9fdbd59f16ee61048ffd33b74dbecbe2fcecd4b8" + }, + { + "algorithm": "sha256", + "value": "afd97bbd643bfe1473794af167cd5c6f44fe449681033e3584b40b836f624b4b" + } + ] + }, + { + "id": "c15a9f36bca77f3f", + "location": { + "path": "/usr/bin/arch", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8f9ffc9622acba141d93e11c0073ce5be588966f" + }, + { + "algorithm": "sha256", + "value": "209bae4071910ef54b4a3bd302059bf7e00870d8bacffcd7c5489425f37ed16f" + } + ] + }, + { + "id": "c5e667d66df5bd48", + "location": { + "path": "/usr/bin/b2sum", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "575e3e627b7a9b8b421c41f8fd02cb2503345b3a" + }, + { + "algorithm": "sha256", + "value": "9116333c88eee22e55e30db1ad088483f52a3024b624356416873bc14fad9359" + } + ] + }, + { + "id": "3a804ac96191b8e8", + "location": { + "path": "/usr/bin/base32", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7a044297eb52cd4ed2b571bb07c6492b9fbbbc7a" + }, + { + "algorithm": "sha256", + "value": "ff10172686b6db691ae57530dff6cd14b980cbba7ed81a8dcf81bd42dd7bb23b" + } + ] + }, + { + "id": "fcb63864518bbdb3", + "location": { + "path": "/usr/bin/base64", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "085d34b2ef36dca0183f79506543f5b905edf6c8" + }, + { + "algorithm": "sha256", + "value": "fed1b291454a61812e605fd06b04f915ef7e5436cfc1ee17f96523f56c2fbebf" + } + ] + }, + { + "id": "08d5dce244fc18f7", + "location": { + "path": "/usr/bin/basename", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 55 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "af27f068e0edd9bacddc2f0c0bea723169c28272" + }, + { + "algorithm": "sha256", + "value": "9a1e6804fef8ca36d39b008210b187dc4a82c456919574e61e17ab40c033589c" + } + ] + }, + { + "id": "9f1055e6d4762493", + "location": { + "path": "/usr/bin/basenc", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "116a0e1d7760f311c3476e9a1f579a60fd25c4b4" + }, + { + "algorithm": "sha256", + "value": "cd8a131e0af4133b97da4adcca84ae61cc24c898d8d0e2b6aabac6d2d7a34094" + } + ] + }, + { + "id": "ef27b9cf22a1df17", + "location": { + "path": "/usr/bin/ca-legacy", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1648 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9a11df6846fd8f2c8a0c3eb7fc1eeae076b88903" + }, + { + "algorithm": "sha256", + "value": "48f9c9bd7473d45f2f2e30d5c723cf58d7175be9e3f19573a67049cbac35330a" + } + ] + }, + { + "id": "668fe15830d11a98", + "location": { + "path": "/usr/bin/cat", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1ff499e53c0920255403ee2ef06afa0873013e40" + }, + { + "algorithm": "sha256", + "value": "c6138c9502337f42763d627e4b665dd4fd66f26a987891d0a7e8313783f689ad" + } + ] + }, + { + "id": "7ac217344c32a4d0", + "location": { + "path": "/usr/bin/catchsegv", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3289 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "532b497ffd1c7d46417c1bee8fec87e0e5168a97" + }, + { + "algorithm": "sha256", + "value": "6968647a65cbe670136c5657540debd96b257b168c2688dd8d34669b31e02111" + } + ] + }, + { + "id": "ccd7ed3375247fe5", + "location": { + "path": "/usr/bin/chage", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 40000755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 73704 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e8451b96bcf1302cbe7d03896cd13239a205c3b0" + }, + { + "algorithm": "sha256", + "value": "326a4bba3ca2a8525c683bee311803427177b8e375b50ae4000c653114d6a119" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "a58763c7570727c9", + "location": { + "path": "/usr/bin/chcon", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d16aa25fe4ed9eea2748e986aff5bfdad423838a" + }, + { + "algorithm": "sha256", + "value": "c191edddab15fd046170527d27f5f2a864684e118020ae3cab9a8c4ce7e6cc8f" + } + ] + }, + { + "id": "dd8cd37050122d84", + "location": { + "path": "/usr/bin/chgrp", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1402a8f010532c6f0bd76d0a91c908979fdf8bb7" + }, + { + "algorithm": "sha256", + "value": "e1d37a0d06d1d5db7180b10eb367365214de3c458a356efa32960312dabf9bde" + } + ] + }, + { + "id": "88a6c97c9d25b4c6", + "location": { + "path": "/usr/bin/chmod", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2dcb6e1e404323760e13dc1e5b805421878fc585" + }, + { + "algorithm": "sha256", + "value": "8ee704ee6e399f29d23b37223b4c80a1a5a39fd0752c6d913d9bcb176b4bb930" + } + ] + }, + { + "id": "0c56734d7fa5e5cc", + "location": { + "path": "/usr/bin/chown", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "29dcc6262461574c88126133c57f4f5318eb8420" + }, + { + "algorithm": "sha256", + "value": "497a658c90080afd7bba33da8297fdb1be37cf36a3465a344164a8cb14390b53" + } + ] + }, + { + "id": "6f704900967b5d77", + "location": { + "path": "/usr/bin/cksum", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8299d2a22b65a2ed645906053bcd57a46c0f3cbd" + }, + { + "algorithm": "sha256", + "value": "09eada4c0374c3c565ebe1f8965bce9943eb7c2790ef031d7b638b3f191b5592" + } + ] + }, + { + "id": "ab85920cb956969e", + "location": { + "path": "/usr/bin/comm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "02bcebd4816b8bf09099e6e86044c3b7b105d531" + }, + { + "algorithm": "sha256", + "value": "7449de734af6ab89331fc34dabfd40d10fa799369a52fd9df7c3829ded1d0261" + } + ] + }, + { + "id": "754a39ec4d130e17", + "location": { + "path": "/usr/bin/coreutils", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1347224 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "59dc61c3cc1fa2966a0517c382d70a8e173a6395" + }, + { + "algorithm": "sha256", + "value": "61bca8e2323b76b8f423568f4631d265a26a88cb309c31ffbb066b925a52ccc2" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libselinux.so.1", + "libacl.so.1", + "libattr.so.1", + "libcap.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "18d4b98cd33be63a", + "location": { + "path": "/usr/bin/cp", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a50e277b33a29f26b5b825ce041ac8e48df2280c" + }, + { + "algorithm": "sha256", + "value": "79c39d67b7969b943045e80485f9dc3202a11ddfc5c9f7fdb4287216d0255a90" + } + ] + }, + { + "id": "9e37c41b16242727", + "location": { + "path": "/usr/bin/csplit", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1e8b4a2d9443a650ebf84e483c92a30d14b06036" + }, + { + "algorithm": "sha256", + "value": "406a678a5b17869b4d148ad1924dd9ff3f2496e6f8b1dde6572edb355ded6316" + } + ] + }, + { + "id": "f8133b91a4a284c4", + "location": { + "path": "/usr/bin/curl", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 197088 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7c864a33ce4ab0cee5741dec892fc24678e7638a" + }, + { + "algorithm": "sha256", + "value": "1f3e81d92f297b50d421749fa71c004569064ac27ecfcd1445137f4c41652878" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libcurl.so.4", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "ff21bbd88cf7b191", + "location": { + "path": "/usr/bin/cut", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5f7c6de6de871fc09ae32642219cb90ddea137e6" + }, + { + "algorithm": "sha256", + "value": "7448d9549e82dc4aa8917fc2bc2c49ad3f99e85e0c4f9a0957926a1f33c60421" + } + ] + }, + { + "id": "ac8c81ddb4590392", + "location": { + "path": "/usr/bin/cyrusbdb2current", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1651592 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dbb5b22a8077d59ec7a6cba77116206844c526ad" + }, + { + "algorithm": "sha256", + "value": "1fbdbf8d6354ee8477b04f1d5f7b13af20c704c55e55b59d88ee3e3cfbc02c90" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libsasl2.so.3", + "libgdbm.so.6", + "libcrypt.so.2", + "libgssapi_krb5.so.2", + "libkrb5.so.3", + "libk5crypto.so.3", + "libcom_err.so.2", + "libresolv.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "6818434c95393f5e", + "location": { + "path": "/usr/bin/date", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "89a318bcea62a81b9328c0fa46d05dcb7e20c566" + }, + { + "algorithm": "sha256", + "value": "71fb38657d2a08ad7fa8a7d6d44b54b4a63b2b0ca654e7865c0993443fe36608" + } + ] + }, + { + "id": "e9bd0e2c33303c2f", + "location": { + "path": "/usr/bin/dd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "672fcb22508cfc162a7682100480856ada9263d7" + }, + { + "algorithm": "sha256", + "value": "afc84e0b7f78721d72cc70e5207c0a948889401b1ae985f88fe5557010898d16" + } + ] + }, + { + "id": "744b5a4693813695", + "location": { + "path": "/usr/bin/df", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0f09ab63fa4ba2d4c24f32dd99e6d173e25d6625" + }, + { + "algorithm": "sha256", + "value": "7140d87bcfc96e33d0e40e746734dfa02fb2973428059a83f267f490acf2924c" + } + ] + }, + { + "id": "056f2a85423da82f", + "location": { + "path": "/usr/bin/dir", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ee83b454e9faf9324e59bc11bd72d8ff79b8fb33" + }, + { + "algorithm": "sha256", + "value": "9dfc129738cbf6c04a0a6bce388f6cabe0212abfb4f7011997477d657c552b2f" + } + ] + }, + { + "id": "3808baf814d3a75c", + "location": { + "path": "/usr/bin/dircolors", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 56 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "527fc023104da8e34cb2b883a48fb4d9a0563f10" + }, + { + "algorithm": "sha256", + "value": "db0b3071d1896d4cb925e2539b959071d3dd028501e989ae051a7cc2923a131d" + } + ] + }, + { + "id": "d3dfe363c4518619", + "location": { + "path": "/usr/bin/dirname", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 54 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dc3de909d1832ff6748cb739026407460280ca22" + }, + { + "algorithm": "sha256", + "value": "79eb20166b1c6e3c720bbd9d1b7093dba753747f4a9c86c20efd24cfa1b7cd02" + } + ] + }, + { + "id": "0d4ca6c562d852f9", + "location": { + "path": "/usr/bin/du", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "89891569832c12c079cdf123b5ab43ecafb72e28" + }, + { + "algorithm": "sha256", + "value": "4f987dcb68ff9790a7da315f18dba495258e0689c9c145cba4ae33bbf1153ef1" + } + ] + }, + { + "id": "bea301c1054368b7", + "location": { + "path": "/usr/bin/echo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0f7c8d46f52cf0f9319631541c308471113cf022" + }, + { + "algorithm": "sha256", + "value": "5e2e65807f2d7416260cc04c62a37b6aa14c3336632709406a6eb5e20a25676e" + } + ] + }, + { + "id": "544b26d2152532b2", + "location": { + "path": "/usr/bin/env", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b84d0d2d85f4a9d818c4f9e8f61af524d7994601" + }, + { + "algorithm": "sha256", + "value": "3164957405d820d74c59ce94cbe8e20eafa4d25366f53e4de9e3f4a149a9576c" + } + ] + }, + { + "id": "fe9db330a6ced29d", + "location": { + "path": "/usr/bin/expand", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7c94424e1096ee9016cbf4ccf67affa7f001ddf2" + }, + { + "algorithm": "sha256", + "value": "b2f2c111df45d87cb069e96a9152847d31a40d2357e770d4c943d04afe6e1acd" + } + ] + }, + { + "id": "461b28a03c440a0d", + "location": { + "path": "/usr/bin/expr", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ef6ef0b52f22bfce633811b04704bb0dc2ea60cb" + }, + { + "algorithm": "sha256", + "value": "27afd110fdd08ce37ae374cdb19348dc82db58b2a299d601b1a202e524ffad7c" + } + ] + }, + { + "id": "8174a59113d54fa2", + "location": { + "path": "/usr/bin/factor", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "521757b7c3e1d1196a16227c8ae85150f94fe043" + }, + { + "algorithm": "sha256", + "value": "ee9ee5a137e0591cd9cb7c833ea6d132715452b6e8ec15a521d5656825600a51" + } + ] + }, + { + "id": "dfad1fe2d91edeb0", + "location": { + "path": "/usr/bin/false", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6a29a4f85de079ff81b73fb9662e691dbd36c313" + }, + { + "algorithm": "sha256", + "value": "deeb84f2992538f7fadfc6946e4e34ce8b491c5d15aac723f2545fc53423609e" + } + ] + }, + { + "id": "f60c8826d1355380", + "location": { + "path": "/usr/bin/find", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 291760 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "287c69debabeca01b282eac451ea0935562fe352" + }, + { + "algorithm": "sha256", + "value": "a12f7a245a3366f9a79e6780a71c769716452dbedf6d0b1d5d854743ff3eb902" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "3e0a0208162355ef", + "location": { + "path": "/usr/bin/fmt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1dfbeba5c1b0e1c8ad8f0ec9b9d744320998baa9" + }, + { + "algorithm": "sha256", + "value": "64eb499e5fcea80a3132b009285321317b2660173d3052ca3dc9c3871f07e0e8" + } + ] + }, + { + "id": "ceacea456c269068", + "location": { + "path": "/usr/bin/fold", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9599458a301ca99670389aa530baaf134a8a7814" + }, + { + "algorithm": "sha256", + "value": "1af788b3e940772d2d061a2868af5e034faf977d2d7158cbefa3e56a05304049" + } + ] + }, + { + "id": "06db0aac5cdcba72", + "location": { + "path": "/usr/bin/gapplication", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 23760 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ecc9fd34b7770f2d80c2abeff6f72d932a4860f0" + }, + { + "algorithm": "sha256", + "value": "97f5cf2aebfcb29af00de68077e098b06957a1730154eeab0298a76ad73ffda0" + } + ], + "executable": { + "format": "elf", + "hasExports": false, + "hasEntrypoint": true, + "importedLibraries": [ + "libgio-2.0.so.0", + "libglib-2.0.so.0", + "libgobject-2.0.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "8b573813f1675648", + "location": { + "path": "/usr/bin/gdbus", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 52728 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3e897b7af3ebc2b7a7a6ff1f996cdcf7420e3ecf" + }, + { + "algorithm": "sha256", + "value": "6340348726aba9d85dfdc91574d48d94a21f810803f5bc72a33db106edf22c1c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgio-2.0.so.0", + "libglib-2.0.so.0", + "libgobject-2.0.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "fc282208ed48aa6f", + "location": { + "path": "/usr/bin/gencat", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 28104 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "de3b0472194bc82921baba526d5c182d5002d8be" + }, + { + "algorithm": "sha256", + "value": "2d4fd18b1b005445e1b63f5bf3ddef52a4cdc7eec37dc01090d6de08e9df8cd0" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "64fe31773eb4999e", + "location": { + "path": "/usr/bin/getconf", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 36080 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "81140d839d18f2761b00df07b72c3fef8a43c11a" + }, + { + "algorithm": "sha256", + "value": "f01154b2747461aa3011213d2a2d018d04bf4241ebc0649822a28b9d863eb370" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "402379cda2734cb1", + "location": { + "path": "/usr/bin/getent", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 36720 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6031c6974cd56cbb19dd3a8cc33ae95793b021a0" + }, + { + "algorithm": "sha256", + "value": "3e8afb78f9ec759e5a62dd385aa092844fbbc5f1d01e9c56484bbde799a099b0" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "11302a785a1ce540", + "location": { + "path": "/usr/bin/gio", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 94016 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "03f0ec9c91e77256b87f4aaa30e5c72d2bc035e8" + }, + { + "algorithm": "sha256", + "value": "1504f592d1a21398522ab3eacafc8fae1726985a54543a725d531368c1f8bd52" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgio-2.0.so.0", + "libglib-2.0.so.0", + "libgobject-2.0.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "f7346e98a83a716a", + "location": { + "path": "/usr/bin/gio-querymodules-64", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15496 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9a4464b948f9f53efab98861f5f7578db32ba0a0" + }, + { + "algorithm": "sha256", + "value": "968a25d1c83d5e2d6d975689858d586be554e70263952199bd9d3286be7d9c50" + } + ], + "executable": { + "format": "elf", + "hasExports": false, + "hasEntrypoint": true, + "importedLibraries": [ + "libgmodule-2.0.so.0", + "libglib-2.0.so.0", + "libgobject-2.0.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "d6f141d5e13b0ae0", + "location": { + "path": "/usr/bin/glib-compile-schemas", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 52704 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "82ef59c46063d516b9f061077c95ac946b0e11e4" + }, + { + "algorithm": "sha256", + "value": "1807e7b02c847294dd8536791843a6a1d8997dac3b741329258431b037f1c736" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgio-2.0.so.0", + "libglib-2.0.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "ec72e729f0fd3a67", + "location": { + "path": "/usr/bin/gpasswd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 40000755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 78016 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "70ac5047bb92a3a300ebe9e13c24d3a137e509a7" + }, + { + "algorithm": "sha256", + "value": "1b9c0ff43bcc29c7a7d1a59c12c4373b52d80f82a4f2438a4a24f746ff9ae0b0" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libcrypt.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "9d343b0c0a3dc26b", + "location": { + "path": "/usr/bin/groups", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d687c82683c0a3df72e335fd33938476a6abb3c5" + }, + { + "algorithm": "sha256", + "value": "80c0a1f602b5a30973ef4aff1549ab8f0c57415f1a1269c60fd463e51bc599f5" + } + ] + }, + { + "id": "9a640bfc7a35e27b", + "location": { + "path": "/usr/bin/gsettings", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 32136 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a8394a4daa8d8e540dd3d78bbeba25829e59e931" + }, + { + "algorithm": "sha256", + "value": "c1fb6c8163c88547292c2ab8713903ff491531350d2c08763033c01d6b18318f" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgio-2.0.so.0", + "libglib-2.0.so.0", + "libgobject-2.0.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "6a36f3048b5f9e23", + "location": { + "path": "/usr/bin/head", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b91a8a58197c97c537e2c6de70888b7ef72279c5" + }, + { + "algorithm": "sha256", + "value": "d9265e0e806df2362b9e6b476b8b16cef39979c6e1ec9f51aae90f202b94a6d4" + } + ] + }, + { + "id": "b9ef157d7a552dc5", + "location": { + "path": "/usr/bin/hostid", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5e0ed73ba60f5bd2f9ade65c6ac229a5da8c0e06" + }, + { + "algorithm": "sha256", + "value": "a755dbdf0e3c215642c5dad5c02c6b69f1c533fc253aa5206e634cae9a601fff" + } + ] + }, + { + "id": "75601b8758c5c606", + "location": { + "path": "/usr/bin/iconv", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 65624 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9d6b7c9d2b6bbd00fa4d7e9ea514ee4976207447" + }, + { + "algorithm": "sha256", + "value": "9df92fd65adc5a01b5c74c505b6e8bdae87a32df88745f6259941933f773ba29" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "33fcc6393c0ff3b9", + "location": { + "path": "/usr/bin/id", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f9612c5a18e927cd54d137e938233210f0e7b6f9" + }, + { + "algorithm": "sha256", + "value": "44cd8c4e4d7c0abda1cf8f4d3cb8c3eaa3a099e3583226a71b7b2717862293d3" + } + ] + }, + { + "id": "8da665206da2605c", + "location": { + "path": "/usr/bin/install", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 55 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b3d17f305f320fefe148784928cb2d37c0314ae2" + }, + { + "algorithm": "sha256", + "value": "a1e9d54276f52269bf3f3c4787159a8582d093acb918026a389bb03ae886424b" + } + ] + }, + { + "id": "1d7f2b7ddde30ecf", + "location": { + "path": "/usr/bin/join", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b410ff0dde7f8d3c9b8a0c73d0171f9fb43ae8aa" + }, + { + "algorithm": "sha256", + "value": "9b4380b504cfba01d655f9102279abc3fa6105a4e107aa409912de8407ce7514" + } + ] + }, + { + "id": "d4005ba7fec7534c", + "location": { + "path": "/usr/bin/lastlog", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 29320 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "eed1c2a36e967a81f4ab333e62c46bd9d49ce073" + }, + { + "algorithm": "sha256", + "value": "203580c2537f42b4efd7d1067b1d9d678d5ee3353b5a139bcf7214eaa1f87f40" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "ab68aceb1603e266", + "location": { + "path": "/usr/bin/ldd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 5446 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "45557090d4ddf6fe984027a45c6fbc193d21a649" + }, + { + "algorithm": "sha256", + "value": "2e332feed7fe0d65afca81d83d07f997917c07d5c1f1fd5564e98330e78aa0b5" + } + ] + }, + { + "id": "2c9b2ae407d86fc3", + "location": { + "path": "/usr/bin/link", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0e33c18f86779f212affcefe9135769856c836ec" + }, + { + "algorithm": "sha256", + "value": "821714203f91ff6532c52ae3f871e0130435b6ba1f1f08d2d1f7bbc6693c0caf" + } + ] + }, + { + "id": "7997369f78b8711f", + "location": { + "path": "/usr/bin/ln", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4f14c273cb9fc438b0917982131cf345049e3965" + }, + { + "algorithm": "sha256", + "value": "085d5f728f31abf16f2e2b6f848b10e987c2ddcf160cb9a8f12378de2b6c6657" + } + ] + }, + { + "id": "9c64a140bb800cff", + "location": { + "path": "/usr/bin/locale", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 60496 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4c77ddfab62739bbe158470438b00ea1224ca4c1" + }, + { + "algorithm": "sha256", + "value": "826d99ca59ea56a0df2a4415176ce2554c6a53ea199700314ddaf1f5b2fe4cfd" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "fb7925b2ec23b7e9", + "location": { + "path": "/usr/bin/localedef", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 321584 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fd2ab90872a1d1ac9b528655aa84764ecf8e1c24" + }, + { + "algorithm": "sha256", + "value": "6ce825bf92f8a07b4921430a093cd0410a7ded09004c81a10866ec2bf9b764a5" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "c08b9f0c72a8631c", + "location": { + "path": "/usr/bin/logname", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 54 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ad619b65f76115eaa2fbae63f2be1f6f8d44ae05" + }, + { + "algorithm": "sha256", + "value": "55fbba98b8cf7ccc3d0920e6630b525360603b1db4c72c955e6d3a09f8602b68" + } + ] + }, + { + "id": "6028286556616715", + "location": { + "path": "/usr/bin/ls", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "27e9d6b6d89b0769569189f37f15b6389071d09c" + }, + { + "algorithm": "sha256", + "value": "309b3c9a3246361ec0338641aed3c14e7f91e23e7cf10de000c75135ba99fddd" + } + ] + }, + { + "id": "8ee41d4c6e9953ef", + "location": { + "path": "/usr/bin/make-dummy-cert", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 614 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "47a0a71176443e0fddbc421f957c15fc18f900db" + }, + { + "algorithm": "sha256", + "value": "cfd4277160871e6446e2b6d61f2f66d76ee5598584d2323376fbed1f57a00127" + } + ] + }, + { + "id": "df0d483d6d8698cc", + "location": { + "path": "/usr/bin/md5sum", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "59f153e6b32f1ec4d67cfb47bd3cde9c94edf86a" + }, + { + "algorithm": "sha256", + "value": "ec74d410b372b48ef2b522cb903d48184f299c9290e5fa430fda73009e1ba468" + } + ] + }, + { + "id": "e3c4434cb39b0d8d", + "location": { + "path": "/usr/bin/mkdir", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2f38e605397a87ba40254f1e643fd42aa484cabc" + }, + { + "algorithm": "sha256", + "value": "3d79925b34d75033957c123dcdb7d9d74bbdf2135ae401aeecd1c7fdbec0541b" + } + ] + }, + { + "id": "88f4bc5e0bfe84ef", + "location": { + "path": "/usr/bin/mkfifo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "32970bbb076f05e95d6d841a1659c621ccc84bcb" + }, + { + "algorithm": "sha256", + "value": "3abebd9dd438dfffcd6f958488172a3b403dfa0eac1ac0e1b8c26e94b61472c4" + } + ] + }, + { + "id": "a8f59c988de64619", + "location": { + "path": "/usr/bin/mknod", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a2838bb5f1c76580efd23567ea42b7eaabd3afcc" + }, + { + "algorithm": "sha256", + "value": "e0aea7b102cdd165cf69e86c9b72bf9f1610f063a41379ff98e6abd7767a0f0c" + } + ] + }, + { + "id": "f922a4af4b958b54", + "location": { + "path": "/usr/bin/mktemp", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "96190da1106c4247f1b8e043862d44e0d254e90b" + }, + { + "algorithm": "sha256", + "value": "79dab18e96e909ca19e901731bd14bbd182327ed34050ad15d3c22186c112601" + } + ] + }, + { + "id": "b315a3fe6e89f6af", + "location": { + "path": "/usr/bin/mv", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0e78f29dce6a6f93c05910f19530574452f774d7" + }, + { + "algorithm": "sha256", + "value": "6ee04af6a9560da8304d298561d76ecc42ce167cd37496cbbee5f7975b2b6c83" + } + ] + }, + { + "id": "cee3d27dbb7a4d8c", + "location": { + "path": "/usr/bin/newgidmap", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 42960 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "03e027b2a3afe4ed1e54cea5f8b4f12b6d3add5d" + }, + { + "algorithm": "sha256", + "value": "960116f9e9adc30ffbad051a78119196b3567d477680db5143c91467c410d465" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "931f29023ddf6706", + "location": { + "path": "/usr/bin/newgrp", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 40000755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 41744 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0859805debe1d7dcb99599aad45ba40545cfb4f3" + }, + { + "algorithm": "sha256", + "value": "b1c7720e7c518bea3aa6a171846e8a089446e5e386e377bbfc162bcfd3d2ba49" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libcrypt.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "2c3538d1f4b313d8", + "location": { + "path": "/usr/bin/newuidmap", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 38840 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5c9a308d5e04374e9f98000b62b5825db2e0d482" + }, + { + "algorithm": "sha256", + "value": "d796755c9b01ee87a2a0cbe88e6d4f145b1d1afbba42172bb6ed05e52c836b15" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "d467c883214fdfaf", + "location": { + "path": "/usr/bin/nice", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4f2dcd17b39ad2ffa17e0e92ee766266f55abf9f" + }, + { + "algorithm": "sha256", + "value": "05dd64c5d88a6308828a66bdf10fe43a1d762bdf9867eddd1613ed95abcd9eb8" + } + ] + }, + { + "id": "8ca713d9ce28c6c8", + "location": { + "path": "/usr/bin/nl", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e4eaac987f6b05b44e3bf898f549135dddef0aa0" + }, + { + "algorithm": "sha256", + "value": "9cebdddb5c913efd5a2e2056790c58a4b1f0ea753ab776209f620c8aefaa88d4" + } + ] + }, + { + "id": "88c5c7b7b7f31d92", + "location": { + "path": "/usr/bin/nohup", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0a9e175d7640c094ac4992dccc3c60707b31b5d1" + }, + { + "algorithm": "sha256", + "value": "1d120028b00ffd10dc5d2bdb8725cccd994206809a17897b7dfa7d9852b4a109" + } + ] + }, + { + "id": "941b8b9c01250526", + "location": { + "path": "/usr/bin/nproc", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9de95968bee11e95d7431aaf61c83ba2a4468e75" + }, + { + "algorithm": "sha256", + "value": "802d57a2bb4a148ce86b5987d42de833613df533033939621c98af7c83ed10a9" + } + ] + }, + { + "id": "b9c731f240f51940", + "location": { + "path": "/usr/bin/numfmt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "466de75850dd7c132427b2d022d06cdd095df214" + }, + { + "algorithm": "sha256", + "value": "a2d0a24b66f7e706d20cdbf400f0fb170c9737de1f33707639ac83b0c6eb1fe7" + } + ] + }, + { + "id": "7728a96ffaeb0a44", + "location": { + "path": "/usr/bin/od", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5fc21e046850c4dea847d10cf48de31df3e8a996" + }, + { + "algorithm": "sha256", + "value": "28cee197c00cc74e4020bc2c63ef4a47269bfc42a0514e8ac39b93d1c9fb5c79" + } + ] + }, + { + "id": "bd9492321caa4c92", + "location": { + "path": "/usr/bin/openssl", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1118440 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "802b32ff8791cd5276b9537fe68463de0c0690c1" + }, + { + "algorithm": "sha256", + "value": "567921353e959d24997de445494075b780c7faacc1583c18a23f85d09c88bdc7" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libssl.so.3", + "libcrypto.so.3", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "d9e693836ef87035", + "location": { + "path": "/usr/bin/paste", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6d14aa0f379322bc2099e2572dd5e69d74f3c9a9" + }, + { + "algorithm": "sha256", + "value": "8bc3ecc3066cf717ff77c775897786c7ffbc96d8b4e7bf74ac0d1b1429840cbb" + } + ] + }, + { + "id": "bc17b45a7346d4d6", + "location": { + "path": "/usr/bin/pathchk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 54 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4a12dc81e91b470ee653874d8a16cbf0b77a847e" + }, + { + "algorithm": "sha256", + "value": "c75cdb9159c70035a4fb0c266c75b7046a5e0c65770f1abd3955169ee84495cc" + } + ] + }, + { + "id": "8e68499e4c58f652", + "location": { + "path": "/usr/bin/pinky", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9d5fbfd3630dab9361c7ba1360d0f57685c5cf21" + }, + { + "algorithm": "sha256", + "value": "99376200da341d1d415806ebe99b80bdab70f8e9fecc9faf16b97dd9a0038062" + } + ] + }, + { + "id": "c71625ca0ae03d90", + "location": { + "path": "/usr/bin/pldd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 23936 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0047c37c4b686a8d73eb8c806f0c10a8ecbf8a09" + }, + { + "algorithm": "sha256", + "value": "8ce9b7397fb7661f8fbc87dfc2d12b4d44555425d20f6771e90880283084d4cc" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "25c8cb45e6ef8bc8", + "location": { + "path": "/usr/bin/pr", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4f81df2310ad8fa8a25291552d2223c7caa1b38f" + }, + { + "algorithm": "sha256", + "value": "a01cee18df2195a84845ab441c0860ccd2e60fe8420165a46450c4215759c2a4" + } + ] + }, + { + "id": "71b77256524029a4", + "location": { + "path": "/usr/bin/printenv", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 55 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e34f63c0fd760b82fdc2fb423a0ac9d86326ca74" + }, + { + "algorithm": "sha256", + "value": "d28a352be84024a34f072b7c6a26b94aa87a2e76b90f437107d9b7eeebd0053c" + } + ] + }, + { + "id": "078a87259774791f", + "location": { + "path": "/usr/bin/printf", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "72fe02a8bc6fb958c4181f15fbd7d821fb9d69ab" + }, + { + "algorithm": "sha256", + "value": "129f7bcc2ae4d017b79e41c979ebfa18fc9052d4186538c25d736bfd2e397280" + } + ] + }, + { + "id": "dea9371d2e47745d", + "location": { + "path": "/usr/bin/ptx", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cbad420a1f8db2821352f3a1b23cc9076fe064db" + }, + { + "algorithm": "sha256", + "value": "4d3ecca846d94b352b5ba97887e413980af43df47f393f860ed07ed3af0ef681" + } + ] + }, + { + "id": "4356d92199f25d2e", + "location": { + "path": "/usr/bin/pwd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "48594a8abb7f13c85be045d8659a64a6fabad41e" + }, + { + "algorithm": "sha256", + "value": "efabc0b34ff064d6a99456f5f74490573f8b9db6d1bf9450ad2e0aae0402b89c" + } + ] + }, + { + "id": "265ca13d36eb9a9f", + "location": { + "path": "/usr/bin/readlink", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 55 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "720b77521af81b3ec5738f6983fe5df2bd6e9358" + }, + { + "algorithm": "sha256", + "value": "b84234996da12c81e5762285b91ae7681342e012612df920b94ae0bd1557884f" + } + ] + }, + { + "id": "1f88fb5719c35c4f", + "location": { + "path": "/usr/bin/realpath", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 55 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4fbfcc77e12dcebef21b16a83af48201abb92c7e" + }, + { + "algorithm": "sha256", + "value": "504d523de86fa1463b8d96abf3cdd7ec8e85571593bc95650130c83ee8ff20cf" + } + ] + }, + { + "id": "80a60d7b813a682b", + "location": { + "path": "/usr/bin/renew-dummy-cert", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 729 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b7184bf7749e8cd85cb6c69d7ea08a47036a7e77" + }, + { + "algorithm": "sha256", + "value": "628d284ecb0d1abc737d58e771d1f7cab172c31df228699305eac299517fb5be" + } + ] + }, + { + "id": "b8f0751fbb447dc8", + "location": { + "path": "/usr/bin/rm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "903a4aa5e26a0e53254b945e6ed66d1d6f6d11bb" + }, + { + "algorithm": "sha256", + "value": "c909af3f4c8ae30d059b96a9cf7b097db39159d161622b95190d60d25a5db776" + } + ] + }, + { + "id": "ead172520b1e7e9b", + "location": { + "path": "/usr/bin/rmdir", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7b6258ad372f3433582b24e8ea4d0bb5576aa3a0" + }, + { + "algorithm": "sha256", + "value": "6e999e3d0c2ccfeb001f513f6a6f51c5121327894ea279e2682b4b8272c4bca8" + } + ] + }, + { + "id": "f8dfa8c598243359", + "location": { + "path": "/usr/bin/rpm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 24200 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f8f3bc53a77750ef8092992f855def815b966a5a" + }, + { + "algorithm": "sha256", + "value": "4a07f33c47a60ec3c1ceaea8b3d8455f2ff24931f9910aa7c524c2b87749d407" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "librpm.so.9", + "librpmio.so.9", + "libpopt.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "c0694eb564b439d2", + "location": { + "path": "/usr/bin/rpm2archive", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 23880 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5f830416a71f253f8992389550b1b21bdd0b03a0" + }, + { + "algorithm": "sha256", + "value": "5657992744d9b4c57748a77f2fea99c773186d74debb393127567923cfdaeeca" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "librpm.so.9", + "librpmio.so.9", + "libpopt.so.0", + "libarchive.so.13", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "28a09a6d00e432e5", + "location": { + "path": "/usr/bin/rpm2cpio", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15480 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "524d1e35b17f25ce71d42d995c07bae662606560" + }, + { + "algorithm": "sha256", + "value": "2611d94df5ed29e72bd8f51feeaa527cfd2b04f07ed96adf1c11c75f5c86bbe4" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "librpm.so.9", + "librpmio.so.9", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "ca069608975818cd", + "location": { + "path": "/usr/bin/rpmdb", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 20216 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6bee17ff4f853b65e85ac6e0a1f7a5d1954eb071" + }, + { + "algorithm": "sha256", + "value": "e024162a018ebbec2d2e6aed8a70e6b939135332016ffd29884091e0dce76213" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "librpm.so.9", + "librpmio.so.9", + "libpopt.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "5060c67d3dd6ce6e", + "location": { + "path": "/usr/bin/rpmkeys", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15968 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5abcd6b01d7c0d18ce43176efcea9fe0a57e2650" + }, + { + "algorithm": "sha256", + "value": "4cc743d879ac8fa5d9c4e13a43eb24ab130516e776c52ab669a426692f867820" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "librpm.so.9", + "librpmio.so.9", + "libpopt.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "cb618c4b8c037138", + "location": { + "path": "/usr/bin/runcon", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f0b74a6c7103b76887fd753be504ae3a16e2b9b5" + }, + { + "algorithm": "sha256", + "value": "7ee2793317816a3898f317c53f3ae9324f9e245e52e9df7014553daeaf99b9f8" + } + ] + }, + { + "id": "5c1ca5b1d84a25fe", + "location": { + "path": "/usr/bin/seq", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3ac2fb84bf15e169527d7bdf55ad8b5e228af851" + }, + { + "algorithm": "sha256", + "value": "bb11a10b8a0f5c8e974b844f2fb6c94f81d50ed2508f4583235d4cbe8bc0fbc6" + } + ] + }, + { + "id": "06db0d5547f53281", + "location": { + "path": "/usr/bin/sha1sum", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 54 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bc8e4e25974ed24d035a193b9d73bfee54958003" + }, + { + "algorithm": "sha256", + "value": "c5e5033951d2d051b6a8412aab455294f2ec529aec279e2bc1600d21dd242a7d" + } + ] + }, + { + "id": "bc40c98387d40c0b", + "location": { + "path": "/usr/bin/sha224sum", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 56 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7310a416702b8dc0c2af27d0750aa4916d1bd335" + }, + { + "algorithm": "sha256", + "value": "7737b55fb338ea353ae400752f720edbcf38ef09b84ef9be9985195853a62d0d" + } + ] + }, + { + "id": "82c2f6b68752383b", + "location": { + "path": "/usr/bin/sha256sum", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 56 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f207dbd127187de6590a9b245b25982fcf241ccc" + }, + { + "algorithm": "sha256", + "value": "377e96d9304a3e91119a58155becca958b4dc286c203ea2917ebeadba183db1c" + } + ] + }, + { + "id": "2f7824beeae17415", + "location": { + "path": "/usr/bin/sha384sum", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 56 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f93e81d3e93639913be9d934040e76471a2aca07" + }, + { + "algorithm": "sha256", + "value": "94e88e0dcf5ee93b44fed867bf4e42e737dfac9ca957247489264bbf1b2f6ec7" + } + ] + }, + { + "id": "2e22b86fe576d2fc", + "location": { + "path": "/usr/bin/sha512sum", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 56 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1ed28781164c4b0598f64edd9c9b68b8accff86b" + }, + { + "algorithm": "sha256", + "value": "23809accfe32a32da5b0fdb65f6d638f96f3c48be4fa59c41a04067677daec6e" + } + ] + }, + { + "id": "78c64b29850751ed", + "location": { + "path": "/usr/bin/shred", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1b6acb6267be464343dfde0809bc5ac5685484d1" + }, + { + "algorithm": "sha256", + "value": "b06cd470398f9e5505b962475935ce2922ad8b8f24d469e55ca398c6a4c840fe" + } + ] + }, + { + "id": "6551339451ed4e59", + "location": { + "path": "/usr/bin/shuf", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bb2127fd4acf163e24acae97369b20591a0ade64" + }, + { + "algorithm": "sha256", + "value": "76918b2e6df2cd31f4e6812766b003fb4a037507d12e089e4a513f8f13c312e1" + } + ] + }, + { + "id": "9020f49b86409025", + "location": { + "path": "/usr/bin/sleep", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a7d45326d7045b85cfe5eed8b7e5f6c3dd44078d" + }, + { + "algorithm": "sha256", + "value": "96f0366d3535f1556981c0ccc68c160328eb6f2757971e15642d585b2cd1f344" + } + ] + }, + { + "id": "73eba117e1b20f85", + "location": { + "path": "/usr/bin/sort", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cc55a192535438eecadeff31fc3a73f8a4050061" + }, + { + "algorithm": "sha256", + "value": "7db440f4b4270d53050569407160d7f7c23fd7832394ce9bfbbc0b1d6e7e7dac" + } + ] + }, + { + "id": "da6893d8b64d3642", + "location": { + "path": "/usr/bin/sotruss", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 4282 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bb4d462d733966a97a40eabeb9094d98b68b0e69" + }, + { + "algorithm": "sha256", + "value": "a01e33a22e131e727a069bfe82faeda8f58fede0dd4966f88300fe9ec1fa8496" + } + ] + }, + { + "id": "8e0bbaa4e4ba02c6", + "location": { + "path": "/usr/bin/split", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "996fd666370fba16add476d7d329273a3adbb2d9" + }, + { + "algorithm": "sha256", + "value": "9b963841b57f729c71909fe9d4c5f1644aea4260b736b37050b35f18ab82b4ab" + } + ] + }, + { + "id": "01e3295cf525038a", + "location": { + "path": "/usr/bin/sprof", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 36296 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "293c4ddaba343a81373e3edfd0733b770994dbda" + }, + { + "algorithm": "sha256", + "value": "97f497f325859d13de6c5d1f1e0489ef6ea892e299da344d1fa7f01286dfd39b" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "aa95fe9a066fd0be", + "location": { + "path": "/usr/bin/stat", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9f69f0ff28c5130a1f6456a67c0fc313250c074d" + }, + { + "algorithm": "sha256", + "value": "9f6ffbf89d8463633790130b1d79999e1f5ef72fa63ac128eefc19101116b4d3" + } + ] + }, + { + "id": "f411654f922fadee", + "location": { + "path": "/usr/bin/stdbuf", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9b3c7d4a67bbd37a222afa34fe7aa5cf5c23e92f" + }, + { + "algorithm": "sha256", + "value": "64ca8854673bbe7597c0be2ebc1ea1248e16a022e07216fe5ff2af5af1408cd7" + } + ] + }, + { + "id": "9e82d0c55444d9af", + "location": { + "path": "/usr/bin/stty", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9307c56df9cb966f76a634c0746d42d5f8ce2ebe" + }, + { + "algorithm": "sha256", + "value": "347183bf373a494eb701af0b8f2c2c7d296a6ac1a90fad3cfe4745d236bd0dc9" + } + ] + }, + { + "id": "9fd078013bce73a3", + "location": { + "path": "/usr/bin/sum", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9bdfc613fdc7339e6ea8e9810331beda4d794977" + }, + { + "algorithm": "sha256", + "value": "4f443e4c6d5063c4affc2b9d12852eab4c4eb675e323603441b0cc96fb9c2389" + } + ] + }, + { + "id": "27557935309fffaf", + "location": { + "path": "/usr/bin/sync", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6ba9e0a1e2eed62ac07cb1a96debd492597c648b" + }, + { + "algorithm": "sha256", + "value": "5f3ecf316cc8d0461cdc69e55f97c575a2c37f250e77461ac6241d049d65b177" + } + ] + }, + { + "id": "045839e332bd074b", + "location": { + "path": "/usr/bin/tac", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "989e56cc65e99a8f17cd6c8c864301dce35682e8" + }, + { + "algorithm": "sha256", + "value": "054324a3bf86ff8d7de940b38abfea90434de3f7e6dbfb68c28fef13ab194a4b" + } + ] + }, + { + "id": "2957aae07091a3ba", + "location": { + "path": "/usr/bin/tail", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7268458ab70a426daf11cdaabe465db2f35d3eef" + }, + { + "algorithm": "sha256", + "value": "c84b690e840c9297566787aa939370f9b2e181e01c91b727e77ae07865f06c1a" + } + ] + }, + { + "id": "1636a85d52c489d5", + "location": { + "path": "/usr/bin/tee", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0da9a1b60462925e9afc05f3176c0a273623380f" + }, + { + "algorithm": "sha256", + "value": "97a3eca66552d324751b1e8e5af6ca4295328b98fa57bc43f1f81cc0a53e197e" + } + ] + }, + { + "id": "40060b01d4e80f69", + "location": { + "path": "/usr/bin/test", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "be4c44bcf58a961241b8bed1dc43d5439b104e2d" + }, + { + "algorithm": "sha256", + "value": "12f025e9fc03f2dde8653295c2c685c1a010120b768a5becc53f61a652469005" + } + ] + }, + { + "id": "1be594e56e910cf5", + "location": { + "path": "/usr/bin/timeout", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 54 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "935c4f99d23fb446cae51887710191f291b21619" + }, + { + "algorithm": "sha256", + "value": "a58c5c3de98fedf0d7199e4e51e6d241169678259b99c21c75e5bbc17b885662" + } + ] + }, + { + "id": "7be78d5770955fa8", + "location": { + "path": "/usr/bin/touch", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5cfa434bfcb822d6b1251c802ba40f787c6f76da" + }, + { + "algorithm": "sha256", + "value": "cc4165b10af3012c31ff266d74ec268c5f0ebf0521faf2596141d1b33b9c1309" + } + ] + }, + { + "id": "26fb773c19e548c0", + "location": { + "path": "/usr/bin/tr", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d0d23cc713deb1776203813369bdfb2e33873bbd" + }, + { + "algorithm": "sha256", + "value": "e3bb9a0ff998a6452a2652ad9fe93913ed17426812718c0618b769c0a45859be" + } + ] + }, + { + "id": "10e9321605ed3b26", + "location": { + "path": "/usr/bin/true", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c1722a4b217bfb26dc2196fbc12c772744d3f486" + }, + { + "algorithm": "sha256", + "value": "c73afb60197c9c64805d2b4ab95efdee8646f8248ff800de2575a11eed8f9f08" + } + ] + }, + { + "id": "25202def2b28cd94", + "location": { + "path": "/usr/bin/truncate", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 55 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "75e44a6f34c669cc3dc19093cd26ec9994d46f94" + }, + { + "algorithm": "sha256", + "value": "e58155261499fd6ba41e6f6cf6b696529f929b2ea82d710b8d0467e28f9eb6b8" + } + ] + }, + { + "id": "06cf40470ae4ac57", + "location": { + "path": "/usr/bin/tsort", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6a9933ff7c80153280caf8be59ab896a8cbe957f" + }, + { + "algorithm": "sha256", + "value": "f93ec3a790a5f9283da66b22aa307a9289ba40a6a9f413c74dbb18d243c71da2" + } + ] + }, + { + "id": "a7684040d49bc8e4", + "location": { + "path": "/usr/bin/tty", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ee1e0cedda425d84a7bf9819fc6fa3f1e7334059" + }, + { + "algorithm": "sha256", + "value": "47fb87400000912b988e1a8708d99287751c976b942ffb5dacc21316d07fd6d0" + } + ] + }, + { + "id": "b436ec625d3e4637", + "location": { + "path": "/usr/bin/tzselect", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 15352 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bc409f72d805f31ce7b181e73ffa505ec6cd78f2" + }, + { + "algorithm": "sha256", + "value": "895808da0dad628436ef6de05465978b7929fe017d186d7d626c2074e5c345b9" + } + ] + }, + { + "id": "a19b4b04eca0119a", + "location": { + "path": "/usr/bin/uname", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "67099ab009d2df7d42908c0f5b5688ed8af384a5" + }, + { + "algorithm": "sha256", + "value": "050964cc46affadcf00d817106c47a6bde087fc483fa0643e168a816b76de608" + } + ] + }, + { + "id": "071dc954e7781a30", + "location": { + "path": "/usr/bin/unexpand", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 55 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0aadcf2c42c2d9e737adcf5a3cedd84d81d0c9ab" + }, + { + "algorithm": "sha256", + "value": "9dd5e2f796993334c5d66b9d2258c48d447fcdc2762a6aa0987590f5384552cb" + } + ] + }, + { + "id": "492ba4e8343fe476", + "location": { + "path": "/usr/bin/uniq", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1597d09bb83163173a908ef4f7184537cb9d09aa" + }, + { + "algorithm": "sha256", + "value": "2e91d5ac599019cb960094ed9a9b9973d7c1980b209dcba3de2f1549e85a0cd2" + } + ] + }, + { + "id": "9558b322aefc819c", + "location": { + "path": "/usr/bin/unlink", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3f7e0a28583528e29da3ad65b9f5da7f7e913bd0" + }, + { + "algorithm": "sha256", + "value": "d9a4afe24003912290d8a8fed7781afeeee64bb88a53cfd5b2f820ab6df355c2" + } + ] + }, + { + "id": "5ee359e70fde1643", + "location": { + "path": "/usr/bin/update-ca-trust", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 4466 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0e1e5bf388ae30d164c54f402522af2025e2312c" + }, + { + "algorithm": "sha256", + "value": "4c5515dcbdcdde3140164b1ec731873cd98c8b346359ef4b033cfbf9f82bb6bc" + } + ] + }, + { + "id": "18bdae839efdebc0", + "location": { + "path": "/usr/bin/users", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "effbe20ec87e9e7676eaff14227b4ef2ef27d938" + }, + { + "algorithm": "sha256", + "value": "d8f7ba3fd846a96259a17e8785a172d653fdfb03c1507f95aeeb8d5461407b5c" + } + ] + }, + { + "id": "9f99ca58212d2c01", + "location": { + "path": "/usr/bin/vdir", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b92e6ce604508591ce94d0e78057b7373d5c7f16" + }, + { + "algorithm": "sha256", + "value": "fff208202d47a5ff1daec8820f11555149ec8d9d9b39235e14555c3a14bd8572" + } + ] + }, + { + "id": "f99398e3fee4fde9", + "location": { + "path": "/usr/bin/wc", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5a675dff97cb212b7152fc080f8cb378ac3c98a9" + }, + { + "algorithm": "sha256", + "value": "709f6b9228d11ea5bf6298c953c98a3d11ec89a50916646494661aca8c32a775" + } + ] + }, + { + "id": "aca89e9d60961302", + "location": { + "path": "/usr/bin/who", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "11316248c3582e03e77e2fa2d20a44a0f889838c" + }, + { + "algorithm": "sha256", + "value": "5f2f1a73f39388b45a8ee56e44abe0a084d6849ba4c432130f9ef04bc6a58e4e" + } + ] + }, + { + "id": "0165175e69387e89", + "location": { + "path": "/usr/bin/whoami", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "36eb9262edf87f57d85e9b1dd1ee3ff2870451ea" + }, + { + "algorithm": "sha256", + "value": "112e9bdfc8975c4413bb940c0ab36034902d0037b2b25d24f2d1b4f93a32bd6a" + } + ] + }, + { + "id": "cb344590729d5a35", + "location": { + "path": "/usr/bin/xargs", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 65616 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b34b1cc2048d25c50ad2b6fdd154cec24822cb8e" + }, + { + "algorithm": "sha256", + "value": "e2c3ecbf697414f8d7ac9e61c296d9c817e2f8fd0eb1ba0eeef7d5e804f8aa6c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "dda0ae07e7341f9a", + "location": { + "path": "/usr/bin/xmlcatalog", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 23704 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c04310900e7a5b96c158ed8d4f5605dcecc8961c" + }, + { + "algorithm": "sha256", + "value": "59edd482ec6b1015f014afb2dfbfbffe906ca8e3b6b3968f3276794b6d0af500" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libxml2.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "5673356a70c66fd3", + "location": { + "path": "/usr/bin/xmllint", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 82496 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ad42762fa4a83508fba33e369b6d13eacb23e739" + }, + { + "algorithm": "sha256", + "value": "d81629a128f77765908733a1a0eda0cf97353cd81e19a3269c4e56ce16c23b55" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libxml2.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "52eab4688d6b3751", + "location": { + "path": "/usr/bin/yes", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0525fa3a805dcd1bf37ded7fc36ef84f80521847" + }, + { + "algorithm": "sha256", + "value": "614d5aab2a46b047fb5160018dd4f1c7655f792a467dcb8abea75cbec5579b08" + } + ] + }, + { + "id": "a9dcf0efdca030d9", + "location": { + "path": "/usr/bin/zdump", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 28000 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4f017d1f00be7397fcf8e0da72e57f54b2385dcc" + }, + { + "algorithm": "sha256", + "value": "5743f6d41afed780f5d47b1211fdf7bba618cf6f9af8698ba8393dd6758e04df" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "3a77f0eb2f121f92", + "location": { + "path": "/usr/lib/locale/C.utf8/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 127 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "12d0e0600557e0dcb3c64e56894b81230e2eaa72" + }, + { + "algorithm": "sha256", + "value": "26e2800affab801cb36d4ff9625a95c3abceeda2b6553a7aecd0cfcf34c98099" + } + ] + }, + { + "id": "5a3f08ff2ba7eb83", + "location": { + "path": "/usr/lib/locale/C.utf8/LC_COLLATE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1406 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f245e3207984879d0b736c9aa42f4268e27221b9" + }, + { + "algorithm": "sha256", + "value": "47a5f5359a8f324abc39d69a7f6241a2ac0e2fbbeae5b9c3a756e682b75d087b" + } + ] + }, + { + "id": "74a5b79731824b85", + "location": { + "path": "/usr/lib/locale/C.utf8/LC_CTYPE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 346132 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2ef33b106c27612ac5a4864f3ba35db0c9a1d130" + }, + { + "algorithm": "sha256", + "value": "2cb901c95a9fa81466d7878f81aa8eb52620df6f4420a0e219943ee6491c9334" + } + ] + }, + { + "id": "923c136f4c5de86a", + "location": { + "path": "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 258 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1eeec3b2cb259530d76ef717e24af0fd34d94624" + }, + { + "algorithm": "sha256", + "value": "38a1d8e5271c86f48910d9c684f64271955335736e71cec35eeac942f90eb091" + } + ] + }, + { + "id": "cbd26163fa70927c", + "location": { + "path": "/usr/lib/locale/C.utf8/LC_MEASUREMENT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 23 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0a7d0d264f9ded94057020e807bfaa13a7573821" + }, + { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + } + ] + }, + { + "id": "6492c40f18325b8f", + "location": { + "path": "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 48 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "574d7e92bedf1373ec9506859b0d55ee7babbf20" + }, + { + "algorithm": "sha256", + "value": "f9ad02f1d8eba721d4cbd50c365b5c681c39aec008f90bfc2be2dc80bfbaddcb" + } + ] + }, + { + "id": "cc81a1d8e7798571", + "location": { + "path": "/usr/lib/locale/C.utf8/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 270 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "110ed47e32d65c61ab8240202faa2114d025a009" + }, + { + "algorithm": "sha256", + "value": "bfd9e9975443b834582493fe9a8d7aefcd989376789c17470a1e548aee76fd55" + } + ] + }, + { + "id": "44461ef359eebd22", + "location": { + "path": "/usr/lib/locale/C.utf8/LC_NAME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 62 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b5d16f1042c3c1c4bef85766aa2c20c1b0d8cff6" + }, + { + "algorithm": "sha256", + "value": "14507aad9f806112e464b9ca94c93b2e4d759ddc612b5f87922d7cac7170697d" + } + ] + }, + { + "id": "ab10c6584b53de9d", + "location": { + "path": "/usr/lib/locale/C.utf8/LC_NUMERIC", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 50 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1bd2f3db04022b8cfe5cd7a7f90176f191e19425" + }, + { + "algorithm": "sha256", + "value": "f5976e6b3e6b24dfe03caad6a5b98d894d8110d8bd15507e690fd60fd3e04ab2" + } + ] + }, + { + "id": "24b7a789ea1de86d", + "location": { + "path": "/usr/lib/locale/C.utf8/LC_PAPER", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 34 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "567aaf639393135b76e22e72aaee1df95764e990" + }, + { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + } + ] + }, + { + "id": "c0765b8dd9f14fd4", + "location": { + "path": "/usr/lib/locale/C.utf8/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 47 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3316c99e183186c5cad97a71674ef7431c3da845" + }, + { + "algorithm": "sha256", + "value": "f4caf0d12844219b65ba42edc7ec2f5ac1b2fc36a3c88c28887457275daca1ee" + } + ] + }, + { + "id": "bc498e83cc41964a", + "location": { + "path": "/usr/lib/locale/C.utf8/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3360 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e619a4db877e0b54fa14b8a3992da2b561b3239b" + }, + { + "algorithm": "sha256", + "value": "0910b595d1d5d4e52cc0f415bbb1ff07c015d6860d34aae02505dd9973a63154" + } + ] + }, + { + "id": "5736fecaa205a84a", + "location": { + "path": "/usr/lib/locale/en_AG/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 162 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "de46924fd6db68ab627292c487de86cabb72dbd6" + }, + { + "algorithm": "sha256", + "value": "5978e9281ccc79389007f970fc8ab5d2aea6d44520d177c4771762ca3bb4dd19" + } + ] + }, + { + "id": "b7fdb8e1cc4478ff", + "location": { + "path": "/usr/lib/locale/en_AG/LC_COLLATE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2586930 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "62729daa665129c7cf74f746439d696d5bc0b41b" + }, + { + "algorithm": "sha256", + "value": "f062bf818ec7c394208e4b12db855fbe3765ca1463b2e0cfe05e434f1c293981" + } + ] + }, + { + "id": "6250bcdea8ac266f", + "location": { + "path": "/usr/lib/locale/en_AG/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 385 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "efef7d7bdd2b96aa090c7a82d72f4da30535f3c1" + }, + { + "algorithm": "sha256", + "value": "5c2126bf3dc5336ef02b099601ebb73f376a02028f704f545fedcfe06b3f03ad" + } + ] + }, + { + "id": "76c4882206ff7296", + "location": { + "path": "/usr/lib/locale/en_AG/LC_MEASUREMENT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 23 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0a7d0d264f9ded94057020e807bfaa13a7573821" + }, + { + "algorithm": "sha256", + "value": "bb14a6f2cbd5092a755e8f272079822d3e842620dd4542a8dfa1e5e72fc6115b" + } + ] + }, + { + "id": "d567e3219baf5464", + "location": { + "path": "/usr/lib/locale/en_AG/LC_MESSAGES/SYS_LC_MESSAGES", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 57 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7597a7a6f7e3c6ce06533debe24130833112ac3a" + }, + { + "algorithm": "sha256", + "value": "ff22236475c720a2c0c598e18dcaa0c2350de8bb335bcb6bbc994346b688f4e0" + } + ] + }, + { + "id": "4aa127ec7276729a", + "location": { + "path": "/usr/lib/locale/en_AG/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 286 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "eeb2e5ec25ea11368f1947ba883a9f21a842bf29" + }, + { + "algorithm": "sha256", + "value": "459e7bdad4cb9088a80be523db455df3ceb6de9996adb2143e10f9f924771b40" + } + ] + }, + { + "id": "c0f9fe8472cd70dd", + "location": { + "path": "/usr/lib/locale/en_AG/LC_NAME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 77 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a1a2eabc4a2a2da47d7a90d36b4d0826aac03c73" + }, + { + "algorithm": "sha256", + "value": "2d776e660519a0af4e766d36c0698101f73e1aed52c30b14588205ee5d76adf1" + } + ] + }, + { + "id": "6da63bba4b634c31", + "location": { + "path": "/usr/lib/locale/en_AG/LC_NUMERIC", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 54 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b97e5b9eaf9f831350ab5e5c8c9dbffb43703ffb" + }, + { + "algorithm": "sha256", + "value": "da9bc3bd4ecc3de2de0b0224b68c2a3300c7fc597269771dee51871d564fb0bc" + } + ] + }, + { + "id": "0dc3369aa146566b", + "location": { + "path": "/usr/lib/locale/en_AG/LC_PAPER", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 34 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "567aaf639393135b76e22e72aaee1df95764e990" + }, + { + "algorithm": "sha256", + "value": "cde048b81e2a026517cc707c906aebbd50f5ee3957b6f0c1c04699dffcb7c015" + } + ] + }, + { + "id": "8f4f44e4835c3a73", + "location": { + "path": "/usr/lib/locale/en_AG/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1dfde2e71e968eb0595bdb978b362520186096d1" + }, + { + "algorithm": "sha256", + "value": "116b926988a5c927fdf45e4f447714e7f1c4c590ed01a38f420c72e44ae44646" + } + ] + }, + { + "id": "c2f201c1032e0240", + "location": { + "path": "/usr/lib/locale/en_AG/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3332 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4366a7c64516bc16f14abbad607de613cad3124e" + }, + { + "algorithm": "sha256", + "value": "fc81b0ea5617a8015c1803e5ad4482b7775fa384e39056a193fd8af4fc587009" + } + ] + }, + { + "id": "d3b5eec6478e6b93", + "location": { + "path": "/usr/lib/locale/en_AU.utf8/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 154 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b56c621f00f1ef2426b5ea8338b3052094692e94" + }, + { + "algorithm": "sha256", + "value": "516d74b4d116466da833bfa0b69772028d1d025b34b44c1fda5461de3449c95e" + } + ] + }, + { + "id": "bfea4ce3ba74bdeb", + "location": { + "path": "/usr/lib/locale/en_AU.utf8/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 360 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fbe5bad893f69db5d06319d9da9eb3afacda87fe" + }, + { + "algorithm": "sha256", + "value": "5334b303404cb4d6d372c4f2330e258f1b811135179d87f92e14bc88cbea9719" + } + ] + }, + { + "id": "974130794f3b583f", + "location": { + "path": "/usr/lib/locale/en_AU.utf8/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 286 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f3c9533b5d436a28d5be2e9a32eaee90f28a4a78" + }, + { + "algorithm": "sha256", + "value": "6e3ae2ce05e3ca1f190b189850b5b13f1e6654e969d847aeb5cf56cd810de14c" + } + ] + }, + { + "id": "680d915f9f7beadd", + "location": { + "path": "/usr/lib/locale/en_AU.utf8/LC_NAME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 62 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cdd7dd12c655114a21aaf32f6d44c5ad8d36cc69" + }, + { + "algorithm": "sha256", + "value": "710d69ab9ac421f7da9a54bcc5a6cca6ce07f1a3a52840a2fd86879d9417a961" + } + ] + }, + { + "id": "1f464d6eeb356353", + "location": { + "path": "/usr/lib/locale/en_AU.utf8/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4b74b54bbbb664dbbf3b9b7f7dbeca35b31a4109" + }, + { + "algorithm": "sha256", + "value": "dc0473765b4eaea165a30bc7503edf05bf8a05216f883b4038bdb8ed2d69c98d" + } + ] + }, + { + "id": "5eb6f052fdcfeb64", + "location": { + "path": "/usr/lib/locale/en_AU.utf8/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3268 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d748a532533418f2be13f9459be0ed2dcf143161" + }, + { + "algorithm": "sha256", + "value": "51d1e09aa1fdda7f181ed2a5a336b000333dde888f80bb1bb40c216c36bb9cc8" + } + ] + }, + { + "id": "4579654fe5e2062d", + "location": { + "path": "/usr/lib/locale/en_AU/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 159 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8d1d8bb28afef3ed8996eeea2ec513d784d9bde6" + }, + { + "algorithm": "sha256", + "value": "ad7c9c1a9dbde81c1d117f245303c42e11758ec204657765728fc77b75ee4e31" + } + ] + }, + { + "id": "e30f4ca4aab12940", + "location": { + "path": "/usr/lib/locale/en_AU/LC_COLLATE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 21267 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3aa7a0c0ebac6fbf2bb1245c7e672dbab536f285" + }, + { + "algorithm": "sha256", + "value": "c2228135bc5d8d23e511af634953113a89e4d50cbd0d8375a60b3da879f457ba" + } + ] + }, + { + "id": "f3334cd6d5a4e692", + "location": { + "path": "/usr/lib/locale/en_AU/LC_CTYPE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 294948 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "629597526f45e697043011633831202f37e1c577" + }, + { + "algorithm": "sha256", + "value": "9f4d929890b0dda735a765aa038d7436e5c580b33445d1cd4749b03ea8c3375f" + } + ] + }, + { + "id": "622ce1883f901aaa", + "location": { + "path": "/usr/lib/locale/en_AU/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 363 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7f8f9559e4fdc215c115095dd805628cd017763f" + }, + { + "algorithm": "sha256", + "value": "5988c4157eb89d3ebb4263815443bb541f25f75897b8f7a52b65b17ef925f14a" + } + ] + }, + { + "id": "3f4b0a2e212ca8f0", + "location": { + "path": "/usr/lib/locale/en_AU/LC_MEASUREMENT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 28 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c47199c7301f82ae3137ba58f8583b5ab9c73387" + }, + { + "algorithm": "sha256", + "value": "e471915853f417071f841415994bc4a0befb771b3ab2ca07e705b9c9d7aa9569" + } + ] + }, + { + "id": "782ac26529b02d79", + "location": { + "path": "/usr/lib/locale/en_AU/LC_MESSAGES/SYS_LC_MESSAGES", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 62 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b2a0ca9b75cdf8b58da75521b70dd002fa3c6d10" + }, + { + "algorithm": "sha256", + "value": "092c1b236815302e33b5dafaa68163b77cc7f5fc13618724ef2bf3b99dbb11c0" + } + ] + }, + { + "id": "c1e5d83ac54e0817", + "location": { + "path": "/usr/lib/locale/en_AU/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 291 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "db16eda02a89798822d19cb1adbbd94adc3d829d" + }, + { + "algorithm": "sha256", + "value": "af66cf344e56185a2a01ab9c6a5c704cc7c09ddaf71ca2fb59a5eb3570247f13" + } + ] + }, + { + "id": "4cc2957527bb1e76", + "location": { + "path": "/usr/lib/locale/en_AU/LC_NAME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 67 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "269ac7bd9612418f348d662029e2363f7c2c8d59" + }, + { + "algorithm": "sha256", + "value": "4f76a728f941c8c60545a5a351b84e0e8d5fc2cfd2d58b57ef7df68bf9ff0b2c" + } + ] + }, + { + "id": "9782bb361b4231ac", + "location": { + "path": "/usr/lib/locale/en_AU/LC_NUMERIC", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 59 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "34948c970ba6163c41da1dd9b56f94236727e4c1" + }, + { + "algorithm": "sha256", + "value": "82c765bea6a0c5f953d22b2241ec3bf5b2b5f8566d64301314fc1eb8777ff2c2" + } + ] + }, + { + "id": "02257acfd818616a", + "location": { + "path": "/usr/lib/locale/en_AU/LC_PAPER", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 39 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "92eea24d1994d4060f246974a71136540580bfc0" + }, + { + "algorithm": "sha256", + "value": "7a0be06f05dea974a4ad8b2b2d4a7fa2703bc25e45198fdda5b8f4507c5b881b" + } + ] + }, + { + "id": "dccacb9cf76e809c", + "location": { + "path": "/usr/lib/locale/en_AU/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 58 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fed428006cb0265bfc42947f3c90c6c7846d296d" + }, + { + "algorithm": "sha256", + "value": "dd878a170db9b554d67b558d603d9b1d8ee9ec1769acd723267b2c65af6b97f1" + } + ] + }, + { + "id": "3fa74a4ea1c7fe73", + "location": { + "path": "/usr/lib/locale/en_AU/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3276 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d5c66104a714e363214af6bbc12fa29154a901a5" + }, + { + "algorithm": "sha256", + "value": "bf82d3292127f262668eaef86f1cd112889c11218778e6b61449aa740f888e73" + } + ] + }, + { + "id": "4165522a6a93fb52", + "location": { + "path": "/usr/lib/locale/en_BW.utf8/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 154 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "268f16d8d7f5e2770b29fad4ff3dcc990ebb7895" + }, + { + "algorithm": "sha256", + "value": "64324d4177a468f0ae88a84791c150c1df229162e029f582e90665c3e48b6e99" + } + ] + }, + { + "id": "385eb7ca2b5df1db", + "location": { + "path": "/usr/lib/locale/en_BW.utf8/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 295 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dc49c5b921ad9e122724a2ab3badc50cc2dd798c" + }, + { + "algorithm": "sha256", + "value": "6e32bd5c935dc5428e51e4662e79d60f2a2bc8e0629e890ff8428deb9a06661f" + } + ] + }, + { + "id": "68c2a41d3a42213a", + "location": { + "path": "/usr/lib/locale/en_BW.utf8/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 286 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9c7adfef227563f9d8133a214334c635efea217b" + }, + { + "algorithm": "sha256", + "value": "d4b9df2ec1f6da0a70a0ebe19bfd87b6889e4b7f236c47ff4fe1ec5cebd078fd" + } + ] + }, + { + "id": "ef62cd45a6099251", + "location": { + "path": "/usr/lib/locale/en_BW.utf8/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c4b38499c76fe9081cd7f61b234c1a8317e3ef2a" + }, + { + "algorithm": "sha256", + "value": "b84e8cfa9c5d06d2e577630db71bc359313bfffb07220b5572f4da7a979d12c7" + } + ] + }, + { + "id": "bfaf25a4fb40dc8f", + "location": { + "path": "/usr/lib/locale/en_BW.utf8/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3196 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "16299b0f6bc007e5f463114d927011189c2060f4" + }, + { + "algorithm": "sha256", + "value": "cb557c98fea141e7ae22af68357d162d6f103823dbdc5cbf0a2c8ab16dcf9cd8" + } + ] + }, + { + "id": "d530bfc779b8307b", + "location": { + "path": "/usr/lib/locale/en_BW/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 159 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "778cc8c620174fbb7f5ea272ed98d19b37dda1ae" + }, + { + "algorithm": "sha256", + "value": "b5ce1187470139c1a321b087b50248f6ed4a29e15f2bef2ea6afd02c3696e66d" + } + ] + }, + { + "id": "d6bbe8bd06422fa4", + "location": { + "path": "/usr/lib/locale/en_BW/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 300 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e462a6d44591faca274b30b5c8f7456c8fc91522" + }, + { + "algorithm": "sha256", + "value": "25b6bce71e4fe49c8fff65074006ccc6bb07eba77f618149558f35ed3294b8c0" + } + ] + }, + { + "id": "6dcc0570c216e03b", + "location": { + "path": "/usr/lib/locale/en_BW/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 291 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c2105ba573af6374bada1b62d7cbaec9b29f5f8e" + }, + { + "algorithm": "sha256", + "value": "6d7d95c6fc1dbf725a5ad7202f0225d8c1a0872fa2a9d71e0e390fabef66a80d" + } + ] + }, + { + "id": "46a2402991369690", + "location": { + "path": "/usr/lib/locale/en_BW/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 57 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ed6a216f03a47495db1a06a3c989aa9710610ea2" + }, + { + "algorithm": "sha256", + "value": "1511760e00244ac5bee008dc6013b344c01047702ea6612e023163bb2331800e" + } + ] + }, + { + "id": "6504c999649c2c74", + "location": { + "path": "/usr/lib/locale/en_BW/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3204 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e45c6ce5b1e68bf9aa18baf27a57197a19af7f05" + }, + { + "algorithm": "sha256", + "value": "25b3eac7018ba833f187bc03601ede03feb3d58edb992b5742105534055d0df7" + } + ] + }, + { + "id": "1e13f4e55de245d4", + "location": { + "path": "/usr/lib/locale/en_CA.utf8/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 150 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8f44a0ba84a4ddd00ea9185fd6c198633a220286" + }, + { + "algorithm": "sha256", + "value": "9beb276898ada74bfdb3e58010ad50d848dab826831ffde8172987b15da7609f" + } + ] + }, + { + "id": "9c6cdd46d7063a23", + "location": { + "path": "/usr/lib/locale/en_CA.utf8/LC_COLLATE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2586930 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5026ef0ad708abeb0ed50485ff0ad324503b0397" + }, + { + "algorithm": "sha256", + "value": "df5373daa0bc801de7dac8b3bac56bf41f7c33a8103115604bbd4a6d5759988a" + } + ] + }, + { + "id": "8591b67cf420ee02", + "location": { + "path": "/usr/lib/locale/en_CA.utf8/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 352 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fa278e204b99c96682cd538ba2f1ca00363eeee2" + }, + { + "algorithm": "sha256", + "value": "a0f759b1e390a27af7043b36afdee6ab1a5e0fe3edb0522b95d027c323559a9f" + } + ] + }, + { + "id": "88501f138668e3e3", + "location": { + "path": "/usr/lib/locale/en_CA.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 59 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4df66b7aee63c0a6aeaf74153723425afb46eb6a" + }, + { + "algorithm": "sha256", + "value": "278a4c06b0844aec3784d927e60a27fc477a8f1259e5d4ecfaddff635b9f13f1" + } + ] + }, + { + "id": "0534dc3d0fb74b3b", + "location": { + "path": "/usr/lib/locale/en_CA.utf8/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 286 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3cd11f954628b5c7881aab191cae64625628afb3" + }, + { + "algorithm": "sha256", + "value": "113ab7fce8ea21d471f6f99dbff4b194f106b065d16a8d28cc244ab3dcc29298" + } + ] + }, + { + "id": "bae8bf6c7a730366", + "location": { + "path": "/usr/lib/locale/en_CA.utf8/LC_PAPER", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 34 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ff8c7709fb6223661b805361b36d4419cdf46b5c" + }, + { + "algorithm": "sha256", + "value": "b4b7da39151376fdb0e8f7c35d0dc2335d2f1149fdb23882143ac1604c3f8a43" + } + ] + }, + { + "id": "fd5ce8b428ca3c7e", + "location": { + "path": "/usr/lib/locale/en_CA.utf8/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3268 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cf5c9cb31270a2a8e8bc66f24aa4aeae3f2ad8c1" + }, + { + "algorithm": "sha256", + "value": "d7452927e255ed08d63ce210fffcff32bae9df2efa0d8400751b9466bd768711" + } + ] + }, + { + "id": "4e0b9ca36bc71db2", + "location": { + "path": "/usr/lib/locale/en_CA/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 155 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3274c941bfd98e0615875ffcd7bba084f87748ee" + }, + { + "algorithm": "sha256", + "value": "fecd709136dd8aa0b0922433f514200bde9bb639af593f8a368fa32221118bd7" + } + ] + }, + { + "id": "e68b7ef714eb5304", + "location": { + "path": "/usr/lib/locale/en_CA/LC_COLLATE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 21267 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "77e5a0cce995729dae3a3da3deae99345bc06fd9" + }, + { + "algorithm": "sha256", + "value": "86ce39ae32705e44d59e0f08ad3eca7e988303700ac14dca60588ea6c395fe00" + } + ] + }, + { + "id": "5e906942ffbc22ef", + "location": { + "path": "/usr/lib/locale/en_CA/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 355 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8fcaf4cf52ae26b0715c53a2bed332b9dea1524e" + }, + { + "algorithm": "sha256", + "value": "4c9872dc999eb8518f51b21464ad5f880c0551d99315595bbe5e924f42cdb9ef" + } + ] + }, + { + "id": "11ad1e501ff5a517", + "location": { + "path": "/usr/lib/locale/en_CA/LC_MESSAGES/SYS_LC_MESSAGES", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 64 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cea2e8987f2b04dc22cb3fabe3a38b1c687429e0" + }, + { + "algorithm": "sha256", + "value": "d5d24009a728487d62b12d1db7da6851f1d44dfebd102d038ebdfcf047c2a525" + } + ] + }, + { + "id": "c86ca3a145e632c3", + "location": { + "path": "/usr/lib/locale/en_CA/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 291 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a450ef07053f369bb82a9ebda0bfa1eb593bf90d" + }, + { + "algorithm": "sha256", + "value": "a957adbbd6baf3d5a9c9a49df0d7afd2a63552a335a5b80b0e37950cb4b8010e" + } + ] + }, + { + "id": "50fae05699f85bc0", + "location": { + "path": "/usr/lib/locale/en_CA/LC_PAPER", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 39 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a523a0d5fc351a68d989832d4725a3c53aad1eef" + }, + { + "algorithm": "sha256", + "value": "9178bbf7f3d7895e793966adce6029bb27624950e84c3de39a8fe249a7edc57c" + } + ] + }, + { + "id": "3b774200efaaa5a3", + "location": { + "path": "/usr/lib/locale/en_CA/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 56 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e3984fef1a0da61f561afaf0eef4991a9c592bf2" + }, + { + "algorithm": "sha256", + "value": "a52a419ef416e12318ffd938dc5abd44787b7fe7a3cc914dd5862f17fe63dbe2" + } + ] + }, + { + "id": "0d602d287c631d2a", + "location": { + "path": "/usr/lib/locale/en_CA/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3276 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1b318133f81289bbced5d0626e184bc521a585d1" + }, + { + "algorithm": "sha256", + "value": "ae8d5b2abf057f12a8c71a610743521e3c3df976d397eda967853a140254d9ef" + } + ] + }, + { + "id": "47048e5e680f4587", + "location": { + "path": "/usr/lib/locale/en_DK.utf8/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 150 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e88b2309b15df8a0e8d8030a12407ec16946d5e8" + }, + { + "algorithm": "sha256", + "value": "8797ca35c1a1b0a8830b137326a07bfa876b6ebc04fd4f41dea9345366be0eae" + } + ] + }, + { + "id": "19819003d8ead48e", + "location": { + "path": "/usr/lib/locale/en_DK.utf8/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 364 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3824525c0836311f485a3c7cf9691ca51099dd21" + }, + { + "algorithm": "sha256", + "value": "cf27d8073b982c657c1a4935355e5f3b7ceb11d1f4aa75dba946cbe1fc69cca9" + } + ] + }, + { + "id": "5767a909fb45a626", + "location": { + "path": "/usr/lib/locale/en_DK.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 63 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d4e64af0f7e9907788f8500b9c7c439b9d8ba1fe" + }, + { + "algorithm": "sha256", + "value": "449dd6201f0ceba37162899a31cf7e940fbc6b3cb4e55727df73731214da411b" + } + ] + }, + { + "id": "16a3dbb47e4b6133", + "location": { + "path": "/usr/lib/locale/en_DK.utf8/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 294 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7d30c7879543240454948d23b9bdb2b3f2e40021" + }, + { + "algorithm": "sha256", + "value": "2869f9f858a6dea39b6760fdd37b83f35a44bd7c3bf549be66b85c9f5b84aca1" + } + ] + }, + { + "id": "69116ebb76b98b3e", + "location": { + "path": "/usr/lib/locale/en_DK.utf8/LC_NUMERIC", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 54 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "155febbaf8a258400c858e027761db0161a77f28" + }, + { + "algorithm": "sha256", + "value": "e74bd3fa29aab46175b94c0729a46cefe6568d61e41d03ac62485a88c5bf904e" + } + ] + }, + { + "id": "f6c24750a9f85cd6", + "location": { + "path": "/usr/lib/locale/en_DK.utf8/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "62727b2f59b5ee0f8139a4db26601654ead0116c" + }, + { + "algorithm": "sha256", + "value": "1b322d54185175a6f99c0f200e75f45748a5dc24e81cf9deceeb3b4b08125df9" + } + ] + }, + { + "id": "648b8f4491ceb0cf", + "location": { + "path": "/usr/lib/locale/en_DK.utf8/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3180 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b12bca67a7418a9c0751ba50551ab4d65ff49975" + }, + { + "algorithm": "sha256", + "value": "77650f06b37ea464e1521af5d88e085fabd266d1fa6dbe61c6395422ee8e9f00" + } + ] + }, + { + "id": "763253821f540b9a", + "location": { + "path": "/usr/lib/locale/en_DK/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 155 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "26a51733f5bd5f3bc2a3ae2bd5936e0314ac546d" + }, + { + "algorithm": "sha256", + "value": "c49028ffbcfe8a613e1c3106eda1a5b3e04bcd3df29777f38f4a654c84831b11" + } + ] + }, + { + "id": "d4ba241ccd0a78e0", + "location": { + "path": "/usr/lib/locale/en_DK/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 369 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "43ca7d532ef9da811f2ed309f6d907b7b8dc9296" + }, + { + "algorithm": "sha256", + "value": "bbfde7324ac2582b5158a8fac1b1743a4e2d061cea38aacd11e8303b07843c1e" + } + ] + }, + { + "id": "43377cb0de103532", + "location": { + "path": "/usr/lib/locale/en_DK/LC_MESSAGES/SYS_LC_MESSAGES", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 68 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "20ba0e19b6d7f02ba81ce94c9956d60ad0b07e3a" + }, + { + "algorithm": "sha256", + "value": "c8041aabc69941a829c4d685307dfadaf2b75229dfaaf9cd14dc45c4a6b06781" + } + ] + }, + { + "id": "f18f06f51704cd09", + "location": { + "path": "/usr/lib/locale/en_DK/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 299 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5492c6c8f3b805ba3350c01fc98d964827e5e3e3" + }, + { + "algorithm": "sha256", + "value": "8e95a180d06b5bd2bba38b325ed25248d34e33b7105469df33f9f2cf97be70f7" + } + ] + }, + { + "id": "1564dba6a452deef", + "location": { + "path": "/usr/lib/locale/en_DK/LC_NUMERIC", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 59 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "53edecfe47d3868b14eedd4c88afcb25414869ab" + }, + { + "algorithm": "sha256", + "value": "39785e9425c73fd1a0b47d9d4610f9c9f8b692a9d02caf7994ddad249bf53f98" + } + ] + }, + { + "id": "9a4111aa70462d0a", + "location": { + "path": "/usr/lib/locale/en_DK/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 56 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b76a686c848e05d06b7b443aedfa9072c253571d" + }, + { + "algorithm": "sha256", + "value": "2cb7fcb60f7531b60b34084774a136579f72b70e9fa4f6de01bac9808b4b3fed" + } + ] + }, + { + "id": "5dc58b5b9c05615e", + "location": { + "path": "/usr/lib/locale/en_DK/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3188 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "35af5ef8f67cb333257156feda0962c1c14ee194" + }, + { + "algorithm": "sha256", + "value": "74aa1c90a38fed0476594f2013385a79dd53e02b157db3384d324cb0dc2ed49b" + } + ] + }, + { + "id": "e26d1e58e38fc335", + "location": { + "path": "/usr/lib/locale/en_GB.iso885915/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 164 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5de8962a7b6475f531f69fce76c598ab8992b100" + }, + { + "algorithm": "sha256", + "value": "4f94a6e36ab13c81ebcc9e7a5d7f6a7ea171d5107990df0af1cb76475704f0fc" + } + ] + }, + { + "id": "d81fac72cfcec764", + "location": { + "path": "/usr/lib/locale/en_GB.iso885915/LC_COLLATE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 22408 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6fad093c0839f20c7594060506ab33894a72aa70" + }, + { + "algorithm": "sha256", + "value": "0fdeeec6c7d3489ec0693a457d3fbd8e01af07cb5ad6cfdc159777e291298c97" + } + ] + }, + { + "id": "a17169af35cc9326", + "location": { + "path": "/usr/lib/locale/en_GB.iso885915/LC_CTYPE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 295208 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5c0f45be1a8f4a4418105e71739c4dab7e854610" + }, + { + "algorithm": "sha256", + "value": "b1ebddb48ccb5dca8a73bb3f3bb731de3ce8b0ba3e3c347c67ab8c251d834d3f" + } + ] + }, + { + "id": "0be7d3b586c46105", + "location": { + "path": "/usr/lib/locale/en_GB.iso885915/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 377 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ee34e8cc8d8f60cc489ecee1f5cb95ada479c09a" + }, + { + "algorithm": "sha256", + "value": "512a4fe4f25b06b8f3ec49f398c9ee9ac0213a95e547398d1afd028dd53999b1" + } + ] + }, + { + "id": "d12bc318303a114d", + "location": { + "path": "/usr/lib/locale/en_GB.iso885915/LC_MEASUREMENT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 29 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2f801db13adfd7061ad9ccc2ed6208d4e854b7f0" + }, + { + "algorithm": "sha256", + "value": "a1a6dad67e57c0d5614d6b645dcb8edb4a8afed90012486420810087b6a4bde7" + } + ] + }, + { + "id": "95dc35df297b0e5a", + "location": { + "path": "/usr/lib/locale/en_GB.iso885915/LC_MESSAGES/SYS_LC_MESSAGES", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 63 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4bc55f4f1952b0298e0d80572d3fa72a863c463b" + }, + { + "algorithm": "sha256", + "value": "d7c9ce656ce7e1007a62b9922885d2b14588754249d01a2c492bd82e4a122ec0" + } + ] + }, + { + "id": "ac0f215e0c0a19f5", + "location": { + "path": "/usr/lib/locale/en_GB.iso885915/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 292 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "71f29d62764a90169c15b92e00efb6789a2f74f0" + }, + { + "algorithm": "sha256", + "value": "95e6e76420dfadb08ef4ab7e4f0cb799a32012d2716fffe150661cce3a37ad7c" + } + ] + }, + { + "id": "6b33d60371bcefe8", + "location": { + "path": "/usr/lib/locale/en_GB.iso885915/LC_NAME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 83 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "85d10e19fc2bd184d33501e092c5773068c881e4" + }, + { + "algorithm": "sha256", + "value": "ff2e587e65da8c310a5c5185daa5dc054a8e1cbea759f33641d04684411643fb" + } + ] + }, + { + "id": "6f957c50a76c70a2", + "location": { + "path": "/usr/lib/locale/en_GB.iso885915/LC_NUMERIC", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 60 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "48422415ca5c01a425c3277eadf5c7670f6c3425" + }, + { + "algorithm": "sha256", + "value": "cf7d9da93c5845e8a870aee4fe9729bc250b129f7a43d248412c33ca722137f5" + } + ] + }, + { + "id": "bfda0b536a3e99ef", + "location": { + "path": "/usr/lib/locale/en_GB.iso885915/LC_PAPER", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 40 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0548b89d28a2ae258c0decb57b03685577fc76e0" + }, + { + "algorithm": "sha256", + "value": "ca81b12c9d87f73225573bd671577d39e5f21a2b8a487774f01e6e8b04e32290" + } + ] + }, + { + "id": "131228cffbc275be", + "location": { + "path": "/usr/lib/locale/en_GB.iso885915/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 62 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a82b184606fbae45f5023834c47cbfe5f9f173c7" + }, + { + "algorithm": "sha256", + "value": "873bc0fed6082d2b8ddd1788cb60d768e8ceabb906c9e2c79c91cbfa97b8ee40" + } + ] + }, + { + "id": "5256e0f5d831158a", + "location": { + "path": "/usr/lib/locale/en_GB.iso885915/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3340 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "78896e7febca21b2737300eec0cadee8e4c2326b" + }, + { + "algorithm": "sha256", + "value": "dfbca84cfa9f63e766ec0b9cc0b77cfe29b023e07394b9bfd9015a171d8050a5" + } + ] + }, + { + "id": "b311c3d3b34dcedf", + "location": { + "path": "/usr/lib/locale/en_GB.utf8/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 158 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fa7a5b80b2d442e9c5bc8e3504ebd56e7bd1a3a4" + }, + { + "algorithm": "sha256", + "value": "2e79e6fa009a80c248f350fdc58299e2f3b849253fbe934905f24e257bb02c60" + } + ] + }, + { + "id": "3c3157b9737f6049", + "location": { + "path": "/usr/lib/locale/en_GB.utf8/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 373 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a6b33426e90246729a695afa8ddf500a8e7897f4" + }, + { + "algorithm": "sha256", + "value": "51a3b8400e0cc2ff5443f7d77d95c56f9ea47e027f0f85ec7fa5d02058aeac99" + } + ] + }, + { + "id": "7e55c4da2785d9b9", + "location": { + "path": "/usr/lib/locale/en_GB.utf8/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 290 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0af6de9b5a9511797f6d36d0b1afa9fc24fd8e87" + }, + { + "algorithm": "sha256", + "value": "f2e9ad7ed04a6eb972c30acb5433f4b530464a8882f57cb9d3391d34633c31a2" + } + ] + }, + { + "id": "38223e6d17b74cc4", + "location": { + "path": "/usr/lib/locale/en_GB.utf8/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 56 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f203008edebd8ac0994206bef79fd9537bef104a" + }, + { + "algorithm": "sha256", + "value": "ddb8c313bd9008bceb65ca9142715400e5d6ad11bdd5079044e21a88996a31b9" + } + ] + }, + { + "id": "7a8af1ed46dd9f8c", + "location": { + "path": "/usr/lib/locale/en_GB.utf8/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3332 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "82cc9ff693e207ca17c80c9b40de3dc8f0346565" + }, + { + "algorithm": "sha256", + "value": "24545b905165763a1f998fdd5d945dae7bf3364cf9d2dfd4281e34695d2d40ac" + } + ] + }, + { + "id": "9cb0c3f864e39d7d", + "location": { + "path": "/usr/lib/locale/en_GB/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 163 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1ef488daf4dbbcac459031c632fa9b9680537801" + }, + { + "algorithm": "sha256", + "value": "291964c94077552e0b6d15ae3e5c152244c76734e88b5ac10066eae889c81d07" + } + ] + }, + { + "id": "803e68723aa983bc", + "location": { + "path": "/usr/lib/locale/en_GB/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 376 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fce5d65397ba6cfa93be90bf1f7e30a8f614234c" + }, + { + "algorithm": "sha256", + "value": "20c9f7e0af4824b9e1acc2a929df97e995a799afde8496b90e2f7712e618cd7d" + } + ] + }, + { + "id": "087a30a47e7d2808", + "location": { + "path": "/usr/lib/locale/en_GB/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 291 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "26cd120d6eed5b8ef33beb6d49b015e879de53e4" + }, + { + "algorithm": "sha256", + "value": "40aed2f7b350ba3a4310a1717205280143ebdc72ef379734924b2973acb8c5ba" + } + ] + }, + { + "id": "660be2e6c4fdd627", + "location": { + "path": "/usr/lib/locale/en_GB/LC_NAME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 82 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4425cad4353b6304714640f75521b93da1174fdd" + }, + { + "algorithm": "sha256", + "value": "389ae37e836db8f0dfc79b1f2b8d232c335b39118c831b48c6bb4abf87accb61" + } + ] + }, + { + "id": "6789fad1f0696709", + "location": { + "path": "/usr/lib/locale/en_GB/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 61 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "259176b5f2d85b96c15cbdd1b2f042158c43cdf1" + }, + { + "algorithm": "sha256", + "value": "45e005598e46ee7b1cd54cfd31a21c60d17f31a5667d581e4cd17e4c506f2d14" + } + ] + }, + { + "id": "687713fa2fab73f4", + "location": { + "path": "/usr/lib/locale/en_GB/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3340 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b58d767fe0d77adb7dba55fd0dfd317408ed4768" + }, + { + "algorithm": "sha256", + "value": "0cb878b7be7f6a99b63cf3100b41879da70f8937daf961f459e42f6e6261fbfb" + } + ] + }, + { + "id": "a2ba436862b4c3c9", + "location": { + "path": "/usr/lib/locale/en_HK.utf8/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 138 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "502bf78d07fd1432a50e02a6fe7ef1df60e226e8" + }, + { + "algorithm": "sha256", + "value": "f2dc97f9b335d44f0e42781b321385a4a71ec2d12bb950ee9bcf72775149cfad" + } + ] + }, + { + "id": "a41b1715d686046c", + "location": { + "path": "/usr/lib/locale/en_HK.utf8/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 465 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cf65263906b35d585f248c239947dc0a0cd6c025" + }, + { + "algorithm": "sha256", + "value": "6594c23c2de52aa17628a61b95b4c041ae7a482bf354da59281d13e2a6ccc6cd" + } + ] + }, + { + "id": "3cd8731281643bb5", + "location": { + "path": "/usr/lib/locale/en_HK.utf8/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 290 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7e55d38b395c7279d1c166325dfe177066111ff2" + }, + { + "algorithm": "sha256", + "value": "f4a5bb46bd61b69dab850b550f5700e35c2755ffcd667cb74549ccf854987ad5" + } + ] + }, + { + "id": "9c721d319e583619", + "location": { + "path": "/usr/lib/locale/en_HK.utf8/LC_NAME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 72 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "df37f9af70c2248ebc34c50862f4d121b3994793" + }, + { + "algorithm": "sha256", + "value": "f3823b4d715e6b888119094a185041e3f8b4165b50408984d104618dc7afeed4" + } + ] + }, + { + "id": "f079b2527f88b717", + "location": { + "path": "/usr/lib/locale/en_HK.utf8/LC_NUMERIC", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 54 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "06336090b14f253421dbcdc0f98677a4f0ab3b64" + }, + { + "algorithm": "sha256", + "value": "5172617c05a37b20bf980ca047b35da4ccc281be9672df40b267dbc0a7d69c09" + } + ] + }, + { + "id": "087d554a60a9e9a2", + "location": { + "path": "/usr/lib/locale/en_HK.utf8/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 55 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e3fd3d7b81e0ca0e4288f101b9adda70f9af47f0" + }, + { + "algorithm": "sha256", + "value": "6e3c2f01f599ca8f1077f500f68da6acf19737b1c58c2480ce27f7ce2e999f2a" + } + ] + }, + { + "id": "bef7f4538e099681", + "location": { + "path": "/usr/lib/locale/en_HK.utf8/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3472 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1744aae507bfc1be4ddcd2cfeefadd26d3374e51" + }, + { + "algorithm": "sha256", + "value": "cebd2385796377658b8160e4c4cb8ba525d2bc3d968e4daae20ce6cab1afe2c5" + } + ] + }, + { + "id": "9147bdfb83baaa78", + "location": { + "path": "/usr/lib/locale/en_HK/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 143 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dc5b628a89cc0fe37023187e3dd9a523ef4c0c83" + }, + { + "algorithm": "sha256", + "value": "85ef03913f22c15ca19e194ebc4a0e36fe2321bb37895d4f09db97b17b79a362" + } + ] + }, + { + "id": "f1903afcd8474e29", + "location": { + "path": "/usr/lib/locale/en_HK/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 470 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f798b118e2baad52662e835bdf6a0f89fdf83f95" + }, + { + "algorithm": "sha256", + "value": "69fdb3b1eb3184fc07fe585ebcba517c0f8899dc1734ad8c0afcb87a04157019" + } + ] + }, + { + "id": "d6412a0d6661438e", + "location": { + "path": "/usr/lib/locale/en_HK/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 295 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "242c5bf42b63d141155b58026a9ebb15b766869e" + }, + { + "algorithm": "sha256", + "value": "c0137e48e5022922ade0bf1685183f5dbf5d05cd77beb0f0318cd193527648b5" + } + ] + }, + { + "id": "4fad18e9f1f34949", + "location": { + "path": "/usr/lib/locale/en_HK/LC_NAME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 77 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b65824e63132af3fc6d4b3014bee425658621844" + }, + { + "algorithm": "sha256", + "value": "4fdb2bdbbdae73c1a31fe08f7e1bd008754a35bb3fd399c6cb1df3d9bbb32aa4" + } + ] + }, + { + "id": "6e606d6a2b91f0ad", + "location": { + "path": "/usr/lib/locale/en_HK/LC_NUMERIC", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 59 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7f4049717dc8dc2e4feeef5bc58d73bca969001e" + }, + { + "algorithm": "sha256", + "value": "0f5496ab7b0a7d93b66d802ab6410c4ab07efa8e85b71692bb40207cb8a9397f" + } + ] + }, + { + "id": "016345ea3b4fbc1e", + "location": { + "path": "/usr/lib/locale/en_HK/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 60 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "41da8977300a68f794b6e42ff15865af106c73fe" + }, + { + "algorithm": "sha256", + "value": "677e406878326f8bb70332f80aac524139ecf0eaea0fa47d4a608994b5ee75d8" + } + ] + }, + { + "id": "c831e9a251cf8488", + "location": { + "path": "/usr/lib/locale/en_HK/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3480 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d63c8bd64f338fb7b52cb8a441f6aa394ae1fd35" + }, + { + "algorithm": "sha256", + "value": "60d3ed792af65235e691f97a936ecf68d784e5d6b40cde41eea03da7000907e1" + } + ] + }, + { + "id": "8b33184254ae6925", + "location": { + "path": "/usr/lib/locale/en_IE.utf8/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 154 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "641e8b0d8c5858a4548c6b75637dabf768ec3349" + }, + { + "algorithm": "sha256", + "value": "afba6685620272060f18ab4ff8391994dad024229f09c84aa94f66dbfec6d5bf" + } + ] + }, + { + "id": "8f90cf55604a5833", + "location": { + "path": "/usr/lib/locale/en_IE.utf8/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 345 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "852b49ff29f11512a583448c8a6b9b683b5000ee" + }, + { + "algorithm": "sha256", + "value": "3982aa6febb1137e50ea814298e9a5cee5bb8a17bab574be346d2b92f1f13cd0" + } + ] + }, + { + "id": "e4e3ef91e2d6537d", + "location": { + "path": "/usr/lib/locale/en_IE.utf8/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 294 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "938938dcc2733f1ed94a9cfbb8fffcb81ba643e3" + }, + { + "algorithm": "sha256", + "value": "a9d8a91b113acd62cb95ff336285f3ef21bc1e95375f4e5de4dab8adab8b1bcc" + } + ] + }, + { + "id": "9427f51900d8d63a", + "location": { + "path": "/usr/lib/locale/en_IE.utf8/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7ff2a971f2707a50982b6eb377492e8b8f03dcdd" + }, + { + "algorithm": "sha256", + "value": "5fa846f4a692d9c1ed30ba5b53f419c4967f1925178aa102da09ce75780a18ca" + } + ] + }, + { + "id": "6e41a6411c90aee3", + "location": { + "path": "/usr/lib/locale/en_IE.utf8/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3196 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "61768444ab0c3e40fb53fb34352ee94d707efa7d" + }, + { + "algorithm": "sha256", + "value": "b50dd0a6bc80f6bc7718b06c9119c1ed0cef013002f606709acc2596a27cf1d5" + } + ] + }, + { + "id": "a657e0e2c72e745a", + "location": { + "path": "/usr/lib/locale/en_IE/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 159 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ef41e320c6ccf69e8d731876a96db0495a52b439" + }, + { + "algorithm": "sha256", + "value": "9578d6f0fc0768b3e09e8118bb369342e3d4b7fa95f05ea226847658c0dead3b" + } + ] + }, + { + "id": "3481bc602338f6bc", + "location": { + "path": "/usr/lib/locale/en_IE/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 348 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9d42f14af0d0e9bf04b44ac0f27b5fb2fc0ad30f" + }, + { + "algorithm": "sha256", + "value": "d8ebe38e45b6d6a5335dc80b1ed15b9b0672fd41d846c49ac506c07622e02ae0" + } + ] + }, + { + "id": "3a971696e0257f4b", + "location": { + "path": "/usr/lib/locale/en_IE/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 299 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6144944af118c9c1e075f2642bdd54c27daae8dc" + }, + { + "algorithm": "sha256", + "value": "3b551ba69af8f09b18d96849d5d4668573352e05d65c2c4e051cab43a8e7a0bb" + } + ] + }, + { + "id": "e2e8cbd2f42860b0", + "location": { + "path": "/usr/lib/locale/en_IE/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 57 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ef140786dcb9ac4d17b4b4129a4a270db2a99d1d" + }, + { + "algorithm": "sha256", + "value": "601efdc587d6d29de3dc6dc23d308a7bb764b4e0f817276a7d055c37c09600f9" + } + ] + }, + { + "id": "e73c68dea9ebd6c3", + "location": { + "path": "/usr/lib/locale/en_IE/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3204 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e95b2becb45755494f229af65d822772d55324ac" + }, + { + "algorithm": "sha256", + "value": "314cd9b6f0ac4fabb741538d4f23c827e340e3fa313e3d3f5073a0ca6a9a2f9a" + } + ] + }, + { + "id": "7c2897b0b8b017d7", + "location": { + "path": "/usr/lib/locale/en_IE@euro/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 160 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "768887a04882cb7c13f211e933439c1af0d1d6ae" + }, + { + "algorithm": "sha256", + "value": "7de0f6f4a639779bb70c9371568323f73144150f648940efa4b7c4be4db16d91" + } + ] + }, + { + "id": "40007b730202332e", + "location": { + "path": "/usr/lib/locale/en_IE@euro/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 370 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dd03d1906789b53fd8517dbd1aa43ee45c449210" + }, + { + "algorithm": "sha256", + "value": "51ea5c74ca943af16be679948957027318f0685c4c81bddb47e29ee9032bf9f3" + } + ] + }, + { + "id": "07257989d347eea8", + "location": { + "path": "/usr/lib/locale/en_IE@euro/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 292 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6e6160c9d7b488a9e8f485dd1da7ba4fdf48e892" + }, + { + "algorithm": "sha256", + "value": "35a500937035ecfb3117443209a29e6045956d45af1ce8fcdcd4b64d609c049f" + } + ] + }, + { + "id": "0bedf070662f6eed", + "location": { + "path": "/usr/lib/locale/en_IE@euro/LC_NAME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 68 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1a206ece817e239da208279277b4405a6a9f32dc" + }, + { + "algorithm": "sha256", + "value": "a2877b465ad99b3e67c675eb6e73491eec3f1e7c362cf6b6773bd0f312f0c2f5" + } + ] + }, + { + "id": "809dd48a69e97c62", + "location": { + "path": "/usr/lib/locale/en_IE@euro/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 58 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "88aadb63af2ca75b60aff42ee397fc2d010c27d2" + }, + { + "algorithm": "sha256", + "value": "5d95eb5f24c57d2344a46edd509a15b382dd03edc457d299ab89c2b8ef526489" + } + ] + }, + { + "id": "14542e0fa508d94c", + "location": { + "path": "/usr/lib/locale/en_IE@euro/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3204 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5e309931ceccdfa54f1e9144790ff423975f00b4" + }, + { + "algorithm": "sha256", + "value": "15dd19e0d67c1e8f3906cdcc944c268cc3c3ceb0f558c08f1fe03c2cddeee748" + } + ] + }, + { + "id": "53a775065e12e26e", + "location": { + "path": "/usr/lib/locale/en_IL/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 154 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "899a2d0bc4396bbcdbfc749b14b0e07c39d36bfc" + }, + { + "algorithm": "sha256", + "value": "b2b6d1ce3e3bdf8fc22261ac3cb2c7c0a072c4916327e4a2063fad386b5da8a7" + } + ] + }, + { + "id": "69516bff7e8fe0b1", + "location": { + "path": "/usr/lib/locale/en_IL/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 352 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5686cde189d555c18e466b629c7435e6c465c2e3" + }, + { + "algorithm": "sha256", + "value": "858942221aaa1a1f9c9d6672a02cda2067c4e6fbc68dcd6a7627457429d9f77e" + } + ] + }, + { + "id": "f470afd6fecb1c57", + "location": { + "path": "/usr/lib/locale/en_IL/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 294 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "96d093d880bda6f54243fdd825cca308f1b63f68" + }, + { + "algorithm": "sha256", + "value": "58c940021b43f466bd9c693dc7057fb9cf42942062c7139650cbb89ad2e4f336" + } + ] + }, + { + "id": "ea26208b08f108be", + "location": { + "path": "/usr/lib/locale/en_IL/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 68 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "beafc690b5d62fc9dee1d241a844d3337818e610" + }, + { + "algorithm": "sha256", + "value": "e2f5faf52d54076c1e6266ef4c23665704c85258839818e37ee37a9f37c6edfd" + } + ] + }, + { + "id": "72f8044f4347f883", + "location": { + "path": "/usr/lib/locale/en_IL/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3196 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f610c879d12456c392a9afc915a1c38e04217957" + }, + { + "algorithm": "sha256", + "value": "c0122e62acccf2f67ed1eff86b306f59497c099564822023955864f5eb2150e2" + } + ] + }, + { + "id": "0c56452f190f5e2a", + "location": { + "path": "/usr/lib/locale/en_IN/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 126 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f5b54be19ecd6c4ca59dca8fddd8810a96dc54bc" + }, + { + "algorithm": "sha256", + "value": "b1657d241862c96091ccf9f6664d235b8bfdc12e3fbe2d1fb8017db2841bcf2b" + } + ] + }, + { + "id": "96936d9ae77b6b26", + "location": { + "path": "/usr/lib/locale/en_IN/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 456 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "48ab68fb30beefee31842bb25673373c61409c24" + }, + { + "algorithm": "sha256", + "value": "35dbeb9a2bd857f95fba54fb322e6e0a5fa5c7a93e206132bf9960088b399ab3" + } + ] + }, + { + "id": "8946a994e6c14dd9", + "location": { + "path": "/usr/lib/locale/en_IN/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 294 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bd0f0702484cd46a6789fba18ec668706bbcc4ca" + }, + { + "algorithm": "sha256", + "value": "61a320a6571b954eaa6f39ef9c6f06f19b4121ea638c850f002a9af8a58039f6" + } + ] + }, + { + "id": "6f7db9001d123721", + "location": { + "path": "/usr/lib/locale/en_IN/LC_NUMERIC", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 54 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "41223ecc14927d649a4f16ac2c10d7baadfb7671" + }, + { + "algorithm": "sha256", + "value": "28696c445198df18662f64fe5300a1b762077efda709fbd85c4d006dbb89cdff" + } + ] + }, + { + "id": "6fa5d65ad06c31be", + "location": { + "path": "/usr/lib/locale/en_IN/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2541d0f24fa8558f8fe0cb63dcb6e3e8b373f44b" + }, + { + "algorithm": "sha256", + "value": "580b6e7771ceea7eb460ef02ab74fe0c9af2506f8e12a9fba38424550db10131" + } + ] + }, + { + "id": "e55a1736aab009ee", + "location": { + "path": "/usr/lib/locale/en_IN/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3432 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "58218f8516c1d5c78a643b7461d8ef66c127bbaa" + }, + { + "algorithm": "sha256", + "value": "c9c45b2923c4e065f3c2836a5eb7ca9d5ae55fddf5799004553a8fe30574a3be" + } + ] + }, + { + "id": "d5da6b7330821348", + "location": { + "path": "/usr/lib/locale/en_NG/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 157 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2e2635a2e20ff4245deb8eab5dce3d3bc03232b2" + }, + { + "algorithm": "sha256", + "value": "317371a6d0e5bec610496599512b78fb29665dbe112e4490000b0e19128a6d46" + } + ] + }, + { + "id": "0ed734304b626d51", + "location": { + "path": "/usr/lib/locale/en_NG/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 265 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2517f824c3ab8f3c4020bfbe2bf2e2c494defefe" + }, + { + "algorithm": "sha256", + "value": "2f8297c7958830546d126a6f4d25b08e510f7fcea9e02ab7411fe8d966b41dc3" + } + ] + }, + { + "id": "affc307a88d5ffb0", + "location": { + "path": "/usr/lib/locale/en_NG/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 294 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e1dbecc58a788a172a7cb1064fe2885be0e2e51f" + }, + { + "algorithm": "sha256", + "value": "77389baab2204640b3710c73692750a699358516bd656938f4c200192e44ce0b" + } + ] + }, + { + "id": "6dd9f48f9cc7324a", + "location": { + "path": "/usr/lib/locale/en_NG/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 60 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "95176449d300eea19ac43e683939970c034eb81d" + }, + { + "algorithm": "sha256", + "value": "db478f53f42c264b025f04250d885f182f1f70fdbba458bfc000e3d484528e80" + } + ] + }, + { + "id": "974cb428e9efd99c", + "location": { + "path": "/usr/lib/locale/en_NG/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3196 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "768002e0be470dc45f443e12c53f7ef6e542960c" + }, + { + "algorithm": "sha256", + "value": "f83e0b2ad02560b99ed3c5ce7cf5cef41f9d23e6a510eee373d8aefada460023" + } + ] + }, + { + "id": "c99cb163821c1258", + "location": { + "path": "/usr/lib/locale/en_NZ.utf8/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 154 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "da6d8a720df1b2c640ce53a9611d97558ee979fe" + }, + { + "algorithm": "sha256", + "value": "67c85262cd9a21211fc91f17da55362c9574e770dbcda7e12636d16687b10767" + } + ] + }, + { + "id": "4030524a87104fd1", + "location": { + "path": "/usr/lib/locale/en_NZ.utf8/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 353 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e2ab0101909999fd98ecfeb549351080dab71bae" + }, + { + "algorithm": "sha256", + "value": "573081226607e7e0971c76649d1768c00fa99604311449bd32faaecae6012e28" + } + ] + }, + { + "id": "26db2509eb130a1d", + "location": { + "path": "/usr/lib/locale/en_NZ.utf8/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 286 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cfd8a4ac0c2f9e5e36a4a918a3c3bf77f7a6b9a6" + }, + { + "algorithm": "sha256", + "value": "7a3fb3e7a7c07f722382ed26cbd37ac489328897ef9aaa742f0b455628414a7c" + } + ] + }, + { + "id": "07ef2d1b3dfe929b", + "location": { + "path": "/usr/lib/locale/en_NZ.utf8/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 51 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "532d561ecba3e63517d24c328fa73be6cb1da11b" + }, + { + "algorithm": "sha256", + "value": "b5055638d155060f11adcfd6bc4fdb7ccd07bb0772c6f65c497c859584a31ac0" + } + ] + }, + { + "id": "84346be3b5ef9b58", + "location": { + "path": "/usr/lib/locale/en_NZ/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 159 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "669a04045dcb42fa86c3d24afd6059082d26a2be" + }, + { + "algorithm": "sha256", + "value": "3cc04632ab4258ad1386a6bc792dfb3a45740df630e83b3982e23769851e96a0" + } + ] + }, + { + "id": "b6a8d8476886d50c", + "location": { + "path": "/usr/lib/locale/en_NZ/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 356 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9028fece74a4ba2bb56c9dd0c0c8710dc18729a9" + }, + { + "algorithm": "sha256", + "value": "7abbec363cf20a90b7c25b812660dee897fc6e0c69a5aca7449b6ec48ab1409b" + } + ] + }, + { + "id": "41102a2b1e61867a", + "location": { + "path": "/usr/lib/locale/en_NZ/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 291 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b6fbe02b5a6befc9a2041ce03e90784929dbf6df" + }, + { + "algorithm": "sha256", + "value": "d047a750661932b9ed03ce9ccff640aff34b5ac69e31e6f2200cd782810d2c68" + } + ] + }, + { + "id": "6d52427e28cb797b", + "location": { + "path": "/usr/lib/locale/en_NZ/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 56 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8cec44f9de86384cf89a239f956e04c9d4af956d" + }, + { + "algorithm": "sha256", + "value": "034ff6820110188b7ee334d4e38f9eeb321f795ee2294a6256616777ee3a5db0" + } + ] + }, + { + "id": "0894711dce7ba59b", + "location": { + "path": "/usr/lib/locale/en_PH.utf8/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 130 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8d07338dd493cdb6be1f48202889250f925559d2" + }, + { + "algorithm": "sha256", + "value": "d162b7314d73090a42ed3e3e40c890a9c29179a2c78b5eede6ff88ebd82415fb" + } + ] + }, + { + "id": "768f1f699be33ce4", + "location": { + "path": "/usr/lib/locale/en_PH.utf8/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 468 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7bf0b5b977ce3cb80b8eb2a152757e9d6eb49402" + }, + { + "algorithm": "sha256", + "value": "cf13bfc57a37a421c4832454cfdbe7911e02d46d416560a3a853e14e2a19e8dd" + } + ] + }, + { + "id": "a9e5728cddaab742", + "location": { + "path": "/usr/lib/locale/en_PH.utf8/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 290 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c23299ce575cca205a54f7261457b4f173e2088a" + }, + { + "algorithm": "sha256", + "value": "c1fbe0c7987b4023d4222ba46059f01892bd36bef404ba7fd36174f046e8e3b9" + } + ] + }, + { + "id": "8a27c11a8a706d8a", + "location": { + "path": "/usr/lib/locale/en_PH.utf8/LC_NAME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 73 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c31f00e1aa4d6ce08083b6a85a0cedbbf36afa94" + }, + { + "algorithm": "sha256", + "value": "60e56627dc90cc2e87f82a471c516a6f8775064b0c67fce22ab4586fc7caf2d7" + } + ] + }, + { + "id": "1716f766099ad74e", + "location": { + "path": "/usr/lib/locale/en_PH.utf8/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1068ca207ae6107e679e2085fdc8c6b74c28706f" + }, + { + "algorithm": "sha256", + "value": "2f2ca9411835619abacd5a3a4698e1de399dc36bebb6f28b1681b70b2528477c" + } + ] + }, + { + "id": "5cc21ea06b49b59b", + "location": { + "path": "/usr/lib/locale/en_PH.utf8/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3480 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6f5072f319b1d977f89ffc04a3c467d4526e40c7" + }, + { + "algorithm": "sha256", + "value": "98aceae2484f58615f564e8a3d326ae0c6104bc9327a577b3e74725537de0b18" + } + ] + }, + { + "id": "70681bb5f4f5447d", + "location": { + "path": "/usr/lib/locale/en_PH/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 135 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2ea05675357354dcb8a74ebfbed25e637bdc9c15" + }, + { + "algorithm": "sha256", + "value": "af435ccccee9f23a895dcb40577d667c1f5d1b4d81d9811379837ed8bf471352" + } + ] + }, + { + "id": "75f6b1f3c8801c49", + "location": { + "path": "/usr/lib/locale/en_PH/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 473 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f04f22dd35e2101c59966cce59521dc6b0897e48" + }, + { + "algorithm": "sha256", + "value": "b224f33330d0fd89f42b5ba4723f88e943d21c6bc5cc2471f8accc433f3dc160" + } + ] + }, + { + "id": "0a30e333053051f6", + "location": { + "path": "/usr/lib/locale/en_PH/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 295 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5da00194702068bbb6073a767798a974ac4cf80c" + }, + { + "algorithm": "sha256", + "value": "2458bae97e741ecdd15a9b075ef039fed6e2a1b701de434b7a002534d572eefe" + } + ] + }, + { + "id": "881f30e3fe440357", + "location": { + "path": "/usr/lib/locale/en_PH/LC_NAME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 78 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6b7d97faab66f7544cffecbc9b9d95a482ef0570" + }, + { + "algorithm": "sha256", + "value": "4dd542ea728b2f2f95cb0b6cdc53ede87b3fec7cbf79425e1f9a62d90fd2d948" + } + ] + }, + { + "id": "e02fb9f51f91e081", + "location": { + "path": "/usr/lib/locale/en_PH/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 58 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9ba61dd290a554c96a1e96f1e7d78d918c780cc3" + }, + { + "algorithm": "sha256", + "value": "01b590c55ec707b5a67641e73bde823094387ce59139541f6a714216744c152c" + } + ] + }, + { + "id": "f0545fa0cad8c392", + "location": { + "path": "/usr/lib/locale/en_PH/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3488 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c9489350afec9558e13793b988c35a2df3bf20d7" + }, + { + "algorithm": "sha256", + "value": "68c8c2a4797f69746163ba5b79f8b102370baf3dc397db7a2eddac8499daf67b" + } + ] + }, + { + "id": "a4934c5939380028", + "location": { + "path": "/usr/lib/locale/en_SC.utf8/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 135 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ca8339cd4ca6ccdc9ea3d5dcc0abef7f87c62861" + }, + { + "algorithm": "sha256", + "value": "e9f4cade75a1468cac72ccc9209941841a20683e6479d21894121bb11ac5ea1f" + } + ] + }, + { + "id": "1e4c3c1d973b97f9", + "location": { + "path": "/usr/lib/locale/en_SC.utf8/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 326 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3dae6fe68dba535d0e6ab64087df3a98efa4f849" + }, + { + "algorithm": "sha256", + "value": "85cc42ca23ece68cfc5978e9c484f6e5be1d00f5c5a0397fb054ee703edde586" + } + ] + }, + { + "id": "2c8f934a6186475f", + "location": { + "path": "/usr/lib/locale/en_SC.utf8/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 290 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7f113b92741088f2f4465a051ec0ca6469d74055" + }, + { + "algorithm": "sha256", + "value": "6cce27edfd96ee366dfcdf5985ba52073c1e81a0641cc606f3b2ceb0f853da91" + } + ] + }, + { + "id": "63ebf25a5df506e5", + "location": { + "path": "/usr/lib/locale/en_SC.utf8/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "605218cf2cd2ead116f4349a64acddb4ed1998e1" + }, + { + "algorithm": "sha256", + "value": "3977c5cd62d44d646332bfeeea42245b9ee1deb46b89e32eb88a7d603fc23b43" + } + ] + }, + { + "id": "2cb886fdfb3311d8", + "location": { + "path": "/usr/lib/locale/en_SG.utf8/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 130 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c3c093590f458b7fb1232d4ec7ef678832ad9ed3" + }, + { + "algorithm": "sha256", + "value": "82ace6e4940d0a3724c810cf34f5361407cdd22fa937be8ca04188cb26891ac9" + } + ] + }, + { + "id": "a737b8e0cb054ea5", + "location": { + "path": "/usr/lib/locale/en_SG.utf8/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 464 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6ca6144e2bc75b0b88a381c9ee81c439e86d7809" + }, + { + "algorithm": "sha256", + "value": "601e65c2d5013b728988746377f64ebf7e07b5966aa07d7ce201e0e6abf8f216" + } + ] + }, + { + "id": "f75c76c71ceede8c", + "location": { + "path": "/usr/lib/locale/en_SG.utf8/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 286 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c13060cd8b6b201109d8c84a92db19520887c1eb" + }, + { + "algorithm": "sha256", + "value": "9bf4afcd8241e6e3c30b8f9718e3689bda5dcf6f36da9aa72fcf9fa59e05ad4b" + } + ] + }, + { + "id": "83a4c7883cb4c2ba", + "location": { + "path": "/usr/lib/locale/en_SG.utf8/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 54 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "20398845be8cf207d82d58e7b3912d38b22ba15a" + }, + { + "algorithm": "sha256", + "value": "d288d087c09405e74f85c7542d093280a92ea18a344642d4f77263582dbc9d22" + } + ] + }, + { + "id": "e1a4cdd347d804d0", + "location": { + "path": "/usr/lib/locale/en_SG.utf8/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3268 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d9b144633fc7bfc74c57844ba207dc1b80282e26" + }, + { + "algorithm": "sha256", + "value": "93a053ac74b7776995f1981a4f89cc4d3d0e8ae1bc367f24c05d39b5d6789a2f" + } + ] + }, + { + "id": "72f7d7071b21f622", + "location": { + "path": "/usr/lib/locale/en_SG/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 135 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "758f93afea7eed3530a6297bb3c61a55a3bc19d8" + }, + { + "algorithm": "sha256", + "value": "433c5f2842f19de24597d213b1181e2374315c6688230c05e6855533e0001f48" + } + ] + }, + { + "id": "07d997f9a0fe5fe4", + "location": { + "path": "/usr/lib/locale/en_SG/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 469 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "007dfe76377ad8889d099453b09863ca3e3e74c5" + }, + { + "algorithm": "sha256", + "value": "adfb5f03ef5d127016ecf68a72276c68eca381b5ddd992019bb4dcfe9ccf464b" + } + ] + }, + { + "id": "45bb161855a3bc8a", + "location": { + "path": "/usr/lib/locale/en_SG/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 291 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d1ecb076e581b5c1be3bb6c48aeaadebe7a3dd8a" + }, + { + "algorithm": "sha256", + "value": "ff584067bab43f7a84b44cc7f0d1761c65ba09dbfa97ae6c6e4a9700950a541a" + } + ] + }, + { + "id": "b08038c6338b8aaf", + "location": { + "path": "/usr/lib/locale/en_SG/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 59 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0efb012eb81eb5740301bd54f2574cfe5a2b1598" + }, + { + "algorithm": "sha256", + "value": "8a232d9599e3c135da14f785a3a76150e1a9f1aea40a3eac8c6b64de6567a8ca" + } + ] + }, + { + "id": "6528a473bcf2bdad", + "location": { + "path": "/usr/lib/locale/en_SG/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3276 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9e87da5f0ccef25fa38ca4f6617c2e4a6c08d86e" + }, + { + "algorithm": "sha256", + "value": "fb76a7e7bca9ddac0c62808564b07a507a80f3aacf7e14a499abd6ea07c586bb" + } + ] + }, + { + "id": "da911527e3f13369", + "location": { + "path": "/usr/lib/locale/en_US.iso885915/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 173 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3a9ca04a52327bba3adeebba30d0f85b00c89eba" + }, + { + "algorithm": "sha256", + "value": "fed2012e2dee8bfebe132e5f28c6f511a7305756fa9f92eb43431efeea3267aa" + } + ] + }, + { + "id": "c1473b99cc79f35d", + "location": { + "path": "/usr/lib/locale/en_US.iso885915/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 375 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "94bdbf3cac4bf04222916f52a724c26c9023693b" + }, + { + "algorithm": "sha256", + "value": "5e0c0e0d2d8666722d03d46c7b8f6d2d746e610f5eb26331d74f646a7f9fc268" + } + ] + }, + { + "id": "8a8b42f36b9b8207", + "location": { + "path": "/usr/lib/locale/en_US.iso885915/LC_MEASUREMENT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 29 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4d76ed8b0e77bce585ea89a683cd299127764b8f" + }, + { + "algorithm": "sha256", + "value": "e1b8ef3d3829b1d9b5d38d6fc04d247884b297cf6e574c69c6dbdf9d84bdf5a3" + } + ] + }, + { + "id": "94a7ade69d58bff6", + "location": { + "path": "/usr/lib/locale/en_US.iso885915/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 292 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e6614b9dccc3bedae6e79787cdd4e1dbedfc44aa" + }, + { + "algorithm": "sha256", + "value": "df89655e9ce3ee1151d4efd47108ed8d084c45cd185d979e900ed4da9ddcbd6f" + } + ] + }, + { + "id": "0ed8db47d526c931", + "location": { + "path": "/usr/lib/locale/en_US.iso885915/LC_PAPER", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 40 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "25103e6c2b8db16c6968807fade1718fb2a85584" + }, + { + "algorithm": "sha256", + "value": "dddd62f89df122c966c002d59401fb8eeae27940d4e7d39d7d095b0de8661954" + } + ] + }, + { + "id": "443e0595cd752ddb", + "location": { + "path": "/usr/lib/locale/en_US.iso885915/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 65 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "141ff599b16c96ac520736f0e628f7ff48626170" + }, + { + "algorithm": "sha256", + "value": "0ea01b1a39c5f0b2581572108880f3669484acdac303d63265a1a54c8584ec52" + } + ] + }, + { + "id": "8b4ee97f654cfb3c", + "location": { + "path": "/usr/lib/locale/en_US.iso885915/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3292 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0d4c633c947180eee655861008a87f625519174d" + }, + { + "algorithm": "sha256", + "value": "9e1c499a2ad90f84709c23ba502d342332c4236a1f4187ce89475bd61e3fabd5" + } + ] + }, + { + "id": "f261aef256ecbb61", + "location": { + "path": "/usr/lib/locale/en_US.utf8/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 167 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "aa5248b0ac085665477b2feb1266205b3bed557d" + }, + { + "algorithm": "sha256", + "value": "c39329bc8f9fd0a7bd7faa9256cf3b8e39ec91ff989662066f243466269cc164" + } + ] + }, + { + "id": "f0ae05c7c5252d2e", + "location": { + "path": "/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 369 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fc6c342729603b4463663c48f3c2491ab6199405" + }, + { + "algorithm": "sha256", + "value": "2dfac9ea94abf72ba888bcbe5ba582a99fbca1b7c6a2598e80b1028d12a71ecf" + } + ] + }, + { + "id": "bc8f80fad7ae69a1", + "location": { + "path": "/usr/lib/locale/en_US.utf8/LC_MEASUREMENT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 23 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "86db16a6c73e1eb6f5fe9113d933e2cb093471ec" + }, + { + "algorithm": "sha256", + "value": "c2200fc75f8f268d9e8d71072064f64d94497e5abd58abd5ab1506c3a40dbd1a" + } + ] + }, + { + "id": "4501793c1c85d97e", + "location": { + "path": "/usr/lib/locale/en_US.utf8/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 286 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "987e15618ea98718060788944871a3d9c2fa0a41" + }, + { + "algorithm": "sha256", + "value": "31d62ce6350e6ead9fd019cb4d0083364a2c587d2f1f7ed5f7e213e7d73fb1ec" + } + ] + }, + { + "id": "1dd0186f52f33e01", + "location": { + "path": "/usr/lib/locale/en_US.utf8/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 59 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ce7bb5df7eec8dc0dc51d64b0ce336a074ccceb3" + }, + { + "algorithm": "sha256", + "value": "30b9a5f08480a634e2f016e1e2af957ae34e7bc849600376b8ac6ce2c9d536a6" + } + ] + }, + { + "id": "f3bec4ff8fe53568", + "location": { + "path": "/usr/lib/locale/en_US.utf8/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3284 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d23b845672503ae7a96bb5c286285a5756eb43de" + }, + { + "algorithm": "sha256", + "value": "9bcdb29af2d6244ad5bffc068fe5bec91bb2daf8a7bdebb1faf95b906c665f0c" + } + ] + }, + { + "id": "3efb6f9baf7aa9bc", + "location": { + "path": "/usr/lib/locale/en_US/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 172 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "24ba64726344ead8a316f1e45b188c41467dfe1b" + }, + { + "algorithm": "sha256", + "value": "41d9917d2ae05249d16711596736e9b1d45453f5020876b4444f61772da266a8" + } + ] + }, + { + "id": "5e00798fd370e07c", + "location": { + "path": "/usr/lib/locale/en_US/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 374 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8c47010f5c7042acd399040da15f324259b16f6b" + }, + { + "algorithm": "sha256", + "value": "59751eac8c60078e5d919ccc3deef9aaa8d207b496023513352671e3ed334cb1" + } + ] + }, + { + "id": "84ef38a699af04be", + "location": { + "path": "/usr/lib/locale/en_US/LC_MEASUREMENT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 28 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0f84f6dddc28ac2a28687c9eb79cc064f7053fab" + }, + { + "algorithm": "sha256", + "value": "2aae1e834b1ba9795f38125f84c06211a201832dfcd1814e5c5c1716d945deb5" + } + ] + }, + { + "id": "a13db4d8922902a7", + "location": { + "path": "/usr/lib/locale/en_US/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 291 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f0dad6d35af71b2b3d48632942310c018fe74a3c" + }, + { + "algorithm": "sha256", + "value": "f487ae1faffded41234af617460737e21fd2f96d59d41b3d49e2e6bdc49b60ae" + } + ] + }, + { + "id": "5cbf057679313401", + "location": { + "path": "/usr/lib/locale/en_US/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 64 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2af8e0c178e01ecf720e055bddb29f3b300e46d5" + }, + { + "algorithm": "sha256", + "value": "44b30e113bee1acd4f02c811422cb2d9c873c51f85f52087d4d62c532c41025a" + } + ] + }, + { + "id": "ce57b3ad6cf33a38", + "location": { + "path": "/usr/lib/locale/en_US/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3292 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "97f4e303bba85e8039e6de87522b499e1a12c4f5" + }, + { + "algorithm": "sha256", + "value": "2fbeb060d70ddcf233e263c7810e143d719cd7e431f0e991166378d6bd16dc68" + } + ] + }, + { + "id": "dc3dd19625a60d97", + "location": { + "path": "/usr/lib/locale/en_ZA.utf8/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 159 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "632773926d3031be1dd07900f0cec179c0c783cb" + }, + { + "algorithm": "sha256", + "value": "94745c5cd36512e659920b041128048e7fb609a0eb42bf1321b3551b2372150f" + } + ] + }, + { + "id": "676a0168a2d88433", + "location": { + "path": "/usr/lib/locale/en_ZA.utf8/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 410 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fc889b2bb99d4d5c8adcfbd9714b2710b2850fba" + }, + { + "algorithm": "sha256", + "value": "932aa6107031d823fda0ffd7d5954fee7f007cbb9f6f512b911080a72b8ea17e" + } + ] + }, + { + "id": "84e242430eb68221", + "location": { + "path": "/usr/lib/locale/en_ZA.utf8/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 286 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bd3e6df90ac53ff7cdaca2d57a27a8e9d66c74e8" + }, + { + "algorithm": "sha256", + "value": "d7630e3914cbaadde18d3bf26d806490377ca761ba595d711f6c2ed148df6636" + } + ] + }, + { + "id": "4b970ae23ba68900", + "location": { + "path": "/usr/lib/locale/en_ZA.utf8/LC_NAME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 73 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f0dd8a9ca415381f3d0108bf702c5653c8c4da16" + }, + { + "algorithm": "sha256", + "value": "58672646ba335323eaf0c16503b1efccbabcf382f768d53fa8cad2292098bc64" + } + ] + }, + { + "id": "89ef152397566e74", + "location": { + "path": "/usr/lib/locale/en_ZA.utf8/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 58 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2a0aa872bb8e58408bfc7d3e5da7bbfd4a88ad6f" + }, + { + "algorithm": "sha256", + "value": "f338558b3eecbed3ad24bb3dc1244f33b164fe9709b2bddc13f988ea8906b1bd" + } + ] + }, + { + "id": "259d2fc8e938cfdc", + "location": { + "path": "/usr/lib/locale/en_ZA/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 164 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c0f63c82109c9d7604ef70bea60c4a5ef43b8eb6" + }, + { + "algorithm": "sha256", + "value": "7352417bf06b6d7e5073e96fe48ae89cebb3a2dd8dc964a51a20c4e8c0549585" + } + ] + }, + { + "id": "5f6ea0b28b89f843", + "location": { + "path": "/usr/lib/locale/en_ZA/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 415 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5ab527753f08946e6d0bfa5d26eb741d0a8b3400" + }, + { + "algorithm": "sha256", + "value": "f81b56ee7b02f06d292d0d964ddc2c0aab6b92a56b4794e9b80e272a8eb9d05e" + } + ] + }, + { + "id": "18560ae915b36da4", + "location": { + "path": "/usr/lib/locale/en_ZA/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 291 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0acaafe1896ee0c6a95e0d7d7b318f6abc87875c" + }, + { + "algorithm": "sha256", + "value": "7a89a374454abd4b900e1343c46113055873e3522392f7512a896400faa7e2c6" + } + ] + }, + { + "id": "a876f6dda47cbcc0", + "location": { + "path": "/usr/lib/locale/en_ZA/LC_NAME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 78 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4fa85ea402137c045cab228fe37ffec498d49dd3" + }, + { + "algorithm": "sha256", + "value": "414aae01ed42d09178b5d6e582d661724d31af59acaac55f49fbed6bacce3f7b" + } + ] + }, + { + "id": "485db2c8d2fb8138", + "location": { + "path": "/usr/lib/locale/en_ZA/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 63 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "454940dd28eb4fd1b6d2dea93d18c025455b9d66" + }, + { + "algorithm": "sha256", + "value": "2eb3d873983762dba78b9d65f27bbd54a1393c22cf0277b3c39a003a00102e69" + } + ] + }, + { + "id": "9981640786333366", + "location": { + "path": "/usr/lib/locale/en_ZM/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 146 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8f513067e4c43025457831cf6999031a5f677b90" + }, + { + "algorithm": "sha256", + "value": "7963b9acf9e63e3abb868b73b5712ddacb2071b4332e37043c8e029bd9ae2a97" + } + ] + }, + { + "id": "14bc4f957f460b86", + "location": { + "path": "/usr/lib/locale/en_ZM/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 314 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6b57cfe554b7156876b8838f42812c94f523281e" + }, + { + "algorithm": "sha256", + "value": "a7c4495021cb046b41cd5de0bfbecb1fc3ce4282881062bff818e95d847dbd1a" + } + ] + }, + { + "id": "b707b4d2a6ef1129", + "location": { + "path": "/usr/lib/locale/en_ZM/LC_MESSAGES/SYS_LC_MESSAGES", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 61 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5384d8bd4a303fd02f3aafc153cb871dd024e251" + }, + { + "algorithm": "sha256", + "value": "99c935198ae0b0574dd7dbecdd770c2d8967561b16f61666a667e53d4fef6750" + } + ] + }, + { + "id": "a2a19081abee02b8", + "location": { + "path": "/usr/lib/locale/en_ZM/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 286 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6a924879306098a0264f2ebeb2a06131f2396a91" + }, + { + "algorithm": "sha256", + "value": "ed93db66eb27d8afef413d439947cb9203e4732b284832da510b6d73238afc46" + } + ] + }, + { + "id": "ae9324f13db8978d", + "location": { + "path": "/usr/lib/locale/en_ZM/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 57 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "08210adec31b2c9e78bfc59985aa8fa92506d797" + }, + { + "algorithm": "sha256", + "value": "973b17e6ad3dc2abf01b4f7cbe69a842fbf3d01927ae74158bacd5dbdff7efb7" + } + ] + }, + { + "id": "a96471caf25b4001", + "location": { + "path": "/usr/lib/locale/en_ZM/LC_TIME", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3332 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "427249016393b1ce079ab7dde0a726324def57ae" + }, + { + "algorithm": "sha256", + "value": "0db65fb9d674d9a37b244487c1a06cb9fa0276cf8a1f8b6043abc8d29c4a5832" + } + ] + }, + { + "id": "884bc5fb76a01df8", + "location": { + "path": "/usr/lib/locale/en_ZW.utf8/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 154 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "59cd5517905f5b07d10043078341585c2dcb0882" + }, + { + "algorithm": "sha256", + "value": "ad4766639d0a699edee8d19763aae77e0ce14ebb9e86cd7aad4a5f3020d05f9b" + } + ] + }, + { + "id": "736190675d602bfa", + "location": { + "path": "/usr/lib/locale/en_ZW.utf8/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 295 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "df7eacca7916ebfa30e45e51192295fe622509bb" + }, + { + "algorithm": "sha256", + "value": "038801f691090ea183d1e6b4fda673f54a152037123cf286d410ace422498322" + } + ] + }, + { + "id": "926d6657b61c9339", + "location": { + "path": "/usr/lib/locale/en_ZW.utf8/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 286 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4a85135caa4a05493d450c98abea0dcf8fe2d67b" + }, + { + "algorithm": "sha256", + "value": "47584a5d4e331a361e0c346fadaae9a24a311f421e69e31611ad40677b857f77" + } + ] + }, + { + "id": "bde3bec97649a8ef", + "location": { + "path": "/usr/lib/locale/en_ZW.utf8/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 52 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c30e817a21686c7f02de9f1b48429f2fdb815c25" + }, + { + "algorithm": "sha256", + "value": "62309ee7f6cfb6baec604a05333156829a85e559fc4a2d58d54604e4db968de1" + } + ] + }, + { + "id": "20b5a44a773db525", + "location": { + "path": "/usr/lib/locale/en_ZW/LC_ADDRESS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 159 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "81850d47e29a7b920bd3d4309faddb1b28b0ae47" + }, + { + "algorithm": "sha256", + "value": "df62393f2154a95f9c91847df0e922ffb433d4d8287ee72de1b256b7d602fd1b" + } + ] + }, + { + "id": "72605f986b13ca3d", + "location": { + "path": "/usr/lib/locale/en_ZW/LC_IDENTIFICATION", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 300 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8534290e6cabdf6e3fd427e05ef15a977053f48a" + }, + { + "algorithm": "sha256", + "value": "efc083175f7acb4e1121f07b78868cd7f66044b343aae14010a505f99bbc2268" + } + ] + }, + { + "id": "399b97a713de04e5", + "location": { + "path": "/usr/lib/locale/en_ZW/LC_MONETARY", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 291 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7d194b99affa4ce95623571a5b4373c60afe24c7" + }, + { + "algorithm": "sha256", + "value": "6cc16424351d357ca59e0677c64715d7d782577f13cc2db4592a19b9d39cc70f" + } + ] + }, + { + "id": "547f2986d3ed7982", + "location": { + "path": "/usr/lib/locale/en_ZW/LC_TELEPHONE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 57 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "49a816503d51bc684020aba202b883dc43997149" + }, + { + "algorithm": "sha256", + "value": "d2f9b2cf1cc9de0b17de99db6cb2ffaa4eb1d19423645805e603e63b0ea808ca" + } + ] + }, + { + "id": "39590e9e4490af42", + "location": { + "path": "/usr/lib/os-release", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 617 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8fc333eb5654f80b26adef8d5e73fd04ca48b354" + }, + { + "algorithm": "sha256", + "value": "a4f4ab7d5b06a1a2bfafea65c7e27b45e9d79c54756d297856f6d380d3934442" + } + ] + }, + { + "id": "58a9573d6a5680b7", + "location": { + "path": "/usr/lib/rpm/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 44796 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e2f5721f1c8999fe310b008ce59005de812228c9" + }, + { + "algorithm": "sha256", + "value": "84f8073df8232bdda2963c03d69ec1f9148d309bda00d9758f9c6009890132f0" + } + ] + }, + { + "id": "99c1b98e096be416", + "location": { + "path": "/usr/lib/rpm/macros.d/macros.dist", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 392 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1d668745eebeec90036ed155e3ec36991ee9c35b" + }, + { + "algorithm": "sha256", + "value": "5aeba8391625e61164053c0b44aa9e13f636987fe1962fecce23c8fc49fbc763" + } + ] + }, + { + "id": "01af87c9c3234fd9", + "location": { + "path": "/usr/lib/rpm/platform/aarch64-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3428 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a3b9109a29d6ca5c3b51e9813e4c163ee61babc1" + }, + { + "algorithm": "sha256", + "value": "e9979f1f0d907ebe964a265951636df49fd37a0b76c04af7e7f75123af12284a" + } + ] + }, + { + "id": "f4d41badd69d9d18", + "location": { + "path": "/usr/lib/rpm/platform/alpha-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3427 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "633825933453acce49de7b319a0608d89a10d1df" + }, + { + "algorithm": "sha256", + "value": "fcb9be52ae9e388a39b0710ef536709a3328ed2ad44eea2e9cd6a94c856ab545" + } + ] + }, + { + "id": "7a845028b5bae0d1", + "location": { + "path": "/usr/lib/rpm/platform/alphaev5-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3438 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fc48b6273806371c2508d3355d8b125285c2401e" + }, + { + "algorithm": "sha256", + "value": "2e7480507b2fcd088552c2f56c3329923ebe288454f208df803996d51715558e" + } + ] + }, + { + "id": "4ce658f7dd104e72", + "location": { + "path": "/usr/lib/rpm/platform/alphaev56-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3439 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e024d2fc363220d42f3d1ff495bf49b2c0fb3196" + }, + { + "algorithm": "sha256", + "value": "344a1274a6a0445aed33fb710249aa640300546f07495cc043c9c5d1a0c80552" + } + ] + }, + { + "id": "3e134d92deb588cf", + "location": { + "path": "/usr/lib/rpm/platform/alphaev6-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3438 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4aa63bcbb3059a183ac25c35735c58b05776dadc" + }, + { + "algorithm": "sha256", + "value": "be6c8cb0b6e43d1dfb197d3a525fd975bdd82cd51498a5a43dbe8c8c0ac553a2" + } + ] + }, + { + "id": "22f163cb88120aae", + "location": { + "path": "/usr/lib/rpm/platform/alphaev67-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3439 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ad28e95c6d280207d2418924839be802ab8b1db1" + }, + { + "algorithm": "sha256", + "value": "c5ecf912a5b732420be13c0f7cb6b0ad7dfb3ac4942d67b1cd63f1f68b6ec180" + } + ] + }, + { + "id": "04748987cd664b77", + "location": { + "path": "/usr/lib/rpm/platform/alphapca56-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3440 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0b1d394c10d22e2ff1384e9acb7e76ffaeae048b" + }, + { + "algorithm": "sha256", + "value": "27650482eb4bb98ff95b3126bd6f4c656ba070ae00bc0a44ecd69b3a73505109" + } + ] + }, + { + "id": "e53bc700ab48c604", + "location": { + "path": "/usr/lib/rpm/platform/amd64-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3424 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "561006caa231531660ea8eb37cf1757417b500e1" + }, + { + "algorithm": "sha256", + "value": "92db1b683d4178016d645ee5a912e572ddaa62d281caec616677c75da1d115e7" + } + ] + }, + { + "id": "c5b4b4c9ca497091", + "location": { + "path": "/usr/lib/rpm/platform/armv3l-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3430 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b87dd114797fa4d304be76ec8dd8274dc84b83f3" + }, + { + "algorithm": "sha256", + "value": "cfa832717aa4a424f70afd5cc1ec5fd00362a252f8c868fc6cd923047bc9e333" + } + ] + }, + { + "id": "835a22ca7f6e2af6", + "location": { + "path": "/usr/lib/rpm/platform/armv4b-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3430 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bda9f34db246aac4cc3902bc80664617d6cc3afe" + }, + { + "algorithm": "sha256", + "value": "e4b4302c5e3675ccc30bc4f472e689829ea9690f609de124852767ce16808ee2" + } + ] + }, + { + "id": "f93d74998c6599d7", + "location": { + "path": "/usr/lib/rpm/platform/armv4l-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3430 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ffba8ef482c6fa101ac484ea36fc3f14ad2ef492" + }, + { + "algorithm": "sha256", + "value": "cdd7b657577a08213e6a043d6cef2d2f843d3d1d57f65dcec2a5464f11bc21cb" + } + ] + }, + { + "id": "9a358b3dc9139fab", + "location": { + "path": "/usr/lib/rpm/platform/armv5tejl-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3435 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d8d174612cf077fd73c23edd0f58f02013406e62" + }, + { + "algorithm": "sha256", + "value": "eac04b909005f33327381ddda9fd8b35818edc2111a7c04946fe64183f37daff" + } + ] + }, + { + "id": "7b0dc52e202d93a3", + "location": { + "path": "/usr/lib/rpm/platform/armv5tel-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3434 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "92943031a645715e1614eef5e7778fd109995842" + }, + { + "algorithm": "sha256", + "value": "bbe8af9dc2d3fc81ba53ff0a0efea4741d26746c9ef85ee6511e2b15546dc6cf" + } + ] + }, + { + "id": "e6b76fb248e9f89d", + "location": { + "path": "/usr/lib/rpm/platform/armv5tl-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3432 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "94bbc58f5cba91a348bd5ff2f60ae8c5937af7f7" + }, + { + "algorithm": "sha256", + "value": "e85a4f638200896b97eaecf0b89f4bcf5ed38a570d26553e98f25f200912afde" + } + ] + }, + { + "id": "48ede018fe652204", + "location": { + "path": "/usr/lib/rpm/platform/armv6hl-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3458 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "65e0ed9b373329a3b243607fc9a0c8040c1b3bfd" + }, + { + "algorithm": "sha256", + "value": "c595b2cfc088d9808bb9e447d555b8f85aff9adf170a1d1b1a64ca60d61cb7e8" + } + ] + }, + { + "id": "6eb3a51250acad08", + "location": { + "path": "/usr/lib/rpm/platform/armv6l-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3430 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6890c8695a378b97d4af18bc0a0db9fd639a803c" + }, + { + "algorithm": "sha256", + "value": "3c38ebe1a1d94d2963c4b1001e41bf717c5ba9ccae65bb2f8aa745862515e4ae" + } + ] + }, + { + "id": "8668e791af9c87d4", + "location": { + "path": "/usr/lib/rpm/platform/armv7hl-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3466 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "56b90f7c2ae1e0caca4443014c3fc97885796c94" + }, + { + "algorithm": "sha256", + "value": "1a1c0b1b020cb3d8931f83727485371b317cc91ca13e3d5b38d675516b9bb109" + } + ] + }, + { + "id": "0948aa0248ac39c0", + "location": { + "path": "/usr/lib/rpm/platform/armv7hnl-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3461 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a73322b59957c4d986820f62b7f92a432146a0f3" + }, + { + "algorithm": "sha256", + "value": "5a7f304fcf688f776d7e5348a12b156f0a8604b72b27fe0a55c4f0e9f9a2b385" + } + ] + }, + { + "id": "c6ff9f920ab2b11a", + "location": { + "path": "/usr/lib/rpm/platform/armv7l-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3430 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1af6a5bb0b635fc0e073199b8ffab17dcc217964" + }, + { + "algorithm": "sha256", + "value": "0a9e22bb32d414a09fc5405cc36825bb3079e46e1e9eb96254d7c2646e9f7bcc" + } + ] + }, + { + "id": "b3e0fcdc8aede938", + "location": { + "path": "/usr/lib/rpm/platform/armv8hl-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3462 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ba87659afcc7ae7d9c1cf86a1a7a17955f2e5959" + }, + { + "algorithm": "sha256", + "value": "60109d6da0ca8240fff89d78aa6062eade7f24fbaa1ce79f8737817606883653" + } + ] + }, + { + "id": "a191e74827a4d174", + "location": { + "path": "/usr/lib/rpm/platform/armv8l-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3432 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "538ab7144255deba9a3735da3b1a82f6d18f7ccc" + }, + { + "algorithm": "sha256", + "value": "3a78b8f99c930d30a77330f508aa7788d1dd2de38e42691355699a15a0fcc469" + } + ] + }, + { + "id": "777fc75ff71407e0", + "location": { + "path": "/usr/lib/rpm/platform/athlon-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3430 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a02dc69c8e8c7539c0b692d8d69e1df21c1668df" + }, + { + "algorithm": "sha256", + "value": "b56fb31a5b4abd30095b763125d65080b8da884dd345c1a99364abd83ab639a9" + } + ] + }, + { + "id": "19f0134bc73caf69", + "location": { + "path": "/usr/lib/rpm/platform/geode-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3434 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9cdc3db4e02a41c3518f2a102283b954659ad1cb" + }, + { + "algorithm": "sha256", + "value": "7385479124a71b3a6b8513903ccf551e59938bf223b3804a7e9dfaef482d0773" + } + ] + }, + { + "id": "1c6f39b2f2e1a424", + "location": { + "path": "/usr/lib/rpm/platform/i386-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3440 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "36f138443b4d60263409a8427a38a4d5352d32be" + }, + { + "algorithm": "sha256", + "value": "96b3be805f7dfa90c0f423e51775a1e3084cefb7d725376722481e48d618387c" + } + ] + }, + { + "id": "b26a6304c1ef0500", + "location": { + "path": "/usr/lib/rpm/platform/i486-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3428 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "96230ac3f97a372d28463427de4e4e1df0c536ea" + }, + { + "algorithm": "sha256", + "value": "47523d6c86ccf10cb22ab2a07f165509c78d41b9e0fec95948e5175304ae414c" + } + ] + }, + { + "id": "d56bf495cf13bf7f", + "location": { + "path": "/usr/lib/rpm/platform/i586-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3428 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cc8f65372f1e3159edd28f45838e7fc201e9d7f5" + }, + { + "algorithm": "sha256", + "value": "d527a1a88ec214db33a457c1ea639cb06983972632b5b93ac6ec3bbf992e11eb" + } + ] + }, + { + "id": "0cdf4ec6c911c167", + "location": { + "path": "/usr/lib/rpm/platform/i686-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3428 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "50776a8351c82449eb1ca7f49689c255a7a7ba47" + }, + { + "algorithm": "sha256", + "value": "527d29d008bdf883e5b2393ff56bad61a5df3c174b38c7e9c48f6155789adcb7" + } + ] + }, + { + "id": "c8721f07ccd27587", + "location": { + "path": "/usr/lib/rpm/platform/ia32e-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3424 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "561006caa231531660ea8eb37cf1757417b500e1" + }, + { + "algorithm": "sha256", + "value": "92db1b683d4178016d645ee5a912e572ddaa62d281caec616677c75da1d115e7" + } + ] + }, + { + "id": "b2d20e1e334c8352", + "location": { + "path": "/usr/lib/rpm/platform/ia64-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3415 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5bddd2af72b9bf9eea0cc1c7890d8996b6998050" + }, + { + "algorithm": "sha256", + "value": "7e0e58ad423cab85dc8069017dc23f52d3c228451276044b93e3344e74656e13" + } + ] + }, + { + "id": "f0b4bee997df3a24", + "location": { + "path": "/usr/lib/rpm/platform/m68k-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3466 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cbc023b51d19d0ae9c78e2231c9115952c76f0e2" + }, + { + "algorithm": "sha256", + "value": "1860ff9d0b8aef32aff71a21fec705494bed6604bdf4f17a1fe25e83988b2059" + } + ] + }, + { + "id": "24395998c3835017", + "location": { + "path": "/usr/lib/rpm/platform/mips-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3417 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0279f6d2989adc31e214e84aa76ac25e6ca9977d" + }, + { + "algorithm": "sha256", + "value": "0d2d6747650470793bc16576fcef2e6374f10e25434e26b9c521fb53bdc14dd0" + } + ] + }, + { + "id": "8b391ec87ce7b62d", + "location": { + "path": "/usr/lib/rpm/platform/mips64-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3425 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cf179b04c606125c336edbc1018011d41690346b" + }, + { + "algorithm": "sha256", + "value": "e9880366106224efe768d2f78ccfb7edce79537b1e66e95f3a29490e11591e35" + } + ] + }, + { + "id": "7867fc44f8e31937", + "location": { + "path": "/usr/lib/rpm/platform/mips64el-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3429 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7fe31c1382286844425cf7b7761d74191fe2cb72" + }, + { + "algorithm": "sha256", + "value": "5185dd10bf849735cbe826eff2c21f647c146b1920763e94f4fa0be1c4cace33" + } + ] + }, + { + "id": "9bac7949c43d359d", + "location": { + "path": "/usr/lib/rpm/platform/mips64r6-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3431 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "23650ae11068d662dbf9e12d8303ceda54d203d4" + }, + { + "algorithm": "sha256", + "value": "6498ce5ad885ac61b7a50adfb9475110bf4eec8bf4e89c921d66f2937620bbca" + } + ] + }, + { + "id": "a7befdb346e36827", + "location": { + "path": "/usr/lib/rpm/platform/mips64r6el-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3435 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bb40fff63fbb2cc6c3565a0abef97485456441d3" + }, + { + "algorithm": "sha256", + "value": "c9a1015920f5777ece70cbdf73aee3efe2ac46a1b52fb0bc58141948a2889827" + } + ] + }, + { + "id": "b76704d083cdc036", + "location": { + "path": "/usr/lib/rpm/platform/mipsel-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3421 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9241a8eb3bfa1d036bb3dd58c73b79ab547a427c" + }, + { + "algorithm": "sha256", + "value": "bb286398caf5a1ccc57432d5ead5ffe3bd893f309225379f80fbe7e4b5cbe647" + } + ] + }, + { + "id": "cc0097a1fbc291ca", + "location": { + "path": "/usr/lib/rpm/platform/mipsr6-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3423 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8cf2fe2338ce9db34913915cf85f099bb37bb417" + }, + { + "algorithm": "sha256", + "value": "d7fb42f30e4bfbedcb3eb7969eb37d773e2911368a68f6570336cd8f0e7c9ad9" + } + ] + }, + { + "id": "72c27738e94dc409", + "location": { + "path": "/usr/lib/rpm/platform/mipsr6el-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3427 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "376c30be30b54f17ef72de54088cd3ac7541f14f" + }, + { + "algorithm": "sha256", + "value": "201ed9ce13d524ce184761201e0c64aa1611d360ef17e299c2324818cd14ee31" + } + ] + }, + { + "id": "8a7fa34a163d0e10", + "location": { + "path": "/usr/lib/rpm/platform/noarch-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3332 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4ad0b3c0cca2cc9131abf885077b3ae21639c79f" + }, + { + "algorithm": "sha256", + "value": "d353f17840c886992e03bd579bc27ccec781b1d640c74ffff2523936b0f8184d" + } + ] + }, + { + "id": "619f55068291b7e3", + "location": { + "path": "/usr/lib/rpm/platform/pentium3-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3432 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "16dea024f48188f4aa01ad612e594cff6b473d43" + }, + { + "algorithm": "sha256", + "value": "c0732b433a4d16783498d5fa7c3217d341ed73247182b87b76e76117c9493559" + } + ] + }, + { + "id": "bed470dfb0bbe7a6", + "location": { + "path": "/usr/lib/rpm/platform/pentium4-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3432 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "073e2c458840c5ddf4876e1dc0361cc0088ad284" + }, + { + "algorithm": "sha256", + "value": "4344a74a9046dc612088e8d168d97d9e43d12a023e78a40f158f3f58e8130947" + } + ] + }, + { + "id": "07c5e413293f46fb", + "location": { + "path": "/usr/lib/rpm/platform/ppc-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3414 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "algorithm": "sha256", + "value": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ] + }, + { + "id": "42c3a29c5226055c", + "location": { + "path": "/usr/lib/rpm/platform/ppc32dy4-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3414 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "algorithm": "sha256", + "value": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ] + }, + { + "id": "bd62974511ef530e", + "location": { + "path": "/usr/lib/rpm/platform/ppc64-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3422 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1449cf65dfb629ada5ba97de6e499ff07e009a87" + }, + { + "algorithm": "sha256", + "value": "c101aa4377bec072c2f4165356c65190e341ffae135a05554f7f168dba151530" + } + ] + }, + { + "id": "00af1ed07291d251", + "location": { + "path": "/usr/lib/rpm/platform/ppc64iseries-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3411 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "90e08d29fbebbb52451c59d76702972b8723ddc9" + }, + { + "algorithm": "sha256", + "value": "cdea48e7cf9f9427a9b9b1b8ddf604f6443864222a8abc8acbbe8ebea020f9b5" + } + ] + }, + { + "id": "bcd59c395dbe89c5", + "location": { + "path": "/usr/lib/rpm/platform/ppc64le-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3426 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "65b79e4caa0faabbee2448bfd88d5e776d5d526c" + }, + { + "algorithm": "sha256", + "value": "cd127be1c73cf78b66619cb6bc91c153ee77b1c37efe950250766f0b25ef1dbd" + } + ] + }, + { + "id": "f003e31ecf7ad578", + "location": { + "path": "/usr/lib/rpm/platform/ppc64p7-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3449 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "39de17d201e0eac7961414db5dc994b0e96865a1" + }, + { + "algorithm": "sha256", + "value": "0e6a26819f8ba99a8af658a1dd28e418f48a261363c2e7e0a3b1b6dcca08ca63" + } + ] + }, + { + "id": "11b67fdacd5bd84b", + "location": { + "path": "/usr/lib/rpm/platform/ppc64pseries-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3411 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "90e08d29fbebbb52451c59d76702972b8723ddc9" + }, + { + "algorithm": "sha256", + "value": "cdea48e7cf9f9427a9b9b1b8ddf604f6443864222a8abc8acbbe8ebea020f9b5" + } + ] + }, + { + "id": "4d3fbd7f2e338bf8", + "location": { + "path": "/usr/lib/rpm/platform/ppc8260-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3414 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "algorithm": "sha256", + "value": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ] + }, + { + "id": "d1aa45670f4ecf3f", + "location": { + "path": "/usr/lib/rpm/platform/ppc8560-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3414 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "algorithm": "sha256", + "value": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ] + }, + { + "id": "72c84a7592207973", + "location": { + "path": "/usr/lib/rpm/platform/ppciseries-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3414 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "algorithm": "sha256", + "value": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ] + }, + { + "id": "fe23acc7f29f87b0", + "location": { + "path": "/usr/lib/rpm/platform/ppcpseries-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3414 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "de004c2aa65ab737b07b1e70030af22bfabc886c" + }, + { + "algorithm": "sha256", + "value": "c1a63ebaa6f9d15f4f4a21157f2a4f6f03ecee6d25f297f4d5fff2c0bdd68942" + } + ] + }, + { + "id": "123eb4726fd7bb4f", + "location": { + "path": "/usr/lib/rpm/platform/riscv64-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3428 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "61c44e56cb3bbafac9f76e9d470b4161c9a0a7af" + }, + { + "algorithm": "sha256", + "value": "8459c664f1b74307f8997a51a866994de2f9878535ad03e0b33d2555ca8a6a82" + } + ] + }, + { + "id": "9e87c4f4f5dd7f9d", + "location": { + "path": "/usr/lib/rpm/platform/s390-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3417 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5bfd031c538813400cafd029edc0c42b16b5ea69" + }, + { + "algorithm": "sha256", + "value": "907abae595f1ad1c0454ecd5701143f0ddef5d9e3cae4cd59e4ffea503e48383" + } + ] + }, + { + "id": "a49c7cc8554394e4", + "location": { + "path": "/usr/lib/rpm/platform/s390x-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3423 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "29789a9eb19e091232733ea50fd93bdb32db6c0c" + }, + { + "algorithm": "sha256", + "value": "54ce0879d7063edc4911145ab7013c355dd91d4f1e4cefc73176d982f9ead05e" + } + ] + }, + { + "id": "c9c46e2fd50b9998", + "location": { + "path": "/usr/lib/rpm/platform/sh-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3408 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5630a3a3e4da8cc75361ba46fde82d33d271e3a9" + }, + { + "algorithm": "sha256", + "value": "647808e04766e4243c1b2a1d9ed0ad3bbe81de31b5243dae8c02bb5c07493852" + } + ] + }, + { + "id": "e7e92d3264e62f48", + "location": { + "path": "/usr/lib/rpm/platform/sh3-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3413 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "69e724f668db99cb3d09dcc6add5d0a9d179370e" + }, + { + "algorithm": "sha256", + "value": "44a103b488cd5934b5e18e34998eccc43c86463558c6cf1f54402bdc26deaac3" + } + ] + }, + { + "id": "60cda47c3612fb98", + "location": { + "path": "/usr/lib/rpm/platform/sh4-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3420 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6e4c31bddf33a2e4701f85ec40f7c58bdab21964" + }, + { + "algorithm": "sha256", + "value": "0325b105e93df85c946909fdeb8ec7412df99be3d311d0222745764bcb707fb0" + } + ] + }, + { + "id": "d31e7007a922c92f", + "location": { + "path": "/usr/lib/rpm/platform/sh4a-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3422 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4321e3542c72da2e0f9a464dca3b723dda394314" + }, + { + "algorithm": "sha256", + "value": "3818e64c0441e5db247356e8b0bcc3b33f9b308a1d71f7a5061a2e9fc57aed59" + } + ] + }, + { + "id": "b9040db32c3f5e83", + "location": { + "path": "/usr/lib/rpm/platform/sparc-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3443 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a858e0beccd990689bc5117057b3b53073035866" + }, + { + "algorithm": "sha256", + "value": "6437bc458ca7170aa14cf3f8172270236b72d2a32728a9ec89eb03a49720544c" + } + ] + }, + { + "id": "71a974a45dfc01c1", + "location": { + "path": "/usr/lib/rpm/platform/sparc64-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3451 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4ea3f624c000220861511178b856f774e4ea51fc" + }, + { + "algorithm": "sha256", + "value": "95676b8042844423a2cee2ae9c5186c3fa17f82dc17ca73a1c9613714b67b161" + } + ] + }, + { + "id": "e0f6dc1403a7fc83", + "location": { + "path": "/usr/lib/rpm/platform/sparc64v-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3448 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "39c2957b57896a69ad9f789725f7efdaf55839de" + }, + { + "algorithm": "sha256", + "value": "8a2275952bd5c1635bceb9382bbf73547b05502d96bc0360c7cbb64c8a2e15cf" + } + ] + }, + { + "id": "a22a3cb85a3df386", + "location": { + "path": "/usr/lib/rpm/platform/sparcv8-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3448 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0c5dc51c492271a5541c6e4f258f336e7449f240" + }, + { + "algorithm": "sha256", + "value": "091a4bb25ce60367d5b97600cdca92e695960de54e6e70ca596df95057d634d6" + } + ] + }, + { + "id": "71149ce0d4fa13e8", + "location": { + "path": "/usr/lib/rpm/platform/sparcv9-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3443 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a858e0beccd990689bc5117057b3b53073035866" + }, + { + "algorithm": "sha256", + "value": "6437bc458ca7170aa14cf3f8172270236b72d2a32728a9ec89eb03a49720544c" + } + ] + }, + { + "id": "dc644502f7b052c1", + "location": { + "path": "/usr/lib/rpm/platform/sparcv9v-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3440 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c7d766e25950f8e73d1dca7113c3d8f476c8fd09" + }, + { + "algorithm": "sha256", + "value": "486d438b82a0fc17f7934fc60dc2cb369c993fb2b52778c4e4a44c06bca056c4" + } + ] + }, + { + "id": "0d7c62d8d6903a19", + "location": { + "path": "/usr/lib/rpm/platform/x86_64-linux/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3424 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "561006caa231531660ea8eb37cf1757417b500e1" + }, + { + "algorithm": "sha256", + "value": "92db1b683d4178016d645ee5a912e572ddaa62d281caec616677c75da1d115e7" + } + ] + }, + { + "id": "06f279013c2ddb0d", + "location": { + "path": "/usr/lib/rpm/rpm.daily", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/x-shellscript", + "size": 296 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "eaa218dba53c38043c757407c824fb199cd8e0ff" + }, + { + "algorithm": "sha256", + "value": "b98748f664b3245cb7f3d22927b541ee659c221094df7e4d7e5950b6d73eb37d" + } + ] + }, + { + "id": "d2e455bcbb756676", + "location": { + "path": "/usr/lib/rpm/rpm2cpio.sh", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1597 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "764bdbd8b22ee603b69dce104939e6a542510247" + }, + { + "algorithm": "sha256", + "value": "e23cd42e7200d3ac193d2d299ecf0fadda19f2306a9a232be71147be0c3cb31b" + } + ] + }, + { + "id": "ce9dbdde35edfecd", + "location": { + "path": "/usr/lib/rpm/rpmpopt-4.16.1.3", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 12112 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2ce2612ca730924fe2e23dcf51b1a1594dd09926" + }, + { + "algorithm": "sha256", + "value": "00071b0002402da148d4338cb3578b994a1b248510f79e6d52d8e647b27a5b59" + } + ] + }, + { + "id": "c8315aa5258a6107", + "location": { + "path": "/usr/lib/rpm/rpmrc", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 17654 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0663b885793778464c96e10365079fba0876a748" + }, + { + "algorithm": "sha256", + "value": "5d9a1c85de3205a6423a2bf71025d71d11e4cbbc1da9318cb72a0f0789baa437" + } + ] + }, + { + "id": "436b1621020334c0", + "location": { + "path": "/usr/lib/swidtag/redhat.com/com.redhat.RHEL-9.7-x86_64.swidtag", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 6492 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b275cf42974b0e28617e06d85ce02ed8554f1732" + }, + { + "algorithm": "sha256", + "value": "1d004d3a5edd36b8efc6b61635112f69016dd9f29e60f2a00bd74521a5f7b4b2" + } + ] + }, + { + "id": "ff6a3189201331ec", + "location": { + "path": "/usr/lib/sysctl.d/50-redhat.conf", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 203 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d2656a46572e258b17c5703dd96f61f9338b2885" + }, + { + "algorithm": "sha256", + "value": "cff0531af9151667207f590615894598494081fb3d6c4db0728fecfb41fbce92" + } + ] + }, + { + "id": "5fc131a7cd3b5997", + "location": { + "path": "/usr/lib/systemd/system-preset/85-display-manager.preset", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 284 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "75c04345a5c262bae5f12b29c968e68a0dfbefad" + }, + { + "algorithm": "sha256", + "value": "037ee720a5c511d7b257216cc81b55b5ebeb09775426288f2d46d614594d9e56" + } + ] + }, + { + "id": "093ca300cfa0cb3e", + "location": { + "path": "/usr/lib/systemd/system-preset/90-default.preset", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 7340 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8b89ae75968a8da59c2fca9d25dc4122c6cedbe1" + }, + { + "algorithm": "sha256", + "value": "e627a4caddb0968721f934b58785d883ea01a977144750f9d39ad838e922f19a" + } + ] + }, + { + "id": "aab8806f5eb00d9d", + "location": { + "path": "/usr/lib/systemd/system-preset/99-default-disable.preset", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 10 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b442ebba4890435070a7e468358b191883a71374" + }, + { + "algorithm": "sha256", + "value": "3127b197b9eae62eb84eeed69b0413419612238332006183e36a3fba89578378" + } + ] + }, + { + "id": "a4781691b8b11ddb", + "location": { + "path": "/usr/lib/systemd/system/rpmdb-rebuild.service", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 446 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d3cbdc5e141313c587cf9fd2428fc6aaebff1364" + }, + { + "algorithm": "sha256", + "value": "4ec87c1c7fcdc16d7799fe781fa6a2042cf0ed0c3f641c4c7721e78989749a5b" + } + ] + }, + { + "id": "74da127c15a13fa0", + "location": { + "path": "/usr/lib/systemd/user-preset/90-default-user.preset", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1003 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8379013fe884529a5adde637f5ae2bffe8cb2976" + }, + { + "algorithm": "sha256", + "value": "ba8ff51494b993c5dd3fe73b82cb12abd2ff2212303c0929d879c990d2d85ec1" + } + ] + }, + { + "id": "71df7a257a3f5f8b", + "location": { + "path": "/usr/lib/systemd/user-preset/99-default-disable.preset", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 10 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b442ebba4890435070a7e468358b191883a71374" + }, + { + "algorithm": "sha256", + "value": "3127b197b9eae62eb84eeed69b0413419612238332006183e36a3fba89578378" + } + ] + }, + { + "id": "87bcdfdfb15d3488", + "location": { + "path": "/usr/lib/tmpfiles.d/libselinux.conf", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 30 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9115ba504c1790e26dc1078d4f549fb6f9c5a184" + }, + { + "algorithm": "sha256", + "value": "afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc" + } + ] + }, + { + "id": "a3ec0861f75a8a31", + "location": { + "path": "/usr/lib/tmpfiles.d/rootfiles.conf", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 399 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fced9b9b3f40a2333459deafdbfd48f6e8b7ded2" + }, + { + "algorithm": "sha256", + "value": "b2858a8e0ae109193e28d96f7fd8a8cfa1b42aad1766f5932814321dd821b7c8" + } + ] + }, + { + "id": "7846d632fac88d93", + "location": { + "path": "/usr/lib64/.libgnutls.so.30.37.1.hmac", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 405 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ee602a75ec9735274fb703b94eb93095c89d1deb" + }, + { + "algorithm": "sha256", + "value": "a9c51246fda5f0075b12d888c918478a7257f53b79ef477474dbb8ff0b853937" + } + ] + }, + { + "id": "eb67df499c22e945", + "location": { + "path": "/usr/lib64/.libhogweed.so.6.10.hmac", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 65 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1f313ee78e096a3560379be7f609ab26e7bf83f6" + }, + { + "algorithm": "sha256", + "value": "68415d666e8e68c53314e166e58224b00d7e509642ae3a639892317d21bf7bdf" + } + ] + }, + { + "id": "baeb2ef9e81c6f00", + "location": { + "path": "/usr/lib64/.libnettle.so.8.10.hmac", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 65 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7923662b51197c040e769a7ec699af02ad52563c" + }, + { + "algorithm": "sha256", + "value": "de1a92dfae5ba529c92fdcf4c9eeb9e679fd25519cd43b83db042f37fdee3262" + } + ] + }, + { + "id": "99df092f7bb8222f", + "location": { + "path": "/usr/lib64/audit/sotruss-lib.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15680 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4090959f8a636606947f62c1cf7e9b8dbfa018eb" + }, + { + "algorithm": "sha256", + "value": "b8532209ffbc6571d6f9ac43d5eba4011cb296f48e2019496e8d98c7cbe1904e" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "c302ae351fd4cf79", + "location": { + "path": "/usr/lib64/engines-3/afalg.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 23928 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7fa2d7d068a0dee88f2b0fcca411b1e6df2a85e2" + }, + { + "algorithm": "sha256", + "value": "54eafc93c9df8c45a2fd558969f12dbb805b2dacbf424fbce915abebfb441575" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libcrypto.so.3", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "112e864d5ac992aa", + "location": { + "path": "/usr/lib64/engines-3/capi.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 14880 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d4f4062e905e3ab4518277ae8e297bd651458039" + }, + { + "algorithm": "sha256", + "value": "bae170b889544162be76613fcfc2d8115ab0aeac72f9419d3016c567bd28089f" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "27b4483b3942a858", + "location": { + "path": "/usr/lib64/engines-3/loader_attic.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 53312 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4c9e82c8f4a5392d36fec495a5d4911c9c03f1d0" + }, + { + "algorithm": "sha256", + "value": "15280e86932817dd875496788a9bca4f96a0b2cfe1c32deec3ec41aff17ca25c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libcrypto.so.3", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "d32171e48673fb5e", + "location": { + "path": "/usr/lib64/engines-3/padlock.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 27992 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d1406dacafa61dc6a7e24cf5a853da985f2c672b" + }, + { + "algorithm": "sha256", + "value": "01c52ed53ca72f536ec290b68c2a86717fa48e1e34393399cc623fb183e488ea" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libcrypto.so.3", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "10db71b631af3760", + "location": { + "path": "/usr/lib64/gconv/ANSI_X3.110.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 27824 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d6de4f4e8dcd18d24aba7144c04fd5e21f7a517b" + }, + { + "algorithm": "sha256", + "value": "1644c0be67e4481de99e2d9f95c850443c7b030f483753f622ec4fbf99db6760" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "e71a752222ab1cf0", + "location": { + "path": "/usr/lib64/gconv/CP1252.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 19624 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "95bf40787e83666dfb66392a63430dbf51fe6105" + }, + { + "algorithm": "sha256", + "value": "563b2c39b815b92da2db23382673650ca68552c6485101b457b1bef8821d48bb" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "367d12ccb8f871f1", + "location": { + "path": "/usr/lib64/gconv/ISO8859-1.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 19632 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c31b278454755b4b56a1bb5df5c5f7859b46d12c" + }, + { + "algorithm": "sha256", + "value": "376744f1ba07d1feaffad5cbb2c4bf68e3ff2ff9cd0e0ccfb288405824a48e14" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "9679b18dcdd53e17", + "location": { + "path": "/usr/lib64/gconv/ISO8859-15.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 19624 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "72f6c1850f62d43d36b9f6e95e66145bc824070e" + }, + { + "algorithm": "sha256", + "value": "9a5470d2aff600ca1ea7fed177a456e599239614f48a43e8c3e1d623b1af78d0" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "2990c286d4a80ee1", + "location": { + "path": "/usr/lib64/gconv/UNICODE.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 19640 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a218f9db19f889674d5406f95dcdef4efbf5aff4" + }, + { + "algorithm": "sha256", + "value": "1f6e20b20180e844c8fb780312973b847cc34c607b86480b6790abf50b5023a5" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "6e1ba648d2b11550", + "location": { + "path": "/usr/lib64/gconv/UTF-16.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 19632 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c59c57dd1392dc92b5e584847d915fcc2f08b226" + }, + { + "algorithm": "sha256", + "value": "437fab3ea8ee82f9660d5fd20742af56b720019cf20b10e72754e2f1c0270ef7" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "3d05d8fb200663bd", + "location": { + "path": "/usr/lib64/gconv/UTF-32.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 19632 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a2ed303e93945ebfe7fc69438004f77f3b032d33" + }, + { + "algorithm": "sha256", + "value": "df2bf0182e2017d41c5d284641d9cda62a3c3141bf6280385bad5a604ac67428" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "148a25b1c2d99bc2", + "location": { + "path": "/usr/lib64/gconv/UTF-7.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 27824 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d43ebbb8e1bceb0828c191d0c05babab730af79c" + }, + { + "algorithm": "sha256", + "value": "a3bd3ef13845da8d804473bc6cb04749e1de48a5db46304043ba20d9251614d8" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "ac52326c6010ee90", + "location": { + "path": "/usr/lib64/gconv/gconv-modules", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3808 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ab6ec0f61e3c8d08fa9ad986790557b78568138f" + }, + { + "algorithm": "sha256", + "value": "9976193fd6fb671112a0f10486e50ad3bfb79e9a08429544c820365cdd3bfd35" + } + ] + }, + { + "id": "a536ab71c04de1d4", + "location": { + "path": "/usr/lib64/gconv/gconv-modules.cache", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2218 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "422a05b8691abab797d08753f682060d0fd5fbff" + }, + { + "algorithm": "sha256", + "value": "32be69bf0c00481b7279aeb8c0d7920f3da4d95f0743924c0c9cf63a20b9c9b1" + } + ] + }, + { + "id": "d36ea61b0f7b6a70", + "location": { + "path": "/usr/lib64/krb5/plugins/preauth/spake.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 90496 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "21acf8b6cd1e7ecb531ed9cd0abb9985b0d965df" + }, + { + "algorithm": "sha256", + "value": "178de7b6dae35770616b6a7d7501681813bf42a38fbad7c58a20b7df0bec3824" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libkrb5.so.3", + "libk5crypto.so.3", + "libcom_err.so.2", + "libkrb5support.so.0", + "libkeyutils.so.1", + "libcrypto.so.3", + "libresolv.so.2", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "001812e01c9af599", + "location": { + "path": "/usr/lib64/krb5/plugins/tls/k5tls.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 23752 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "622f9e6902e23963c9ca73dddb556b1d61c77c20" + }, + { + "algorithm": "sha256", + "value": "fdf92bb3901e721908772b7981abe5646e43233c5ed73e7ac6598e75e80b0734" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libkrb5.so.3", + "libkrb5support.so.0", + "libssl.so.3", + "libcrypto.so.3", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "9195ac6a4e9b45d6", + "location": { + "path": "/usr/lib64/ld-linux-x86-64.so.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 932736 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "16169962915c36355293ecba579047d880f45bad" + }, + { + "algorithm": "sha256", + "value": "5c3f5bb169dc33a7d4b31e51eb40020e993e35cda989c24a3313c2fe9cdc2376" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [], + "elfSecurityFeatures": { + "symbolTableStripped": false, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false, + "cfi": false, + "fortify": false + } + } + }, + { + "id": "13a9f52f69916435", + "location": { + "path": "/usr/lib64/libBrokenLocale.so.1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15496 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9a685e1184299e88526e9c007c1bd69b9b313e3c" + }, + { + "algorithm": "sha256", + "value": "7edfeb32d0c6e94b6278c8dbc45e44f5a3da9c0aff4a0ba6e0921c84c512c121" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "8dcdbc2daec313fa", + "location": { + "path": "/usr/lib64/libSegFault.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 23872 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "491d8e11683f0b8b2121c897ae870fcdff2cc565" + }, + { + "algorithm": "sha256", + "value": "d1977600b89705a3667d947fa34f184a2956c2f0b0b9418339cd730c78127930" + } + ], + "executable": { + "format": "elf", + "hasExports": false, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "a6f9568da893cbea", + "location": { + "path": "/usr/lib64/libanl.so.1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15464 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c6a76807d9b4b6067ca80ad6f887545939b4b349" + }, + { + "algorithm": "sha256", + "value": "59881a9701e9bc254b407ec15f61234107f3e35ca9904fafbc6a03ef87818e83" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "9b76edb27d874f0d", + "location": { + "path": "/usr/lib64/libarchive.so.13.5.3", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 840832 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1f3fafeaee91f5c8e142ade2263bc53f245fa4d1" + }, + { + "algorithm": "sha256", + "value": "0370762f3d8750f029a50990bee15b28b5c2550cf956e02803b5a0f011d2c846" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libcrypto.so.3", + "libacl.so.1", + "liblzma.so.5", + "libzstd.so.1", + "liblz4.so.1", + "libbz2.so.1", + "libz.so.1", + "libxml2.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "3c3792c46b7bdb52", + "location": { + "path": "/usr/lib64/libaudit.so.1.0.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 161792 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4b7ccff67115924baba546d181ff92f1856d0f13" + }, + { + "algorithm": "sha256", + "value": "fb35b66ad1159789ac4cca877af8866c4134763506773135d392009bcb598bb4" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libcap-ng.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "aa0cee721cb7084a", + "location": { + "path": "/usr/lib64/libauparse.so.0.0.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 145416 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f5cc86f3991a87e486daac74bed5f1c8d9f56277" + }, + { + "algorithm": "sha256", + "value": "1e642599409fbfa95199c90cc97fcade6e65d3dd5ee81bf8c39cae4ebab93f3e" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libcap-ng.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "b3bce0528aee3419", + "location": { + "path": "/usr/lib64/libblkid.so.1.1.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 229432 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b64d59d10011d6e50b2a3b350cb615143be87e11" + }, + { + "algorithm": "sha256", + "value": "cced98d63ab6db38442f52670a605af3dd36f1caafe19f86e1fd2ee850655206" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "898c7000b5881f61", + "location": { + "path": "/usr/lib64/libc.so.6", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 2549264 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "93f346879e34d35b0c96c6f6be965af2ef03a86a" + }, + { + "algorithm": "sha256", + "value": "e3b8bd13af7d81fed68c43d2ed3ea54db6e23a44499519d783e77edf8022581c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": false, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false, + "cfi": false, + "fortify": false + } + } + }, + { + "id": "7907305384f2540e", + "location": { + "path": "/usr/lib64/libc_malloc_debug.so.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 54344 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "58ea847984b2c59164b7e8301b5405920c7a6edc" + }, + { + "algorithm": "sha256", + "value": "e34fd1525218ce9f30738a4ac10d1261745d8ccd83f36126eecc59e511d4d71e" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "7b4d7d0f77ce8dc2", + "location": { + "path": "/usr/lib64/libcap.so.2.48", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 36296 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2df0c3605badc228ba578e14c3477b1b0d1abe67" + }, + { + "algorithm": "sha256", + "value": "29a6c106d86e91a4f3c6cbbe4645a2e08fc792522849ae21dcb1e605fa17144a" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "3aa74c97ee3ced19", + "location": { + "path": "/usr/lib64/libcom_err.so.2.1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 23760 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d8d22c28a0ded2cbcedc056bad3ca7a1b4a01eb4" + }, + { + "algorithm": "sha256", + "value": "e21a880da89989009a63efb976c7c9c50980724b168099b310939aad5a16057f" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "c1f88b3854213579", + "location": { + "path": "/usr/lib64/libcrypto.so.3.5.1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 6146520 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "771f24202922592d78bd91e48c697ee840b766e8" + }, + { + "algorithm": "sha256", + "value": "449d65e825fef0087c0c6351b8dd58895ce519e599fd57a1236cba42ccbb19c6" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libz.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "fab1deefcb5e0964", + "location": { + "path": "/usr/lib64/libcurl.so.4.7.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 517016 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c7d8f88f628082db0acd6d616644e6f3740febca" + }, + { + "algorithm": "sha256", + "value": "455008f34e03dfe048eb134380c9ad2c61f4f9ed4e6033760427ef6ae37a92b9" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libnghttp2.so.14", + "libssl.so.3", + "libcrypto.so.3", + "libgssapi_krb5.so.2", + "libkrb5.so.3", + "libk5crypto.so.3", + "libcom_err.so.2", + "libz.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "6310624b78c38417", + "location": { + "path": "/usr/lib64/libdl.so.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15472 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2508120f5b29406dbfbc54090c2606bb838077ed" + }, + { + "algorithm": "sha256", + "value": "4731f911c5ae24b2428705a9b0ad77b5a5902445a55f667d8ad19066616104d1" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "b392fb15dd7ac667", + "location": { + "path": "/usr/lib64/libdnf.so.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1673224 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5102b504921f005899a29173dc7ae838d85c7c3e" + }, + { + "algorithm": "sha256", + "value": "a7da408ef9d424047efa4b59f7e69272b93fb6979b956d286939fcb6292bb837" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "librepo.so.0", + "libglib-2.0.so.0", + "libgio-2.0.so.0", + "libgobject-2.0.so.0", + "libsolv.so.1", + "libsolvext.so.1", + "librpm.so.9", + "librpmio.so.9", + "libsqlite3.so.0", + "libjson-c.so.5", + "libmodulemd.so.2", + "libsmartcols.so.1", + "libgpgme.so.11", + "librhsm.so.0", + "libselinux.so.1", + "libstdc++.so.6", + "libgcc_s.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "92877ee769577e05", + "location": { + "path": "/usr/lib64/libform.so.6.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 75664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "92da432723928e257b221e41ffb32b63fccc5e95" + }, + { + "algorithm": "sha256", + "value": "4ed3ae67b980e0d0d15c16359295dbbd644e9f9d8ebaa841100d76713fbf995b" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libncurses.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "620ece52533dccad", + "location": { + "path": "/usr/lib64/libformw.so.6.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 84024 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a54c4a2a83b10b045e7a9cbb05f73338c020fbc4" + }, + { + "algorithm": "sha256", + "value": "977d21efa2c28e36821eddf3870647c5d53c0ffeffd12ba9048773e85f858bc2" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libncursesw.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "56b979a8eab3398a", + "location": { + "path": "/usr/lib64/libgcc_s-11-20240719.so.1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 116408 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "61948bcbf32e52fce58d08a0f8581543583fc102" + }, + { + "algorithm": "sha256", + "value": "479b7e606457239009cff27bc79bd82eb7dbe0fe83f0df037721b102b823173c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "b73ccb7a63516532", + "location": { + "path": "/usr/lib64/libgio-2.0.so.0.6800.4", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1949176 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "45e59cc5efec21375122467c1c00f30ef6ccc7db" + }, + { + "algorithm": "sha256", + "value": "ce99afd8ea679192db041ae8f2a58d3a7e8cb0d8dd922b496ca7c3ad10f5ffb3" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libglib-2.0.so.0", + "libgobject-2.0.so.0", + "libgmodule-2.0.so.0", + "libz.so.1", + "libmount.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "aa17c20def3d2ed1", + "location": { + "path": "/usr/lib64/libglib-2.0.so.0.6800.4", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1303024 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "28d920c7432c7a71dbc07ce15a9603b99fa13596" + }, + { + "algorithm": "sha256", + "value": "8a9f544c29e2d39e26e70621121b12d3be42157b09124f18df53205ea87ba6c2" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libpcre.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "1280ca8837f1e5f5", + "location": { + "path": "/usr/lib64/libgmodule-2.0.so.0.6800.4", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 19480 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "eefb00e05d157458fa14f81eee9c9a67d0115d73" + }, + { + "algorithm": "sha256", + "value": "e9e6029eedc9fd114d0ac05a54e2ed851f4e13093e2a01cc59e1b05fffadb3c5" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libglib-2.0.so.0", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "9664c43dc87b8ed4", + "location": { + "path": "/usr/lib64/libgnutls.so.30.37.1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 2345648 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "431d9dadcd55d31546d3642efbd71fd9c0104814" + }, + { + "algorithm": "sha256", + "value": "dc8f3f4a34f9ab56be7690b75320f9855286bab6de12117df1bbd7a581ee60a2" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libp11-kit.so.0", + "libidn2.so.0", + "libunistring.so.2", + "libtasn1.so.6", + "libnettle.so.8", + "libhogweed.so.6", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "9992a8eaecbbd713", + "location": { + "path": "/usr/lib64/libgobject-2.0.so.0.6800.4", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 375144 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8855ee876d49acc937fd86eae0e88d1bb8239d70" + }, + { + "algorithm": "sha256", + "value": "a07a109964b6df13008ac0355a31e002805f31b92be6670f7ca15f3f754b9ecd" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libglib-2.0.so.0", + "libffi.so.8", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "dab0f87cf2057742", + "location": { + "path": "/usr/lib64/libgssapi_krb5.so.2.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 358464 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ee04d27dd97096c829932cfa5c368057b0b242f3" + }, + { + "algorithm": "sha256", + "value": "82e569d3d5a8b53efc1818912cd391752b4bc0f425399a323818884d6f2f6783" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libkrb5.so.3", + "libk5crypto.so.3", + "libcom_err.so.2", + "libkrb5support.so.0", + "libkeyutils.so.1", + "libcrypto.so.3", + "libresolv.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "40cfbade72a94901", + "location": { + "path": "/usr/lib64/libgssrpc.so.4.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 142176 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "54b6e59cbdcae115f03061082f133455f809de8e" + }, + { + "algorithm": "sha256", + "value": "26b095804e484decf7f5311731111c5333abb0e6ec891f07efd5a6c6057a7ea7" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgssapi_krb5.so.2", + "libkrb5.so.3", + "libk5crypto.so.3", + "libcom_err.so.2", + "libkeyutils.so.1", + "libcrypto.so.3", + "libresolv.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "d99f54c344ef6351", + "location": { + "path": "/usr/lib64/libgthread-2.0.so.0.6800.4", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 14984 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b690ada5da2b4697523336a6b03b6297d501abcb" + }, + { + "algorithm": "sha256", + "value": "33e1f84aa7f1483707971e3adc632e5672b00aa1299bc71bf94eb082df45a25d" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libglib-2.0.so.0" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "59528e0c83849368", + "location": { + "path": "/usr/lib64/libhogweed.so.6.10", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 630288 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ccf086c17f2bf1f4119abf78370a7c8dbf200c2b" + }, + { + "algorithm": "sha256", + "value": "14f31299ff681777715ecc787249d1033acd9032ea5870406014b7a13d9a8ea6" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libnettle.so.8", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "e66eb4f8be4409fb", + "location": { + "path": "/usr/lib64/libk5crypto.so.3.1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 99016 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "10c6ac6819a931dd119885e6a1db5862f6ae3954" + }, + { + "algorithm": "sha256", + "value": "188823b6e7bdf0ea2f455bb6f84ca33610ca7f657a585632790325b21461dd93" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libkrb5support.so.0", + "libkeyutils.so.1", + "libcrypto.so.3", + "libresolv.so.2", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "142bc36112f14a35", + "location": { + "path": "/usr/lib64/libkdb5.so.10.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 90936 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e042ea6678c360ecc0d02a5705b035a65e745468" + }, + { + "algorithm": "sha256", + "value": "a6fd5fccfaf480ec863329af3ff9bb1f42cdcb01528f0184ac7c97ae0e558d4d" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgssrpc.so.4", + "libkrb5.so.3", + "libk5crypto.so.3", + "libcom_err.so.2", + "libkrb5support.so.0", + "libkeyutils.so.1", + "libcrypto.so.3", + "libresolv.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "6a6b8cc19b094b2c", + "location": { + "path": "/usr/lib64/libkrad.so.0.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 48568 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "aa6f1fc7145b5b94fce1eafdf9fb68335ecc99f9" + }, + { + "algorithm": "sha256", + "value": "3fdad8aa5aa7543e7b67155edd0cb65ca779a178db0453a7282d9d4aeecc6fbf" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libkrb5.so.3", + "libk5crypto.so.3", + "libcom_err.so.2", + "libkrb5support.so.0", + "libkeyutils.so.1", + "libcrypto.so.3", + "libresolv.so.2", + "libselinux.so.1", + "libverto.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "810479e6a3eae050", + "location": { + "path": "/usr/lib64/libkrb5.so.3.3", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 906320 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3504036a38ebb387b7478e859cbd5c326b414f17" + }, + { + "algorithm": "sha256", + "value": "68b134bf28e83fff5b2b5e5712d7c97c37066aa0e8046f6404f75fa19ed6cb1c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libk5crypto.so.3", + "libcom_err.so.2", + "libkrb5support.so.0", + "libkeyutils.so.1", + "libcrypto.so.3", + "libresolv.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "65c571a404e6bbe2", + "location": { + "path": "/usr/lib64/libkrb5support.so.0.1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 66192 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4614230f2837087cdd0e24850fdd00c6b991082e" + }, + { + "algorithm": "sha256", + "value": "2878776878909e50f19257646d0ec09e1adc75046209efff67f663912e6e6602" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libkeyutils.so.1", + "libcrypto.so.3", + "libresolv.so.2", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "57cbd1b8c9f3214c", + "location": { + "path": "/usr/lib64/liblber.so.2.0.200", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 70392 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "89913b0a7815cf52ecffd4b5157164404778c609" + }, + { + "algorithm": "sha256", + "value": "cd4dbbf1476eb6dca1416018e12a6aaea0fba10595fe8209d22f67b07b5eb280" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libevent-2.1.so.7", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "9e9bb1f6d2ddc650", + "location": { + "path": "/usr/lib64/libldap.so.2.0.200", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 417720 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e7c372e56c06960fe4c5340f1c6cdba486cd1eff" + }, + { + "algorithm": "sha256", + "value": "eb1f24b4e29e3d4400220b7be5bbdd23e6207ebe9a39bf5798b2bef268c1d03f" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "liblber.so.2", + "libevent-2.1.so.7", + "libsasl2.so.3", + "libssl.so.3", + "libcrypto.so.3", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "5ee50c5b622f51d8", + "location": { + "path": "/usr/lib64/libldap_r.so.2.0.200", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 417728 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b443ce7c4836280e4fb8318aa1607515668f6cc1" + }, + { + "algorithm": "sha256", + "value": "52306b17c10badd3df615a0b37d84f3e8b369dd744008f0e8aa6466cb3314c0b" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "liblber.so.2", + "libevent-2.1.so.7", + "libsasl2.so.3", + "libssl.so.3", + "libcrypto.so.3", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "0d3040dbb5de38e4", + "location": { + "path": "/usr/lib64/libltdl.so.7.3.1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 44984 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a85d004047809a62591877cb0091236393cbe0d2" + }, + { + "algorithm": "sha256", + "value": "0109357682ea87d4b4f479117555f863a0b3d2959100fc31a27252fffc5b5306" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "9c5b99a9203f7dc7", + "location": { + "path": "/usr/lib64/libm.so.6", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 904728 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "40491ae304c8d0a6850837e028c18d6812c6f30d" + }, + { + "algorithm": "sha256", + "value": "2d3d7de18f6db76e4fb7adb884bb1f9a3dfadd12fcbcd83748da4bbb3ec342df" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "164c9dcdd18d1fc9", + "location": { + "path": "/usr/lib64/libmemusage.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 20064 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "49f6d6199a79378b61d8f92bda53602109691077" + }, + { + "algorithm": "sha256", + "value": "3ccec15ee85e4f96294016eb3bbad83dc581646f819a396d1f255c023d38464d" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "180fe3cdf9d49788", + "location": { + "path": "/usr/lib64/libmenu.so.6.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 40816 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "eeec5cc725fe6bd9bfabb7758c6019383454fa2c" + }, + { + "algorithm": "sha256", + "value": "34513df5ec6d91e250f8a286f20065b28a785191b1e9fedaf2ce6bfe512cdebf" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libncurses.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "21e1efe3fc994cb7", + "location": { + "path": "/usr/lib64/libmenuw.so.6.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 40864 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "92183ade94603efcc5a6d9788b66fc4e740a0dd2" + }, + { + "algorithm": "sha256", + "value": "f5f6ac15283f0c5dc949db6fe0a2c1081d348e670a4508cced0a3788e67b6f5d" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libncursesw.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "93fe09231cb93279", + "location": { + "path": "/usr/lib64/libmount.so.1.1.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 291496 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e55a3e8e1a22365cc7f632b70d0d1e618256c031" + }, + { + "algorithm": "sha256", + "value": "7b81c8c9169422ad2d4270b63d1fa817479edf0575ed1fa35178f0382e04e7fb" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libblkid.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "cc6fde5122ccb21c", + "location": { + "path": "/usr/lib64/libmvec.so.1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 176824 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2187973825273dfecbec9d1757814ea1a4aeeff5" + }, + { + "algorithm": "sha256", + "value": "2ab11542d16a97109f41000260ecb3fe42db527bbf6df141de9cfb443a6eea8e" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "abab580ee1866cde", + "location": { + "path": "/usr/lib64/libncurses.so.6.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 183176 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1c8f0cf657b19227886823c5eb43805e3aa49334" + }, + { + "algorithm": "sha256", + "value": "5167c013b62e1c1d80af8fcfc89259a71d9510729407994a0fef2009f31a9c7d" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libtinfo.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "a49ecb62b0ebac88", + "location": { + "path": "/usr/lib64/libncursesw.so.6.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 262200 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4d9ee876972ca2039b91c5e2491b53048c0d2311" + }, + { + "algorithm": "sha256", + "value": "a884db5dbd02cbf96325bdef4452111ecf35c657aba7543d9f9a4dad17692592" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libtinfo.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "e6663d1e664c7729", + "location": { + "path": "/usr/lib64/libnettle.so.8.10", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 361456 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0f19b129fba547cefd4a37ba1784b92ccbe44877" + }, + { + "algorithm": "sha256", + "value": "d39fc751ef9f42edf10567fea505c55ef70dd2ebda3602c181cafd2fadc52e76" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "076c827c3f1dc44e", + "location": { + "path": "/usr/lib64/libnss_compat.so.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 45552 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7bc282d508d9d82804bb97ea8ce96a41d69b72b5" + }, + { + "algorithm": "sha256", + "value": "bdbc0ab86029cc1326e82aa13d5a8d76a63845b8d9b9a43488c9d17e1e27e0d2" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "cb11cdc4189fc7fb", + "location": { + "path": "/usr/lib64/libnss_dns.so.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15344 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fd115375aecdc5255d09b788f8b975cfb11501c3" + }, + { + "algorithm": "sha256", + "value": "7e870759cab5cf5f75e64ba29cfd61918549dbb7ae4575f1272031d741d15b06" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libresolv.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "640d7278e8974c51", + "location": { + "path": "/usr/lib64/libnss_files.so.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15336 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1fdfa797fd34e7fb4151584d16d4fe74c7b301fd" + }, + { + "algorithm": "sha256", + "value": "33d3c38795fc9591a1be00f562485acdd4b4470388cf14a6d6ac22635c4e3a67" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "37b798076510be9c", + "location": { + "path": "/usr/lib64/libnss_myhostname.so.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 157104 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d32afe106880d2d4a305832c73c15753d34a051b" + }, + { + "algorithm": "sha256", + "value": "2f7bc8428b97a496b43d0bf8a462e9e6bb9e4dfdf3992690dfbf02ffa6c52bdd" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgcc_s.so.1", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "a5e14019242958a4", + "location": { + "path": "/usr/lib64/libnss_resolve.so.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 153232 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b0d417f3234f676af07c009a8a681a446d05c9ba" + }, + { + "algorithm": "sha256", + "value": "3d1a8fb6a740b2f54a34a62fe3e22c23478e13e468f689455d3a750560fb2fa2" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libselinux.so.1", + "libgcc_s.so.1", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "5109f754756ed3e7", + "location": { + "path": "/usr/lib64/libnss_systemd.so.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 357424 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1e4674de827b41b479c078acf288f281e56245a9" + }, + { + "algorithm": "sha256", + "value": "b31efa30a02ec58c3425a8aec2f958081d96f56c3f7b1d0558b70410f8789949" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libcap.so.2", + "libm.so.6", + "libcrypt.so.2", + "libcrypto.so.3", + "libp11-kit.so.0", + "libselinux.so.1", + "libgcc_s.so.1", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "2669fc1c6862e336", + "location": { + "path": "/usr/lib64/libpanel.so.6.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 19376 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c7b8b64d10d92df2cce9b24e2b320b3c88899e1b" + }, + { + "algorithm": "sha256", + "value": "2c7538c00c9b18da60d7a1d7370557e36486597a513af8d7918d82dad73711a1" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libncurses.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "61853170048c8d39", + "location": { + "path": "/usr/lib64/libpanelw.so.6.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 19376 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "34e1efebc642f4a686b5f9c6c49d0d09a4475c47" + }, + { + "algorithm": "sha256", + "value": "a2629dcf273b9741a5bd67855fa276a0d532dd9453815246a8d3f42a229219d8" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libncursesw.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "023549e866ed57ef", + "location": { + "path": "/usr/lib64/libpcprofile.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15520 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "edd1a1364ecb26c0f0f077283a79a71ed3d5ebeb" + }, + { + "algorithm": "sha256", + "value": "75d3aebcd4c6a1d25e76e031c2ad722c607e7976f3d9d541195c3319c7580915" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "1897bbb4f7efd63c", + "location": { + "path": "/usr/lib64/libpsx.so.2.48", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 19472 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7ba1d74b1615f86d8e98d8612deca8bb8076a45e" + }, + { + "algorithm": "sha256", + "value": "8c94570f7cb8f2a90cd349009861fd26c98bd7da7ef189f18360ef44c154594e" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgcc_s.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "d19d670da6254e2f", + "location": { + "path": "/usr/lib64/libpthread.so.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15480 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d0ba899f8539d26f0dcf32a2a9b68e535f84d68e" + }, + { + "algorithm": "sha256", + "value": "83dc268d2bc39b1bc7ea9bc47f80d2b03d584b97471e1d350ae8570c9e451080" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "f90f9b325a9a1788", + "location": { + "path": "/usr/lib64/librepo.so.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 193824 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "77016ea3e1a253ed36486def76e462a23e52487b" + }, + { + "algorithm": "sha256", + "value": "3702d466122ae54e25448209571edaa4588e2b77e5c301102d99240e4a4f339b" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libxml2.so.2", + "libcurl.so.4", + "libcrypto.so.3", + "libgpgme.so.11", + "libglib-2.0.so.0", + "libselinux.so.1", + "libgcc_s.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "664d277def349e86", + "location": { + "path": "/usr/lib64/libresolv.so.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 70528 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "36a20966380f36dffa15dcdcea43ea896fb5af7a" + }, + { + "algorithm": "sha256", + "value": "f108336535775d00ddac47c7c663e22f38137102e8e674d9ab9a091a43473948" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "b7a5e9efcb9b8596", + "location": { + "path": "/usr/lib64/librpm.so.9.1.3", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 541904 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6c02e48748079674b08c4e220b5209cae294b0c9" + }, + { + "algorithm": "sha256", + "value": "402844cc65877b72fe5a013de4e83ac6aa3efeb0d91ec6b78dc41c911a65a58c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "librpmio.so.9", + "libbz2.so.1", + "libz.so.1", + "liblzma.so.5", + "libzstd.so.1", + "liblua-5.4.so", + "libm.so.6", + "libpopt.so.0", + "libcap.so.2", + "libacl.so.1", + "libsqlite3.so.0", + "libaudit.so.1", + "libcrypto.so.3", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "5d732d586d21e1a2", + "location": { + "path": "/usr/lib64/librpmio.so.9.1.3", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 231056 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c8d8a642abd7cbc609be7d61a6d086277d47d79b" + }, + { + "algorithm": "sha256", + "value": "414b4c6dd584b0a9ab9de230cd395bd9bd57daad6979798fe9c716140aa8a027" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libbz2.so.1", + "libz.so.1", + "libpopt.so.0", + "liblzma.so.5", + "libzstd.so.1", + "liblua-5.4.so", + "libm.so.6", + "libaudit.so.1", + "libcrypto.so.3", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "bf18eec22303c1b8", + "location": { + "path": "/usr/lib64/librt.so.1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15648 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0acf5c262e7a268c89ecbe021fa658e7809ad178" + }, + { + "algorithm": "sha256", + "value": "e7739dc9abc514845ad06d7e1cff374e384f5014d04c5e60c40a1e033f8a95a9" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "7e81ec7a8f66c3ca", + "location": { + "path": "/usr/lib64/libsasl2.so.3.0.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 128424 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5456bc1a5aa90e5534f0d3d577e202d2f16ba36f" + }, + { + "algorithm": "sha256", + "value": "2e3d8149a9cddffd1c8dc2ed69db920d15d8d620a6472906181e79ac33342c9c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libcrypt.so.2", + "libgssapi_krb5.so.2", + "libkrb5.so.3", + "libk5crypto.so.3", + "libcom_err.so.2", + "libresolv.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "89115b1e9262abe4", + "location": { + "path": "/usr/lib64/libselinux.so.1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 175744 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "40711929238836e2a8ec63dfc23135c718aba5df" + }, + { + "algorithm": "sha256", + "value": "540225279c84a9ff7c668625b1987aa7f3be24215eb9480c0be73f47818df14c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libpcre2-8.so.0", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "f4640f5ead471b71", + "location": { + "path": "/usr/lib64/libsemanage.so.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 273096 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b1b1b3a36aef3393cc22884dcc355446a134b261" + }, + { + "algorithm": "sha256", + "value": "f2a08e1895cf389d80fda8b76380b2d6135930d1b31789fb678711f97dbc553c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libsepol.so.2", + "libaudit.so.1", + "libselinux.so.1", + "libbz2.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "840c32fd3150949d", + "location": { + "path": "/usr/lib64/libsepol.so.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 802664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "463ee022c64c4f6973022558376f64499bc04927" + }, + { + "algorithm": "sha256", + "value": "3b432f1a220b54f86e576e3a4b580e7ed99b1fc73e6cde52b21157c2c2271665" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "2a65f2229e73080a", + "location": { + "path": "/usr/lib64/libslapi.so.2.0.200", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 144304 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "720df6f74398d5bb9935c7d3486496369f670ede" + }, + { + "algorithm": "sha256", + "value": "df9f0e4780d61d1db2d01b9b6475685031956d1cf4bd194f9d58065741fbc4d6" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libltdl.so.7", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "10fc03496e85dae5", + "location": { + "path": "/usr/lib64/libsmartcols.so.1.1.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 107944 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fa7f05edc58ee16d4bece860683c2b70660a3334" + }, + { + "algorithm": "sha256", + "value": "03bf745caba1ab8438e6b8c3b1a45940a6908f95ab94f48415b6f56c85db20cf" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "9e76aa220f9aaf91", + "location": { + "path": "/usr/lib64/libsqlite3.so.0.8.6", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1356864 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3004f7bc2730c1996be0d97c0815edf7cf63296d" + }, + { + "algorithm": "sha256", + "value": "2a7040e37b57d51f6b157875e7610b37491d0cb4dd69ed5055921da43b855e8c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libz.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "600acfaadf45a128", + "location": { + "path": "/usr/lib64/libssl.so.3.5.1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1039984 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "92752058bec7715c5cfd1a64ea45f7ea8c14b2ea" + }, + { + "algorithm": "sha256", + "value": "a8a5b51a76acfca3aee2429f2114f47ae2f9d0e4fc912673ef82d3d18eb0c22e" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libcrypto.so.3", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "6de1484d06c4f0ad", + "location": { + "path": "/usr/lib64/libstdc++.so.6.0.29", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 2314704 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "869c163d5601ff8f79f22324b0a5bb615b7f92d8" + }, + { + "algorithm": "sha256", + "value": "643060c81562d0c1bd8a0ec3888068cf5577d6ce8fa7d4aba5c509f7bb258bd9" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libm.so.6", + "libc.so.6", + "ld-linux-x86-64.so.2", + "libgcc_s.so.1" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "d9bf5c868eb88dae", + "location": { + "path": "/usr/lib64/libsystemd.so.0.35.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 919936 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "84fd24d02e62e921ba0d27dc1355e55d6cc3ce1c" + }, + { + "algorithm": "sha256", + "value": "8a20a2daf7dcd24dfdb8b7ccf0c8a2a33d5251a445da3b55de0d16ca78593437" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libcap.so.2", + "libgcrypt.so.20", + "liblzma.so.5", + "libzstd.so.1", + "liblz4.so.1", + "libgcc_s.so.1", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "a7aebe099275d13d", + "location": { + "path": "/usr/lib64/libtasn1.so.6.6.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 94128 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6efff212494e34ac66be2f0ec3735b0418d1cc11" + }, + { + "algorithm": "sha256", + "value": "f1e7a272c3ebc0068992ea6c098cd8ccbc79818762e67cce26647e3fb04b24dd" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "ae3fc97113fbe7ca", + "location": { + "path": "/usr/lib64/libthread_db.so.1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 41600 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2b8fc0fbb5bc957182c263cb57e57db69e4b872b" + }, + { + "algorithm": "sha256", + "value": "7bce176450f85680f3dfe6661359ca884fba6650c414de747be5f997d8e1596e" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "7f4d4f7aa9afb6fb", + "location": { + "path": "/usr/lib64/libtic.so.6.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 73224 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7ae4f0ddfa6b940edcc1d14da97fe186d7fcbc99" + }, + { + "algorithm": "sha256", + "value": "169fd0998038aa0987f25827f8ce0fe9ee9ea82846958237c22f57bf0137209f" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libtinfo.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "2187328ae913998e", + "location": { + "path": "/usr/lib64/libtinfo.so.6.2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 195088 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dba29705317e7e0b34a78fc29afe5869d1253b69" + }, + { + "algorithm": "sha256", + "value": "7f6e6b4b437315880fb459256f663fe1cf96ffd437f9bdcdddc5c5104b89c3ff" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "6756fb3d8b92dd02", + "location": { + "path": "/usr/lib64/libudev.so.1.7.5", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 200168 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "013a4094b9557ae39eb17409fbba39e8879dc1f2" + }, + { + "algorithm": "sha256", + "value": "afbc80413aeb6161f62fe0947c37ed50616f280592bd12023bf3b32f80bb4b36" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgcc_s.so.1", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "e4935d5aa0ba62ff", + "location": { + "path": "/usr/lib64/libutil.so.1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15464 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "25e6d9a06ab0281ce358e7ebb02cf07edbe3a19e" + }, + { + "algorithm": "sha256", + "value": "1da739d3692933ac28b1c4fd1d0f94a0976f3286c0bf8b2e5e5db49ca7e854fd" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "2f4c1c268d776d3e", + "location": { + "path": "/usr/lib64/libuuid.so.1.3.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 36440 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6b6260d7fb20c57b211971d87625b83258590c55" + }, + { + "algorithm": "sha256", + "value": "529d3f74689adfa49e416bdd75385f06733568724ebaf8411a5e0de140d8621a" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "9548eb24c8261a07", + "location": { + "path": "/usr/lib64/libxml2.so.2.9.13", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1644712 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ab4be0119c30d9af379a3e12b40c11b71def465b" + }, + { + "algorithm": "sha256", + "value": "8eb25143b2fa588a7b9f4af0a8f44d580501d59ee5d7e2f20d726b2aaffab1a9" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libz.so.1", + "liblzma.so.5", + "libm.so.6", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "cd4bf5eeea9572a1", + "location": { + "path": "/usr/lib64/libzstd.so.1.5.5", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 754200 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a58e10768bd5a2a16cc7dfb5b04843ce9c4f0456" + }, + { + "algorithm": "sha256", + "value": "dc1ccdc94eea889670d6258a70ae51be922be6a4740eb44eee4f1baf012136b7" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "67ddf331d95fbab9", + "location": { + "path": "/usr/lib64/ossl-modules/fips.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1337112 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "64be15e12fa7a8b28d498c422f7d866fe235e5db" + }, + { + "algorithm": "sha256", + "value": "c197b6ddf74532f477bcb34e25b6e109491765d577b9fe1a4c4759239b6aae06" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "074d9b8ca153069f", + "location": { + "path": "/usr/lib64/ossl-modules/legacy.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 140344 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fe7c6850a1685449f472f02e2894e4a20c2ca0d7" + }, + { + "algorithm": "sha256", + "value": "1e4dd1d9a0a9780f300331ba5d4351f9bc9cbd89130d1d6797e84bcc170c10f0" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libcrypto.so.3", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "86bf2ecd1788501f", + "location": { + "path": "/usr/lib64/sasl2/libanonymous.so.3.0.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 19840 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5a27a0e2b06d9a3f088b71c8bfaaafaa202e8473" + }, + { + "algorithm": "sha256", + "value": "3f5750048d1f5f2fc02a64b4c3e479d2da16049a7c262d4b3a6d620ba7a37751" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libcrypt.so.2", + "libgssapi_krb5.so.2", + "libkrb5.so.3", + "libk5crypto.so.3", + "libcom_err.so.2", + "libresolv.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "67d38e340f4577d3", + "location": { + "path": "/usr/lib64/sasl2/libsasldb.so.3.0.0", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 36152 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c5785b55310e9af50cb520d5bb31dab7e894a1f6" + }, + { + "algorithm": "sha256", + "value": "ce60ecb1bf8fbf5d898712b1fbcbc743359ce1d2f8de8e148031e5189ba48132" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libgdbm.so.6", + "libcrypt.so.2", + "libgssapi_krb5.so.2", + "libkrb5.so.3", + "libk5crypto.so.3", + "libcom_err.so.2", + "libresolv.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "6e696beaf5a6f45a", + "location": { + "path": "/usr/lib64/security/pam_cap.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15136 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cc86b6d3fde4d80d002a814e4a2bfaed78d1848f" + }, + { + "algorithm": "sha256", + "value": "6bb873cae41c79e835c80198f456151d80e6f85d5886726ede088e5508db5307" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libcap.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "e3d3859fc36afde9", + "location": { + "path": "/usr/libexec/coreutils/libstdbuf.so", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15288 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7a395a2cd0ba62aeb989494acb47a98ef7da7d0c" + }, + { + "algorithm": "sha256", + "value": "12e5481fd926dabcd9304ad69f70ff0bdcb8f69a2a78bce13bdd432dc362ec43" + } + ], + "executable": { + "format": "elf", + "hasExports": false, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "4e0814ecba9a840f", + "location": { + "path": "/usr/libexec/fips-setup-helper", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 333 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d4ca662c6962fc22af5ee0ffedd594be438bf8e0" + }, + { + "algorithm": "sha256", + "value": "98842d7aab2119a5258e0931c538111d4eb9099395b539b764dc6de427de8939" + } + ] + }, + { + "id": "1716d1a69e4531ec", + "location": { + "path": "/usr/libexec/getconf/POSIX_V6_LP64_OFF64", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 36080 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "81140d839d18f2761b00df07b72c3fef8a43c11a" + }, + { + "algorithm": "sha256", + "value": "f01154b2747461aa3011213d2a2d018d04bf4241ebc0649822a28b9d863eb370" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "d536adb8f0ad5bbf", + "location": { + "path": "/usr/sbin/alternatives", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 40544 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "67c3a94eaba528d07aa2a9a07d41edb753de1b97" + }, + { + "algorithm": "sha256", + "value": "b432a2af811781d961fac005249930fea6c7510687ec377414166eeed06f8c9f" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "34f8467e3a606deb", + "location": { + "path": "/usr/sbin/capsh", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 31960 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "846a33d5de64467997f0c06ef74025bdd53747e0" + }, + { + "algorithm": "sha256", + "value": "a919dce6901fcc23b1379e94c4e0ddeb160c28c805a44b13b9e7d5a64c080f8b" + } + ], + "executable": { + "format": "elf", + "hasExports": false, + "hasEntrypoint": true, + "importedLibraries": [ + "libcap.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "f33afab34bceebb1", + "location": { + "path": "/usr/sbin/chgpasswd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 61200 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bbe9eacb1054c4755515620eacd5b8e58263985b" + }, + { + "algorithm": "sha256", + "value": "ecdec0e57aada7c08b4c658fe35558f9e30fe9f7e1d4360e8009fb90a9202366" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libcrypt.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "0318fa63a12c4a45", + "location": { + "path": "/usr/sbin/chpasswd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 56968 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9d1ec69bbb784f6c8c20c9aeadee06a6b53b66c2" + }, + { + "algorithm": "sha256", + "value": "7896f25aeef8f5f1dfcc5865a9dcb9019a7edc9b449b1e4ac9746d391ad6ba88" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libcrypt.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "111b65a59d05de01", + "location": { + "path": "/usr/sbin/chroot", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 555, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 53 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "47f6ebfa5a2e0ac5671332f3bf3fefdde5c8ed26" + }, + { + "algorithm": "sha256", + "value": "739f7aeb037de1264e7801b4a2b01b6e98bf66b1fe81c751989241de6f878b19" + } + ] + }, + { + "id": "c1427ebe890dcc80", + "location": { + "path": "/usr/sbin/getcap", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15488 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fc72d542eb85d57677eebfa803702e4989152115" + }, + { + "algorithm": "sha256", + "value": "91059a58403b474157208979a029c3d47c12155a741200672c12b24a6ed44a37" + } + ], + "executable": { + "format": "elf", + "hasExports": false, + "hasEntrypoint": true, + "importedLibraries": [ + "libcap.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "8a707565ca91434e", + "location": { + "path": "/usr/sbin/getpcaps", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15480 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "304b5a9328285771328c91c9071fb761a273c117" + }, + { + "algorithm": "sha256", + "value": "452e8c8b360c1c245307cf1b826f61e539862814c3be5de1624c9913f5175c09" + } + ], + "executable": { + "format": "elf", + "hasExports": false, + "hasEntrypoint": true, + "importedLibraries": [ + "libcap.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "74be897ab6c1efcb", + "location": { + "path": "/usr/sbin/groupadd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 70424 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4c67f58787c3e932d187244685ddc088f0890716" + }, + { + "algorithm": "sha256", + "value": "c212db3ba1a3d8c510d3c6ae2267f3e7c9a44a28c132c58189d60e7d57266eda" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "2556d4cc0a065d36", + "location": { + "path": "/usr/sbin/groupdel", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 66080 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b3764d3f80620dd582c6e21d16791be710733cbc" + }, + { + "algorithm": "sha256", + "value": "d217dd3a21566ac3916682b469cf9bf08fc36c09e411c004b1acf590d22ad4e1" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "0c8befd445f256b3", + "location": { + "path": "/usr/sbin/groupmems", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 57112 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0ca7b979ce118f5a870d53267cff7b7bebe141f8" + }, + { + "algorithm": "sha256", + "value": "ebd54ce8fb0a1f3d291a80c8f6837709a0d40bd8313015bb0d2d0ff47c28021f" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "cc64b9fa91010ff6", + "location": { + "path": "/usr/sbin/groupmod", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 74504 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c2c8c306b81b62d4c33b60ec28a43ccc946547ca" + }, + { + "algorithm": "sha256", + "value": "b3f14c7f5eef120c5696e583a43c973e7cab820455682fe2c20fe08473252128" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "b6b95802760806da", + "location": { + "path": "/usr/sbin/grpck", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 61192 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a5eccf1d048a2014c60d105efbff2667e349063b" + }, + { + "algorithm": "sha256", + "value": "49ac971fae50937b2867db851e690c29ea169af0dc2bc05d98a4c2c09b5030bb" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "ab69700c9a4b85fc", + "location": { + "path": "/usr/sbin/grpconv", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 52800 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2fd84a4c1daa7aa0bcac2f2e372dfebc86f9501d" + }, + { + "algorithm": "sha256", + "value": "0e17621db09d8e4aa82302048b9c9ca79e46714c9cc1a5e23557cf61a4ae8bc5" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "c73f0ac2f71e5768", + "location": { + "path": "/usr/sbin/grpunconv", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 52768 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "64e887baf4a9e22e1442c6027801735b5d0b1a0e" + }, + { + "algorithm": "sha256", + "value": "5c4a66ba5ca8d17b353c9f4ea50ece515f22fe3138943c0d8981d857c9f2174f" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "64575dd9d0be23a4", + "location": { + "path": "/usr/sbin/iconvconfig", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 32440 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6bcdbf5fccc474565384b63b77d85247fc83f290" + }, + { + "algorithm": "sha256", + "value": "32a2f84bdc83abe12f1ad68520ccfff38e32f9cf199f8c701601a5faa5d8735e" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "7536453ef2a26c46", + "location": { + "path": "/usr/sbin/ldconfig", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 1172360 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "38654bbc8d6fa006477ef67697afc5d2040e292b" + }, + { + "algorithm": "sha256", + "value": "df210f9db42ec59cecf3a7879141cf6a43d2825b9a4764eb507dce913fd74ca3" + } + ], + "executable": { + "format": "elf", + "hasExports": false, + "hasEntrypoint": true, + "importedLibraries": [], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "f90e01085c96de5d", + "location": { + "path": "/usr/sbin/newusers", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 90840 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c48f8fbd5800aee651df63757f7b9b351310ce94" + }, + { + "algorithm": "sha256", + "value": "903936f7d3d8b3defc8e0adf429804739684b32e1b959e269df8b1c814099537" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libcrypt.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "3989eec5a7cefa6c", + "location": { + "path": "/usr/sbin/pwck", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 56936 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4d0a350644784b26d850dd3fe28934158e161f87" + }, + { + "algorithm": "sha256", + "value": "6e334199eb49cc3ca096149f91933e40ead747da5bba47d35f534bbadfe6cf3e" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "ec97b8fc62a55343", + "location": { + "path": "/usr/sbin/pwconv", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 48584 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4f08af5c40b65d2d5d9baffdf9bfeb044cd0627a" + }, + { + "algorithm": "sha256", + "value": "988929767fd0e92f2e070cb1a3c6c176097381e9a604a1fec4b511d145c566ed" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "8568fb8ca2582731", + "location": { + "path": "/usr/sbin/pwunconv", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 48544 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "97fa431087d528da73789d941ef0872511e960d9" + }, + { + "algorithm": "sha256", + "value": "2755c539e10308a55440c2bba4e733d014c8f3c346d114514c4588808716e371" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "a903dcfa92379f1c", + "location": { + "path": "/usr/sbin/sasldblistusers2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15640 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9f9bfa00aaf8df309062b99273521df28cf8f847" + }, + { + "algorithm": "sha256", + "value": "41dde1653f48b854d0b928dc3242c1ac9a7cf222925b5b7bb00e38ca2115fdbc" + } + ], + "executable": { + "format": "elf", + "hasExports": false, + "hasEntrypoint": true, + "importedLibraries": [ + "libsasl2.so.3", + "libgdbm.so.6", + "libcrypt.so.2", + "libgssapi_krb5.so.2", + "libkrb5.so.3", + "libk5crypto.so.3", + "libcom_err.so.2", + "libresolv.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "d20220678434ab7f", + "location": { + "path": "/usr/sbin/saslpasswd2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15608 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f6d1be27468f4c5dcd5387aff3e05ae5dcce8a2b" + }, + { + "algorithm": "sha256", + "value": "9b6cf403d1d2a816351473d85e638b94ac60d6f729d92a6b812af52de04839e1" + } + ], + "executable": { + "format": "elf", + "hasExports": false, + "hasEntrypoint": true, + "importedLibraries": [ + "libsasl2.so.3", + "libgdbm.so.6", + "libcrypt.so.2", + "libgssapi_krb5.so.2", + "libkrb5.so.3", + "libk5crypto.so.3", + "libcom_err.so.2", + "libresolv.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "b0a10e424e7b1086", + "location": { + "path": "/usr/sbin/setcap", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 15488 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6e8be06b74a7e4d47eb469f996c525accc5d4b4c" + }, + { + "algorithm": "sha256", + "value": "6ed2c35ad6d405cc7060467f52ae68db70a2b219b5840193f3eb43a6dc636293" + } + ], + "executable": { + "format": "elf", + "hasExports": false, + "hasEntrypoint": true, + "importedLibraries": [ + "libcap.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": false, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "84bb3257aae64297", + "location": { + "path": "/usr/sbin/useradd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 141144 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d360104341866da1ea812f15ad4e93e9fcdb9782" + }, + { + "algorithm": "sha256", + "value": "7de0113096523518f915f2abfa1fa02a4842a3412e0acf380bf25581ef06809c" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libsemanage.so.2", + "libacl.so.1", + "libattr.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "687b78fb392028b5", + "location": { + "path": "/usr/sbin/userdel", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 90968 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6d33f7c1e6b5b93b4acdf7e5117489df1e81c254" + }, + { + "algorithm": "sha256", + "value": "07fba687576480843c16c4e29683318f84a9ab8b514db6556691d25056583c28" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libsemanage.so.2", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "4848c9705b78b970", + "location": { + "path": "/usr/sbin/usermod", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 132776 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2b9d099d0a0ab7cfb87939193347f3506c0a5257" + }, + { + "algorithm": "sha256", + "value": "4c7fb62ea533f122b57fd2173a023d4bf5f6f5adb859488a8dd5b89e861c7828" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libsemanage.so.2", + "libacl.so.1", + "libattr.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "04c372714feedfa3", + "location": { + "path": "/usr/sbin/vipw", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 59552 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "98b51e5cdc3658bd2210ec29437190bf5e5bae81" + }, + { + "algorithm": "sha256", + "value": "1c685db51740be4f85e13faeb3322e210468db9bced41d9d8522f914f5c96035" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libaudit.so.1", + "libselinux.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "879ec3ccb9c2d440", + "location": { + "path": "/usr/sbin/zic", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-sharedlib", + "size": 61056 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "09c363206713740a91fd1b1a6042b75e8cc16d61" + }, + { + "algorithm": "sha256", + "value": "0f3d1cea614a46ced60f0d43ef21a40bb7d72c6e94a47883504fecf29b12f41b" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": true, + "dso": true, + "safeStack": false + } + } + }, + { + "id": "afdd73f093ebb639", + "location": { + "path": "/usr/share/crypto-policies/DEFAULT/bind.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 124 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "605a441522efb7132b8d48aa48458564329a6f4a" + }, + { + "algorithm": "sha256", + "value": "a58c1a9dc160a31aa185d74a96538aafa634864b8868129ffac0544e789e03e0" + } + ] + }, + { + "id": "1d7fd03128d7e4d2", + "location": { + "path": "/usr/share/crypto-policies/DEFAULT/gnutls.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3075 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d89af03fbc6b90c653497d1c369daa37b1eab484" + }, + { + "algorithm": "sha256", + "value": "9658d45476815d507ec7598a09b8f32bb67f1f12b1204b0a9ecd9d165a3e8116" + } + ] + }, + { + "id": "882e9fef471425f7", + "location": { + "path": "/usr/share/crypto-policies/DEFAULT/java.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1552 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8897f89dfc3de73c0c69444e45a70250245baf8d" + }, + { + "algorithm": "sha256", + "value": "21e27a8d83a44a6c1179effe601e95cb3d7373735cc7520cd47be0652dd18945" + } + ] + }, + { + "id": "a38e5ca8cef6d8f6", + "location": { + "path": "/usr/share/crypto-policies/DEFAULT/javasystem.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 153 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4323cbb7ef0fe3ac978c43cda15d8d14f464150b" + }, + { + "algorithm": "sha256", + "value": "0ddb088db3d8d923e57dfe61dff5e3faadb41108c85b6eb1885b6a4838d382c3" + } + ] + }, + { + "id": "3f42f7a518ff9cd2", + "location": { + "path": "/usr/share/crypto-policies/DEFAULT/krb5.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 137 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "72ba20eb8d03021c3e265fab393b35d32a1b2a66" + }, + { + "algorithm": "sha256", + "value": "0c1e430ee375bf679019a42098629b7cccc6ca5a530479d787c5fde204da1cb7" + } + ] + }, + { + "id": "561140d4efe66e37", + "location": { + "path": "/usr/share/crypto-policies/DEFAULT/libreswan.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 565 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ecc7a1a59913ebaf6150ae5ace344496bb7a2dc4" + }, + { + "algorithm": "sha256", + "value": "ba0a4319962f0e6a3e83a404becf46a8bb0cf7929ef2b7032fec9ee1b95dd27b" + } + ] + }, + { + "id": "86552a9b61a01a58", + "location": { + "path": "/usr/share/crypto-policies/DEFAULT/libssh.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1165 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8a5b0929bfb7224052c876f632963d10bfad546f" + }, + { + "algorithm": "sha256", + "value": "4cb91562666463b60e23b6b3f0a50164959226126847ee6da1df8f7f0f071da7" + } + ] + }, + { + "id": "2065aab50b73cc76", + "location": { + "path": "/usr/share/crypto-policies/DEFAULT/nss.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 409 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1e00e1c1a6d4cdbd468536af85464167006bba10" + }, + { + "algorithm": "sha256", + "value": "6e1b17a238bc9879954790db1715dfa69029b0d4e9d566263c804dfb97261d0f" + } + ] + }, + { + "id": "8711641c4e8bbd25", + "location": { + "path": "/usr/share/crypto-policies/DEFAULT/openssh.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1322 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2845793a18956f0dfacee7d0127377123edce519" + }, + { + "algorithm": "sha256", + "value": "7716f34aeb67783ba9eeca7e35313fdde274231d902eea760ac4ccb58de165e4" + } + ] + }, + { + "id": "8380dd3e428b0f55", + "location": { + "path": "/usr/share/crypto-policies/DEFAULT/opensshserver.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1804 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "077d449b4c0798e1df2c33cebd0b436d720c2314" + }, + { + "algorithm": "sha256", + "value": "1113a9f57ae80185b59413b7a04f9cd2e5bd3bda51ef703f4f785658a25046d6" + } + ] + }, + { + "id": "fdd5ef7ec49ba6bf", + "location": { + "path": "/usr/share/crypto-policies/DEFAULT/openssl.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 151 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "de48e374101ef029afd15af20331bc40a7db9b62" + }, + { + "algorithm": "sha256", + "value": "14c0ac8298081902c37730227e3385e5db9bdb414fc00469a5453d9d8edbcb89" + } + ] + }, + { + "id": "da22838b523ebb31", + "location": { + "path": "/usr/share/crypto-policies/DEFAULT/openssl_fips.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cc622bfbd11b46609501b48c2c995748f5f050ef" + }, + { + "algorithm": "sha256", + "value": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + } + ] + }, + { + "id": "7702c5c821e9f285", + "location": { + "path": "/usr/share/crypto-policies/DEFAULT/opensslcnf.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 738 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d2e66057baf470b4c5a5dbe3f35fa55932a68322" + }, + { + "algorithm": "sha256", + "value": "5db272604fd06ed01b7bf95427e133ca891aacc5eb8158ebe5437c7ffe63db73" + } + ] + }, + { + "id": "f2121e401df4d509", + "location": { + "path": "/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1953 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "32efa04d4a9823c31ea308029087c33450eb5b38" + }, + { + "algorithm": "sha256", + "value": "94e0021e1dfb6a505ae320fd1a810d959f9a8196876112df0b8bd13d1819a6b1" + } + ] + }, + { + "id": "b8bc1d0869ed022a", + "location": { + "path": "/usr/share/crypto-policies/FIPS/bind.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 140 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "71e5c02490106a7e44c7a13d948a2ec5d0abf104" + }, + { + "algorithm": "sha256", + "value": "2d3530ededdc39742969f28ff137f88e429a5b80e55fb9dcb8ed51eabc14ed0d" + } + ] + }, + { + "id": "4ee5f68b748edff0", + "location": { + "path": "/usr/share/crypto-policies/FIPS/gnutls.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2528 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ccd77eb0f502e271942b40b00fd36e53810bd01e" + }, + { + "algorithm": "sha256", + "value": "ba59572ce09550c61e75c70c5bfc0d800661c7011cbced1ad943b408bfde381c" + } + ] + }, + { + "id": "57dc34cef5fc7029", + "location": { + "path": "/usr/share/crypto-policies/FIPS/java.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1853 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6e44d7916183482bdd94616bbc60e582e4e41c56" + }, + { + "algorithm": "sha256", + "value": "2545c17c559c1177239b3bc9292a2b50ca3e1400961ed515a9e50d8bc9991175" + } + ] + }, + { + "id": "f807571eba875c73", + "location": { + "path": "/usr/share/crypto-policies/FIPS/javasystem.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 139 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "166c6a8deb42755abcbac6ac29e82a4a2aa937f3" + }, + { + "algorithm": "sha256", + "value": "22f46a8509ac1c19bc76b9ab235820964e9a0469b9f2ba58c8be0aa8da9a8890" + } + ] + }, + { + "id": "abe5d35fd9e4b896", + "location": { + "path": "/usr/share/crypto-policies/FIPS/krb5.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 89 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ad94e4628a6030edf463645b15033ff36ddfc9fe" + }, + { + "algorithm": "sha256", + "value": "9c1a4d25952e9ba252dfdd110c40ee363a8c69a1f57c396f9c021255f613994a" + } + ] + }, + { + "id": "9d3c270b586cf9e8", + "location": { + "path": "/usr/share/crypto-policies/FIPS/libreswan.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 289 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "83981746cf3d6c5bad3f550e449f03719519b5ac" + }, + { + "algorithm": "sha256", + "value": "3121515ad310fee218aececa8ba41517cb2ff38dbd7903f1cf7712979b872527" + } + ] + }, + { + "id": "60b3bbf1dc150e29", + "location": { + "path": "/usr/share/crypto-policies/FIPS/libssh.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 962 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5672b8bd969dc3501cb71d6824adb72cb3a0c9aa" + }, + { + "algorithm": "sha256", + "value": "fa908a498254cbe4cbe1ee45e59896c140021fe9ff0ba6796f11784df73d713b" + } + ] + }, + { + "id": "6cff7cc34969a538", + "location": { + "path": "/usr/share/crypto-policies/FIPS/nss.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 352 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2552edb2edd9ec5d747bd677063976a622050529" + }, + { + "algorithm": "sha256", + "value": "f4b387df3824b2831e6ae76c6de4661f879d63366f2737e75222eaf53fce0f76" + } + ] + }, + { + "id": "c102b34d4850f420", + "location": { + "path": "/usr/share/crypto-policies/FIPS/openssh.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 819 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cb3aad188bfde60a17b1abdc5306a0d8d6c0411f" + }, + { + "algorithm": "sha256", + "value": "8606bb4030c091ffff8f8c3f154eefe322dc78953fed05921b660b91a9a1832b" + } + ] + }, + { + "id": "65edcd9856a2ba28", + "location": { + "path": "/usr/share/crypto-policies/FIPS/opensshserver.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1114 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "33c5a48baccde13b6de29ba101f5ffee94af2b0c" + }, + { + "algorithm": "sha256", + "value": "fc29f93c9ba35b0c98eadc4a5d535750f7ad1439eb7425b46e5fd34958b9a00d" + } + ] + }, + { + "id": "6595665567b15dfd", + "location": { + "path": "/usr/share/crypto-policies/FIPS/openssl.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 182 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "37d17ac5c814e574ac852f082b4c279d0a874aa6" + }, + { + "algorithm": "sha256", + "value": "eacc37ccc326fa7a92d1f3bdbe647b8b60c01ef9a2b1cba2980450cce218df54" + } + ] + }, + { + "id": "8e3c8bdb7f75bd5d", + "location": { + "path": "/usr/share/crypto-policies/FIPS/openssl_fips.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cc622bfbd11b46609501b48c2c995748f5f050ef" + }, + { + "algorithm": "sha256", + "value": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + } + ] + }, + { + "id": "0522bcec26e6a026", + "location": { + "path": "/usr/share/crypto-policies/FIPS/opensslcnf.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 714 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c28ee6488f7a6a0f5294f21219a0f967b84d6ce9" + }, + { + "algorithm": "sha256", + "value": "4acf50471178bbca3568561d0d48be519704b2a729d37b2594671bc7cbe38e4d" + } + ] + }, + { + "id": "878ecff90dec0cfb", + "location": { + "path": "/usr/share/crypto-policies/FIPS/rpm-sequoia.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1946 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cf72297a33754b49aef76339f6a5313efbfe1f35" + }, + { + "algorithm": "sha256", + "value": "010e040a5df0846e09730544fc2ff1c8071bbe6ad50aa61fb6e10097f887ea15" + } + ] + }, + { + "id": "e70790cfb823b2ce", + "location": { + "path": "/usr/share/crypto-policies/FUTURE/bind.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 124 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "605a441522efb7132b8d48aa48458564329a6f4a" + }, + { + "algorithm": "sha256", + "value": "a58c1a9dc160a31aa185d74a96538aafa634864b8868129ffac0544e789e03e0" + } + ] + }, + { + "id": "df6d8ed5a12429b0", + "location": { + "path": "/usr/share/crypto-policies/FUTURE/gnutls.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2573 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5f4d96a16eaa98cf32c80f6b2f7bfd7b88810b93" + }, + { + "algorithm": "sha256", + "value": "d68afbedf284403094b49b6fd6e164af1df71df6bfc7260ac9c2f35d0d4044a0" + } + ] + }, + { + "id": "f72f9876da0bf51a", + "location": { + "path": "/usr/share/crypto-policies/FUTURE/java.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1941 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c7454d459d658c9b5b6c5964fc09307693fba82c" + }, + { + "algorithm": "sha256", + "value": "f99bfe41709855b20552f414f78b7a1aab6154ba588bdac72ded87f8d8c80ddb" + } + ] + }, + { + "id": "c5064e1c6b2b82fd", + "location": { + "path": "/usr/share/crypto-policies/FUTURE/javasystem.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 142 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "80c52e731c59f7608add17bed269f77991dc9bc1" + }, + { + "algorithm": "sha256", + "value": "d43f7ce398de1cd518cd0864b58d74d50a8375b800b3231db853ac86175b6d19" + } + ] + }, + { + "id": "4f619fe86f82aca9", + "location": { + "path": "/usr/share/crypto-policies/FUTURE/krb5.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 86 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "56dd8be43a1b39e110d976b23e051ec5f1151428" + }, + { + "algorithm": "sha256", + "value": "f7500ad5181c77fd45da469fd7a0991caf7bc29b6c2f4f10bc966c3920fa905e" + } + ] + }, + { + "id": "2cc560a83b80dd47", + "location": { + "path": "/usr/share/crypto-policies/FUTURE/libreswan.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 303 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5961e83f826770433c93f8823501d3017e39efde" + }, + { + "algorithm": "sha256", + "value": "fada0c0238bc899aa3328e6f86b940a7f5a25cdef647ef28c243f89c3db67100" + } + ] + }, + { + "id": "44833f78acc30bc1", + "location": { + "path": "/usr/share/crypto-policies/FUTURE/libssh.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1065 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1287e83e94e62b2b32b6f5695922f4fb2dfabc3b" + }, + { + "algorithm": "sha256", + "value": "ee3a3567708dd4b79451deef173fe5b8443614d8fb81127dd91f98fb6ff35487" + } + ] + }, + { + "id": "eb3af61ac7994eee", + "location": { + "path": "/usr/share/crypto-policies/FUTURE/nss.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 355 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e036cb3c2f35142404150ee9e581f18bbd602df3" + }, + { + "algorithm": "sha256", + "value": "10a7d15cc2b678c044b2b749d7a0cf9e8706668888b94cea91866fb847588425" + } + ] + }, + { + "id": "b8d925cbba552dae", + "location": { + "path": "/usr/share/crypto-policies/FUTURE/openssh.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1202 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "84b1e7738c9e8f69db75e27dc13e0abb80583986" + }, + { + "algorithm": "sha256", + "value": "cdd99a01e5c7e4ff862b88e5a228f4bb4583b4039a4ff7ceb89b2869b8780059" + } + ] + }, + { + "id": "da0bddfcd645ebdf", + "location": { + "path": "/usr/share/crypto-policies/FUTURE/opensshserver.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1684 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ecf62f5ba1487bc1a7776b56d3c4c092af438330" + }, + { + "algorithm": "sha256", + "value": "621a381b8c829f95a45dd56ace4b7788dd09db9be43b20897742c0d7478ef27b" + } + ] + }, + { + "id": "51a16dd2240268af", + "location": { + "path": "/usr/share/crypto-policies/FUTURE/openssl.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 180 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7cd1bacf1c7e9378978c9258589dc0c9d17de607" + }, + { + "algorithm": "sha256", + "value": "37d50085b783cc65da67a6ead91da93a3dae6ac74d44004b5c6dc9ba41235496" + } + ] + }, + { + "id": "8e3c16288ba60b3a", + "location": { + "path": "/usr/share/crypto-policies/FUTURE/openssl_fips.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cc622bfbd11b46609501b48c2c995748f5f050ef" + }, + { + "algorithm": "sha256", + "value": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + } + ] + }, + { + "id": "1044ecf2ad0ce2c4", + "location": { + "path": "/usr/share/crypto-policies/FUTURE/opensslcnf.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 687 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8ee682d486edb1422bf8d4f2c7f870e61b19a41d" + }, + { + "algorithm": "sha256", + "value": "b8b47a18eaea88dac742a8834c0e5de7ea067974188aa796ee15099e3f216042" + } + ] + }, + { + "id": "e911694cbc73fcea", + "location": { + "path": "/usr/share/crypto-policies/FUTURE/rpm-sequoia.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1949 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f12068092df36d310de8bd1308aedcf098b5f5da" + }, + { + "algorithm": "sha256", + "value": "abd2ec14c14a90c588d1180daafb98fc93537830da0eb87a8fd127e60a906f8b" + } + ] + }, + { + "id": "8bf3176e21b3abc5", + "location": { + "path": "/usr/share/crypto-policies/LEGACY/bind.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 94 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c1d7811878d0056763d0d5c90dc9b7f407d84522" + }, + { + "algorithm": "sha256", + "value": "de64669cdf2f9b5074089e202ea7f0bc04c94087c1e7ee0c3eba753b8c89c692" + } + ] + }, + { + "id": "b0484622aa727260", + "location": { + "path": "/usr/share/crypto-policies/LEGACY/gnutls.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3323 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "39130d031006a095247af4e080708f079b5d865b" + }, + { + "algorithm": "sha256", + "value": "f1bce6a203cb2ec468342c6106f9c17db6569e19b85b6eabbcfe3b0cabb5053b" + } + ] + }, + { + "id": "d1f527359f518a57", + "location": { + "path": "/usr/share/crypto-policies/LEGACY/java.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1450 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "31540a551281834e6dfe9250e8d8e47dfac55666" + }, + { + "algorithm": "sha256", + "value": "3ebe7bb711949d996bd3470541c3e20a72fc9d5045a6854ef99d679d073a4c97" + } + ] + }, + { + "id": "869d689a25f2e1d8", + "location": { + "path": "/usr/share/crypto-policies/LEGACY/javasystem.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 153 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4323cbb7ef0fe3ac978c43cda15d8d14f464150b" + }, + { + "algorithm": "sha256", + "value": "0ddb088db3d8d923e57dfe61dff5e3faadb41108c85b6eb1885b6a4838d382c3" + } + ] + }, + { + "id": "bb6f1a66cbc46ca9", + "location": { + "path": "/usr/share/crypto-policies/LEGACY/krb5.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 137 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "72ba20eb8d03021c3e265fab393b35d32a1b2a66" + }, + { + "algorithm": "sha256", + "value": "0c1e430ee375bf679019a42098629b7cccc6ca5a530479d787c5fde204da1cb7" + } + ] + }, + { + "id": "29b57084e873a85b", + "location": { + "path": "/usr/share/crypto-policies/LEGACY/libreswan.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 594 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "beb448d776d56b66f4f972ab0bda0b7797b7b7ae" + }, + { + "algorithm": "sha256", + "value": "ad8cfdb3cf11f8a18a8d66c5b243ac449587a735355ae1e346cf8d5aabd02ac4" + } + ] + }, + { + "id": "72c4214de7eaf7c3", + "location": { + "path": "/usr/share/crypto-policies/LEGACY/libssh.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1324 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0e9e88e99ae6119d46bce76bf259b7ea68ac7191" + }, + { + "algorithm": "sha256", + "value": "9d0c42289b99760aa2079eb88be6b75fa5d5f346b6939ce4fd8cadc67cf04d9f" + } + ] + }, + { + "id": "72f663c04a0c56fc", + "location": { + "path": "/usr/share/crypto-policies/LEGACY/nss.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 414 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c135b486fc928b8ff2533917f10bc3b79ae2e16e" + }, + { + "algorithm": "sha256", + "value": "2d8d23e37610b61a50e7557a4fdc86e3a4cf58599c3031e6590942eba0fe51c6" + } + ] + }, + { + "id": "b307e99b0bf1a901", + "location": { + "path": "/usr/share/crypto-policies/LEGACY/openssh.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1484 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "91e89d67bc23686d47b556a42db5454f53f3f068" + }, + { + "algorithm": "sha256", + "value": "9b1a630302e80162acf8e683ce6ff77262683d7e4a8d7a04553c8c38110d7ca7" + } + ] + }, + { + "id": "cfea9a73750a32b2", + "location": { + "path": "/usr/share/crypto-policies/LEGACY/opensshserver.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2003 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6a01238d34b30151929f1c2929ccee78663853a6" + }, + { + "algorithm": "sha256", + "value": "2490d30ff79c21c5271d1a0845b95c56ebc29db351bce17468a0e114f9671a5e" + } + ] + }, + { + "id": "9197b3a790c9df93", + "location": { + "path": "/usr/share/crypto-policies/LEGACY/openssl.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 151 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "de48e374101ef029afd15af20331bc40a7db9b62" + }, + { + "algorithm": "sha256", + "value": "14c0ac8298081902c37730227e3385e5db9bdb414fc00469a5453d9d8edbcb89" + } + ] + }, + { + "id": "9672f29db1784412", + "location": { + "path": "/usr/share/crypto-policies/LEGACY/openssl_fips.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 49 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cc622bfbd11b46609501b48c2c995748f5f050ef" + }, + { + "algorithm": "sha256", + "value": "ce58fa596fd447999c0fc9ea20f25072b77621e9eaa5166aa06f030d970b626b" + } + ] + }, + { + "id": "db84aa46836bf358", + "location": { + "path": "/usr/share/crypto-policies/LEGACY/opensslcnf.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 852 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "70af93215efde42382828e704f30f60120ec156a" + }, + { + "algorithm": "sha256", + "value": "dcb4cfdc6b5b7566f33964a8517b55aa03607ea0f985bdb9e8ec815dc740b76c" + } + ] + }, + { + "id": "053bcf254f43a96f", + "location": { + "path": "/usr/share/crypto-policies/LEGACY/rpm-sequoia.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1953 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "32efa04d4a9823c31ea308029087c33450eb5b38" + }, + { + "algorithm": "sha256", + "value": "94e0021e1dfb6a505ae320fd1a810d959f9a8196876112df0b8bd13d1819a6b1" + } + ] + }, + { + "id": "913208470fae46ec", + "location": { + "path": "/usr/share/crypto-policies/default-config", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 680 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "856da16030f51b488d6c93cd20b8674b578d233a" + }, + { + "algorithm": "sha256", + "value": "2f6b44a5d39b9b62dfd5602a979abb7a6547e5662f7ae89934e53079b9bef24d" + } + ] + }, + { + "id": "b80049f0c6041e3f", + "location": { + "path": "/usr/share/crypto-policies/policies/DEFAULT.pol", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2613 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6ddfd7835c3fd297e3c123be014a6ecfde1e567f" + }, + { + "algorithm": "sha256", + "value": "6abb1869ab38cbfe389436d2c0edc135bff11eaa26d45f950676fcfa53e09501" + } + ] + }, + { + "id": "9133809489ed5bd0", + "location": { + "path": "/usr/share/crypto-policies/policies/EMPTY.pol", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 277 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "11a373bb26f1088fab6c02691fcf455c91433d64" + }, + { + "algorithm": "sha256", + "value": "17348db5605b98f88f38704b2de8c0eb91a066be19c4c993d2ed0d8dbf411ddd" + } + ] + }, + { + "id": "90ab5cddee596df7", + "location": { + "path": "/usr/share/crypto-policies/policies/FIPS.pol", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2173 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "237284c26a9b8fe12579dc0a2cbee68183801303" + }, + { + "algorithm": "sha256", + "value": "453ebba9bf853cc9351d8568bce931c594337a178f27978a80fba5cedac24f64" + } + ] + }, + { + "id": "a392553ad2d8f3f6", + "location": { + "path": "/usr/share/crypto-policies/policies/FUTURE.pol", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2621 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1b66f17a3efeb6c11975e182debdfdf35cf31c6d" + }, + { + "algorithm": "sha256", + "value": "84731b8aa062979ae374fe22a15beb2cbf2944d972d10bac119ce9627c6a69dc" + } + ] + }, + { + "id": "410c97f05ec8cc4e", + "location": { + "path": "/usr/share/crypto-policies/policies/LEGACY.pol", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2777 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "303cc51b569f67ab45fe1f2fe7074b2c8829ecef" + }, + { + "algorithm": "sha256", + "value": "ed1cb209664939c3eec280015e9a322d59c0ae067f6a9514fb70f5bc19476b92" + } + ] + }, + { + "id": "888b6b58afbd2377", + "location": { + "path": "/usr/share/crypto-policies/policies/modules/AD-SUPPORT-LEGACY.pmod", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 469 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a7677874e757a5c9ea2f298c04e237358d0c2c28" + }, + { + "algorithm": "sha256", + "value": "edf8c78bdc5ee2c2b72d63d9c5f8ea662174400fc55b5f59d37b8fbcfb053092" + } + ] + }, + { + "id": "d876baa9427407a2", + "location": { + "path": "/usr/share/crypto-policies/policies/modules/AD-SUPPORT.pmod", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 283 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1b30ef4624e4d518222a086172bdcb6828214966" + }, + { + "algorithm": "sha256", + "value": "c101584cf373bd622b9060f30c0003d5d085273d628eb2ac64b53e4ef84da589" + } + ] + }, + { + "id": "5d0c649679feae87", + "location": { + "path": "/usr/share/crypto-policies/policies/modules/ECDHE-ONLY.pmod", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 136 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9362e76e330ccf7317cc06c23beae559962e45be" + }, + { + "algorithm": "sha256", + "value": "661c008361be79add5c086db6aed9e84f7c7b569057023cb548911bb0cec1ee0" + } + ] + }, + { + "id": "5903baac62ef6626", + "location": { + "path": "/usr/share/crypto-policies/policies/modules/NO-ENFORCE-EMS.pmod", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 248 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "355dfb5e956ffcc098c3bbe10e6abd3ecd01ffe8" + }, + { + "algorithm": "sha256", + "value": "304f4728eb3a09a2ec15eedaeffd1ddad83f0afc3bce911538082e74a9e26776" + } + ] + }, + { + "id": "14f5ce0d98a90b87", + "location": { + "path": "/usr/share/crypto-policies/policies/modules/NO-SHA1.pmod", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 123 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3f272d4e7be4b45af30327905198e5da22bb2b4d" + }, + { + "algorithm": "sha256", + "value": "2c36639722c6bf74ff296a606d65fd806e54dd1a2af26871efd139efc208c588" + } + ] + }, + { + "id": "6e35e39585ba7d79", + "location": { + "path": "/usr/share/crypto-policies/policies/modules/OSPP.pmod", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2072 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f776e2b162bd4978450a8d26858173371b140a45" + }, + { + "algorithm": "sha256", + "value": "f642d2f8eb25c837335c3e634af670d9c56a27539797d072f751d30e70776569" + } + ] + }, + { + "id": "38ecd8c72b7eea92", + "location": { + "path": "/usr/share/crypto-policies/policies/modules/PQ.pmod", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 385 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a8281ec2917d520cb7d70b53adff21f6aef29a4a" + }, + { + "algorithm": "sha256", + "value": "a33e31d844a8b8ab138284609b6184a1110d017f61b9f681f8e73989f8a6096c" + } + ] + }, + { + "id": "5e724ac7dc6c5896", + "location": { + "path": "/usr/share/crypto-policies/policies/modules/SHA1.pmod", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 131 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "64dad1fb09f3cd4dc67cd6151c933c499f9d0643" + }, + { + "algorithm": "sha256", + "value": "926673bbc7ee7b5c81945f10d103178a8cd5c4a309efbf898a7433e7a4ae49fd" + } + ] + }, + { + "id": "2db41ac88cdf8431", + "location": { + "path": "/usr/share/crypto-policies/reload-cmds.sh", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 167 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a8c2aa59a511c5073192253e154a743bd0ce7d80" + }, + { + "algorithm": "sha256", + "value": "69121b6719a4a96cb77bf2372cb58a389b08726e4448b1037b70ec9950af1048" + } + ] + }, + { + "id": "a2f54b1b196c86e0", + "location": { + "path": "/usr/share/doc/cyrus-sasl-lib/AUTHORS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2250 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6abcb830b2a3083de47e32c6acfb6d0d175b3e26" + }, + { + "algorithm": "sha256", + "value": "4b5d24c7d184e16bddad18caf7860f62ffff62d74e07b279d5bcdaa9b18b730a" + } + ] + }, + { + "id": "3ba77e6bd881631f", + "location": { + "path": "/usr/share/doc/cyrus-sasl-lib/developer.html", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/html", + "size": 49091 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e8aed45c2da52231a7c6845eb51955fd328b7cb5" + }, + { + "algorithm": "sha256", + "value": "48a54e0f2da15462dfc331373dffae4f6657d578a5efb934d9764dbc5948c542" + } + ] + }, + { + "id": "636f619f9c1536be", + "location": { + "path": "/usr/share/doc/cyrus-sasl-lib/download.html", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/html", + "size": 52248 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5019a386935f6796301259d9e170a2342b2aee44" + }, + { + "algorithm": "sha256", + "value": "a5be4ab6e56563267cc4dd25e99bd1eeb88e55a953d04a03544803cb2ffdc9cf" + } + ] + }, + { + "id": "9e66ce4e0a6eb3cb", + "location": { + "path": "/usr/share/doc/cyrus-sasl-lib/genindex.html", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/html", + "size": 73422 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d7e7bb23d60da618f26648e9ea453b9234719dcf" + }, + { + "algorithm": "sha256", + "value": "eeb25bd49929d57a75e84f9c4c75f6fa51640627730f691141da8b09d181a7dd" + } + ] + }, + { + "id": "d92702dbbda7e1c4", + "location": { + "path": "/usr/share/doc/cyrus-sasl-lib/getsasl.html", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/html", + "size": 43291 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7445a2e70d7b3edba1972838eddcad6fa151f9a2" + }, + { + "algorithm": "sha256", + "value": "3c4eb23173434a69427ede084884d26089d805d56119aadae336bb97872cf45c" + } + ] + }, + { + "id": "b50526e63108f8d2", + "location": { + "path": "/usr/share/doc/cyrus-sasl-lib/index.html", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/html", + "size": 57824 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "08c41ec9f5d0cdadd0b2d4a97191c589966c84a9" + }, + { + "algorithm": "sha256", + "value": "7013183e505fee223d6eee95ee75d8675d367e60b65f71bf4dcdd33232afe9fa" + } + ] + }, + { + "id": "e5fec12d1cea722f", + "location": { + "path": "/usr/share/doc/cyrus-sasl-lib/operations.html", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/html", + "size": 60786 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c1b60e44a0a224691e79be31e69d430252fcb086" + }, + { + "algorithm": "sha256", + "value": "087f6f07ec6b8dd36e98840d961ceff3f9c0c4816a35ee31b8109f981c66a53d" + } + ] + }, + { + "id": "c2da83b6c923127b", + "location": { + "path": "/usr/share/doc/cyrus-sasl-lib/packager.html", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/html", + "size": 42001 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "88da744c8a62476bbf99c530ffe6dce7ba60443c" + }, + { + "algorithm": "sha256", + "value": "8eaa2b504007fce395ae3cd9f6d3e5e5f732e6c58b761c85d43db434ea25236b" + } + ] + }, + { + "id": "479cbc92a7a36509", + "location": { + "path": "/usr/share/doc/cyrus-sasl-lib/search.html", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/html", + "size": 41016 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "90196c41de1a7de3c26d0209429d821c7ebaabe5" + }, + { + "algorithm": "sha256", + "value": "001df4ff29c794af8c409e16fa2ddc195cce1247474dd701eb530c0187a58476" + } + ] + }, + { + "id": "14a117e88aabf24b", + "location": { + "path": "/usr/share/doc/cyrus-sasl-lib/setup.html", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/html", + "size": 47328 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5be0a629828746c9baef4aaf7b54a3e8378ad5dd" + }, + { + "algorithm": "sha256", + "value": "0c2a3935f247f3b31c8c666f6b27a62b8b49e211bad56f48b54e06ce621773c8" + } + ] + }, + { + "id": "348d1f812826c9f4", + "location": { + "path": "/usr/share/doc/cyrus-sasl-lib/support.html", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/html", + "size": 41524 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "81d7dd17ec92c63555ce4696828571cce1710618" + }, + { + "algorithm": "sha256", + "value": "ae3c8fa1e231022f55cd93f11007725d896c0682aeaecee6586f0535e80d8625" + } + ] + }, + { + "id": "f2a10369c567f48e", + "location": { + "path": "/usr/share/doc/dnf/AUTHORS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3113 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "562a628ffa7f5c29af93854c74b19c9e0680aa46" + }, + { + "algorithm": "sha256", + "value": "5db00f039c2585bde1ff9d1aeb6f8a34d15a0977757a634886f07a3825a0c785" + } + ] + }, + { + "id": "e45b53ec2f0ac0a0", + "location": { + "path": "/usr/share/doc/dnf/README.rst", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 5009 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c008c0a210b781f0fc1a11e790b4ebb5771b15b3" + }, + { + "algorithm": "sha256", + "value": "5f8f14bf713fb23e2a644902b815db6204d71e63bdcfac50703242f834a02119" + } + ] + }, + { + "id": "2b831b50af534f2b", + "location": { + "path": "/usr/share/doc/findutils/AUTHORS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1375 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7ea9914f4209e103b0bd1ecf5ad0ba69fe20ece8" + }, + { + "algorithm": "sha256", + "value": "a406e80dc71aabaf208eaf4f8514ff99c296bb07e28cffa426c0f71eaf5c09f7" + } + ] + }, + { + "id": "c29277a285f11a54", + "location": { + "path": "/usr/share/doc/findutils/NEWS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 86220 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "80742e9e29deea23b382ec1fcf8a4853750bda64" + }, + { + "algorithm": "sha256", + "value": "c48bc9776cf09d9c71244d741f5938b578b83ee68800ef786c7f3575266a46cc" + } + ] + }, + { + "id": "a2321d70af729a09", + "location": { + "path": "/usr/share/doc/findutils/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 4662 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "36813ee3b13390b210c05c4acdb11db721101bbc" + }, + { + "algorithm": "sha256", + "value": "9e69d7c33f690071c03fd778e60bbc8dfce80efee098b81c79b3d3018303ffd2" + } + ] + }, + { + "id": "a222427dafd590d6", + "location": { + "path": "/usr/share/doc/findutils/THANKS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1539 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2a38c0a3e07ef3a20d82b16eb8d59f051e99f427" + }, + { + "algorithm": "sha256", + "value": "9b1acdf8723ab6183c0f191b4e5076c0a6daf88e80136ac05197369041a96616" + } + ] + }, + { + "id": "7e256dc3c07e3bbf", + "location": { + "path": "/usr/share/doc/findutils/TODO", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2860 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a50629512060bae5e4f384ab80baf92f6e6d88ce" + }, + { + "algorithm": "sha256", + "value": "4ecd8ead14e114067b4edb4c3279dc81c2383e2491f91bb12d8ca377878496d2" + } + ] + }, + { + "id": "b92d7f889edab03c", + "location": { + "path": "/usr/share/doc/glib2/AUTHORS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1347 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d33d419446f08f11602192b63a5669123206fedb" + }, + { + "algorithm": "sha256", + "value": "52ca4a84d8dc412ead87bc3223c2ec2ac819938337cabecb2bd1994e979d1171" + } + ] + }, + { + "id": "09b75c7c7656032e", + "location": { + "path": "/usr/share/doc/glib2/NEWS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 515412 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f39d69a01132975efdeb83b97ec5d3236bf907d2" + }, + { + "algorithm": "sha256", + "value": "d9d372c412fac473f5ae7cbb9ccf0f535c203dba5a54d3d49a24c17f66e2fe45" + } + ] + }, + { + "id": "832a99d51bcc976c", + "location": { + "path": "/usr/share/doc/glib2/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 14 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "75216795763abba850397d42a95c8059cc62b42d" + }, + { + "algorithm": "sha256", + "value": "3debe734c777df09c3c762cadd0fea1bebdb857c55243d605dc5b09211895bf3" + } + ] + }, + { + "id": "09778ad4d5c0d6cc", + "location": { + "path": "/usr/share/doc/gnutls/AUTHORS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 9818 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c9ad6f40606f8bc589be4b8e5fca174e0b71e2cd" + }, + { + "algorithm": "sha256", + "value": "a13baf7a36ec910b8c5b752c475aa8e1c0e24a60fd08bdae8506c9cdb53711b1" + } + ] + }, + { + "id": "72fed51334ae231b", + "location": { + "path": "/usr/share/doc/gnutls/NEWS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 410017 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3321bdd18d25f24c6ef468c2e6834b2af6ac05d7" + }, + { + "algorithm": "sha256", + "value": "f1c48c1f0587d909d08764fc379dcc647935680297a293ba000606811a7a5209" + } + ] + }, + { + "id": "58756d9f36396527", + "location": { + "path": "/usr/share/doc/gnutls/README.md", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 8231 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f49f88f544dac452f0e8fb3b11ca32fea1eb14ef" + }, + { + "algorithm": "sha256", + "value": "b5bc4c00d2004fd1088ab3f1523576a32c3dcf6612f5ab485479e37f89756e91" + } + ] + }, + { + "id": "a04110cf28fb5340", + "location": { + "path": "/usr/share/doc/gnutls/THANKS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 9615 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0484d82a5b452924b5f5c8c867896091a123b272" + }, + { + "algorithm": "sha256", + "value": "0795315b015c1b92beab235ce9b843e8bae9d89f47a599e5bed8fd578f35a8e3" + } + ] + }, + { + "id": "a123f7eee70c72eb", + "location": { + "path": "/usr/share/doc/krb5-libs/NOTICE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 64121 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "63254f2d180b67ee59eeaf23bbe986c939888482" + }, + { + "algorithm": "sha256", + "value": "0d5373486138cb176c063db98274b4c4ab6ef3518c4191360736384b780306c2" + } + ] + }, + { + "id": "bfcafeb6183520a2", + "location": { + "path": "/usr/share/doc/krb5-libs/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 13024 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d4b6ebeedbc90de39434a56323a90fec6ecb5558" + }, + { + "algorithm": "sha256", + "value": "8f61caf687d0ec6fa67fe96187f581fd80bf71faf1463929d0017faa5d29f1cc" + } + ] + }, + { + "id": "f244dcf2fc44b61b", + "location": { + "path": "/usr/share/doc/libarchive/NEWS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/csv", + "size": 32596 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cfccfe9002fcbeb8d5504a92c0bd040812bd9d69" + }, + { + "algorithm": "sha256", + "value": "a2b619bb37a6bdc592c11974f4924677612195c6da72132081f24cb73e13ffaf" + } + ] + }, + { + "id": "d445ce13fbbc3dfd", + "location": { + "path": "/usr/share/doc/libarchive/README.md", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 10102 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b3d673c8e1937e93a63bfc029ccd55573326f44d" + }, + { + "algorithm": "sha256", + "value": "8ea8f1b994736b8319f72d290ea18edee9da1ec8095c42cc44292ce961965fe4" + } + ] + }, + { + "id": "6c3fe7be3bf29827", + "location": { + "path": "/usr/share/doc/libblkid/COPYING", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 361 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "93e45afdb0d7c3fdd6dfcc951b8a3421660f2811" + }, + { + "algorithm": "sha256", + "value": "f03b01c1251bc3bfee959aea99ed7906a0b08a2ff132d55a1ece18ee573a52a1" + } + ] + }, + { + "id": "0f0ce024c81213be", + "location": { + "path": "/usr/share/doc/libcap/capability.notes", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2519 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dfc01dec23013354ea56dff88baa0254c0d87f07" + }, + { + "algorithm": "sha256", + "value": "1da6f6022ce14b9877f4f5929aafa5d4f1cb88b8a87e5c3eeb3d6f0371a7beb9" + } + ] + }, + { + "id": "5cf0045bda65895b", + "location": { + "path": "/usr/share/doc/libdnf/AUTHORS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1125 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "eef667365b106e5e2bf0737e1df3e735af221ee9" + }, + { + "algorithm": "sha256", + "value": "31d97c50072e6fa08fbfd81d27f7a4640be7b69ba11f74d6497e2d2b47ab2efb" + } + ] + }, + { + "id": "2f93b603c0f10ccc", + "location": { + "path": "/usr/share/doc/libdnf/README.md", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 4252 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e9af3d04907fccb5fd3fa22df3a6a8c0fb70badd" + }, + { + "algorithm": "sha256", + "value": "568c897e8db9ba48829b56c74ec080a43a67a9000b8c604df98c98bfb9fd4388" + } + ] + }, + { + "id": "e47abad8b54b40c6", + "location": { + "path": "/usr/share/doc/librepo/README.md", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 4120 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cbeab662650a5dc943d40b929d77d0ae0e8c5a67" + }, + { + "algorithm": "sha256", + "value": "126179a488975283a8ce48cd771b2816ada6771ac9f7b853ceb09fd31665e2b9" + } + ] + }, + { + "id": "8b10aaeddcc8bbd0", + "location": { + "path": "/usr/share/doc/libtasn1/AUTHORS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 456 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9f8a0b66fa3f77b4490d1c19b49629b6659046f4" + }, + { + "algorithm": "sha256", + "value": "949894e3b1d3952cbe5e2b16fcdcd2192d967e5da20d1f71bd8f434f6ccec2b1" + } + ] + }, + { + "id": "a2c8b5224135e21a", + "location": { + "path": "/usr/share/doc/libtasn1/NEWS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 23701 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d558a897bc83547a1d96b24577f75bb36de7a1cc" + }, + { + "algorithm": "sha256", + "value": "cd659d7c4dab21bbaecb9aa4c2908018a30b88e33b3bcc556484b177c2a78341" + } + ] + }, + { + "id": "e96158079ca16b1c", + "location": { + "path": "/usr/share/doc/libtasn1/README.md", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2741 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cddb140f1be1a540af4f251ee4c4974e136811d6" + }, + { + "algorithm": "sha256", + "value": "48572667217bbe68ab05d2188c09e45e569c04d3d16a0db4bddb42dcb1ae349b" + } + ] + }, + { + "id": "26101b2a73c22813", + "location": { + "path": "/usr/share/doc/libxml2/NEWS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 183812 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bc4da39c644ea8ea254aa2cae1038bd144361e54" + }, + { + "algorithm": "sha256", + "value": "847ddd05b336af3cb92cd69e855383c2f3b1cc5c0707afa5b081c50529a70671" + } + ] + }, + { + "id": "5600ce50a10eb4d4", + "location": { + "path": "/usr/share/doc/libxml2/README.md", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3744 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4d0879ad47deab4a30887505ee1afe6e755489fa" + }, + { + "algorithm": "sha256", + "value": "163a54f9593b6a7ef39caca031a9b9899dd60b3bb943527e71d699fabf5564ea" + } + ] + }, + { + "id": "518d26076223bf16", + "location": { + "path": "/usr/share/doc/libxml2/TODO", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 11356 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "be6d5916d015d930331e4a8102db4f899896fae5" + }, + { + "algorithm": "sha256", + "value": "8cbe077cd85d513ca3f3a8a51c3ccae43f6485b043aa1253954d0bddf5f9c817" + } + ] + }, + { + "id": "ab815bf6c0edffd2", + "location": { + "path": "/usr/share/doc/ncurses-base/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 10293 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6c124560cd62bdb59839d2219e1bbd33fcee7aa4" + }, + { + "algorithm": "sha256", + "value": "07794ece2a1bbeb5f3760c201700436d9d88f77e902dc809dc44474345d7bfcb" + } + ] + }, + { + "id": "d8440719a2647712", + "location": { + "path": "/usr/share/doc/nettle/AUTHORS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 4267 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "04fbd8d41d82f816099fdc8fa79becada57c46bb" + }, + { + "algorithm": "sha256", + "value": "6fd91e60caa0c33dd22888b710fcfa36532bbbef00d85c78de385dcd97f7b9ee" + } + ] + }, + { + "id": "b38fb49ec7a7ad9a", + "location": { + "path": "/usr/share/doc/nettle/NEWS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 70101 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0404f925c3cf59613eccde257ef0a65ff8fed984" + }, + { + "algorithm": "sha256", + "value": "a903faa402c389ef025f85eefbd860abca64fbe78d12b3a25a38e2aed351ca2b" + } + ] + }, + { + "id": "80154d44abd9a5df", + "location": { + "path": "/usr/share/doc/nettle/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2437 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "354c1f9b4cf4cf475d01c01f10abaf7febe856de" + }, + { + "algorithm": "sha256", + "value": "02cb98d7b68bd895fe26752c5f10d7eb23623dff90238998e019c26994c6739b" + } + ] + }, + { + "id": "06ddd2c5ab1466d1", + "location": { + "path": "/usr/share/doc/openldap/ANNOUNCEMENT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3274 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9c3f398729454628f2aa452e96be92be21ad9c7d" + }, + { + "algorithm": "sha256", + "value": "bab2a80eab7ad580f678d677fb9a6ef2aa8608af0dda0c0b360a4ed288cbb10d" + } + ] + }, + { + "id": "e3c8722270703b1f", + "location": { + "path": "/usr/share/doc/openldap/CHANGES", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 14015 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "05c4a531a01be3039c428ac36d3b50bfb2fae92d" + }, + { + "algorithm": "sha256", + "value": "8266a11815b7f36f069fc10e31e40adeb6c11c48167c3b09c453931bf290c206" + } + ] + }, + { + "id": "af87b9e7aabb7c0d", + "location": { + "path": "/usr/share/doc/openldap/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3511 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "528c1f6f9eaf19b83dbf9fbc8eb666fc3fe4291e" + }, + { + "algorithm": "sha256", + "value": "5bf8efa8807f8d11f2040fda7d691e175494364b865bd31ef264d5cf05d64616" + } + ] + }, + { + "id": "a38d4d64727600bf", + "location": { + "path": "/usr/share/doc/openssl-fips-provider/README.md", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 251 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3fffa80240ed8b796e9156fac6ab1b934d91aca5" + }, + { + "algorithm": "sha256", + "value": "752bf68e811026a9249b09b74c1fd1286d589c0a197d74281467e6696350a65d" + } + ] + }, + { + "id": "966b775465888454", + "location": { + "path": "/usr/share/doc/openssl/NEWS.md", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 91845 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9394286c79376d10c0e6f044591f08038324cc0f" + }, + { + "algorithm": "sha256", + "value": "2fba7a5c465ae545e821fd2db834e7b2de003f92efc906c565e0a5951f54a528" + } + ] + }, + { + "id": "2dda2c3f18ee55a7", + "location": { + "path": "/usr/share/doc/openssl/README.md", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 8137 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3616dd742d101c0f16616f2008d6a8522b186677" + }, + { + "algorithm": "sha256", + "value": "2bfd51ec120e0795439788274b5f447bb8559818fc4927e4712e73ac54c01c3f" + } + ] + }, + { + "id": "2d96fcb60e6d6812", + "location": { + "path": "/usr/share/doc/redhat-release/GPL", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18092 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "id": "ecc1c4f163b4ad49", + "location": { + "path": "/usr/share/doc/redhat-release/GPL-source-offer", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 655 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f87e1e4eaa28bc4b242269c832c1e45f65f954d1" + }, + { + "algorithm": "sha256", + "value": "025c99694c7fa9dd8a6a9cc0d450dbd36427cdff856771499718a421ab217482" + } + ] + }, + { + "id": "7e9fece2ad52f597", + "location": { + "path": "/usr/share/doc/rpm/CREDITS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3749 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0363cf8a78176f5806241ea47cbff8bab6b929ee" + }, + { + "algorithm": "sha256", + "value": "eca98e23b93ba154007bc76bb763d52167255a5def83715727946e2b14bc847d" + } + ] + }, + { + "id": "ba367ba1a6a17446", + "location": { + "path": "/usr/share/doc/rpm/builddependencies", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 6496 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a83b0fd6b0bc12a6225678d72a75fa97844f0e0f" + }, + { + "algorithm": "sha256", + "value": "1580050367dd281a03cb5d5e8692349829f1b21e48ebb328cbacf7e7e09d04ad" + } + ] + }, + { + "id": "70e0901d857c8852", + "location": { + "path": "/usr/share/doc/rpm/buildroot", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 3754 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "850853187ebb434876fd72acc7486c8191d52d41" + }, + { + "algorithm": "sha256", + "value": "7eac4a3d80abb2c002735348520f939cb43d21e73d3f52990baf3ba925b40d10" + } + ] + }, + { + "id": "84af44f4271d45ac", + "location": { + "path": "/usr/share/doc/rpm/conditionalbuilds", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 4050 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4c0ba174d1d68dbc61743088e883c5e177d78241" + }, + { + "algorithm": "sha256", + "value": "70a9517d270bcfd399cd7927aa18d659e0c63395b7d8fa11560ed71b549340a2" + } + ] + }, + { + "id": "618be8f32a42d98b", + "location": { + "path": "/usr/share/doc/rpm/dependencies", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 13647 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "83e48f7e8f9d39afc364a2d69655a8d52b7f9a63" + }, + { + "algorithm": "sha256", + "value": "397c40977dcd4655cb76ce9847a1968c0de37d3f351b722fb05376969a8dbee2" + } + ] + }, + { + "id": "77d382b59680ea33", + "location": { + "path": "/usr/share/doc/rpm/format", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 10424 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dec1af8f706736d4201f3c658c6bf7e0abb8bdb0" + }, + { + "algorithm": "sha256", + "value": "546660743edaa82c31176c705c6452ce0e4600ec1e5a77def2bc1c8c3ea86b8c" + } + ] + }, + { + "id": "ad0dd43970cd551f", + "location": { + "path": "/usr/share/doc/rpm/hregions", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2968 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bcfc6bea245367a4bd56560b426f27305a259ad0" + }, + { + "algorithm": "sha256", + "value": "013a188ee9adf79a94b8961e4342d6994ee0866f12cea3f6579dcd51eda0d796" + } + ] + }, + { + "id": "35b8382e49af6760", + "location": { + "path": "/usr/share/doc/rpm/macros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 13053 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ef045e38bc1a6a88ae87ef9f40f1801e8ac945e6" + }, + { + "algorithm": "sha256", + "value": "960b85cc1ab24fe12ba69e0ffea91ada56b1afc67d6e20bb48903bab4961133d" + } + ] + }, + { + "id": "c72cc34a7734b8ad", + "location": { + "path": "/usr/share/doc/rpm/multiplebuilds", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1866 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fa9822ea70b4e8691511d07018a56b9c554cbb1c" + }, + { + "algorithm": "sha256", + "value": "59e84e15d9af66ed7b693b7c200aa48328bd24d18c9ce53f4c2a36bcefe65a31" + } + ] + }, + { + "id": "29f580ed6ad02546", + "location": { + "path": "/usr/share/doc/rpm/queryformat", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 5665 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a7e1514a93a90f8ba9b80260df999e9c173b8ef8" + }, + { + "algorithm": "sha256", + "value": "ecaaa58e3a380e4def9c2e4bcb315810209a802027fe1b4a7bf2a01f44bc5e3d" + } + ] + }, + { + "id": "9c61ea48cb83168a", + "location": { + "path": "/usr/share/doc/rpm/relocatable", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2029 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "80e0019c56778d0ebde9dccc3245f7616efd4632" + }, + { + "algorithm": "sha256", + "value": "3a41eeced53b1c6d1ffcb8df980d98f6b53c8f79cf0b3d78eea66ce058bd817d" + } + ] + }, + { + "id": "8ea6468decc16ca3", + "location": { + "path": "/usr/share/doc/rpm/signatures", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2636 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ca9beae334fc974b6a8dfc933ae415d112cead7b" + }, + { + "algorithm": "sha256", + "value": "e52f26d6b1474b405e410e0d348b45509aee6168eaae06643ce1298d41a69ed9" + } + ] + }, + { + "id": "55e972a9bd3adf7d", + "location": { + "path": "/usr/share/doc/rpm/spec", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 9842 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "875b6552d0b4c7090981097264b8471d07e5b0bf" + }, + { + "algorithm": "sha256", + "value": "02fc972cb34963139c4363ac279905ec6428cbba7e0f4d799c7fc3015fcf1aa8" + } + ] + }, + { + "id": "fd26c3eb3403b2b5", + "location": { + "path": "/usr/share/doc/rpm/triggers", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 5673 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7d5bac560078ef15d295c7a6c58f876fb98ab3e5" + }, + { + "algorithm": "sha256", + "value": "ac2f2772cf98b150a0c9779d2dae3c6c213c98d85f9c037527c35db57345b906" + } + ] + }, + { + "id": "c15c94c1738fbcb5", + "location": { + "path": "/usr/share/doc/rpm/tsort", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 5460 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "aed363515bef72c6c0a4b3430e400da3557f28d0" + }, + { + "algorithm": "sha256", + "value": "533567bdebec1ed11887dc9041d68402a67497d19a3d124a090093ca5bfeb96f" + } + ] + }, + { + "id": "819bee19751e8fbd", + "location": { + "path": "/usr/share/doc/shadow-utils/HOWTO", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 68557 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "589aba60d5393dcde61320a5db15ae4bcbaa94fd" + }, + { + "algorithm": "sha256", + "value": "9786629ea4c20733b576cac0f09a342ff2d971c74abc1c571f9eb1c1ef53219e" + } + ] + }, + { + "id": "acd3a81b3ac2b9e0", + "location": { + "path": "/usr/share/doc/shadow-utils/NEWS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 106767 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "62ad7fa054bdb86fa799cfaad74bacfa53d7133d" + }, + { + "algorithm": "sha256", + "value": "b9de8dcd827a89d0eaeaec17ac4a319160dde1dbde618f41bc6ce3a6e877525d" + } + ] + }, + { + "id": "27ac861c1eb25c36", + "location": { + "path": "/usr/share/doc/shadow-utils/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 4041 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7e0679a986338cd29afd8dce0d95822c49aeb848" + }, + { + "algorithm": "sha256", + "value": "fda044b9c99d2ad2748248f93562138ff0a3582ed1ac300ff5befda04eb0b40a" + } + ] + }, + { + "id": "d50f1628fdf00808", + "location": { + "path": "/usr/share/doc/sqlite-libs/README.md", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/html", + "size": 16060 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4df383f341bcdd29371bbbd9a5b1ada698976aa7" + }, + { + "algorithm": "sha256", + "value": "8f065f666e82710b9f5dcfc74a6dc04e359a1883c655647e2d97882e1ca42787" + } + ] + }, + { + "id": "d582b81e5c24dbe2", + "location": { + "path": "/usr/share/doc/tzdata/NEWS", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 245317 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "24d6743ce536c5270aa5cbe9069bde58ee62a417" + }, + { + "algorithm": "sha256", + "value": "6786fdd586c42d9dc9e6cf0c977430753c6c4f3b2b9716c8cd12dbbe69a00243" + } + ] + }, + { + "id": "b491273c5071c377", + "location": { + "path": "/usr/share/doc/tzdata/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2464 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b612ab352fcb6ac4bb8a4905a1fe342e2d317392" + }, + { + "algorithm": "sha256", + "value": "f6d96b82996a6ccac80027816704183c63a754d5b1eb2e7b25858e32164e2707" + } + ] + }, + { + "id": "0687579881861600", + "location": { + "path": "/usr/share/doc/tzdata/theory.html", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/html", + "size": 67110 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7e13674e161d07553138c3a4db8c0ce7e2228a71" + }, + { + "algorithm": "sha256", + "value": "6595250beade4e03269711bff79b07f0bbd00ee93c54fb1931b576786d49ab9b" + } + ] + }, + { + "id": "b1d2358a79ff3e1f", + "location": { + "path": "/usr/share/doc/tzdata/tz-art.html", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/html", + "size": 24590 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ceb98b07fd544a34453b9b725c4c4227540f294f" + }, + { + "algorithm": "sha256", + "value": "0665b9189cf5f6fb2e912c01da70a5ce5543d2f439e8d5be8b1185cea7ea0679" + } + ] + }, + { + "id": "d31a81ab8db21c1e", + "location": { + "path": "/usr/share/doc/tzdata/tz-link.html", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/html", + "size": 63411 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "de87135861365dc299b0db394b61aae83f79dc30" + }, + { + "algorithm": "sha256", + "value": "f1f9ab582449226111e7eef271a71f25875383c4c236f4531941c69faaab5db3" + } + ] + }, + { + "id": "0fe68e1bb714f0e3", + "location": { + "path": "/usr/share/gcc-11/python/libstdcxx/__init__.py", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc" + }, + { + "algorithm": "sha256", + "value": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b" + } + ] + }, + { + "id": "6f49fe62ba8d300d", + "location": { + "path": "/usr/share/gcc-11/python/libstdcxx/__pycache__/__init__.cpython-39.opt-1.pyc", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 137 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e8e84aed632789e7fd868906a645cffc41df1ebb" + }, + { + "algorithm": "sha256", + "value": "0b55ea2691d26305fe18eeb3ce8f454b429400c73d236730a3f882448e9b84c0" + } + ] + }, + { + "id": "37aa0a1b0543f751", + "location": { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/__init__.py", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1149 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a62f9ccb97c2ac61c72380221a40d1b3a01d0340" + }, + { + "algorithm": "sha256", + "value": "2cafc1b79bcd4efab8233623bd93c7e1e1a6c29fcf80d5b7787ea9dbfe80dcda" + } + ] + }, + { + "id": "24b3a3f969bb4ffc", + "location": { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/__pycache__/__init__.cpython-39.opt-1.pyc", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 585 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3ae2e88eb4bc53274c9f0c31876f5da19938d979" + }, + { + "algorithm": "sha256", + "value": "84280c44fc615f742d769887602e8fac7ef4214d914fa7de04d333af7dc3a2c9" + } + ] + }, + { + "id": "395fbd00f29f7d3c", + "location": { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/__pycache__/printers.cpython-39.opt-1.pyc", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 89656 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "914ba69bda04369538ae67043b436da396e745dc" + }, + { + "algorithm": "sha256", + "value": "f86431757b85d352cf151ee3561cc0a709041919b5dd59f34f32be4a58632199" + } + ] + }, + { + "id": "f8f393ad0c1f8e18", + "location": { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/__pycache__/xmethods.cpython-39.opt-1.pyc", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 35278 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3218228bf5b5ff3b9c72e8fc211d4e16d4d20793" + }, + { + "algorithm": "sha256", + "value": "fb597ed2c0c3453940eef336e47afbc92e7f13f3287ad1a9bdcc91d090631128" + } + ] + }, + { + "id": "b17c36bfeff5fe18", + "location": { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/printers.py", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 112117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "127bd38eba6a5dcfb7ca5aaaeb9b2f899681a636" + }, + { + "algorithm": "sha256", + "value": "26feccb2e10bea3e4cf01462ce1801eded90e3b0ab478f33aceea55acfe5cda3" + } + ] + }, + { + "id": "9a675f46f0e5bbd6", + "location": { + "path": "/usr/share/gcc-11/python/libstdcxx/v6/xmethods.py", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 28943 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "833b7659fa74e94ecae9b89ab276a9adfd33dfbb" + }, + { + "algorithm": "sha256", + "value": "ac13a5d60975756f3a6827e5c97521079b482114346c34b58ffd2d25e38762eb" + } + ] + }, + { + "id": "7048897fa7034e19", + "location": { + "path": "/usr/share/gdb/auto-load/usr/lib64/__pycache__/libstdc++.so.6.0.29-gdb.cpython-39.opt-1.pyc", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 733 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0060f9b71291b6433fc7d97ff53150aaf988d256" + }, + { + "algorithm": "sha256", + "value": "40044a0eba476cb704f1c8ac09916d222ab5b8b0f3ccf34d0907fc1f912ecfa5" + } + ] + }, + { + "id": "23259e543780ca49", + "location": { + "path": "/usr/share/gdb/auto-load/usr/lib64/libstdc++.so.6.0.29-gdb.py", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2382 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2be19761420d637dd33273c38510c33de17eee09" + }, + { + "algorithm": "sha256", + "value": "930bba9ae3997868e991cab461ce9b9684c137eace1b5f2dbd957e03429105c5" + } + ] + }, + { + "id": "8666c08c86669390", + "location": { + "path": "/usr/share/info/find-maint.info.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 24576 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9817b738dfbec3d596b9983610a14f451a867b23" + }, + { + "algorithm": "sha256", + "value": "8dc95e254c6738d503cf1f0c3fab56487abd49f698a2e5162ed3bba96ae68df7" + } + ] + }, + { + "id": "6bec087ae55f3170", + "location": { + "path": "/usr/share/info/find.info-1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 90410 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bb300f7bd6b8639a267fdf929a756d05573d69e0" + }, + { + "algorithm": "sha256", + "value": "9ae179d3eaef0c964b41e1d3e95e6344ebcab7a4f7b7675dfebd3d4ecca68d74" + } + ] + }, + { + "id": "4268922d65c4bac2", + "location": { + "path": "/usr/share/info/find.info-2.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1904 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "429f52495b0342e778e8b35ccb6370c7b992f6c1" + }, + { + "algorithm": "sha256", + "value": "1b8c04a2ddf3b03109a456ba1dee8f26fb602cd585909c92e2d4eadbc6cda6a3" + } + ] + }, + { + "id": "6643a17eada4fe22", + "location": { + "path": "/usr/share/info/find.info.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2509 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "89deaff5b52a4f5fec879ad68029031a2e927c02" + }, + { + "algorithm": "sha256", + "value": "f26a4f7adfe744f46e95c33091593158566156021dbe08f3c30472de32d3703d" + } + ] + }, + { + "id": "04915934a2e73e28", + "location": { + "path": "/usr/share/info/nettle.info.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 75021 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c7e25c4af62bb0c9cf14ed5acb9232aa446bb618" + }, + { + "algorithm": "sha256", + "value": "fc2a6c6468b27431d68e356f7ed60af36ca75dbf4cbc5cf965e832a927f7ada4" + } + ] + }, + { + "id": "e3582f67f8651df5", + "location": { + "path": "/usr/share/licenses/audit-libs/lgpl-2.1.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "id": "b34e1538c9281ef1", + "location": { + "path": "/usr/share/licenses/crypto-policies/COPYING.LESSER", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26432 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "545f380fb332eb41236596500913ff8d582e3ead" + }, + { + "algorithm": "sha256", + "value": "6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3" + } + ] + }, + { + "id": "23ce7a6f5cc39317", + "location": { + "path": "/usr/share/licenses/findutils/COPYING", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 35149 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "31a3d460bb3c7d98845187c716a30db81c44b615" + }, + { + "algorithm": "sha256", + "value": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986" + } + ] + }, + { + "id": "02b5faaa0d20cf40", + "location": { + "path": "/usr/share/licenses/libtool-ltdl/COPYING.LIB", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 26530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "01a6b4bf79aca9b556822601186afab86e8c4fbf" + }, + { + "algorithm": "sha256", + "value": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551" + } + ] + }, + { + "id": "4ddb6a5846d7bb35", + "location": { + "path": "/usr/share/licenses/libzstd/COPYING", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18091 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1d8c93712cbc9117a9e55a7ff86cebd066c8bfd8" + }, + { + "algorithm": "sha256", + "value": "f9c375a1be4a41f7b70301dd83c91cb89e41567478859b77eef375a52d782505" + } + ] + }, + { + "id": "69c16800ed95c329", + "location": { + "path": "/usr/share/licenses/libzstd/LICENSE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1549 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d5e630eee1d3500039f2e16bed21d0f0cd580994" + }, + { + "algorithm": "sha256", + "value": "7055266497633c9025b777c78eb7235af13922117480ed5c674677adc381c9d8" + } + ] + }, + { + "id": "4614cea04c46ab52", + "location": { + "path": "/usr/share/licenses/nettle/COPYING.LESSERv3", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 7639 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e7d563f52bf5295e6dba1d67ac23e9f6a160fab9" + }, + { + "algorithm": "sha256", + "value": "a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c" + } + ] + }, + { + "id": "72c25efc2e6e63cc", + "location": { + "path": "/usr/share/licenses/nettle/COPYINGv2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18092 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "id": "f31ba919b023de20", + "location": { + "path": "/usr/share/licenses/openldap/COPYRIGHT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2345 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c233045b5d94079ca390f8c0119c09f17953b673" + }, + { + "algorithm": "sha256", + "value": "128ecc86259c874aee293aa67409932d7eeb38f3fad07805c8f275c3a5af5c08" + } + ] + }, + { + "id": "a3d4d44688c63b2c", + "location": { + "path": "/usr/share/licenses/openldap/LICENSE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2214 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bc06cbdf781c87d2df2fe385214f936d010dd2a2" + }, + { + "algorithm": "sha256", + "value": "310fe25c858a9515fc8c8d7d1f24a67c9496f84a91e0a0e41ea9975b1371e569" + } + ] + }, + { + "id": "8e5de5fe02f24a18", + "location": { + "path": "/usr/share/licenses/openssl-libs/LICENSE.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 10175 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c5c8a68f4b80929b3e66f054f37bb9e16078847f" + }, + { + "algorithm": "sha256", + "value": "7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a" + } + ] + }, + { + "id": "799e684ab92fe053", + "location": { + "path": "/usr/share/licenses/openssl/LICENSE.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 10175 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c5c8a68f4b80929b3e66f054f37bb9e16078847f" + }, + { + "algorithm": "sha256", + "value": "7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a" + } + ] + }, + { + "id": "8dd999a0604f6b53", + "location": { + "path": "/usr/share/licenses/shadow-utils/gpl-2.0.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18092 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4cc77b90af91e615a64ae04893fdffa7939db84c" + }, + { + "algorithm": "sha256", + "value": "8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643" + } + ] + }, + { + "id": "99084efb9a55b6ee", + "location": { + "path": "/usr/share/licenses/shadow-utils/shadow-bsd.txt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 1724 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fdca9412e2b33de67f5052f0a9bb184813495222" + }, + { + "algorithm": "sha256", + "value": "f062266d929e3157924e7a48dd77d8852b246d911ae382b1c06a0b35a724ac3b" + } + ] + }, + { + "id": "4000effc7cb0f74d", + "location": { + "path": "/usr/share/licenses/tzdata/LICENSE", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 252 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7067a61d3f4dae438636a8b29e41948fccb16a26" + }, + { + "algorithm": "sha256", + "value": "0613408568889f5739e5ae252b722a2659c02002839ad970a63dc5e9174b27cf" + } + ] + }, + { + "id": "0162f52421956672", + "location": { + "path": "/usr/share/locale/locale.alias", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2998 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c2d67b029449db667d732e86d319d4c4f3c9965c" + }, + { + "algorithm": "sha256", + "value": "68020a80eea5366fbe60c2e812ebdebf4875a1b85a3f2f9dd4413306e41c796f" + } + ] + }, + { + "id": "55feb480571762d8", + "location": { + "path": "/usr/share/man/man1/capsh.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3055 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "be4654878c111e82681300b57130b73eab70078e" + }, + { + "algorithm": "sha256", + "value": "3e489de2e396b085e2ee341e1f1ba702fab493e6c5706520c6629fcd2fd7beff" + } + ] + }, + { + "id": "de4502809ef1a91e", + "location": { + "path": "/usr/share/man/man1/chage.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2241 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c7ca80a98b3554c7095e1e6554a1773d51cadda8" + }, + { + "algorithm": "sha256", + "value": "4779a5bd67b642e9820fef0afdb9d68a0215b5c1c124238a1676d28b5ad7b0f4" + } + ] + }, + { + "id": "3c8b941fb8090d67", + "location": { + "path": "/usr/share/man/man1/curl.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 47985 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "71eefda37d1f578599d7bd4d152e56d37945812c" + }, + { + "algorithm": "sha256", + "value": "971a5b31c031a179ab49867163ff11628f08ba8c6f6d3c412029d6c36e9a22a8" + } + ] + }, + { + "id": "edd5a8e8d4e5104f", + "location": { + "path": "/usr/share/man/man1/find.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 23131 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "193068ccb7833985b5d2088bb0bf4727561e83a2" + }, + { + "algorithm": "sha256", + "value": "88483971a99b29e2bce2d0ea0ffa4d479faed6300f346e6f464c792fe7b7fe91" + } + ] + }, + { + "id": "9177b59dbe124c50", + "location": { + "path": "/usr/share/man/man1/gapplication.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2417 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "86a8d7d1da683711a57a2aef892dd5ba5e79b1b2" + }, + { + "algorithm": "sha256", + "value": "0441a51f97dfcc2b7c116496c773440cddc47313c8f74f58b14519dbb3746321" + } + ] + }, + { + "id": "77cbc96976386886", + "location": { + "path": "/usr/share/man/man1/gdbus.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3233 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "99eed25719c0a5fcf89868c745cc86df28a14a68" + }, + { + "algorithm": "sha256", + "value": "d68dfa1b41025de6dba8c6487bffefc75c8db056f0a2985ca8d4dc66559e374c" + } + ] + }, + { + "id": "552d2c53a768d981", + "location": { + "path": "/usr/share/man/man1/gio-querymodules.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 727 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4632fa55571e87179e30ecc242951f1d48aa2d7c" + }, + { + "algorithm": "sha256", + "value": "fdf8e8e6db4513926f93afe56d6b840f9d44fa61b7013d31fb4fee8601ed33f9" + } + ] + }, + { + "id": "47c400f5c24f856f", + "location": { + "path": "/usr/share/man/man1/gio.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4657 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bf5d168b07c5a0ea2f68408502aaa871e50c9128" + }, + { + "algorithm": "sha256", + "value": "64f71d89f071221fdee2d4da39cb1a25a2d71289b3329bb11be00f01735897ab" + } + ] + }, + { + "id": "887e3b3e646d1504", + "location": { + "path": "/usr/share/man/man1/glib-compile-schemas.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1399 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9d6c74c94217a0513d268377e7830820068b906d" + }, + { + "algorithm": "sha256", + "value": "7679553a5f28ac225617a53d42299a1857f0c44b065058f8cad05c668f333aa5" + } + ] + }, + { + "id": "c71bfad7a3472fb5", + "location": { + "path": "/usr/share/man/man1/gpasswd.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2552 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d3413f8edca34927b6c1e2f635d33c163cb43287" + }, + { + "algorithm": "sha256", + "value": "c6cf714bd64d1569f6bc56b5eada580a84197e91b326bf6f8369c07a27ec0fba" + } + ] + }, + { + "id": "d74bc027ece3129e", + "location": { + "path": "/usr/share/man/man1/gsettings.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1506 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fe36c7cceece19be55c3f81c3d9446e69dac34d8" + }, + { + "algorithm": "sha256", + "value": "884e964ba1b1e5b415339a7b9cea0557191cb78cdb5a0f1e443f40ddf2785db7" + } + ] + }, + { + "id": "593678eff8e8e760", + "location": { + "path": "/usr/share/man/man1/newgidmap.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1157 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "67ae7a562d9d0c6d531efab47d6a26153d10ea2c" + }, + { + "algorithm": "sha256", + "value": "8c80ee485dab2f8052b2749cf94bfc32231b66adbb8ead5c44384227533cdfd3" + } + ] + }, + { + "id": "ce4cf1b303e1f5e7", + "location": { + "path": "/usr/share/man/man1/newgrp.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1223 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8e2e3d47af9c42fef42403df3e3534abce3c04c6" + }, + { + "algorithm": "sha256", + "value": "500956b7fd739d4fcea7ba1c53ccf0a9e8f4cdf6d1828dec923690aaaaf3ec7c" + } + ] + }, + { + "id": "eaaa7709f2e3bb87", + "location": { + "path": "/usr/share/man/man1/newuidmap.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1156 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0c6beef93283d92c42db50e7dec3df853675237e" + }, + { + "algorithm": "sha256", + "value": "ed8f0354f4a5b18a8a604877b87ce79eb006eb699a337ca64dcb7ab62593d91a" + } + ] + }, + { + "id": "e35276299485df38", + "location": { + "path": "/usr/share/man/man1/openssl-asn1parse.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4679 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c88fc35c94a015ae2b9d7a1155c06d241f44cd5f" + }, + { + "algorithm": "sha256", + "value": "a0ce52a56454788bb16f91438d1da5930a12cfb05f0d98ec8a478b1fd46f97f1" + } + ] + }, + { + "id": "17109a9d9fd0da32", + "location": { + "path": "/usr/share/man/man1/openssl-ca.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 12533 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "67671f00e140aa5185abb041bb363a6365ad5d55" + }, + { + "algorithm": "sha256", + "value": "ba2ec3503896097f38b550a5ba98d2f24de17c37ac37f07530f0c735892867fc" + } + ] + }, + { + "id": "9fa5deb8729f3821", + "location": { + "path": "/usr/share/man/man1/openssl-ciphers.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 10223 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e2a3c64789ea92faf3cf6f9a5655b02de1045a51" + }, + { + "algorithm": "sha256", + "value": "decbce1c3f5f5c92b1bb549e0b98d55becc3045e6feef229de85d06e670a6745" + } + ] + }, + { + "id": "0908fd4fd5f4a818", + "location": { + "path": "/usr/share/man/man1/openssl-cmds.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2913 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "58ddcab222d812e22b2a49a639933e8e61a1e91a" + }, + { + "algorithm": "sha256", + "value": "13f16cfcc1bfaa56786364f493f0714698268d989c8fdf7fd95f29ad184b495b" + } + ] + }, + { + "id": "db2112de23468a3d", + "location": { + "path": "/usr/share/man/man1/openssl-cmp.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 18704 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d482c8bd6c7f483d2771340b5fea548767e680d5" + }, + { + "algorithm": "sha256", + "value": "2f8ca4481eb39bc817ad6b4bf36bf24363cffaee2c1c8321d4d57ba9c6e7458f" + } + ] + }, + { + "id": "de726e601e08077c", + "location": { + "path": "/usr/share/man/man1/openssl-cms.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 11921 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f263df19782bc6dbf574d8dd1543117e5f10226c" + }, + { + "algorithm": "sha256", + "value": "4194e79cbeb99d9fceb15e3de46cef1528ccae1df8f7862b55d6f089246f6c9c" + } + ] + }, + { + "id": "32b179d3dd5804a6", + "location": { + "path": "/usr/share/man/man1/openssl-crl.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3537 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5b7cc1ceeac5b12f8830d9d267673b9dd89df0bc" + }, + { + "algorithm": "sha256", + "value": "fdd71e29cf0152ac836b6756758431043734ada293fdfdc804fa52cc0fa8e3aa" + } + ] + }, + { + "id": "b0c8815f33b14bc9", + "location": { + "path": "/usr/share/man/man1/openssl-crl2pkcs7.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3076 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3821060aa4fb1516e3a0c113a1c3acae94a08cf7" + }, + { + "algorithm": "sha256", + "value": "a4dbb658690bb84737bc4a92fb21509b4c57430b41edc8eed8d92e6c1fcf97c5" + } + ] + }, + { + "id": "67c6af8d96a64031", + "location": { + "path": "/usr/share/man/man1/openssl-dgst.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5278 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bbb5b6cdc32ed4eb3a775af01a2f3e1d4f450ae5" + }, + { + "algorithm": "sha256", + "value": "8dd74cd63a0c5884fc0ec7736640833ec9d5db7a02f563ba3bf581647c93fe3d" + } + ] + }, + { + "id": "0e7e8dc5e9378ef8", + "location": { + "path": "/usr/share/man/man1/openssl-dhparam.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3635 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8d109cec2d9b5d2e8bb0f6a25466e2cd3c7cb918" + }, + { + "algorithm": "sha256", + "value": "81e04af17f3ae310ca7af40e0ffe07d6d7eb89c7314242048a3c835adfff8970" + } + ] + }, + { + "id": "ce4f9f095c302b35", + "location": { + "path": "/usr/share/man/man1/openssl-dsa.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3918 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0853efffb03801ee93ace200b95cf3a4823aaa40" + }, + { + "algorithm": "sha256", + "value": "7bb37e19c8a14f910e178e995d649ca298b34ae7b4fbcf60be5c0d9f68dbc75f" + } + ] + }, + { + "id": "9317b3bdb7a401ee", + "location": { + "path": "/usr/share/man/man1/openssl-dsaparam.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3274 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f75dbfb51ba69ce0efca7b1c5a2a6c074447b97f" + }, + { + "algorithm": "sha256", + "value": "06ddd4843711d7017c3f0ed234fc746f187c68546b03d1c056806512e2865046" + } + ] + }, + { + "id": "530981cb7fd39695", + "location": { + "path": "/usr/share/man/man1/openssl-ec.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4242 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "75a87f58b6d78a33a5a916239be9b2dfa3eb688e" + }, + { + "algorithm": "sha256", + "value": "f0af081ed85d16c96bda05cad016339c55e3493fc23bb2b913070e9a7cf29f57" + } + ] + }, + { + "id": "862b82be72f04846", + "location": { + "path": "/usr/share/man/man1/openssl-ecparam.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3882 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "26513f87858f4e0d4993a4f8f6474619cbfe7ce8" + }, + { + "algorithm": "sha256", + "value": "5d365cdcb2c292a88817920f5d74ef84952a431916b4fa1c21f9144971996d50" + } + ] + }, + { + "id": "7dc068014a9b892c", + "location": { + "path": "/usr/share/man/man1/openssl-enc.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 7957 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3cbe42cee5d6b4f0a2b7a90939de19a8eed8eb08" + }, + { + "algorithm": "sha256", + "value": "b28610d86402ade133bb158254e18ef53a2fc16fb91fb88af3f811d8f48c5965" + } + ] + }, + { + "id": "d0e810fad76c8bcc", + "location": { + "path": "/usr/share/man/man1/openssl-engine.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3179 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "219c0c6ee382583ffafab259704cddff315e7710" + }, + { + "algorithm": "sha256", + "value": "28d2b002772754cafc485a4abd007b026237ed83943eabaa7214204ba635511a" + } + ] + }, + { + "id": "4d3db18e5ba09e94", + "location": { + "path": "/usr/share/man/man1/openssl-errstr.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2325 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2554b45b877bc713ab6b645df75472b3e67666e7" + }, + { + "algorithm": "sha256", + "value": "fd5de1e719e6a5c1f0a842fb9e2b54da97052ac5a7a4ae04cb1cdea8dc26ed63" + } + ] + }, + { + "id": "fcbe3b9c6ec15ddf", + "location": { + "path": "/usr/share/man/man1/openssl-fipsinstall.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2119 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "168d9ac18e0defaf7298e031a752072b6e744ab5" + }, + { + "algorithm": "sha256", + "value": "b0b014056355dc74fbc32293e78117e9dda84fdd2cdbedeb0cb0b852954791c1" + } + ] + }, + { + "id": "dbad20590b337b0b", + "location": { + "path": "/usr/share/man/man1/openssl-format-options.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3745 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "88c4f2438f0ad077ad2ff0dfc6590851ed4b03d7" + }, + { + "algorithm": "sha256", + "value": "0e7a10d5666f6f422a880740aae6ead06949daa307f09f69ef45914240c29e5f" + } + ] + }, + { + "id": "f4ae5a8c6162ab46", + "location": { + "path": "/usr/share/man/man1/openssl-gendsa.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3090 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5beab3ec0c2de69cd7e0bd86ae26d20c361b587b" + }, + { + "algorithm": "sha256", + "value": "7dde50ca4c466ed84c8c49bfdeed956a1cca12a5b4b43febfff6d183abd7e902" + } + ] + }, + { + "id": "575440ca93aa9cf3", + "location": { + "path": "/usr/share/man/man1/openssl-genpkey.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 7094 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9c030ddc0d0d3c285eac6cb9a44aacfbda1a7efb" + }, + { + "algorithm": "sha256", + "value": "07647ebe6696c6683eac90b54f7594b9867ba1e2051387ef0f9a7d9dc3413c84" + } + ] + }, + { + "id": "0f3d7c8384d26afc", + "location": { + "path": "/usr/share/man/man1/openssl-genrsa.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3562 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "22dcca9afce1ab1c0bfe6fb4cbca094fb0172a9b" + }, + { + "algorithm": "sha256", + "value": "c5307f47abdfae08b700c74c51fa2fc019e26525ec51fd272f4692fe25e636db" + } + ] + }, + { + "id": "a5e8bff5370b1e19", + "location": { + "path": "/usr/share/man/man1/openssl-info.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2663 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0a66c69eeeda660c008c7fa3610eb6cc120a75d4" + }, + { + "algorithm": "sha256", + "value": "5e6fabb6c0b47b22c56df6561b6630d9f8d2b5c25ad3c8258a91166869cedbc2" + } + ] + }, + { + "id": "238f5a7f2c70ae74", + "location": { + "path": "/usr/share/man/man1/openssl-kdf.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4035 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "be1b7bc8795ce331762c2b42c10126d23ad580a8" + }, + { + "algorithm": "sha256", + "value": "86a04ed1bea44a9bd91fe29fe9d8bbf95562d1ad77ed7d1477d4e4cfa9bd4338" + } + ] + }, + { + "id": "d40c4d74d5d2e19e", + "location": { + "path": "/usr/share/man/man1/openssl-list.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4576 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "32464787a84a286c6b0f7972c670122e3d6504e8" + }, + { + "algorithm": "sha256", + "value": "1a8253f01fec01da21ef4b6cb8b5883b9813d460f4d3e116f71af4c67a804c7f" + } + ] + }, + { + "id": "aa1ee177b72ce245", + "location": { + "path": "/usr/share/man/man1/openssl-mac.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3699 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f054e07a540e842d759f9fd7d56eda1a546f37f0" + }, + { + "algorithm": "sha256", + "value": "fd4a4af26c70e9bc7fc0adc2f6deb8b7e6a125dad0707161b3fad2fa7988061f" + } + ] + }, + { + "id": "4d84e8f5b61a4032", + "location": { + "path": "/usr/share/man/man1/openssl-namedisplay-options.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4294 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9301e165587f72a2ec2307caf320a02e4bacdff9" + }, + { + "algorithm": "sha256", + "value": "85daeaf62c824aeffa192e7692c2da898f7aaab20a2be1cc2ddf405b016df1a5" + } + ] + }, + { + "id": "840907f3de9baefd", + "location": { + "path": "/usr/share/man/man1/openssl-nseq.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2699 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a026ea19b0ad70edc825292707c17a4f38d55dd8" + }, + { + "algorithm": "sha256", + "value": "36ea2ef3b47fe1ce058c5a7a5614ef38f14916be27ce1e34d994da0c0d0e8b25" + } + ] + }, + { + "id": "a261c7dda099b902", + "location": { + "path": "/usr/share/man/man1/openssl-ocsp.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 9006 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cce2418d506ada9187c3df95c034862a1f39739c" + }, + { + "algorithm": "sha256", + "value": "1fefc553c8bee4da5510e37d74bbd5443574c86f1adfe26521c0d27c91411501" + } + ] + }, + { + "id": "2e29e91c30514a79", + "location": { + "path": "/usr/share/man/man1/openssl-passphrase-options.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2910 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1e4a399f0c9d2e2de4963ab19e6f9441757aec0d" + }, + { + "algorithm": "sha256", + "value": "1215642ca56ea98fb3554110717940611d283a35330c8e49ff62be79c2985817" + } + ] + }, + { + "id": "345b04093df8b158", + "location": { + "path": "/usr/share/man/man1/openssl-passwd.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3067 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7536520404317d122eba91e2eef6c8b437a596a3" + }, + { + "algorithm": "sha256", + "value": "61d6c8029652cf292f9accc9ac5d7e4f9cce3837a9511bdbeae34f51fa546b1c" + } + ] + }, + { + "id": "d3c869f45dc75e7e", + "location": { + "path": "/usr/share/man/man1/openssl-pkcs12.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 7809 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f3f9b1ddff115fc3527474e4ceca8a55e6cba07f" + }, + { + "algorithm": "sha256", + "value": "49c779c26e8d7517dfa1b81fc1b10fd3fbbe4ae27aa59d9bdd1c3e0440e405d3" + } + ] + }, + { + "id": "1df1410d70a4f922", + "location": { + "path": "/usr/share/man/man1/openssl-pkcs7.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3010 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "779dc185dad1c7bdb4e48da67f8ce308d3da9945" + }, + { + "algorithm": "sha256", + "value": "50d47c97bc0bf527c3ddec527652f2eb5bf8349290d405a9986e095726c97eb8" + } + ] + }, + { + "id": "cb358798958b3813", + "location": { + "path": "/usr/share/man/man1/openssl-pkcs8.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5526 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2a5104e7295e91289063215b2e2fd6d6ddbb81c6" + }, + { + "algorithm": "sha256", + "value": "2a52af3f158efa66f17fd476964df90b15d54e629e9653c5a6bc5b16b216803a" + } + ] + }, + { + "id": "098a7230ad91992c", + "location": { + "path": "/usr/share/man/man1/openssl-pkey.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4292 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f4de95666cefd9d3683241f98cce456948c06615" + }, + { + "algorithm": "sha256", + "value": "347c59ed82070116d3b03ba3046652e1a3c2b50e2ff7d49f84d750f77071f220" + } + ] + }, + { + "id": "ec9aa26d671d3eac", + "location": { + "path": "/usr/share/man/man1/openssl-pkeyparam.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2854 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c503231a2808ed2e11be48249201d65e53f02cc5" + }, + { + "algorithm": "sha256", + "value": "6d7165ea0da2945dd3f41666a8e10c61ba702d7f327aa505c6a66ee71b402741" + } + ] + }, + { + "id": "fba93cbf0804cffd", + "location": { + "path": "/usr/share/man/man1/openssl-pkeyutl.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 10192 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "df249e3564dd66b76c09772514f5539aa6c6acb7" + }, + { + "algorithm": "sha256", + "value": "8f2b44c96ccbb55fcaa2cf701583c2597e6985ca6c87f8a1d2bbec28761b2dac" + } + ] + }, + { + "id": "ac719cc39b9f9075", + "location": { + "path": "/usr/share/man/man1/openssl-prime.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2539 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "104cf97f9284065cb8a06f5d10c14219a8f11e7f" + }, + { + "algorithm": "sha256", + "value": "0e88b29c9fa4fb46f94d9785eb7d70dd6bff2454f731507ce5cce1add8aabe31" + } + ] + }, + { + "id": "8fecaeade48e90c2", + "location": { + "path": "/usr/share/man/man1/openssl-rand.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3013 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dd3fb909fe1504de0dd5298ef729b9b6bb149402" + }, + { + "algorithm": "sha256", + "value": "144b244ca66e06d4289caa9a303a3e2c1416170752cb86b26fd62aa0918687ac" + } + ] + }, + { + "id": "22ee4bba12ea0d5a", + "location": { + "path": "/usr/share/man/man1/openssl-rehash.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3896 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8b1c328e0112ddfbf823359002f7ff595aa355b5" + }, + { + "algorithm": "sha256", + "value": "79ee52d8d208a25b2e6dfe0ed187a9f0426a3b30eb889db486f946583a43307b" + } + ] + }, + { + "id": "1d83425a6d3a43ed", + "location": { + "path": "/usr/share/man/man1/openssl-req.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 11887 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f9462a3eddb4d1de57aad3fff524b842568cde80" + }, + { + "algorithm": "sha256", + "value": "fd9dce94f8ce2ba477b45017159c9a011451f6f6a2b7d3df91b7baf126f5b12d" + } + ] + }, + { + "id": "93532361ae12ed8f", + "location": { + "path": "/usr/share/man/man1/openssl-rsa.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3988 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6c70d16149accfe1976dc178245784d5d388c24b" + }, + { + "algorithm": "sha256", + "value": "73a6f08cf45c8d6774dcc875a93ba1f080787ef38f8069453722b6375fc3a588" + } + ] + }, + { + "id": "614a1b6a37fae2ab", + "location": { + "path": "/usr/share/man/man1/openssl-rsautl.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4569 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1e24f59fa06c0e0ae3feab64d0da9581975ae866" + }, + { + "algorithm": "sha256", + "value": "94c3519d73257b23bb2ceb5f9db07a7dd1116607c3fd2e9c29239ea3c3c100b8" + } + ] + }, + { + "id": "2302c94d9b695ace", + "location": { + "path": "/usr/share/man/man1/openssl-s_client.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 15303 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "576367ee00cce206c1be3b97fb236dc191779fe9" + }, + { + "algorithm": "sha256", + "value": "4cc184b090c5e3af8ca56a7e07bc6ab4cf3c9cabf41e2dafa39c1decc73518cf" + } + ] + }, + { + "id": "273a9dd2b508fd4e", + "location": { + "path": "/usr/share/man/man1/openssl-s_server.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 12910 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bd7808a078c42694962c6f9860526139b4d8a67a" + }, + { + "algorithm": "sha256", + "value": "b1ca021f127e7a0524de68efea2eb44d812eda8b0409ec626c15d65a600462ed" + } + ] + }, + { + "id": "aa543e4068d97fd5", + "location": { + "path": "/usr/share/man/man1/openssl-s_time.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4702 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6bfbd2403324aa1b5a924e7bf2c4ec19d76095f1" + }, + { + "algorithm": "sha256", + "value": "41f43614f21ef62aded42c8d9770bcb165b18f476a165517ebc2c109c9f2a72e" + } + ] + }, + { + "id": "27d2730b405f40c1", + "location": { + "path": "/usr/share/man/man1/openssl-sess_id.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3633 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5199987422c5d63075a40227ac96e3153df535c3" + }, + { + "algorithm": "sha256", + "value": "7df302ef19413c9ff1c598ae1fb5257f4a1a1325ca77237f2d2ad54ad7add7ea" + } + ] + }, + { + "id": "868a400a31e858b9", + "location": { + "path": "/usr/share/man/man1/openssl-skeyutl.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2773 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "664d087339c39729e41447b85a0b65d31219e581" + }, + { + "algorithm": "sha256", + "value": "365383a274ab6e42dbb3231ee21037e61899411df15839210f276741300a2444" + } + ] + }, + { + "id": "ae24ee67d5c58772", + "location": { + "path": "/usr/share/man/man1/openssl-smime.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 8060 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9c3543c1dc9aced9797c6850d3d49705f2a69d5d" + }, + { + "algorithm": "sha256", + "value": "5155022d88a491a02922a8d482dc86663be3a1d33a25566609c11ead5edc6f67" + } + ] + }, + { + "id": "26de3af2b0c9031f", + "location": { + "path": "/usr/share/man/man1/openssl-speed.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3919 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a4bada45063b857f1debeb27fbfc4193dc10de31" + }, + { + "algorithm": "sha256", + "value": "6366b32f05ec4bb47f148dbf727aa350bf65a935fe88d6a02eb21ecbfce412e5" + } + ] + }, + { + "id": "01930f5f73b7f35d", + "location": { + "path": "/usr/share/man/man1/openssl-spkac.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3848 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4fd0793a7f076b552767d97a825926903216cb62" + }, + { + "algorithm": "sha256", + "value": "d7b36531335a31df1bc55ad230536ac6e725f883a9e5f0d251a78098dc326e8b" + } + ] + }, + { + "id": "90a4241bf68fbfff", + "location": { + "path": "/usr/share/man/man1/openssl-srp.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3087 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9124282c89a1ff08d9a0fc9a9d0d9741029f789b" + }, + { + "algorithm": "sha256", + "value": "2876181cac05b7dd7f1e87ecbc0fb6a1eba864302f71358921931d50687f77c0" + } + ] + }, + { + "id": "13b677168cd419ca", + "location": { + "path": "/usr/share/man/man1/openssl-storeutl.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3567 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "13779c1e47434affcaf712eb3d73f817d8bdf53d" + }, + { + "algorithm": "sha256", + "value": "cc06c20175fbe82118bce61d10b8cfe3bd50b227f8f63343bd9c0bbf1a162fc3" + } + ] + }, + { + "id": "d07aedc7eebcf38f", + "location": { + "path": "/usr/share/man/man1/openssl-ts.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 9224 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "37e32fa0604b36f450019486ec868213ce60f5c0" + }, + { + "algorithm": "sha256", + "value": "b6adb937bdb7edac7bc24fc250f4ad1530b4e42f86d27715e0f8c5687de9a3d3" + } + ] + }, + { + "id": "f0d5b9184199c52b", + "location": { + "path": "/usr/share/man/man1/openssl-verification-options.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 11303 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "76b93dfe74688a0d2f9a8958c0c1e860ca941312" + }, + { + "algorithm": "sha256", + "value": "b649be7a88f76256a0c77f7cec4547fb3fdaeab205232e89ab379c39ddc7fc59" + } + ] + }, + { + "id": "6003ee08f870b8e0", + "location": { + "path": "/usr/share/man/man1/openssl-verify.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4317 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e0aec26ce1f0d1736554857736883d93ed202bb5" + }, + { + "algorithm": "sha256", + "value": "65c5178be1d6a4b480d07f1685eb89bf86210de69466e47718bf9f394ada57c9" + } + ] + }, + { + "id": "b3711aa9269af576", + "location": { + "path": "/usr/share/man/man1/openssl-version.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2946 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "284b9eddd20e5b356eee6834744a873f92ff8053" + }, + { + "algorithm": "sha256", + "value": "802b7ad6000cdc7aa8d023b2787bb9ab589a1e9fad7d306d45041d4983e1265e" + } + ] + }, + { + "id": "6708b04c922a30f8", + "location": { + "path": "/usr/share/man/man1/openssl-x509.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 10222 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "87a7d509b68607d09cc6968ca8f866dacbe2218d" + }, + { + "algorithm": "sha256", + "value": "6c5646bc4c3ac256d99e8bf91f45691c175c8cd073d802aa2d4d18fc49209f4a" + } + ] + }, + { + "id": "32e3efd142dc1df3", + "location": { + "path": "/usr/share/man/man1/openssl.1ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 9598 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f6ddafce6759aec22a8534db17ebde52a750e854" + }, + { + "algorithm": "sha256", + "value": "a6c0a4615b2e1095feae2e550939d82c5dcb3ba9f06238861b9937c457649e9c" + } + ] + }, + { + "id": "f7f5f5ee42ed5718", + "location": { + "path": "/usr/share/man/man1/sg.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1056 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5835a5762c8641941b1c406b1a8d9ae1d5ab47ca" + }, + { + "algorithm": "sha256", + "value": "10d68d5a468d038ef51a2adc17dde913d9c8cf2d0aecbc4d400ce0e8266bc31f" + } + ] + }, + { + "id": "de5571141680d5bc", + "location": { + "path": "/usr/share/man/man1/xargs.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5657 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e9515a84d2597b37e2c8d71284f7d18d938f52bb" + }, + { + "algorithm": "sha256", + "value": "ac4fe03dc5178928008219ed89abde58da1f6fdeb5c458b8fc32eaff969b5077" + } + ] + }, + { + "id": "e57ad82a664df51c", + "location": { + "path": "/usr/share/man/man1/xmlcatalog.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2762 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8c01dfa8b1134587e2271aa566ff0335f666d571" + }, + { + "algorithm": "sha256", + "value": "f37b82271f7f80e11f65c99ed88e5ff50297567dfcf5ddb65ddcaadcb53cca1a" + } + ] + }, + { + "id": "d63ae4c3c914d90e", + "location": { + "path": "/usr/share/man/man1/xmllint.1.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4431 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e6464c6c3043dca2c03c756e6d279f3cdb4dfc5d" + }, + { + "algorithm": "sha256", + "value": "f5ac9d9ca2c53d99fe5e9f42c9958fd50857464c030f886ba0355685f37a1b95" + } + ] + }, + { + "id": "f3ff4aa1233cced7", + "location": { + "path": "/usr/share/man/man3/libxml.3.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 849 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6db919c78636c43c6b1c1e471cd1522a2e5d5299" + }, + { + "algorithm": "sha256", + "value": "05fb55e53f1c4006b2c7819b4aa82a72366e8721066e26db7f172834e370633d" + } + ] + }, + { + "id": "627e139f8f6ad642", + "location": { + "path": "/usr/share/man/man3/shadow.3.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1793 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "343c34ef915d1c4376b45298bfbb28ee173cbabf" + }, + { + "algorithm": "sha256", + "value": "30c26db9f71ce1252c3e63e6d67edd054fb1412c9576e7547cc064f9d5d118ec" + } + ] + }, + { + "id": "55ae2bfbc993fb90", + "location": { + "path": "/usr/share/man/man5/.k5identity.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 42 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "af8e3d2df83360abb0f0dcbf6202c04fbd11ac85" + }, + { + "algorithm": "sha256", + "value": "38df17b9e89d0628fcb53e9f1685ebfee9696029f48d16af80f712d9769c55d9" + } + ] + }, + { + "id": "6ee3a0391f2a137d", + "location": { + "path": "/usr/share/man/man5/.k5login.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 39 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "17019305776f366c5c4ee613161406bf226d7937" + }, + { + "algorithm": "sha256", + "value": "0a3338871b1c4f66d601587582d58e46eb5ce5d00fa47496547744e687f35584" + } + ] + }, + { + "id": "93c93a8b98729a8e", + "location": { + "path": "/usr/share/man/man5/cpio.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5158 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "af04a986cf7f8af76d8e1260553c81cf4398657c" + }, + { + "algorithm": "sha256", + "value": "f177a7abcd66002543952ebb68b4140ba7663a45e5fd293f3961a5a65d74153a" + } + ] + }, + { + "id": "0df328b7f8c16083", + "location": { + "path": "/usr/share/man/man5/dnf.conf.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 12272 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c9494c055236656a73f895bcec48c98233bb115d" + }, + { + "algorithm": "sha256", + "value": "4b518d1ac8609edf2ffbb30155d1c453179e276698749e50f662c233ca7dd883" + } + ] + }, + { + "id": "87fed008d823de82", + "location": { + "path": "/usr/share/man/man5/fips_config.5ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2375 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5c74d16556ceac8a49a076042e7f93bc62eed9c2" + }, + { + "algorithm": "sha256", + "value": "15a810d87d38173692c0e9878afed1ff4e4eb6e2ac8b3d12409560a4ae0f3f1a" + } + ] + }, + { + "id": "7780f82722a193f9", + "location": { + "path": "/usr/share/man/man5/gshadow.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1262 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3c13cabce6bb6e85c566ff91c6aa5e77532b9378" + }, + { + "algorithm": "sha256", + "value": "4ecc289c15bc66b7b2e940c378ea42888296906e134bbb30e489db606f569f81" + } + ] + }, + { + "id": "396f3170300f5eac", + "location": { + "path": "/usr/share/man/man5/k5identity.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1206 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0248168eb0588c1754f712bd1dbb64ab9e5673f1" + }, + { + "algorithm": "sha256", + "value": "a11b4eefceb2e5ebb980ab9bf27003a4a14a3198d3886b2f733ba26e581948a0" + } + ] + }, + { + "id": "7dc959edf743cd9a", + "location": { + "path": "/usr/share/man/man5/k5login.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1176 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9de6cad471d2dc213d4d0cab9800bac8f3959d89" + }, + { + "algorithm": "sha256", + "value": "10837088cbd4c58ce91dcbef16ba755e71bfc6df7f2d97323f0b93e9afe048b1" + } + ] + }, + { + "id": "0c15dc319b7ac053", + "location": { + "path": "/usr/share/man/man5/krb5.conf.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 14934 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "39300ac31a966bcbe57d9645fd10c2fd390fb92f" + }, + { + "algorithm": "sha256", + "value": "1321aa05e7688ea76ce979cdead0f02a6a1d332f24c9a7df0f53bee30c675aa2" + } + ] + }, + { + "id": "c9e25f63de34d365", + "location": { + "path": "/usr/share/man/man5/ldap.conf.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 6221 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "da9eb0cfc63959cca3c30f49e918f7df2d265356" + }, + { + "algorithm": "sha256", + "value": "6a4798b91dac99b776f00a21cf1c88ca5c81b30944a4978505824770c927c50f" + } + ] + }, + { + "id": "331465f839b11ac2", + "location": { + "path": "/usr/share/man/man5/ldif.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2545 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0ec348b6b97c4f354fc8ef8cb6a6c1fe3b0ce914" + }, + { + "algorithm": "sha256", + "value": "19d7126dab4ec06a2fe5d8a8e40f9a50fbf07d5aafe716b99f099901b82fe04c" + } + ] + }, + { + "id": "7b984e33ee9bdc53", + "location": { + "path": "/usr/share/man/man5/libaudit.conf.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 553 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "790e37e89749e20bfc337b02b7f036c914fd9f6a" + }, + { + "algorithm": "sha256", + "value": "b45065b6598339d91e74ded8b66e39b0452d379b26935948b3c8faa085817b23" + } + ] + }, + { + "id": "24816b3267972eed", + "location": { + "path": "/usr/share/man/man5/login.defs.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 7362 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5f3f541e0b136533807731e3feb6e67636a752fc" + }, + { + "algorithm": "sha256", + "value": "7097c6bf418935b73098fe95e4887d3300029e71d63850b81055be5eedb167a2" + } + ] + }, + { + "id": "31b68411d055e59a", + "location": { + "path": "/usr/share/man/man5/mtree.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3269 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2b9d61d8f4fd927e9d31b1ec1c7b2be7495b9b39" + }, + { + "algorithm": "sha256", + "value": "c05389faebf77678f2127fdab130a7f6770038a1fe412e4a4bdee4694a7a9320" + } + ] + }, + { + "id": "7682f6723e342eb9", + "location": { + "path": "/usr/share/man/man5/openssl.cnf.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 9681 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "614b0fbdfe2eeaa44c539aae86bd1514666f6469" + }, + { + "algorithm": "sha256", + "value": "d80417a1e70f6dd7f75bb236c2791b8d51689af0579c96374c659edd31e33ccf" + } + ] + }, + { + "id": "cc59bee454cfe52c", + "location": { + "path": "/usr/share/man/man5/semanage.conf.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2100 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bc7bf48d2eabe81f79f0c22dd9003c0dc7addd8a" + }, + { + "algorithm": "sha256", + "value": "4dc05ad657fe57eccd803bbb48cfb8f8709c580b7516b335765eae58f2b46c36" + } + ] + }, + { + "id": "4ca44dad5b6c5e5e", + "location": { + "path": "/usr/share/man/man5/shadow.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1891 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "385b0f62a09dff9e41b56047b847a918194ed99e" + }, + { + "algorithm": "sha256", + "value": "17ff57d3aa76ee64c3fbbb7b02ad93b86bf385662f5a73feddb48f4377af2a31" + } + ] + }, + { + "id": "5b7163d7c563855f", + "location": { + "path": "/usr/share/man/man5/subgid.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1372 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "521ec36e85817a50f0e0ba706842d064337ae288" + }, + { + "algorithm": "sha256", + "value": "48f8de23a71fefc8105be9a088f933fc7474ea7e9e5c0e41d93d84c32b279f4b" + } + ] + }, + { + "id": "00e8e8122abacd21", + "location": { + "path": "/usr/share/man/man5/subuid.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1367 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5467b39164543d43e9518fb79b45dffb54c23022" + }, + { + "algorithm": "sha256", + "value": "962b2b540d0f847ef919ebf26cc2f88f8ef5f52621281837b775be6a08eb7b1e" + } + ] + }, + { + "id": "6cc990701a0483cf", + "location": { + "path": "/usr/share/man/man5/tar.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 11045 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4cc826fddc32373ff2baca75047bdb542541f0e4" + }, + { + "algorithm": "sha256", + "value": "3ab252b6067ddacc4a57d2dcd5bcde3223a3af3c324b2a87fe0bcd7364ff6c70" + } + ] + }, + { + "id": "5e292b3a78fa663e", + "location": { + "path": "/usr/share/man/man5/x509v3_config.5ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 8861 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "821498609fb78465682e6db725f295fbf91bac5d" + }, + { + "algorithm": "sha256", + "value": "c7a73764eb27b51ff855e31ffda6a5e5aafc611b73320e49f1a70a7da2c2186b" + } + ] + }, + { + "id": "0a62741227568113", + "location": { + "path": "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3329 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0f7dc1b9a494817dc399a5389828321b91ec5f01" + }, + { + "algorithm": "sha256", + "value": "9adb66a06899ddd4211ecbe7d75260c88949eaf35095416aa288cd4cd7173f3e" + } + ] + }, + { + "id": "614b857c27a1c5f8", + "location": { + "path": "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2321 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "aabab7951cad3af0a032064c0c6fe40ca3d83bbc" + }, + { + "algorithm": "sha256", + "value": "678519b9df1ac01a19a7e6581d663f1455e65f90b68376fcbebe346bfd29c323" + } + ] + }, + { + "id": "04a987f5b10a610c", + "location": { + "path": "/usr/share/man/man7/EVP_CIPHER-AES.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3373 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8d36b84133fced3f8e82ff58530561b0baada424" + }, + { + "algorithm": "sha256", + "value": "6f821d9bc04c2757f4891deead2c80de75b67742c880a3af4cd9c4f88a62fb4b" + } + ] + }, + { + "id": "ceb0217c8a12470b", + "location": { + "path": "/usr/share/man/man7/EVP_CIPHER-ARIA.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2681 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "831ee499156129f73caca7809d10ccae98561388" + }, + { + "algorithm": "sha256", + "value": "3f6fc3b6e06f7c200eb9317d1f1407d2ee436253ae2ef528ed0fd5769b2d284a" + } + ] + }, + { + "id": "975fffbcfac782eb", + "location": { + "path": "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2324 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4c908f3c32e9a32d3fc8a281660280ad47439f70" + }, + { + "algorithm": "sha256", + "value": "1c4aae9fa2168d02e5d90df893d68ef952c0e82ad870ce05575d435a26b916d7" + } + ] + }, + { + "id": "cec6961786f8edc3", + "location": { + "path": "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2614 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1fe7b56d528443a42bf21f62eeb37c1121bcb3f6" + }, + { + "algorithm": "sha256", + "value": "f17c13a80923d19bedc06495a8ef59d8f10d344397546a43fe2169dd69c871b4" + } + ] + }, + { + "id": "368098ac9821757c", + "location": { + "path": "/usr/share/man/man7/EVP_CIPHER-CAST.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2459 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d51ca198f2237a8bbd58702c1d3c8eb180baa27d" + }, + { + "algorithm": "sha256", + "value": "03e245655f99153556b77fa9bd2df96c72b9dab778df5cb46d8694a8938b5544" + } + ] + }, + { + "id": "1530f883db4b364b", + "location": { + "path": "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2301 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e0b72160bf72aaf23b1853ef3780bf2ed10e2484" + }, + { + "algorithm": "sha256", + "value": "cff71dd921119b1342e447655c464655137e5a42ebef9c10538e98e76ed5cf12" + } + ] + }, + { + "id": "080a70f9a4603dbc", + "location": { + "path": "/usr/share/man/man7/EVP_CIPHER-DES.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2630 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4e2349f0b6c8650cccfb3f2e3694b5bca8c7c366" + }, + { + "algorithm": "sha256", + "value": "e0be8aa305dd7e8fccb93290303cd6d3b7ea3183b8027211d160267d1b744401" + } + ] + }, + { + "id": "fab0ad695fe86de7", + "location": { + "path": "/usr/share/man/man7/EVP_CIPHER-IDEA.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2360 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "344cc99e06268bff0b20eb77ce8df5eecbe68b83" + }, + { + "algorithm": "sha256", + "value": "5c46103011da292b4a6e34c6bef0a22568a23a962b173c4b3e6e039971d8db6c" + } + ] + }, + { + "id": "589755c709a5e68e", + "location": { + "path": "/usr/share/man/man7/EVP_CIPHER-NULL.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2661 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c38da2b7bef8f3b3c904ff09bbaf335782bb81c1" + }, + { + "algorithm": "sha256", + "value": "44b36b5606ea1c14e71f9b33cfdab4879d4f164b55b1a966ad70166441af670b" + } + ] + }, + { + "id": "64135b28c46f9bb3", + "location": { + "path": "/usr/share/man/man7/EVP_CIPHER-RC2.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2410 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8caf1fcaadd779811e3b65b264bf4a0ea3e7e216" + }, + { + "algorithm": "sha256", + "value": "7dd4485467748b7af90c78d59180b7c7acc03f115932d1bec93b4c9f387ba136" + } + ] + }, + { + "id": "b5478fdde922a6c2", + "location": { + "path": "/usr/share/man/man7/EVP_CIPHER-RC4.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2316 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ae716176fa98716681db459dfc46e2b9e2331784" + }, + { + "algorithm": "sha256", + "value": "660051e40ee4c8985b0505c2f3073369a88bd634034ea36062f0a4575b6551b1" + } + ] + }, + { + "id": "d2e151662e06a92f", + "location": { + "path": "/usr/share/man/man7/EVP_CIPHER-RC5.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2386 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6dd04108eae292923d0e4ae4b1b4f5566aed1ab0" + }, + { + "algorithm": "sha256", + "value": "2cafd301ce673d38122d8ddd8775e76542a1b779183d67ff9c87ffeb7acb3cce" + } + ] + }, + { + "id": "467837e1f76df428", + "location": { + "path": "/usr/share/man/man7/EVP_CIPHER-SEED.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2370 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b17ce47eac0619c1480f9dce641de82bea26ed1f" + }, + { + "algorithm": "sha256", + "value": "c8c8c516d120379f5df27486fb040e03995d2581315ee9399d1e5d1070210b7d" + } + ] + }, + { + "id": "5e55681099c9ac55", + "location": { + "path": "/usr/share/man/man7/EVP_CIPHER-SM4.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2603 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f93bd12665f7d9ee3904002acc0d067713ac9e5a" + }, + { + "algorithm": "sha256", + "value": "b44a653ae2e95be0dd0815eb7a9a4d2b245ecea96864ae621227214bace31f89" + } + ] + }, + { + "id": "4f6c8c0223470a84", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-ARGON2.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4599 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "23adb59156e3cf96ecfc38f0d6a2b788d41dd228" + }, + { + "algorithm": "sha256", + "value": "a31936a669a89e4666142441799ac4cbb9c486e24e03e090e82c8ae2800bb225" + } + ] + }, + { + "id": "3a7fc15fcc4dadfa", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-HKDF.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4256 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "eaa0a00f06981a1c5af94c07689f3414d7d9b2e7" + }, + { + "algorithm": "sha256", + "value": "6feade2f08a1729ee453218a840aba964ca0b8c057ebf3f6049d81a591c4553b" + } + ] + }, + { + "id": "8b74dbb9b76ffae7", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-HMAC-DRBG.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2762 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b50417a28c5aebba1f0b1ec4a2910d21e970c2cd" + }, + { + "algorithm": "sha256", + "value": "220c8b5e07859cc46dcf348356ff2ac8bff3cbd913510f9d828587179fd76830" + } + ] + }, + { + "id": "2867a7f559c350c2", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-KB.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4353 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "973eae331e1c1566fe580501dbaa886d63ddee3d" + }, + { + "algorithm": "sha256", + "value": "76932a79463d97d55da1dfa1d3dd8c4ef9b3604ea7c2a88e287edcf689a4bed3" + } + ] + }, + { + "id": "a0b6c5155090d47d", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3364 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d7d00cc25665dbd5416d7102440ff196ace251ca" + }, + { + "algorithm": "sha256", + "value": "c29d3a76446f8e45ed16ebe710105603a744aea7044cda78a63711dd4186302c" + } + ] + }, + { + "id": "2ccf1330944b3911", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-PBKDF1.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2945 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "55328f9e02b6f7e3f4eceea1cc9c1757ddf98d41" + }, + { + "algorithm": "sha256", + "value": "63801430e465921063d23c381a4464468788b25c71cbce83f42729b4e819c7d1" + } + ] + }, + { + "id": "f2ed5774c659335b", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-PBKDF2.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3352 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7348c092015b14c156c47f217d4601661611730c" + }, + { + "algorithm": "sha256", + "value": "7eba1878f7907f682e8c788f94ff2367f5f1b33b95732e9af5ab690a5ee7b66d" + } + ] + }, + { + "id": "525dee4e979d11a3", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3056 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c8fb69ee0a83d875bc8696fb94961e212ddc6745" + }, + { + "algorithm": "sha256", + "value": "cee684f8a03551be0e8feecea5cab5864df87249ea8c934e16360dbaa7b1f95a" + } + ] + }, + { + "id": "8b2a0b87a4276bd3", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-PVKKDF.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2740 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d5fda3931d55c1b1adacd947c73610605f4f5232" + }, + { + "algorithm": "sha256", + "value": "a67ead799c7250a2b7a6beb2991087069f10d6fe412e959b5616e4f43ce7a7a1" + } + ] + }, + { + "id": "fa7659be1bbaac1c", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-SCRYPT.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "703ae78626c835cba80279f0574760795e25338b" + }, + { + "algorithm": "sha256", + "value": "befaced50aaa9046b50a854aeba5e360a158d436f31192c582cfbc56cb0a8092" + } + ] + }, + { + "id": "d2f4648fd31ce066", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-SS.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4035 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cde9e9dd7ae8cdb433a091c00eff8dbdd3981de7" + }, + { + "algorithm": "sha256", + "value": "6d2079f83ea2444b9c51a838a6c7d2360d4f7f4b3f6bedd98d170b9b2317a90d" + } + ] + }, + { + "id": "552f5139f3e4f68d", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-SSHKDF.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4212 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "da28b4ee98e7e5af20bbd899b3f9ec3f47d2ad4f" + }, + { + "algorithm": "sha256", + "value": "addc220d360ab59a647cd93a24645eb911eb98907e96dfbe8eea36ee3305a06f" + } + ] + }, + { + "id": "459e9f148272cee8", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4082 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b4309b59701493419e52c473c30405a83be9f2d1" + }, + { + "algorithm": "sha256", + "value": "b01bc5ff37d1b6f9e8242a21211b49169e8913c8f695be1a4a47e37f8e5f993d" + } + ] + }, + { + "id": "757c5e7433c8bba4", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3840 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "641e78e20054210c91c7699287cad38a145c9991" + }, + { + "algorithm": "sha256", + "value": "2e96af999fdf51a20d7b9e8edb3ce29068dea80780598c35053c3c862c0c78cb" + } + ] + }, + { + "id": "03b262d8fe93a385", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4224 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7ca9ad40e111c2dc59393d757f5a803a00010b12" + }, + { + "algorithm": "sha256", + "value": "1935b45f189c789f26081199a8d53e9a95d031c16cc124ae292560ed39106fe8" + } + ] + }, + { + "id": "7972d18b8c491ea5", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2289 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2a0f216ba4a5346f8e88bd6ba371cb81324ea1c9" + }, + { + "algorithm": "sha256", + "value": "36d5129a6881951f1946ea58e6db3d5a274a0df7ad7035ed725400b8d22e4f10" + } + ] + }, + { + "id": "5debda3dd8c43da2", + "location": { + "path": "/usr/share/man/man7/EVP_KDF-X963.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3686 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e55f6ba90ce631943b2c5a3b4a5d9dee2c0403ee" + }, + { + "algorithm": "sha256", + "value": "ba4ffacc7f9b15f91ee6d5261a0a25c2928e0f229e8eb518523c28964b359cbf" + } + ] + }, + { + "id": "eaf10019bfa53e6c", + "location": { + "path": "/usr/share/man/man7/EVP_KEM-EC.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3059 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "04a40cee62fa558a80464e313f36363cf31cfefd" + }, + { + "algorithm": "sha256", + "value": "e61ac1db45e16725c0d74be6fd4a0ab6f6e93ee9a747f0365776c1a754bce567" + } + ] + }, + { + "id": "dde1ad43ffe850f7", + "location": { + "path": "/usr/share/man/man7/EVP_KEM-ML-KEM.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2572 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7bb4d9b935f3cef0615fb2c39c82c2349d874913" + }, + { + "algorithm": "sha256", + "value": "2ba7c1295bd15944469f28a33760bede10cf4e125ea0af8221846a1ef05f2f5a" + } + ] + }, + { + "id": "4b71fd7f4dd7c76a", + "location": { + "path": "/usr/share/man/man7/EVP_KEM-RSA.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2838 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "765c553b6092aec68a9898ce9efa59cf8a4b06c3" + }, + { + "algorithm": "sha256", + "value": "e9e3831822de6d7c96c73632073d7d1d8a05f87c5d2fdf6c3a6af472522d41fa" + } + ] + }, + { + "id": "116612c7f9a4276c", + "location": { + "path": "/usr/share/man/man7/EVP_KEM-X25519.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3019 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f646ac6fcecb435642e93af63e3febe199b3a5a8" + }, + { + "algorithm": "sha256", + "value": "2ed8fbe186d68899ef9f41b9ade76661ece11ba48a4f2b48631a8cd63ca90563" + } + ] + }, + { + "id": "ad000ecdfa943769", + "location": { + "path": "/usr/share/man/man7/EVP_KEYEXCH-DH.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3764 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "03062847148f6283aacd3dd6684b89aeb40dc0fe" + }, + { + "algorithm": "sha256", + "value": "f36a5b1e05fad760f8e239f70bf6a677699574257816ad2b56136bb919d4fe48" + } + ] + }, + { + "id": "534f9530f3e7d4ef", + "location": { + "path": "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3800 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9a19020f05014ee5103f0d6d7177107c5034a512" + }, + { + "algorithm": "sha256", + "value": "1f30ae0ee56e852c82586f6aa624a67dae144bfe291f6413caf4c9191a1da510" + } + ] + }, + { + "id": "579c5e1799c04e87", + "location": { + "path": "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2511 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4fe3dd0c4ea6b8ffac75655029af108537631892" + }, + { + "algorithm": "sha256", + "value": "9a6b8e0fae2f3239a3b2bf49df6aa1353ca1184e754cd3d18a63c1158e6c671e" + } + ] + }, + { + "id": "d94a24d38f12eab7", + "location": { + "path": "/usr/share/man/man7/EVP_MAC-BLAKE2.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2988 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b1d411e74e4a630bb9e746d52b83d5f3f1a7ccfc" + }, + { + "algorithm": "sha256", + "value": "94b0f6ae9b71afc540c7908c257996e58db2dba9da300ff73d2f8f36b8b08dc4" + } + ] + }, + { + "id": "21b9bf623e477c9b", + "location": { + "path": "/usr/share/man/man7/EVP_MAC-CMAC.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3206 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "232d6656dbb0cf7b43d65a5cb7f5ef139baab6d5" + }, + { + "algorithm": "sha256", + "value": "482488d48d3f2c917be66ac7285c95f68dad873324e4c63585e9eb09999fb97c" + } + ] + }, + { + "id": "6670e4a5d0e8f7b4", + "location": { + "path": "/usr/share/man/man7/EVP_MAC-GMAC.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2819 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3d0d5416e9d4932a7dd5f4c5b430119c7fdac7fd" + }, + { + "algorithm": "sha256", + "value": "64d6e1ae2b9a05e07b5cd532b3732c9ba66f5fe02eddbd7c0978f12777bf77e6" + } + ] + }, + { + "id": "512d053c17d87ee2", + "location": { + "path": "/usr/share/man/man7/EVP_MAC-HMAC.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3227 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6358b37f296787897e06dd6e8a38004d97b85971" + }, + { + "algorithm": "sha256", + "value": "39ef21f034a42744a8a99e300c6e1fe899a5aaea863d9acac97dcb81a7e10c3e" + } + ] + }, + { + "id": "e0ddeaa423d94e65", + "location": { + "path": "/usr/share/man/man7/EVP_MAC-KMAC.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3946 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3ddbf486b09284ae822eb94a5c9cde1ef5a9af14" + }, + { + "algorithm": "sha256", + "value": "7a3b285ed2fa6600aba01173112dab6619edeb4018de57afaa8858884159debf" + } + ] + }, + { + "id": "c9b816255fc03fd3", + "location": { + "path": "/usr/share/man/man7/EVP_MAC-Poly1305.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2667 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3709ffbc903e8d89da3febd7c4ca1946f0c23dc8" + }, + { + "algorithm": "sha256", + "value": "815903fe49540243343dc4dae324c98cf191354ab1f41e589f13250831af2591" + } + ] + }, + { + "id": "12fb8dcbf17e12f9", + "location": { + "path": "/usr/share/man/man7/EVP_MAC-Siphash.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2686 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d525dd2742f0addb73460995619b1c90a4f890e1" + }, + { + "algorithm": "sha256", + "value": "22a7bae909eb8c5ee692ce145a614cd24149c4e5f7f18a9442d31455e7dfc4ea" + } + ] + }, + { + "id": "33151bcb993bbe1b", + "location": { + "path": "/usr/share/man/man7/EVP_MD-BLAKE2.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2779 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f547a35083a6bdea4fbe5b672dc6d441efaae6bb" + }, + { + "algorithm": "sha256", + "value": "5a4f65756cb704d395f250b280f1917aa8670dba484472381885628ee65bba0b" + } + ] + }, + { + "id": "2492038fe7738f6b", + "location": { + "path": "/usr/share/man/man7/EVP_MD-KECCAK.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2317 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2a75c6c66442b6e0b113429e45569c9c40a7627c" + }, + { + "algorithm": "sha256", + "value": "67c856a70f86af1ac78280cb6cf7b2a54af2a0c8cf84cb3403c7a055ec2645df" + } + ] + }, + { + "id": "362858c8cee5ee21", + "location": { + "path": "/usr/share/man/man7/EVP_MD-MD2.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2227 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a6f0bc4856a3619970ad0089b12fb195f7e3e7b2" + }, + { + "algorithm": "sha256", + "value": "c47ca5f289ee3976ca6da76384bc1c78fc431bdfa0372ec8cebfe92807e33c75" + } + ] + }, + { + "id": "557a753af79601d4", + "location": { + "path": "/usr/share/man/man7/EVP_MD-MD4.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2228 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "90b75ed246c9cb80d60f617c8580d6874577a63d" + }, + { + "algorithm": "sha256", + "value": "40b5e13d50905d7c9acd7e9d36d2789812b90d2871eadd3d110dfd53de079e64" + } + ] + }, + { + "id": "3b4405ce04b1600e", + "location": { + "path": "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2652 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0bcfc887e34ecd5373c578c819b79a919c36a72e" + }, + { + "algorithm": "sha256", + "value": "54f85786ad5135b0a1e495934b8dea95148fcd33fe3d573d2fbbb5c537b5d662" + } + ] + }, + { + "id": "d51833fa2e124644", + "location": { + "path": "/usr/share/man/man7/EVP_MD-MD5.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2224 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "20e67e7f68c8171931a5729d813e9c2ab88a1db8" + }, + { + "algorithm": "sha256", + "value": "8a2eba35eb1a35bf521ced91fea40a074d810a096d2e1d6735e96d60b0af382e" + } + ] + }, + { + "id": "91df02eaeecd459d", + "location": { + "path": "/usr/share/man/man7/EVP_MD-MDC2.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2469 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "25cb56e667cb00fa5814a1b20a61d6aab99cfb4c" + }, + { + "algorithm": "sha256", + "value": "e972ba9f44b5e47d6e879239dd51ab7fb9452eb4cacb950e5c2c821398f6d6fa" + } + ] + }, + { + "id": "34502f16226e82d3", + "location": { + "path": "/usr/share/man/man7/EVP_MD-NULL.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2305 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2df9b22472ba46882dc4d82d129cca8214f51487" + }, + { + "algorithm": "sha256", + "value": "6b888d8866df01c656bf5b6f801d930bd8f6fcfd3bf335f04c3e29ecf874d754" + } + ] + }, + { + "id": "e9514150e59eddd1", + "location": { + "path": "/usr/share/man/man7/EVP_MD-RIPEMD160.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2303 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "501c0a33acb85d62945f26454253befac74b12f7" + }, + { + "algorithm": "sha256", + "value": "e5dddbee5c549b16fe6c74dccaa11f5187d4914dc50d66414cbb997794540a17" + } + ] + }, + { + "id": "e6158bdeccf8b95c", + "location": { + "path": "/usr/share/man/man7/EVP_MD-SHA1.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2647 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fa6ee113c99d2dcae37160792c3a6f6dc5ee7b58" + }, + { + "algorithm": "sha256", + "value": "f9a8b8034ad4ec80c5d888eee2c0e41b9bad8b164bead41a5149766e814c1353" + } + ] + }, + { + "id": "380f15a0186b69d1", + "location": { + "path": "/usr/share/man/man7/EVP_MD-SHA2.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2473 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b8a29484b63bc8d0ac452cddddaa05e946d8aaf6" + }, + { + "algorithm": "sha256", + "value": "58a2105a502493d7d5ec13e49d4318848f0e55ebe33aa219287fe33872c722f9" + } + ] + }, + { + "id": "1223afc00cf0844c", + "location": { + "path": "/usr/share/man/man7/EVP_MD-SHA3.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2339 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4b80b438ae6fdd26f01e65e626cd8be1ced1e602" + }, + { + "algorithm": "sha256", + "value": "3057ff8d3c1aa31b87065feff4d52e5113c9495b1f9d7e1682a04ec763036cbb" + } + ] + }, + { + "id": "0b11dc6ec27fcb50", + "location": { + "path": "/usr/share/man/man7/EVP_MD-SHAKE.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3135 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cce7913ddd497e5bc4a177cdcf9bbad7f62225c1" + }, + { + "algorithm": "sha256", + "value": "13db6eeb0883668e0df6a97fecc195999b1dc201e45ab074b921cb64609c1a2a" + } + ] + }, + { + "id": "40e6051abeb3f042", + "location": { + "path": "/usr/share/man/man7/EVP_MD-SM3.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2226 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7f7f980654419e0455be32dc715952b183bbb412" + }, + { + "algorithm": "sha256", + "value": "73c375e85808bad375e6270767eeeafbe53c3eb8f73c48ca678fb8b457e0e88a" + } + ] + }, + { + "id": "ac57a7fab3558da3", + "location": { + "path": "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2235 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c08b7b4f28447c07bad9c4e088e1fb73cca1572f" + }, + { + "algorithm": "sha256", + "value": "25f5026878d44caccf615b259eecf2041d805858cae483a7f81fd9005a870a8f" + } + ] + }, + { + "id": "eb4659e903b52f95", + "location": { + "path": "/usr/share/man/man7/EVP_MD-common.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2516 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6c14eeef33779a4ec1f47f703e42b440d163ea25" + }, + { + "algorithm": "sha256", + "value": "9018eee6bf69fada25a66de5333c28d19136b8dc1dc3e9427bf347ecc9bf5c57" + } + ] + }, + { + "id": "05269894336f94f1", + "location": { + "path": "/usr/share/man/man7/EVP_PKEY-DH.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 6046 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d7edaa83549df5ae3b9a6f7264b36855d11dd76a" + }, + { + "algorithm": "sha256", + "value": "eb0d58b8983f36dee2eadfbde585e9c96da892e5c0716028f03d45bc0c1ee338" + } + ] + }, + { + "id": "3717e7a528f67db3", + "location": { + "path": "/usr/share/man/man7/EVP_PKEY-DSA.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3678 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "247f40abbd4331e5b95efa57949e680960b0befe" + }, + { + "algorithm": "sha256", + "value": "40205f1717dbe4478e7c1f916f93c4fc0760fa295b1c580364adf5c38c1e06cd" + } + ] + }, + { + "id": "4c7ea6934cd41c12", + "location": { + "path": "/usr/share/man/man7/EVP_PKEY-EC.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 6376 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "600d4bd1d42ac4a8b4f9baa161eb936dd823b8a4" + }, + { + "algorithm": "sha256", + "value": "b4115aa6c5d2c232c7f8b506e6636b58a1f1f0688d1c4651f49b82f25129b7cb" + } + ] + }, + { + "id": "91f91d555a9103a8", + "location": { + "path": "/usr/share/man/man7/EVP_PKEY-FFC.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4816 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "56b0f6536793be5ee2e94de6608f1ca37441e43d" + }, + { + "algorithm": "sha256", + "value": "ff6f56ab05f2549d8be2b60e51c640f3ef6d9115787dab3fde63023875ded470" + } + ] + }, + { + "id": "0a2c3c47f7545b9e", + "location": { + "path": "/usr/share/man/man7/EVP_PKEY-HMAC.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2969 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c5ac211bd688e67efb816151d1dcbad4ffabbc20" + }, + { + "algorithm": "sha256", + "value": "37a85ff053b85cb11ca6375ae0b39dc0746dd42820d0362c0ebb7886d21983a9" + } + ] + }, + { + "id": "164f352d72d01539", + "location": { + "path": "/usr/share/man/man7/EVP_PKEY-ML-DSA.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5748 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "76bb28f59894425a66199e8e557b9258e271f287" + }, + { + "algorithm": "sha256", + "value": "799556567884a8916eb610bc13080b3a5e400db5194966913580bf85b175c686" + } + ] + }, + { + "id": "a1e614a5bfcbaf8b", + "location": { + "path": "/usr/share/man/man7/EVP_PKEY-ML-KEM.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5996 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5f295b63affe266f764c8fbcc1357df777dadec3" + }, + { + "algorithm": "sha256", + "value": "15c97da5cd2ee75fa69e576ab4c6da28dd2e64bf7247bae23ab5b539c735464d" + } + ] + }, + { + "id": "8f48b348d58b0ba4", + "location": { + "path": "/usr/share/man/man7/EVP_PKEY-RSA.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5310 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c3ff788711667cd488e005c3adf9e247ee162caf" + }, + { + "algorithm": "sha256", + "value": "7f6dde005bd8676338aa6993e687fd734a328a64ba87abc8a86ac17985a3e39e" + } + ] + }, + { + "id": "4e88db845a1d6c20", + "location": { + "path": "/usr/share/man/man7/EVP_PKEY-SLH-DSA.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4112 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "20676370d78badbeabe221dd7c2964b40d2e5d78" + }, + { + "algorithm": "sha256", + "value": "41ab32541a8ba6a0eb4438a8c2a333c5d3635ab1d1c50eb9e992c8c7890f8cbb" + } + ] + }, + { + "id": "f8db2e7291900711", + "location": { + "path": "/usr/share/man/man7/EVP_PKEY-SM2.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3350 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a418d5c2ac6f5baaae5c3bfa82c22a0eb8749d72" + }, + { + "algorithm": "sha256", + "value": "18683281bde52c6383972d29f2f9f41b7e51c111faf1decf164583a91ced9cde" + } + ] + }, + { + "id": "5e03800152dd27d6", + "location": { + "path": "/usr/share/man/man7/EVP_PKEY-X25519.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3485 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4f14ab18f1f33df038eabb0d574e3904e25df426" + }, + { + "algorithm": "sha256", + "value": "c44e89ca5e665bf45ce7ca95ab2a7b82890d1264ec9437bd14c55beb1db2a422" + } + ] + }, + { + "id": "cd89c7149d5b8519", + "location": { + "path": "/usr/share/man/man7/EVP_RAND-CRNG-TEST.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2895 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "35f867faf0236d2449fb991008cc14a1a887c626" + }, + { + "algorithm": "sha256", + "value": "cc5263874eacc2f69afab4e742df56787ed0bbe6ad70cdca61189d642f7fb0b6" + } + ] + }, + { + "id": "34df9b20f6f66964", + "location": { + "path": "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3402 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a9feb30594129b4df7b544dd618eaf69fda4b3c5" + }, + { + "algorithm": "sha256", + "value": "d5dcc7c74787dabc25cb173014befed9ea57f0a88dc501979f5b7b950d49765b" + } + ] + }, + { + "id": "f4cfffc2116f7bfe", + "location": { + "path": "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3733 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8f048c3aca7b684516bd5949931f05470cb7a3c9" + }, + { + "algorithm": "sha256", + "value": "0259fbf7534f2ea1a218bce2a22f6bd36844472d2d005996096034d319158896" + } + ] + }, + { + "id": "469a3d0c003455eb", + "location": { + "path": "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3751 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "690a826e166e6c824074301810fd9c7fff1ee695" + }, + { + "algorithm": "sha256", + "value": "5e9e3f48db77000183bb65d84f4ec7bbfbf5bce78704645496ea64ecb3d5766e" + } + ] + }, + { + "id": "effd69c97c9344b7", + "location": { + "path": "/usr/share/man/man7/EVP_RAND-JITTER.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3163 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "245353702e6bb45523fc4fa40ecc2fc22f587dd2" + }, + { + "algorithm": "sha256", + "value": "2d564e37e863790cc9458e1648c85b8378d6e0a9ad93d710d3f0a49c3ea0edd9" + } + ] + }, + { + "id": "dda5f2f598756220", + "location": { + "path": "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2880 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0e07d9573660c92e80068caad010292df0829c2d" + }, + { + "algorithm": "sha256", + "value": "78ed0e17531af03d68d54e7788ecb5b2cfe3e484d66113faa2132228716daf82" + } + ] + }, + { + "id": "c358961d83fa600f", + "location": { + "path": "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3550 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d131282cda3340b32b97334ea367def51f1c2eac" + }, + { + "algorithm": "sha256", + "value": "6365df34ca70b738dbc19bac83a265955c0ec8bbfca32d3d036460e548d148de" + } + ] + }, + { + "id": "fe9eae88652d3c8c", + "location": { + "path": "/usr/share/man/man7/EVP_RAND.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 6428 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b021089b83b345c2a1bb39f01f1b3938a5833932" + }, + { + "algorithm": "sha256", + "value": "1150df4ca1c2206ca30b5a4a28e1150b07badecb6d4819d6a1f3ce3366201d2f" + } + ] + }, + { + "id": "0b3ada17b5808025", + "location": { + "path": "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3884 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0acfe8936332565aa2718be92b1b82deef1e40de" + }, + { + "algorithm": "sha256", + "value": "fe879790d45d1bf76d440079aa73c36d0727ad1c302b1012d4d4f1ed01b9b291" + } + ] + }, + { + "id": "22a3961e6fdd8f2e", + "location": { + "path": "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3635 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b85de04be695db96e289bd65f90605a38b140db2" + }, + { + "algorithm": "sha256", + "value": "aa23c62df9303e39d1276a8489dcd99f1890f044bb42a33f0b03ca7088cf236c" + } + ] + }, + { + "id": "7e6f15db1d2d3469", + "location": { + "path": "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4314 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "48ece9fdb5e703d59f54926f02151da34968b331" + }, + { + "algorithm": "sha256", + "value": "6b47aa8bf2955db526004dd8eeb512563061cb4b9d518c540171089b2915786b" + } + ] + }, + { + "id": "c5d017216849682d", + "location": { + "path": "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2504 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "576c5656a043c2ec5a1e9a58981cb11dc3509cf4" + }, + { + "algorithm": "sha256", + "value": "95e2223f981cd7365f5cdd5459faef4d661f0f9497a9ec5f0d6c1dcdc9682b8a" + } + ] + }, + { + "id": "b03e6f64daabd092", + "location": { + "path": "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3966 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "86f36327b128520d75b2e55c79a4f121dccc7d85" + }, + { + "algorithm": "sha256", + "value": "5a04a083fff068a1a54a3a2bb2810943f82dd5c7aa2cb4ca1eb7884349e3cfbe" + } + ] + }, + { + "id": "3978c1ded75360d2", + "location": { + "path": "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4883 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "053d6582112fb6a7db07987c813737ab8b07c9ac" + }, + { + "algorithm": "sha256", + "value": "e7c24c0f8f7593c8c0f2d85b60cd0cdf33e78f9e6ba6414a53df06ae4eb16277" + } + ] + }, + { + "id": "77c3c07010d12669", + "location": { + "path": "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3892 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c463632046cdb268451bf49b3e2baed504da26f4" + }, + { + "algorithm": "sha256", + "value": "efa7726fe98300fc2b5eba273b626d7e36cd30a688eac5fc4833e94705a0c93b" + } + ] + }, + { + "id": "e851d200f2c305dd", + "location": { + "path": "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 8262 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "67a795209a5159334401304c0aa8ee90ed11a5f8" + }, + { + "algorithm": "sha256", + "value": "5e1fee30b775716756f7f35ef3fa8ea2ce9181b7bd09638c2457b40961d3cbfb" + } + ] + }, + { + "id": "08389c7ca7020248", + "location": { + "path": "/usr/share/man/man7/OSSL_PROVIDER-base.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3208 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "51c822dbc7f5d7e3e24021ac54a26a466bb1fc5e" + }, + { + "algorithm": "sha256", + "value": "75ce22e58e16f3676d8048d80988c9e04164280940c134a22406c196cb8397f5" + } + ] + }, + { + "id": "dcfede4baf820cb0", + "location": { + "path": "/usr/share/man/man7/OSSL_PROVIDER-default.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5220 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3e712c877b809c2b7ea08e8d20ebadcc86a350cf" + }, + { + "algorithm": "sha256", + "value": "5634d71e60866269838a5d76079d2b334e70bd5d7fd46b99291dea8b6ba2d1ca" + } + ] + }, + { + "id": "953494b038436cb6", + "location": { + "path": "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3049 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c8742ee755b5cdef416fa41177137859947ba5d5" + }, + { + "algorithm": "sha256", + "value": "06c925a915991c880ed7a7a02237c15e9f836155a5d31d52ebbd04a15822da08" + } + ] + }, + { + "id": "8824c210f678a8fb", + "location": { + "path": "/usr/share/man/man7/OSSL_PROVIDER-null.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2236 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0809fff2a8ddc81188175c8d877471835e1299dd" + }, + { + "algorithm": "sha256", + "value": "6f1eb27a9bda8f1c2995c6d049cb351536931594c6bf1e0630b09e14332963ee" + } + ] + }, + { + "id": "c302d53de8a0a610", + "location": { + "path": "/usr/share/man/man7/OSSL_STORE-winstore.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2823 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bc55b8b0392553cc5ada762f492b72c630de7327" + }, + { + "algorithm": "sha256", + "value": "13b5944e85181062fd4a534b0d7f36f81d338f0eaf86745616178e608547fca9" + } + ] + }, + { + "id": "b4eb6556380b1ece", + "location": { + "path": "/usr/share/man/man7/RAND.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3548 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "29c49852d32bef1a68842bb89a7d2eeaebc35d0c" + }, + { + "algorithm": "sha256", + "value": "9a7b237d5484cd1511f2eaf54f3b86b1038fad924d179a0261bffd2c336d0291" + } + ] + }, + { + "id": "8f3b76c59363aa11", + "location": { + "path": "/usr/share/man/man7/RSA-PSS.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2673 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5da2bf95c85997466406a6f771e66c8a114c8216" + }, + { + "algorithm": "sha256", + "value": "ee7e644c043ce90a627f9674b744d88a1adfc1f3881d07e09d4c2b498dc3050a" + } + ] + }, + { + "id": "40616822d43702fa", + "location": { + "path": "/usr/share/man/man7/X25519.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2712 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9738a115ce54e0bd2f570df81191abd91326ec53" + }, + { + "algorithm": "sha256", + "value": "6a35d5639f030ce4a971216a70e04b265c1e9766032a2045876bbc680470c841" + } + ] + }, + { + "id": "9850eedf46693151", + "location": { + "path": "/usr/share/man/man7/bio.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3430 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c1523f3a9accf1e225f3794375d56ebcd77d1dac" + }, + { + "algorithm": "sha256", + "value": "2256cd5b5747dfd314c8ef649d77d7f0c687536f19aec0f9011dee25ec1c064c" + } + ] + }, + { + "id": "e805870ce82f9ddf", + "location": { + "path": "/usr/share/man/man7/crypto-policies.7.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 7054 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9092074e065d28c81e81f837863f0139267a2b04" + }, + { + "algorithm": "sha256", + "value": "b7798e9f31248342b6a56b6a9555a65fd61f5180808fb98ad26a63b6fa49b8dd" + } + ] + }, + { + "id": "ac109f4be4188339", + "location": { + "path": "/usr/share/man/man7/ct.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2541 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a9d10e3e13b0f80c8edbab5b8e906cc548a982cd" + }, + { + "algorithm": "sha256", + "value": "11d22a2651b8066d55c4097519b8fa31ffc85e8a560c9dbbf7c888544153da1d" + } + ] + }, + { + "id": "a3f6b17683961d43", + "location": { + "path": "/usr/share/man/man7/des_modes.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3873 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9581228b6faa042cc2f9dbe96119ce035c771f9a" + }, + { + "algorithm": "sha256", + "value": "7d9153f3059a6980686573193bff3d6261ca162190b27d6af5b947d76398671f" + } + ] + }, + { + "id": "6c8868eb7d22aacf", + "location": { + "path": "/usr/share/man/man7/evp.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3528 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e4e477582992ca7b05e085b2b187feffe1e987dc" + }, + { + "algorithm": "sha256", + "value": "0a76b75e6e34ae1195b5983fdc5a91a37037450b62a5433cb059ccf3ecd43bdd" + } + ] + }, + { + "id": "ad74469e5bea331e", + "location": { + "path": "/usr/share/man/man7/fips_module.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 9756 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "94e69b35050c41b5263e99b4ee903d90dff37fbe" + }, + { + "algorithm": "sha256", + "value": "020fab93e995d03b95189a11d40e81a4422d295db9c3396083f4e95861e436ae" + } + ] + }, + { + "id": "6dd72dec86149806", + "location": { + "path": "/usr/share/man/man7/kerberos.7.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3367 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b4a71a4ce27c9392e96f4195573ed7499fe68f46" + }, + { + "algorithm": "sha256", + "value": "06b401f61c72c02d37d8584572696df5fe8891686727f40d2636ca5f44435bc6" + } + ] + }, + { + "id": "a16275234016a655", + "location": { + "path": "/usr/share/man/man7/life_cycle-cipher.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3326 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "70893e5bab72c671f02d2ee3334f8044cd2ac6d6" + }, + { + "algorithm": "sha256", + "value": "c13bcd281901af42ebe19fa5ddbea78185d0efb5c73628d25cc0fa03f95444a9" + } + ] + }, + { + "id": "f7389995945cefc5", + "location": { + "path": "/usr/share/man/man7/life_cycle-digest.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3217 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "aa15f4b83e9439f572a0e3c8267a04f97eda3b7b" + }, + { + "algorithm": "sha256", + "value": "f735bc4ffb52b870581bbfa5813b14ac278694c19611e65d21ef7390759af50d" + } + ] + }, + { + "id": "7075d77f48f819db", + "location": { + "path": "/usr/share/man/man7/life_cycle-kdf.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2740 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "408469cf7bdf2b6ab284c649cec92cf007e6fc1f" + }, + { + "algorithm": "sha256", + "value": "f59a36ed427968aecedb7d0325b2b0753cb90793d6c36f6286fd471479cb9a40" + } + ] + }, + { + "id": "9198d6c05a6327fb", + "location": { + "path": "/usr/share/man/man7/life_cycle-mac.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2822 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ed0509a593721be29dbc2cd6e0a794f2772def87" + }, + { + "algorithm": "sha256", + "value": "fb65415767b528fd9707e5048e7e3349e66058e8cd511b8d7934fe44b1fd4743" + } + ] + }, + { + "id": "127b13d2bc472163", + "location": { + "path": "/usr/share/man/man7/life_cycle-pkey.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3695 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bd2575ad5fe2b10be688ddd51267c48da7ecc3ce" + }, + { + "algorithm": "sha256", + "value": "5b489671bbd1fe2aece3a1eb7a7a830188db05d0d1cd0d465a9d1444b6202e07" + } + ] + }, + { + "id": "8e00f1b19b53f224", + "location": { + "path": "/usr/share/man/man7/life_cycle-rand.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2796 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "af469a4b0cb6490c6a5fe5816e04417b6983223f" + }, + { + "algorithm": "sha256", + "value": "4ddff0ef7c386842680f163aa46afc4ee4b1cc628534835341a0a4457b060252" + } + ] + }, + { + "id": "9405b70229ad2c0a", + "location": { + "path": "/usr/share/man/man7/openssl-core.h.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2375 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "734863517602e4c431c5de0476edf41b37734b51" + }, + { + "algorithm": "sha256", + "value": "a0ca28b82dd85492206f6e397c01b6bcc186b0b626db4b98efe95c47221d2bef" + } + ] + }, + { + "id": "50eb8ce87c65d0b9", + "location": { + "path": "/usr/share/man/man7/openssl-core_dispatch.h.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2415 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c1c76d96a6aeeb191690466f8c5a7bd55c12b404" + }, + { + "algorithm": "sha256", + "value": "1db039e4c77f5f1737481298a6ad81f50fed41b7b69e1c3cb1b1a82aad51de0e" + } + ] + }, + { + "id": "e7ef7561df01cdbd", + "location": { + "path": "/usr/share/man/man7/openssl-core_names.h.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2516 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5d6a893f1ba6093434235d4f769c993bf2e8b64e" + }, + { + "algorithm": "sha256", + "value": "7cac2f3cc5a889d0c368abac794c451a27a0c90efe8a85e940e9ea46c64ab4a7" + } + ] + }, + { + "id": "93aca83efcab4231", + "location": { + "path": "/usr/share/man/man7/openssl-env.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4494 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "76d23fd440a1a4156084bc648c518056de658166" + }, + { + "algorithm": "sha256", + "value": "15e2f195fcc9a9da18e513f6e414147f4bf0dc9b27b61de13fdc62315d7e9c96" + } + ] + }, + { + "id": "9318266d310bb3cb", + "location": { + "path": "/usr/share/man/man7/openssl-glossary.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4559 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "52e6dcaee085dae678d41a589157b7460d14f700" + }, + { + "algorithm": "sha256", + "value": "5a56b5edd88416097bce26a92f31448e28e08e3e23a3e1d3f80bd8e1cffbba61" + } + ] + }, + { + "id": "9c4dff099946523a", + "location": { + "path": "/usr/share/man/man7/openssl-qlog.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4830 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5e93c37f505bc84caef3a863c9b302df8aacd4a9" + }, + { + "algorithm": "sha256", + "value": "1de6e247881905868cda2bee686da11e2fe0c67375c2670a7412eb9e852fd8b0" + } + ] + }, + { + "id": "1cf26eb3e5d7d8f4", + "location": { + "path": "/usr/share/man/man7/openssl-quic-concurrency.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 6011 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b107a17baef168902f1281ef988b9427e9271f02" + }, + { + "algorithm": "sha256", + "value": "54d7d935831ed4f1f8dcb8b50ac4fadb458492c16cb9209978c001a19a1d5501" + } + ] + }, + { + "id": "e79d0b5e8522462e", + "location": { + "path": "/usr/share/man/man7/openssl-quic.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 12363 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "30b9d2cc50e8f3b61c2ce9fd38d1e48ac6287a3e" + }, + { + "algorithm": "sha256", + "value": "86ac52650a21a5ed93c2075c744171fb448ac4aadab51298dc38d1157a613971" + } + ] + }, + { + "id": "2f61072da3b72ad2", + "location": { + "path": "/usr/share/man/man7/openssl-threads.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3871 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2f88d7d36f7b6f89d48ee0b3dd058480ea4a4a9f" + }, + { + "algorithm": "sha256", + "value": "ad0782bc2b97d5eb164307e8c278f7d5064f4bd30a4b182803dc619bb509565e" + } + ] + }, + { + "id": "45bce5e300fd4ccf", + "location": { + "path": "/usr/share/man/man7/openssl_user_macros.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3110 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c6acb125ed1d512523040c28f6cf2b8810891de4" + }, + { + "algorithm": "sha256", + "value": "98b6f19211cf4ec8e937bd3e84e795fcb0c82f23141d3abc5f3d6e30ebf63f30" + } + ] + }, + { + "id": "34f86a316b899160", + "location": { + "path": "/usr/share/man/man7/ossl-guide-introduction.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3791 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f7bcdeb3e454a6ad13893ebd17352071b752f8a4" + }, + { + "algorithm": "sha256", + "value": "58b9b4fd3306f54579797fe9b3404b49a501bc985076d1bf57b11dce9e487973" + } + ] + }, + { + "id": "9472f49a2146cbf3", + "location": { + "path": "/usr/share/man/man7/ossl-guide-libcrypto-introduction.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 7292 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a1ef6b3d821dd73082b65a843f8c7f3ae0e0333f" + }, + { + "algorithm": "sha256", + "value": "c02386a18012d0dd8ebd6eed739e25516fedd000532f843fd24d6326120e8e2c" + } + ] + }, + { + "id": "a90401c687aafd46", + "location": { + "path": "/usr/share/man/man7/ossl-guide-libraries-introduction.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 7341 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8274bc10267b68ea0362006359dd37a1486c8797" + }, + { + "algorithm": "sha256", + "value": "11895eb4691400975a03ef5b2828a233a418cdd17675d27e8dcf65993d9614b0" + } + ] + }, + { + "id": "38c9e9de9ef8b1bf", + "location": { + "path": "/usr/share/man/man7/ossl-guide-libssl-introduction.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3789 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "deab25bc149dbc97b0e1a49cb29c7c6eb2af5e46" + }, + { + "algorithm": "sha256", + "value": "71f8479fa3655690a01218f3b68e5311a55749a14f339566d0b7d91d8068b53b" + } + ] + }, + { + "id": "b8889875fe5d8ccc", + "location": { + "path": "/usr/share/man/man7/ossl-guide-migration.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 26980 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e045b3d467d7fa6758770a091b4525dab98d0d3b" + }, + { + "algorithm": "sha256", + "value": "1a77c395329528a07988f504fc59ce0e0799d2f0469cd941d8a7e35b48b81a6c" + } + ] + }, + { + "id": "28dfcfd179be0b78", + "location": { + "path": "/usr/share/man/man7/ossl-guide-quic-client-block.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 8020 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "490635fd5c0392732b2247928b5f0b3a8169bd2f" + }, + { + "algorithm": "sha256", + "value": "4763b0fd4136950e01479bbe8760ebf00c2b96e95e788ea91224bd3db7c136f7" + } + ] + }, + { + "id": "45807708e472faea", + "location": { + "path": "/usr/share/man/man7/ossl-guide-quic-client-non-block.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 9062 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8f6f67c3133af8a0a251c9940683d85aabc8893c" + }, + { + "algorithm": "sha256", + "value": "af5a966bbf726386772879b40bdf11a3be4ce5b28d65ee37f1af800b1e73d2f2" + } + ] + }, + { + "id": "460d5c116f6223dd", + "location": { + "path": "/usr/share/man/man7/ossl-guide-quic-introduction.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5479 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "920622e5cb29ad036559668d9fd403008ec85b1d" + }, + { + "algorithm": "sha256", + "value": "2b7874c08565763002478362fe83955be43155ab0d8ce31ce4a5b86a06b01789" + } + ] + }, + { + "id": "ddd66b78c7891cd8", + "location": { + "path": "/usr/share/man/man7/ossl-guide-quic-multi-stream.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 8231 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9327ca8a5364b603a3afde411d4ead6cc2489171" + }, + { + "algorithm": "sha256", + "value": "e6bf5243f928ac1e5024380ebeea8a3dd6ef9570ee88595cac42889efe78ea72" + } + ] + }, + { + "id": "3dfdfeadef568451", + "location": { + "path": "/usr/share/man/man7/ossl-guide-quic-server-block.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 6239 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fa62ed5cc5069839268b39b4e7ff4266dc41b9a3" + }, + { + "algorithm": "sha256", + "value": "44e1b008149d71f66e129c0ab092bafebdaf4ac444558bac3d2f2132965a3769" + } + ] + }, + { + "id": "fa9a2006ebdb8c1b", + "location": { + "path": "/usr/share/man/man7/ossl-guide-quic-server-non-block.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 7640 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a724051b9bcd56ff95fd8dae07b6e9e7c4332e0b" + }, + { + "algorithm": "sha256", + "value": "5134015cfcc302ad4b548be43fce0c07947401535e638b973b38f15d405f3ab2" + } + ] + }, + { + "id": "00e72aac91d28573", + "location": { + "path": "/usr/share/man/man7/ossl-guide-tls-client-block.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 10420 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fe783dde1f04fcd631024c52777e90e4a13871ac" + }, + { + "algorithm": "sha256", + "value": "c6a2090730762fac75b257a545fa3dced6e75be8303269ac0696ce58a883f47d" + } + ] + }, + { + "id": "0d6444570e9a4441", + "location": { + "path": "/usr/share/man/man7/ossl-guide-tls-client-non-block.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 7835 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "308da4f7d747dd91fb91be866b0506d4aa4615bb" + }, + { + "algorithm": "sha256", + "value": "28410b61c2b970d20bc764f5abeae9a37d1eb8f2c1a7d46eb857ce278abcc7e0" + } + ] + }, + { + "id": "30ba784dfcde4319", + "location": { + "path": "/usr/share/man/man7/ossl-guide-tls-introduction.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 8187 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "66ca0b0e1eb4c83d78783dbb88530205d7bfc30d" + }, + { + "algorithm": "sha256", + "value": "6bb4d4c2d4dc5d52b9754a262d2872be9b11156391431c238b510de7e797be62" + } + ] + }, + { + "id": "70a4e9c2614d0bc8", + "location": { + "path": "/usr/share/man/man7/ossl-guide-tls-server-block.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 7159 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "43ad31ae3b8a992032815515fe5ddf75eb359cf5" + }, + { + "algorithm": "sha256", + "value": "7807df01a66dc902145ef198014df925c21a6a39b7d773f0739f7f6a4174bb05" + } + ] + }, + { + "id": "98d38560381f1526", + "location": { + "path": "/usr/share/man/man7/ossl_store-file.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2903 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "103ac6fc1d5fd58bb4b381a41eae522898f0d329" + }, + { + "algorithm": "sha256", + "value": "7b6f1097befa944653d94d5e56310eb54ff1aca43587b2234ae406a49469137a" + } + ] + }, + { + "id": "1ba2765c720edf90", + "location": { + "path": "/usr/share/man/man7/ossl_store.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3030 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ce9d916acd000440edced818f653ea92d1332f62" + }, + { + "algorithm": "sha256", + "value": "f31e0262ac1704c7fe3ba04f0afde26bdf7184abe396946374d9f08e8664cd81" + } + ] + }, + { + "id": "1fc819056b194ba1", + "location": { + "path": "/usr/share/man/man7/passphrase-encoding.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4835 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "40f293dbdcdb287c235c05caec5aa3cf5bb538a8" + }, + { + "algorithm": "sha256", + "value": "4e62afbc88c4a4def0aebfd7ee39019f8138fa07ebe823b0fe416151d55f22b9" + } + ] + }, + { + "id": "4c23c7378d159b46", + "location": { + "path": "/usr/share/man/man7/property.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4383 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "aadbc0acc9aee369e63077355d5dec4fcfd9d142" + }, + { + "algorithm": "sha256", + "value": "271dcb89afc8604fa7bc07d54e802718889b30dd9d7ae7453693489add058c8c" + } + ] + }, + { + "id": "7f4b6e2448ed3140", + "location": { + "path": "/usr/share/man/man7/provider-asym_cipher.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5719 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d6539c607153083d988e98d2b8b007f1c4653c7c" + }, + { + "algorithm": "sha256", + "value": "e84fed2c876fb58311e6222289b5dc3d48b984c96f6a06979af8f13689ad1b8f" + } + ] + }, + { + "id": "3ad33f14bbbecc4f", + "location": { + "path": "/usr/share/man/man7/provider-base.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 13497 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6b7abd391ffcb2e8177e794d7f0b6f4984c2c77a" + }, + { + "algorithm": "sha256", + "value": "6d81d8a87df7066c1708d2949785beae4c0413675895ee9dcc57ed354b1c27c4" + } + ] + }, + { + "id": "bb179cb5784643e0", + "location": { + "path": "/usr/share/man/man7/provider-cipher.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5821 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "28b4a633e66dec774e0f8e3399d50378b9de5554" + }, + { + "algorithm": "sha256", + "value": "ecb6f6166b1b89149185c868145530830864b5a4895ff60effc25c9d553ea183" + } + ] + }, + { + "id": "95755bdbf4c35b87", + "location": { + "path": "/usr/share/man/man7/provider-decoder.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5795 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "91a0f2587ee512857e8f46ad1dd0244937886ca7" + }, + { + "algorithm": "sha256", + "value": "948ae40cb4108897e0e6a318d0093ef6131ba2c14dbcae54b64d87ff88509cee" + } + ] + }, + { + "id": "35251537084ad631", + "location": { + "path": "/usr/share/man/man7/provider-digest.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5526 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dea983f70e57712848006b172d874429c465d3c9" + }, + { + "algorithm": "sha256", + "value": "f749d6c6f93e362523ffd44025ec2210abbdfde3aba18777c7b704c6f6682df9" + } + ] + }, + { + "id": "35e43fc4d5dfd95a", + "location": { + "path": "/usr/share/man/man7/provider-encoder.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 6109 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2b02c3f5f28f8a3f67b22ddc87d7535bd1e0214b" + }, + { + "algorithm": "sha256", + "value": "4a05eed4b3ff9cd8a1d209f417d60db1f1ec1cd6ae404d4b72b741cca8465036" + } + ] + }, + { + "id": "3b7481d6c56feb94", + "location": { + "path": "/usr/share/man/man7/provider-kdf.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 6210 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "aed5bb3c0154796048825dc43648b0bd2527b3ef" + }, + { + "algorithm": "sha256", + "value": "897d92ab8281d249cd641efa69c308844ba027f636dfae1e53954ed64c44bd15" + } + ] + }, + { + "id": "18ede0deb982b800", + "location": { + "path": "/usr/share/man/man7/provider-kem.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5056 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5a12d1a9dc6291510e1cbd9c611a8504e9e83490" + }, + { + "algorithm": "sha256", + "value": "b12b54cf732e7c0cd687ae71052b9f9174da0508f504e6fc8d994a3a5b29577c" + } + ] + }, + { + "id": "d99e42a25be30c76", + "location": { + "path": "/usr/share/man/man7/provider-keyexch.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5434 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "10e25eb58a272682017167ececd786c1dff7aa94" + }, + { + "algorithm": "sha256", + "value": "af8d7802d1f7ab5ac8f9f427e19603274138a346e77d993bbca771ddf83e14dc" + } + ] + }, + { + "id": "d9f36e6fed776f19", + "location": { + "path": "/usr/share/man/man7/provider-keymgmt.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 8384 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "94918a793e449274ec2a23ff241dd20426bc5248" + }, + { + "algorithm": "sha256", + "value": "07180dc901461cc192ba2850e63cf745b166d35c3b081f2d262d5414098c461d" + } + ] + }, + { + "id": "3af3c17164dced1d", + "location": { + "path": "/usr/share/man/man7/provider-mac.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5394 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1042a1af952ca945bf2079b2c61d84535683e5c9" + }, + { + "algorithm": "sha256", + "value": "df27f247c67cc68bc59a824696bf3ebe29d67178f8d25239846d1d5d4fe526da" + } + ] + }, + { + "id": "ad7650e90c02e7ae", + "location": { + "path": "/usr/share/man/man7/provider-object.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4052 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2548ecff1ae1bf7cca830a08cb7bc2f231b07d06" + }, + { + "algorithm": "sha256", + "value": "1c24a0f260f4c76386cf6f9526ad2a16713ea61830a5ee1efbd96afc28d0129e" + } + ] + }, + { + "id": "64f306c08f107916", + "location": { + "path": "/usr/share/man/man7/provider-rand.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 6379 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cb184c2a5334e15890ad365c7cccb8a8445d0169" + }, + { + "algorithm": "sha256", + "value": "fc8dc315b18912235b729b50877149c6c9d13caa8e7fc5ef03aad52e1f736085" + } + ] + }, + { + "id": "2e6e0bd2077d78e3", + "location": { + "path": "/usr/share/man/man7/provider-signature.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 8877 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "715e7f9c33b59fc00c6d6124c671e7941c876ad0" + }, + { + "algorithm": "sha256", + "value": "91a46ad91428eb1b168c4930e43beaed4018ffa81f6c3a47933355c75d33d945" + } + ] + }, + { + "id": "807793bc82961c26", + "location": { + "path": "/usr/share/man/man7/provider-skeymgmt.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4503 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1747905ee5f313c2e5b223bdd7b3e0aaf81b8a3f" + }, + { + "algorithm": "sha256", + "value": "74ad115441e7b953dd94f2da033f77857770397b4c5da64b4ec74ee96e790108" + } + ] + }, + { + "id": "04979271e7e61cf1", + "location": { + "path": "/usr/share/man/man7/provider-storemgmt.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5200 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7b31524aa1649d055ec98908b22d5b8e104684d1" + }, + { + "algorithm": "sha256", + "value": "6a4a17abd97359423c43b8f6477e5d796625306c29515af42bee32fb21590282" + } + ] + }, + { + "id": "afa96907b0c15332", + "location": { + "path": "/usr/share/man/man7/provider.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5140 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "506fcc2fbd3d1d6420703b727deb2b46374db304" + }, + { + "algorithm": "sha256", + "value": "c2fdede907af8ea7f09fea83a579d523b19a4cf75acb6ba0fe3b3588aa7b8131" + } + ] + }, + { + "id": "d9428be1cfec208f", + "location": { + "path": "/usr/share/man/man7/proxy-certificates.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 5998 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b48e136e84af7b2258a6f518629f50043cd6533c" + }, + { + "algorithm": "sha256", + "value": "d0b141855efc0cd70db908af40ca55b3e6c71919d8807c918196fb5ef27502a1" + } + ] + }, + { + "id": "8cb4be846bdf4a6b", + "location": { + "path": "/usr/share/man/man7/x509.7ossl.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2765 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a173922261cc5bbd3279368a724499167db4ad8d" + }, + { + "algorithm": "sha256", + "value": "21773cae697cf5d36cb055b634850dab6bc9afb274a21f6d8d36d6e79df866a6" + } + ] + }, + { + "id": "f7da459eec88b367", + "location": { + "path": "/usr/share/man/man8/alternatives.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4791 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "818233332f9b07a1351710ff6ee9a1d520a803db" + }, + { + "algorithm": "sha256", + "value": "486f5011e513cfe9f2aa0fc837f38927c8c2af7b1a54e0d919d43645e552d829" + } + ] + }, + { + "id": "979f7169936e88d6", + "location": { + "path": "/usr/share/man/man8/ca-legacy.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1345 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5201c006b12e6327ffdbd3e66074debfb320e0c7" + }, + { + "algorithm": "sha256", + "value": "25cfe6db0a9f9ab8f0476903cef280c5a073f099519ae4ddd0a073eefa53cd17" + } + ] + }, + { + "id": "8c6e70c8073dd743", + "location": { + "path": "/usr/share/man/man8/chgpasswd.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2544 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "136c56a24d755ca13c5b978c71e7fc28b98bfed4" + }, + { + "algorithm": "sha256", + "value": "a6e0963808914bbdd01576f37d8fbc0a56a389360f9cb7528b606b93ad65b0fe" + } + ] + }, + { + "id": "04f2af066de0b149", + "location": { + "path": "/usr/share/man/man8/chpasswd.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2337 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0780c29d9da452188982c3c69df39e6d153bc3c6" + }, + { + "algorithm": "sha256", + "value": "e99b4d1203743bf05eb9616888310c0c5a01b0c4eb5bf75e119c206e44b6c33a" + } + ] + }, + { + "id": "508f3556caa1e8ec", + "location": { + "path": "/usr/share/man/man8/getcap.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 551 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e89253471e0e928279ce7cb0722a13f078189e52" + }, + { + "algorithm": "sha256", + "value": "8504a853a37e47cd61a3f0dca3eb3c10a64df63c7f185bcc98b9fd3f34a26b38" + } + ] + }, + { + "id": "ae8e6fdb3bff5894", + "location": { + "path": "/usr/share/man/man8/getpcaps.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 611 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "977480bfc147a0fc6aea7dd0c04ceabb41be7307" + }, + { + "algorithm": "sha256", + "value": "cb777f28334500ac5b37bdfb0325b2bbe12c1f08953686c9a94eaa6366dbfb02" + } + ] + }, + { + "id": "c8eef5d64160aec3", + "location": { + "path": "/usr/share/man/man8/groupadd.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2650 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d0b763acf648a0dbbda72be270755fe05ca70733" + }, + { + "algorithm": "sha256", + "value": "8ea1978377b2a22456443edcf6889cb8a74b65026bafd417df8da981e5a1d9d0" + } + ] + }, + { + "id": "9339aac8feecce6d", + "location": { + "path": "/usr/share/man/man8/groupdel.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1676 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "619452d0cf3bd7f40c72e80eaacb4dc039f32c5f" + }, + { + "algorithm": "sha256", + "value": "b90f55b4f492761d2ecdadfe518c1d30080af13b7ee53a8d77c51976530db624" + } + ] + }, + { + "id": "7fecc962fc876f80", + "location": { + "path": "/usr/share/man/man8/groupmems.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1666 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "078bd8cff1a8a484b6c174293a5af7eb8db9fbd0" + }, + { + "algorithm": "sha256", + "value": "3155aaa0d9c29b2449222888e74ac34b1684d3537d89973b9ad9958a2f09615a" + } + ] + }, + { + "id": "aaf3bf68249c31a2", + "location": { + "path": "/usr/share/man/man8/groupmod.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2339 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "be810cba867f850445b74f256e774c5dbf784cc8" + }, + { + "algorithm": "sha256", + "value": "dbaa039b771872344ae1576c813109c3bbf5cd09d5fd1cdd4aa031379e308eed" + } + ] + }, + { + "id": "f6867945d3c955d1", + "location": { + "path": "/usr/share/man/man8/grpck.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2161 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "40ce8cc87b86f961d0a4024aace6f97317aea84b" + }, + { + "algorithm": "sha256", + "value": "4f9d17ad9c8aeaa651ded8f6457a71192c07ece9091899ab7fe9002e92202698" + } + ] + }, + { + "id": "c95c777efd3b33f0", + "location": { + "path": "/usr/share/man/man8/grpconv.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 38 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d189fb1bf8491582d6e8372db76c20a98b53aeec" + }, + { + "algorithm": "sha256", + "value": "1de2873f0b66dd4bfc3d78fa621727e9b01a1304dd2f627f8ef92e454c06fdf0" + } + ] + }, + { + "id": "e7c59d719c145ebe", + "location": { + "path": "/usr/share/man/man8/grpunconv.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 38 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d189fb1bf8491582d6e8372db76c20a98b53aeec" + }, + { + "algorithm": "sha256", + "value": "1de2873f0b66dd4bfc3d78fa621727e9b01a1304dd2f627f8ef92e454c06fdf0" + } + ] + }, + { + "id": "bf13bb4fc87a4e51", + "location": { + "path": "/usr/share/man/man8/lastlog.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1929 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0122c24d33c3f1f5921cafee5c565d2f66dde371" + }, + { + "algorithm": "sha256", + "value": "1b68dd77880e9772b3fa4c0ff0547a91d24a07c8ac220897fc608342526d6342" + } + ] + }, + { + "id": "32ecdc00bc8f1320", + "location": { + "path": "/usr/share/man/man8/libnss_myhostname.so.2.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 46 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c32a3c7e2dec394629f98e8ba10f8c0cdafacc12" + }, + { + "algorithm": "sha256", + "value": "b2f995e61359cb0efbfb6b3356f29136fd7e1c15ee1c3d3909ac0cc9e92826d5" + } + ] + }, + { + "id": "8913e02f37ae1f62", + "location": { + "path": "/usr/share/man/man8/libnss_resolve.so.2.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 43 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e9dad32e403cd4c43b4345b93e6d45c640374312" + }, + { + "algorithm": "sha256", + "value": "a68b9870d5051a5c63125019047f4ab0c9ffe0b94e3fb829d6df75a572ba87d0" + } + ] + }, + { + "id": "c941dd2fee8bc9dc", + "location": { + "path": "/usr/share/man/man8/libnss_systemd.so.2.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 43 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1d362af7faf3ec53d5a2133f21ea739acc60ce29" + }, + { + "algorithm": "sha256", + "value": "3b085ed21510b7f307f8af04e73d95c854d12d6c51749a801ab6bdbd6d679213" + } + ] + }, + { + "id": "3a93c2921610e609", + "location": { + "path": "/usr/share/man/man8/newusers.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4227 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e9b810435a301aa1ffc3bc18261734b7f2cb3b86" + }, + { + "algorithm": "sha256", + "value": "cb947b80687c563cfb42f114b44bda8a112aabd076b7417dcd1c424ab7da6e0f" + } + ] + }, + { + "id": "d666a7310157583d", + "location": { + "path": "/usr/share/man/man8/pwck.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2291 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cb7de92f791a4c3e215abf5b3f661bb678804da5" + }, + { + "algorithm": "sha256", + "value": "8d6053d9eda3b481bafeba7c65336af76445c5a0ede868be34c7049d0df9d354" + } + ] + }, + { + "id": "cdbe43f9ded41de2", + "location": { + "path": "/usr/share/man/man8/pwconv.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2109 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5f6e3000b970ff90ca84a6a1491205b7e0a0a152" + }, + { + "algorithm": "sha256", + "value": "836530469af58342f13c40249a226ca018ed0fed400f9336cc0a4a4fb4864821" + } + ] + }, + { + "id": "1fac9ba21322fcea", + "location": { + "path": "/usr/share/man/man8/pwunconv.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 38 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d189fb1bf8491582d6e8372db76c20a98b53aeec" + }, + { + "algorithm": "sha256", + "value": "1de2873f0b66dd4bfc3d78fa621727e9b01a1304dd2f627f8ef92e454c06fdf0" + } + ] + }, + { + "id": "34bd4326f0fa931f", + "location": { + "path": "/usr/share/man/man8/rpm-misc.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 769 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e8b146df669f0070864ac3f445ff3b8fe1bca8eb" + }, + { + "algorithm": "sha256", + "value": "a8c647b82726c4c7f7c5bb89f7b16a8c638e575c51b912adcf9d29fa5e5d12ca" + } + ] + }, + { + "id": "ea9a00cfc2cc63bf", + "location": { + "path": "/usr/share/man/man8/rpm-plugins.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 823 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6931194c9791b7a445ea7037b47f9eb7680a9edb" + }, + { + "algorithm": "sha256", + "value": "e4877aa3aa292ca6c369b372bd65b08385ef1a8f98d328a643a5e743a0634395" + } + ] + }, + { + "id": "b0fc8d476106d1c3", + "location": { + "path": "/usr/share/man/man8/rpm.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 8750 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9957f080b5e278d1b2195ed0cf7bf1625dea04d5" + }, + { + "algorithm": "sha256", + "value": "c177bafab7ba5a754b7aef7e901e23bb70fb21a265f5b0554bedd41d44746899" + } + ] + }, + { + "id": "a0780dbff54c9fb1", + "location": { + "path": "/usr/share/man/man8/rpm2archive.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 670 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "911d5924e3eb690f626f11c90a6be5a7c1f44194" + }, + { + "algorithm": "sha256", + "value": "1fa08dc7c7f37f287e802fb28759b33c7175440051582fe86be9b95995651584" + } + ] + }, + { + "id": "aba75d947d4bd17c", + "location": { + "path": "/usr/share/man/man8/rpm2cpio.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 379 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "675c49d1a25af76dd3ce472523ba0249a10149c2" + }, + { + "algorithm": "sha256", + "value": "f3853aef7abafb2a402738fbc85ad008c2cb7c467f909522013abfba00de97b4" + } + ] + }, + { + "id": "aff45e84ed41704c", + "location": { + "path": "/usr/share/man/man8/rpmdb.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 887 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "00d72f6bb991a17086ef1c53b78b6b57866a5c23" + }, + { + "algorithm": "sha256", + "value": "e4e15b316d7d83b2cb18b59426b532ed1cdb3da8d546475b154f53b5abe96e61" + } + ] + }, + { + "id": "97eb1dd3d3eee063", + "location": { + "path": "/usr/share/man/man8/rpmkeys.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1002 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9326a64f1444320749a28a8f4c9681eff7d3f4f5" + }, + { + "algorithm": "sha256", + "value": "1ff622afaae4ec05292f0284c991fc4f3cbaf295200372c410a89cad3c6dd404" + } + ] + }, + { + "id": "d8bdde81208a0a93", + "location": { + "path": "/usr/share/man/man8/setcap.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 901 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "16024ae1cbcfa2e29a87c946685914c0b5b5cbbf" + }, + { + "algorithm": "sha256", + "value": "c0e7af5d94de223a697069acd7013f4a456cd51f0139c63d3300b2071ab77fca" + } + ] + }, + { + "id": "b63a0a7b01d148eb", + "location": { + "path": "/usr/share/man/man8/update-ca-trust.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4059 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ed5fa2893af5184ed19ffc6d53c64aad689ef742" + }, + { + "algorithm": "sha256", + "value": "9dcfcf93ce9ced75a8851784380629b539f5ff1db97ec2bd65409f3232ca692a" + } + ] + }, + { + "id": "7f383931a464767c", + "location": { + "path": "/usr/share/man/man8/useradd.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 6147 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b75ae8de1ad3e162fdce683b1893a5ad13b9f3c0" + }, + { + "algorithm": "sha256", + "value": "a35494b203a2ead241817fd820a8ec268d9a8cfefa003024087c98106826c202" + } + ] + }, + { + "id": "5bfd1be1aabee033", + "location": { + "path": "/usr/share/man/man8/userdel.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 3215 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c1e904ff64e50009a8bf518024235b2751c4d968" + }, + { + "algorithm": "sha256", + "value": "144ef60d536a87f9b80e3c97e64f4326129e46f14b26fa4e98be9f9ba9da2972" + } + ] + }, + { + "id": "03871e262f623541", + "location": { + "path": "/usr/share/man/man8/usermod.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 4224 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5eacb2fcb99da51b839441c17febace553c65800" + }, + { + "algorithm": "sha256", + "value": "980486b182a2d5510cbe6abeb17e3978f93bd6fa706c66346e04bbecbdfb019c" + } + ] + }, + { + "id": "20916f2b078a8aad", + "location": { + "path": "/usr/share/man/man8/vigr.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 36 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4df34d59dfeb44f70569075cf7829708e09c8aaa" + }, + { + "algorithm": "sha256", + "value": "d7e13de50506fd087784c5e0c52eb496c3daae11deae8e684eabf69b45ddb3db" + } + ] + }, + { + "id": "fbfd1d356eb4ddb3", + "location": { + "path": "/usr/share/man/man8/vipw.8.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 1155 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3373698a38f25bcb090465170c325c9641738dae" + }, + { + "algorithm": "sha256", + "value": "23b1f5cf9b7e925790e9a1b0826e55aef807db34463c247f44eeb07316818f85" + } + ] + }, + { + "id": "aa7a3466a80a0996", + "location": { + "path": "/usr/share/man/ru/man5/semanage.conf.5.gz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/gzip", + "size": 2848 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8fe7766ec7a6e24aa691396a976309d150acff2f" + }, + { + "algorithm": "sha256", + "value": "3e66d6385e45e9085de1095632a5facf1004ce796b50e9f011d1ed2c80c946fd" + } + ] + }, + { + "id": "68b4d5db7e9b5c5e", + "location": { + "path": "/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "", + "size": 0 + } + }, + { + "id": "3759503d470d31ea", + "location": { + "path": "/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "", + "size": 0 + } + }, + { + "id": "385bef3e509708fa", + "location": { + "path": "/usr/share/pki/ca-trust-source/README", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 937 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a11ae92b056325ef0add4b4726c997780295f3f2" + }, + { + "algorithm": "sha256", + "value": "0d2e90b6cf575678cd9d4f409d92258ef0d676995d4d733acdb2425309a38ff8" + } + ] + }, + { + "id": "c045464a7d75f70d", + "location": { + "path": "/usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 2545081 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5a7a2e7e5803a37883cd65038d9f014be82db3c6" + }, + { + "algorithm": "sha256", + "value": "02ad6e337e41b5e7bea51e6def6d97f608d244d4ec134856fe0324a375af6b59" + } + ] + }, + { + "id": "b70ce668c38e8866", + "location": { + "path": "/usr/share/rootfiles/.bash_logout", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "66296908ae73bd0b72b71fb15b413e9c7b81c69d" + }, + { + "algorithm": "sha256", + "value": "2584c4ba8b0d2a52d94023f420b7e356a1b1a3f2291ad5eba06683d58c48570d" + } + ] + }, + { + "id": "88819ffead5dde14", + "location": { + "path": "/usr/share/rootfiles/.bash_profile", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 141 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3dd5fa8ddb34c23b4c2bac9754004e2a3aa01605" + }, + { + "algorithm": "sha256", + "value": "28bc81aadfd6e6639675760dc11dddd4ed1fcbd08f423224a93c09802552b87e" + } + ] + }, + { + "id": "684ba92e32e6b8db", + "location": { + "path": "/usr/share/rootfiles/.bashrc", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 429 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "11ca3585a568f82dad333b5ac15937c738d4e864" + }, + { + "algorithm": "sha256", + "value": "7e5d5df65ced1e47aee7b016d405ace4298fd9134d6caef45e1c835078c79aec" + } + ] + }, + { + "id": "1cf7480adb1b706a", + "location": { + "path": "/usr/share/rootfiles/.cshrc", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 100 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ea145e5186958c0c70514ab1eab4ce9cc9f71073" + }, + { + "algorithm": "sha256", + "value": "4e9418cde048f912e4aadb76ba55045b5d9af0e0565f7091bfc752154451eca9" + } + ] + }, + { + "id": "d81651ac3ba0104d", + "location": { + "path": "/usr/share/rootfiles/.tcshrc", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 129 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2c691d1108be15163e3211776730031b40641d96" + }, + { + "algorithm": "sha256", + "value": "1bb91935e2cee1d5d2ab7e8d92125acbfac12d9bf3f1c7922aa4ce77ae7ea131" + } + ] + }, + { + "id": "b41a49b6e27da37f", + "location": { + "path": "/usr/share/tabset/std", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 135 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0969b2c95d9430c81b0d4b05d81146a6cced5f31" + }, + { + "algorithm": "sha256", + "value": "fbadb5f608b355fe481c0c7d9c6265b2372bfa35250662f81f68d46540080770" + } + ] + }, + { + "id": "e4b58777688d3db6", + "location": { + "path": "/usr/share/tabset/stdcrt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 95 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e1fae2fc4bba672fc26554780be21d74106a064b" + }, + { + "algorithm": "sha256", + "value": "cf6c37b18ceea7c306f7e3a5e604a03b0dfb9c22ec99163e4b52f885ce063145" + } + ] + }, + { + "id": "2d4b5bcf32f6cbc2", + "location": { + "path": "/usr/share/tabset/vt100", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 160 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b84fb01263cd003588e9a164e80bd0b8ea2e56b5" + }, + { + "algorithm": "sha256", + "value": "075251754239d9973945d82b95c18cd90997acd2017393e70c8832e9297de056" + } + ] + }, + { + "id": "5517326a8e488359", + "location": { + "path": "/usr/share/tabset/vt300", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 64 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5246984995036718d05516acefc59c8bbd17b3ce" + }, + { + "algorithm": "sha256", + "value": "61f8388cad6a381feb819bc6a8d299d06a853d15e1f4bfdfd6b6f40069ad4956" + } + ] + }, + { + "id": "49fb4120d637fe1a", + "location": { + "path": "/usr/share/terminfo/A/Apple_Terminal", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1992 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "961c492dc1577bd974ffea27a95c9829d5c1a586" + }, + { + "algorithm": "sha256", + "value": "e0c164ffe1cd8dbbb8162f5f0925424c401fd2871c8e4556f6a67b2f95a1ac7c" + } + ] + }, + { + "id": "c159e8b0661e7d06", + "location": { + "path": "/usr/share/terminfo/E/Eterm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2224 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "426a08e18cefeab7cb48760f7403433553cc7960" + }, + { + "algorithm": "sha256", + "value": "9c6c23dd46de071e5f5ee24cb2144f82e46365c9011bd8574bf210f0c8245043" + } + ] + }, + { + "id": "0e34fb41de1b62b1", + "location": { + "path": "/usr/share/terminfo/E/Eterm-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2464 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a3dedac4ce00ae3b8a14f771d212116b8a6d212f" + }, + { + "algorithm": "sha256", + "value": "6954921767095f6869584f352abe93a025c0a7b8babe3b100082f622e9f2e7c7" + } + ] + }, + { + "id": "f0ecee1a41d9766c", + "location": { + "path": "/usr/share/terminfo/E/Eterm-88color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2394 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c1183fafbe090fac812f9167a8a6ce8f361388c9" + }, + { + "algorithm": "sha256", + "value": "7c9db2ec3a75e199ea30cb5daf86fcc90c9a96a1ae30e941556b4b55bb8cc71c" + } + ] + }, + { + "id": "739c4c996183e33c", + "location": { + "path": "/usr/share/terminfo/a/alacritty", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3653 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4814150f074b4f43052f1f51cbb088c6646ffac8" + }, + { + "algorithm": "sha256", + "value": "d92bacc079ad7110ea07f405850bc5cb07e33a7b721bb609065e10a1b465d4c9" + } + ] + }, + { + "id": "9ce0eef993dd6662", + "location": { + "path": "/usr/share/terminfo/a/ansi", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1481 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b5211ae4c20d69e9913b175c3645c5ce97837ce3" + }, + { + "algorithm": "sha256", + "value": "93ec8cb9beb0c898ebc7dda0f670de31addb605be9005735228680d592cff657" + } + ] + }, + { + "id": "0c3e4cf799fcc30f", + "location": { + "path": "/usr/share/terminfo/a/ansi80x25", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1502 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b9fe14cf5f090381ae40637d02c3734b28fdd3ff" + }, + { + "algorithm": "sha256", + "value": "acd69b88fbc9045037b562dd67c876e88cc5d2616af20b9ca6c41d33ee335606" + } + ] + }, + { + "id": "11b19e39d79597cb", + "location": { + "path": "/usr/share/terminfo/a/aterm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2192 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fb7c8aebe3d8e6842067fb9615710603e28231fb" + }, + { + "algorithm": "sha256", + "value": "ec91b6e46b961cf52e1138691886a2de4ba2807eedd3502e5f11da197bc7cf9e" + } + ] + }, + { + "id": "6d9636fb6e232098", + "location": { + "path": "/usr/share/terminfo/b/bterm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1155 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "367f109e38c891cfc1b00849a5fa25dd44e36352" + }, + { + "algorithm": "sha256", + "value": "b5166019760429c4d6150180f1c2dd81136488e21c36b564e605c9dc7366f1db" + } + ] + }, + { + "id": "1d1a43393b1232b9", + "location": { + "path": "/usr/share/terminfo/c/cygwin", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1518 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "76d9469b0fc8838dacfd5d3922bfc95a06a6ba1c" + }, + { + "algorithm": "sha256", + "value": "3e04bfdcc0764f4e28655701864845752cd3f77d0c52390637ebe588f91665cf" + } + ] + }, + { + "id": "09084d46a70bf81b", + "location": { + "path": "/usr/share/terminfo/d/dumb", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 308 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "df4b4d8fa4137e85510ddb04c84cc7b0bfc518f6" + }, + { + "algorithm": "sha256", + "value": "123c85a2812a517d967db5f31660db0e6aded4a0b95ed943c5ab435368e7a25c" + } + ] + }, + { + "id": "3ca2d9bbc94af0e3", + "location": { + "path": "/usr/share/terminfo/e/eterm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 842 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a63bbca4434711cfa92bc50ee48ccaaff42ef178" + }, + { + "algorithm": "sha256", + "value": "c79a54efd731abe696b0373d814c9a67839eb74229cb0f63ec436b43871b8a2a" + } + ] + }, + { + "id": "1897f00c748327d1", + "location": { + "path": "/usr/share/terminfo/e/eterm-color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1249 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "306abed9b67901c310e15aa32627bf31b8384b5a" + }, + { + "algorithm": "sha256", + "value": "718af703c538849e5b13ca124dc0416a60e05f1eed5208f6d72836c51c108f31" + } + ] + }, + { + "id": "2d6b3c65dcb51837", + "location": { + "path": "/usr/share/terminfo/g/gnome", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3029 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ed1d9b1864a262c2b9d5346943bd5e1169c58006" + }, + { + "algorithm": "sha256", + "value": "9054b3a9afffd27c0fb4748f1181703168c8f0d0ce4dd0fa83af850a8672c2ab" + } + ] + }, + { + "id": "117bddb3be9fc6c4", + "location": { + "path": "/usr/share/terminfo/g/gnome-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3299 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ed4c79cb7ead3eab7e776529d1d3336df1bfc926" + }, + { + "algorithm": "sha256", + "value": "7c411676c7c6aa80510f711598786df0ef9ad986bbe9496b71d41da73734dab4" + } + ] + }, + { + "id": "a563a8a6f4101d54", + "location": { + "path": "/usr/share/terminfo/h/hurd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1580 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "015da86ead4aed847658dfc1b2a583349d5e6632" + }, + { + "algorithm": "sha256", + "value": "10aecfba156ec90c243267284da1f9d43b8e68813e58690c5870ae8d2a5ac9e9" + } + ] + }, + { + "id": "9e7a24f8b9f9a4a0", + "location": { + "path": "/usr/share/terminfo/j/jfbterm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1616 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3525047500b2283571e883985f716c42c356450a" + }, + { + "algorithm": "sha256", + "value": "4598cafe3bdb6a266fbe58846482e57cece634382a0b002f95780a72df37c86e" + } + ] + }, + { + "id": "87088da3c73ee47a", + "location": { + "path": "/usr/share/terminfo/k/kitty", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3142 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "81c84132b8a775fa53aa1ce16ab69778009b61cb" + }, + { + "algorithm": "sha256", + "value": "bccaa15c12d7fcf33aea0d7205588141d32c63834fca2d87e25fa07e57927f00" + } + ] + }, + { + "id": "ee7f726c682ba5b0", + "location": { + "path": "/usr/share/terminfo/k/konsole", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3134 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "af0724ef2ff3ed16f4ed6d83da22fecca584dd52" + }, + { + "algorithm": "sha256", + "value": "f0300abc7f4b5f3ddb541c68c563171b4de742c9f1be1e0e06979ad50493b08e" + } + ] + }, + { + "id": "96c8175a8f36d182", + "location": { + "path": "/usr/share/terminfo/k/konsole-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3302 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "52334c5cd1f77103d7078b126553d00cebc26b7d" + }, + { + "algorithm": "sha256", + "value": "ffccaf526a120f9c52c7fbff5ac0c60a1ec1d803c562a3bb62c5ecb3ff41adae" + } + ] + }, + { + "id": "b77f01b69f16a601", + "location": { + "path": "/usr/share/terminfo/l/linux", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1728 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e2ab37cc907ba18540050f28ed8b2819665ea708" + }, + { + "algorithm": "sha256", + "value": "3eacc0f9dcd8aac29a7935eb1f78be5c51b24a5dd38065789bb326015c9a9836" + } + ] + }, + { + "id": "5c91ea5dfc763123", + "location": { + "path": "/usr/share/terminfo/m/mach", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 617 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2164ebc6389b2eb81f855aff81dd512a9c0ef589" + }, + { + "algorithm": "sha256", + "value": "ecd31c58040e5908eb434514e67620b2e4be538655126f427155760b273c7e9b" + } + ] + }, + { + "id": "f34d0eb0a29edab3", + "location": { + "path": "/usr/share/terminfo/m/mach-bold", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 652 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b31e68274d7e658c3d20302c10f3a8dee2d45a6a" + }, + { + "algorithm": "sha256", + "value": "4e4400e3ad4df2dbbf90920860c540cd72552ca71a24b556a0b6ba62fa091b84" + } + ] + }, + { + "id": "5b678d76cc0043bf", + "location": { + "path": "/usr/share/terminfo/m/mach-color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1095 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "519df843a8d27ca36bb1703c3edc893135793dd1" + }, + { + "algorithm": "sha256", + "value": "5caa825bd606e26c8b6c55a3206eccfea525e788f74da5e7cb48cc713db52239" + } + ] + }, + { + "id": "a968fc110e78a7e9", + "location": { + "path": "/usr/share/terminfo/m/mach-gnu", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1056 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bf9269b2a7a463c68e2ba9200b28ae3115f6b362" + }, + { + "algorithm": "sha256", + "value": "99372cd399478be723230692595362004df345dee6c4145e4d109113a2357717" + } + ] + }, + { + "id": "84b5e513d406987a", + "location": { + "path": "/usr/share/terminfo/m/mach-gnu-color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1318 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4466e8a9353f3400cfba527abcf0d26c28f364c2" + }, + { + "algorithm": "sha256", + "value": "e1c62541670d0e10fe46daabce8ce95d9fd77115a68106e5eb2c2a7647e40a13" + } + ] + }, + { + "id": "2f07e6cfdae0c898", + "location": { + "path": "/usr/share/terminfo/m/mlterm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3126 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "855ae490a8e1a2e788d973c57bd0bb81b547b2c3" + }, + { + "algorithm": "sha256", + "value": "1334887ef2b3ca487e445ed9a0b03b3ec6750ed1617d8cad6416045a69d32cdf" + } + ] + }, + { + "id": "4c763e54c767a733", + "location": { + "path": "/usr/share/terminfo/m/mrxvt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3044 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ee1c75869778dca9cc90ebf7ca6f7f5ca619a973" + }, + { + "algorithm": "sha256", + "value": "28e3b5820b9762eadf7201f9877f8e010fdeaf74a60ed12e94d3f39c24cc8d3f" + } + ] + }, + { + "id": "a4671eb99dd9ce2d", + "location": { + "path": "/usr/share/terminfo/n/nxterm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1551 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4ed36bad309da59504a894aafbb0bd2fab0e6819" + }, + { + "algorithm": "sha256", + "value": "f74fe619914bfe650f6071bbbaf242c439de8a2f0ecefe9e80870216dfb844b4" + } + ] + }, + { + "id": "49ce661ec5b0e144", + "location": { + "path": "/usr/share/terminfo/p/pcansi", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1198 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6867ac96a0cfed1d9df1e9a64f122c75cac71a99" + }, + { + "algorithm": "sha256", + "value": "ecda9662049c96ee0a574f40cfb8950b0198b508b5b72a3de05774eb3cb3f34e" + } + ] + }, + { + "id": "9927684daea6e98f", + "location": { + "path": "/usr/share/terminfo/p/putty", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2387 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7f0059c55c612f78d56c2326c7ebd7f40c94fd16" + }, + { + "algorithm": "sha256", + "value": "61c517a78fe0e43e1dc0c46211e2c21caff28dde5faec6dcac1854f406a8f198" + } + ] + }, + { + "id": "bb7b9486d2967e4f", + "location": { + "path": "/usr/share/terminfo/p/putty-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2465 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "160d4ab98b0b21aec25b853141c516e947accd5c" + }, + { + "algorithm": "sha256", + "value": "f300b4599e56d79862ae9b2564b9a1c6b80b1e97377caff9cf5c0d3c321da1cf" + } + ] + }, + { + "id": "478f145eadc35c6e", + "location": { + "path": "/usr/share/terminfo/r/rxvt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2222 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7ebae08a244978e66725578525b77e4c6681f9a5" + }, + { + "algorithm": "sha256", + "value": "fd66cf403b6a6dc0a9fb1644f5e90a6c045e121a2039086bc105995dee951cca" + } + ] + }, + { + "id": "9343d5cbf9e585e5", + "location": { + "path": "/usr/share/terminfo/r/rxvt-16color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2494 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2031924bda14f0353b35c855bd0cd8e859c23d83" + }, + { + "algorithm": "sha256", + "value": "6ab73ad1b0b5fc6e7d8bba94dd640dd1ac0af130977ec0343722f844b1dc731f" + } + ] + }, + { + "id": "ba04e1a02ccf0e79", + "location": { + "path": "/usr/share/terminfo/r/rxvt-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2460 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "984f719ef802db986328ab24f87cd9c7f98bd67f" + }, + { + "algorithm": "sha256", + "value": "04d0d3eff9bad452bb14b3758c4550d2541804c47418dd8962738c8b0af56900" + } + ] + }, + { + "id": "a5abdb1170ef5088", + "location": { + "path": "/usr/share/terminfo/r/rxvt-88color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2428 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1ceb9fdec92ed9a93e788606f7a30bf5c7517502" + }, + { + "algorithm": "sha256", + "value": "970530f4391f38cdd940ba3260e3be762b0106ce9e6566e44bce78eb83ebf667" + } + ] + }, + { + "id": "b4b0af52e0102e33", + "location": { + "path": "/usr/share/terminfo/r/rxvt-basic", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2137 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9f0dd8d350f267d421e4ceb42ed496bd100b6ac2" + }, + { + "algorithm": "sha256", + "value": "8d7df7d5b30ab517c857ec8dd8bc19353536e19a8b4dab9b32dab7515ccc67fc" + } + ] + }, + { + "id": "523c6606f11f2b6b", + "location": { + "path": "/usr/share/terminfo/r/rxvt-color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2226 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b0f9c33dffa72b5870816350bf9138b204b08b24" + }, + { + "algorithm": "sha256", + "value": "dba804770a9c6832dd1ac4f2fd209f8053aa5d01a89f60b9e2428c59e3500fc0" + } + ] + }, + { + "id": "64f587ed99b945e5", + "location": { + "path": "/usr/share/terminfo/r/rxvt-cygwin", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2248 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3ee54f150e0f558069507db5d5faf9f6746acdc1" + }, + { + "algorithm": "sha256", + "value": "524b0193a04a4f2d50d19846e47a36aac33161331e929820a5b229c73d0db700" + } + ] + }, + { + "id": "088ade83e6eebed3", + "location": { + "path": "/usr/share/terminfo/r/rxvt-cygwin-native", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2266 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "69ab48190b1e8f39d0a43301e4e9fa5adb09ce92" + }, + { + "algorithm": "sha256", + "value": "bc25e9fefa0e94ecc6892a987c7e8ed4331475e35049a134e5e3903d681a0b52" + } + ] + }, + { + "id": "ca75d7cf751c3a9b", + "location": { + "path": "/usr/share/terminfo/r/rxvt-unicode", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2208 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bb79402a4c07ef2bc1862da01aa85ff1c54712b8" + }, + { + "algorithm": "sha256", + "value": "063264a85fd735a13028390c8d43cf38b5214417c6e48908eabb85bcdb9b7495" + } + ] + }, + { + "id": "be6d66b461c658b9", + "location": { + "path": "/usr/share/terminfo/r/rxvt-unicode-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2234 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "53502733cd0469b40a4ae1e071096650cdc17798" + }, + { + "algorithm": "sha256", + "value": "d713e450e914420493252afbde977cd3165ea649dfe5c33b0f518ec83b1afba1" + } + ] + }, + { + "id": "ba2b8aeeed756e4b", + "location": { + "path": "/usr/share/terminfo/r/rxvt-xpm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2224 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "54b5114a07a2196a308d285dae8f955e3e2b7237" + }, + { + "algorithm": "sha256", + "value": "331dd75bad5d1a9dffd4fd1ad254edfca32780ace51a22b1d8d657aebf03663f" + } + ] + }, + { + "id": "bf552973196385fd", + "location": { + "path": "/usr/share/terminfo/s/screen", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1601 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ae72fc57a69459885628f96cf46b8a8c55b293fb" + }, + { + "algorithm": "sha256", + "value": "8c9f1ec5d39d497e23943171bbba511c07192392a673ec642b0f805e1496c242" + } + ] + }, + { + "id": "2671778ef1b1ae46", + "location": { + "path": "/usr/share/terminfo/s/screen-16color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1877 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9bc9e2b411bbca518178fafcfaaedf038843ee1a" + }, + { + "algorithm": "sha256", + "value": "04e2d2a20905a85daf8c652e6cb359a4c43c0df0da42079fa250a40860b501bb" + } + ] + }, + { + "id": "f03e4607a68f7fff", + "location": { + "path": "/usr/share/terminfo/s/screen-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1747 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "df1d3a56010c9996a514c40e3b9f834a8c629bc2" + }, + { + "algorithm": "sha256", + "value": "cbac29ca9641403d7c2e377f4c54c52f24e811f98d47c71b599707e00ad91f0c" + } + ] + }, + { + "id": "c70fed58b78ebdab", + "location": { + "path": "/usr/share/terminfo/s/screen.Eterm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2255 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0651e42e81446e751ad964a5e48554c5f924240f" + }, + { + "algorithm": "sha256", + "value": "0cdc69a1a9d76f90782c9033fdaca7867d761dde7ae2cbd1277d8b1a2e84a859" + } + ] + }, + { + "id": "96eaafd3944dde48", + "location": { + "path": "/usr/share/terminfo/s/screen.gnome", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3118 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fae5fa662a2775c936f772b9043f07c92c25bffd" + }, + { + "algorithm": "sha256", + "value": "a3eaa12685b0c5dc1c1fd813d9413b35ee0559658b738a7518d5ef82048fdd90" + } + ] + }, + { + "id": "de1aaed71982acfe", + "location": { + "path": "/usr/share/terminfo/s/screen.konsole", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3152 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5eabf0951c6b1664387c338048ef54d20f34c0c0" + }, + { + "algorithm": "sha256", + "value": "3589347d84695a08fa10f5468540eace3b8d5efe0473cfad05823fb42a7f4200" + } + ] + }, + { + "id": "fc223aa7c8c6f6f1", + "location": { + "path": "/usr/share/terminfo/s/screen.konsole-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3310 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f2186907191b3dee1e646177d88fa0f842c34e7a" + }, + { + "algorithm": "sha256", + "value": "a6a490ec343cba7c36539dadfa3662f014c19b567bdf0bdd49524757ea5555e3" + } + ] + }, + { + "id": "1b17f7a3b989d675", + "location": { + "path": "/usr/share/terminfo/s/screen.linux", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1754 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0a94bcc700376d0092ab7da25b91b69e92a59a19" + }, + { + "algorithm": "sha256", + "value": "f4cd95e072ac92d217e69b93d9da8209d6532bd67428b5f90395a02ba686d26b" + } + ] + }, + { + "id": "878ad561b086b8ad", + "location": { + "path": "/usr/share/terminfo/s/screen.mlterm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3120 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b0a2ed8af7d1f34d5ddc1dd44df404c32633052b" + }, + { + "algorithm": "sha256", + "value": "f127db567ddf4fa0dc0aaf3d15dec44e876efb748ac6db252e2e9c716c925746" + } + ] + }, + { + "id": "62b0b802c45d2d9e", + "location": { + "path": "/usr/share/terminfo/s/screen.mlterm-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3290 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2f568837a14e73410a9608ff1654e66ba844c722" + }, + { + "algorithm": "sha256", + "value": "82996e7e225aafe638618c97025a9c7452ae8d1f29d5e677d1bccde3571b3956" + } + ] + }, + { + "id": "d58e250ca45ee93a", + "location": { + "path": "/usr/share/terminfo/s/screen.mrxvt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3125 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0bd36300776980e25e41c18b000ef99dd9a959ab" + }, + { + "algorithm": "sha256", + "value": "8f9718e189abece10bf6d2371ed0fdfb9cd2b62485edcddfcde5e40c6905bb1e" + } + ] + }, + { + "id": "bf768e51b1b0694d", + "location": { + "path": "/usr/share/terminfo/s/screen.putty", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2387 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "86263e54dd2fa24639462c60226bc384ba3a8db6" + }, + { + "algorithm": "sha256", + "value": "79112ae95d9610b54e5f6e756cfc0dd95e8f126ac8f2b924df9818158c934b72" + } + ] + }, + { + "id": "63723b0f4336e0db", + "location": { + "path": "/usr/share/terminfo/s/screen.putty-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2479 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d4aab7ad9f0f234b16fa304b455a007bfb2de490" + }, + { + "algorithm": "sha256", + "value": "1c06f6fa536cb53c00337c19062698ac20c1ec07bb7925a9cf4fe5f833554dff" + } + ] + }, + { + "id": "c458e6458e9b08ba", + "location": { + "path": "/usr/share/terminfo/s/screen.rxvt", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2251 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7208e1cb51192309e5b46b7a546e6437a8a7993e" + }, + { + "algorithm": "sha256", + "value": "8983e116d7c302b9764918d14a3a1f48efc0475da61bc1d9d094cfc111d470fd" + } + ] + }, + { + "id": "469423e151105775", + "location": { + "path": "/usr/share/terminfo/s/screen.teraterm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1700 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0db862fbc9c8b47cf70a4c53d93f77a67ea1ff45" + }, + { + "algorithm": "sha256", + "value": "e4167086215b313305bc5b19412c50ccc1bf794079b5ff459517a47574f625aa" + } + ] + }, + { + "id": "70069cacf08e5836", + "location": { + "path": "/usr/share/terminfo/s/screen.vte", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3260 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "82766b952dc629bd9e667462383a3b2e0de7a30e" + }, + { + "algorithm": "sha256", + "value": "a8304c19e96ef295020a0aad7f50e3fca43d1687ec4f1e238cbf2ac641b4a9b9" + } + ] + }, + { + "id": "97be65b698050a66", + "location": { + "path": "/usr/share/terminfo/s/screen.vte-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3412 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8154ab1ea7f3dd2fa3a9274eb9beb43c502a4cfa" + }, + { + "algorithm": "sha256", + "value": "eb2a1590196eb9238e5d89b6c4e0fec0a4fe8cb4e45747a781fb7c84b35a8002" + } + ] + }, + { + "id": "b1a9a334edfc782d", + "location": { + "path": "/usr/share/terminfo/s/screen.xterm-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3575 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c8ca10f4e38b4bde0a6e374710e1787da44fd579" + }, + { + "algorithm": "sha256", + "value": "41464ca875edb94074f7f757d03c337daf45c3ef98258c6ab5113352b45c9599" + } + ] + }, + { + "id": "e58f4643f64e0965", + "location": { + "path": "/usr/share/terminfo/s/screen.xterm-new", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3679 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d16c714355802ee18656cc6bf46128231a123148" + }, + { + "algorithm": "sha256", + "value": "50f7c84aeed647a706370427fb6833f9b069455f0479c5bceee310b1a603c1c3" + } + ] + }, + { + "id": "efa0d7dce3147d57", + "location": { + "path": "/usr/share/terminfo/s/screen.xterm-r6", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1607 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "51d961daa0f5ed51638197accab163e57ce8e0d5" + }, + { + "algorithm": "sha256", + "value": "d7b2d447bde520f07fb34eafaa5a52475c6a573cd25ffece947538111a082697" + } + ] + }, + { + "id": "f40c1864762c12c0", + "location": { + "path": "/usr/share/terminfo/s/st", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2577 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "008c71d39a6f89a8deaa05e846fd40a4e14f167a" + }, + { + "algorithm": "sha256", + "value": "04ec866bf3b2f7747f021870d7f3cfcc32b2c00933ed56da5f2c53276f98cc6d" + } + ] + }, + { + "id": "b6c79f65123c68c7", + "location": { + "path": "/usr/share/terminfo/s/st-16color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2739 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ae1db2c4f699b91c38021d80791cfbd3d5f7aedf" + }, + { + "algorithm": "sha256", + "value": "9233dae204dcccbe231489b90e5a73b6960237cbdc66e5095a796687bbc98cad" + } + ] + }, + { + "id": "f1092c0f72a807b1", + "location": { + "path": "/usr/share/terminfo/s/st-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2699 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7ba52b715ca27d2b1cf7cdd36d9a1d4c489bb3e5" + }, + { + "algorithm": "sha256", + "value": "1a0830080f6101ea005cad2f2dc14d7be90d6dd31bd2ef978717908b1f248732" + } + ] + }, + { + "id": "01d4f5973d1c627a", + "location": { + "path": "/usr/share/terminfo/s/sun", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1004 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "faf6b1b33d6c3a6aae31f7b657810b6171d91a8d" + }, + { + "algorithm": "sha256", + "value": "02e392161cb23f49a8fb1ba2f1a6583e013c0c26672f58c5eaca828db3b19914" + } + ] + }, + { + "id": "326ff4dc26b7e7f3", + "location": { + "path": "/usr/share/terminfo/t/teraterm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1683 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6f5a518f864e1b517b340db118202293d573aded" + }, + { + "algorithm": "sha256", + "value": "4e45171106372b30d13e11934d5cd217aef45dfc0f2c065b4b0b1f7d9d2cbf9e" + } + ] + }, + { + "id": "b8e23a2c85c074aa", + "location": { + "path": "/usr/share/terminfo/t/teraterm2.3", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1592 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "722dd14fea3e528e555dd324b2549ce7ccc2e0e0" + }, + { + "algorithm": "sha256", + "value": "6598b360cd87b5c3e3f99a5b0b4d462c59e754bad79968febc84c77b7acc3bdc" + } + ] + }, + { + "id": "3c671293eaa35b7d", + "location": { + "path": "/usr/share/terminfo/t/tmux", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3101 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5dce89f95ed8f1253a105a887b54bf09822a91b8" + }, + { + "algorithm": "sha256", + "value": "dfca8c55e27b29092119c636df3f294f91899c773cd88fd045211f33e4374b4e" + } + ] + }, + { + "id": "66aaab4ba24bc5b4", + "location": { + "path": "/usr/share/terminfo/t/tmux-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3245 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "602bb3f1c90195fdcecd0a1df7c01ba600633255" + }, + { + "algorithm": "sha256", + "value": "0be91123144f84d33761a08e98ae0bef4fbf25ab73dac895d20f5baefa1e5f69" + } + ] + }, + { + "id": "0e50753a88851779", + "location": { + "path": "/usr/share/terminfo/t/tmux-direct", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3406 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "48a350b75f941a5c2d6cba8df1eb108b0502a5f6" + }, + { + "algorithm": "sha256", + "value": "a60c23f2642905644aba59b21d70a0d86ac8b3efb66a500e316dee0c77dfd01a" + } + ] + }, + { + "id": "c3c8cf0a40b73304", + "location": { + "path": "/usr/share/terminfo/v/vs100", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1525 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bfa87e9290d04805f82626a2d0371697d7f6f7e4" + }, + { + "algorithm": "sha256", + "value": "2b1249158a7053eee58242625f79b29f35da721cbcf695a327521cfed3bec117" + } + ] + }, + { + "id": "fc15b1cbbbc8b700", + "location": { + "path": "/usr/share/terminfo/v/vt100", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1190 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "604682c15cc708fbd02fecf33d0d23bed5e735e6" + }, + { + "algorithm": "sha256", + "value": "44fe1bfcc36f3a7669a387b623a44c360f9e150868f9924920182b44bcbbdba6" + } + ] + }, + { + "id": "22d92096b251462b", + "location": { + "path": "/usr/share/terminfo/v/vt100-nav", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1055 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5a64f0f0ecbbb4db08aacb7f21041293b58a95ec" + }, + { + "algorithm": "sha256", + "value": "e509a4ee7373ff884ef9b5b293fdffa88182711d6b0448fe99d2cbeb1939114a" + } + ] + }, + { + "id": "a00981ff8a31aa27", + "location": { + "path": "/usr/share/terminfo/v/vt102", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1184 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0647b65463bb39b373e3fa4019249f2b2f84991b" + }, + { + "algorithm": "sha256", + "value": "60e451f57c0308b79004ebc6189b49417b4ac11d783154072cae803a11af7d3f" + } + ] + }, + { + "id": "07b4d533d94c80f2", + "location": { + "path": "/usr/share/terminfo/v/vt200", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1391 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ed09f848574a9e8f0d82951ab0ae4c8674d757bc" + }, + { + "algorithm": "sha256", + "value": "9454527a74b80c5d3f8489137b9cf0cbb38c6d2a700c0ac5894164409e10f3ec" + } + ] + }, + { + "id": "243f7f524d627de6", + "location": { + "path": "/usr/share/terminfo/v/vt52", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 839 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3c42c0190e2097c89d02a33c3aae1baf365d35af" + }, + { + "algorithm": "sha256", + "value": "e18f7a08c5e49f850f5673c1a393da8fce302dcbb960c546bb341ae858c953c9" + } + ] + }, + { + "id": "358e676f3ce16efa", + "location": { + "path": "/usr/share/terminfo/v/vte", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3254 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "594d35295bd9d090172a081cd1c46a0ff7154e7c" + }, + { + "algorithm": "sha256", + "value": "a59d832325bcaf79ee1e96dbabc05f82d576a3817e6295d151e8796a342ceb35" + } + ] + }, + { + "id": "8290f04afbda7365", + "location": { + "path": "/usr/share/terminfo/v/vte-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3504 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "09fdc1b67a1a8bbfbdd70a9d3d83c0eb31d83fd5" + }, + { + "algorithm": "sha256", + "value": "332a40dd7766bd6368ce500ecdff89b8ffec1022bd3d3e11e87ae4d68c95ff7d" + } + ] + }, + { + "id": "c8cc24147a716899", + "location": { + "path": "/usr/share/terminfo/v/vwmterm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1302 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c4732fbcd7e0406e8b72c0bb122e01654f6b495d" + }, + { + "algorithm": "sha256", + "value": "eae3fe39004992478d09bdb5063c6609f8c6f5119053de8fca645002b993b535" + } + ] + }, + { + "id": "aa00d5296f618d6a", + "location": { + "path": "/usr/share/terminfo/w/wsvt25", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1597 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6e544110ee387257fad3048674d0b6cb5e81291c" + }, + { + "algorithm": "sha256", + "value": "28d3410e6b83a3b78a41f108098ac8772a3af3ee2b627b9f9bb4b19b363a5be3" + } + ] + }, + { + "id": "968fd195a4554675", + "location": { + "path": "/usr/share/terminfo/w/wsvt25m", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1607 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "74ef27fc6d81c6a43dd40f231777c0ffb485a559" + }, + { + "algorithm": "sha256", + "value": "18c85db3b0ef0ab15b7eb8dc4ac6ea14a37d851628220c8bb61e2edfa4f81683" + } + ] + }, + { + "id": "b2c06c93987dc6df", + "location": { + "path": "/usr/share/terminfo/x/xfce", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2995 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2295d08f2831f0e3323b9061ee797c134a14a8df" + }, + { + "algorithm": "sha256", + "value": "390a5f18914c8c867a62637326b7a0f00ec72c746fe282efe55fa36746241c84" + } + ] + }, + { + "id": "5dadf1adff8ce7ae", + "location": { + "path": "/usr/share/terminfo/x/xterm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3720 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b3f26dd67868d19acca1e04c76e5c9796f1cf0cd" + }, + { + "algorithm": "sha256", + "value": "e423b4b00aa50e3161ae0b0fca7c6019389a837bcdc29075dd40452aaff21579" + } + ] + }, + { + "id": "37b118056dc26790", + "location": { + "path": "/usr/share/terminfo/x/xterm-1002", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3701 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "17b4daee1d21145996d794280cf2fd2f7d8457eb" + }, + { + "algorithm": "sha256", + "value": "6daca159799eeebe2100543a42e2931777a978e59fb2bcc17d1693c146c5670f" + } + ] + }, + { + "id": "5d67ea35ce22f6ae", + "location": { + "path": "/usr/share/terminfo/x/xterm-1003", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3699 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e6755e1610ad2ed419843459399707d9d88fc542" + }, + { + "algorithm": "sha256", + "value": "35fa2e56262f3e1c790fc56846544b5385fc608a357989ef656b86c4f18aa042" + } + ] + }, + { + "id": "be7456704d957929", + "location": { + "path": "/usr/share/terminfo/x/xterm-1005", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3714 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b6f6f128e4445ee37802db3190b26b9e90b2b5a7" + }, + { + "algorithm": "sha256", + "value": "eff2d7f9eeaa5c20b0fabae9ce1a4637a15f2a1c3f732cf5f95fa98d19fd793b" + } + ] + }, + { + "id": "5bc14091563d357b", + "location": { + "path": "/usr/share/terminfo/x/xterm-1006", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3700 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a052414b7718bded5e515d573065f42aa3bffdd2" + }, + { + "algorithm": "sha256", + "value": "57afd1b3d2629e6ac46123b3eeb12b80e8b5aff415a9f18613f86d2871336e31" + } + ] + }, + { + "id": "022bdd650baaeff4", + "location": { + "path": "/usr/share/terminfo/x/xterm-16color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3958 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b502cd6300c553fb7be991b779c8e2ec587be2df" + }, + { + "algorithm": "sha256", + "value": "262a09a0f9ea8f8ea53ef151ed0283e25544897a1dea89307ffd5e5c863570a7" + } + ] + }, + { + "id": "3a06aa97b9d3c315", + "location": { + "path": "/usr/share/terminfo/x/xterm-256color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3814 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "70cda1040ca4254d8e41dda619ce653dee06b976" + }, + { + "algorithm": "sha256", + "value": "680743a3e8a460e35683ba59e97b3579f6e25d5a104507040d256e703575de9b" + } + ] + }, + { + "id": "ae45f54c300bb636", + "location": { + "path": "/usr/share/terminfo/x/xterm-88color", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3782 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b12ea7da1cec1b83fad202e27d2a415e09cbe30a" + }, + { + "algorithm": "sha256", + "value": "e096ba9743b994565fc98ce40ff37cc8a7fd30d0a48e83f58bf5fb3a6e8cde8d" + } + ] + }, + { + "id": "0cb46cc286b242d6", + "location": { + "path": "/usr/share/terminfo/x/xterm-8bit", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1913 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6147b83c6a0616522ae0833646887b6b5e5565f0" + }, + { + "algorithm": "sha256", + "value": "999ec07a74a5587da0966f9a361e587143aeab35212cbab6ad4a03451ef797d1" + } + ] + }, + { + "id": "3a3dd63fc31cf9f0", + "location": { + "path": "/usr/share/terminfo/x/xterm-basic", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1828 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a84a45e8d4f34c78094475d4a0a4d489a4a158fd" + }, + { + "algorithm": "sha256", + "value": "5d54cb15056ae0a673ef75dcce8cc6966dbe74579808ea81180e84965871dca0" + } + ] + }, + { + "id": "358a54515c04e917", + "location": { + "path": "/usr/share/terminfo/x/xterm-bold", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1592 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4e889ac2d471114952b37ddcf1b6fc82321f58dc" + }, + { + "algorithm": "sha256", + "value": "4296a878469b6bc5bab5acbce875e43bc501ab57a62d8d29cd34a424ba1e9de4" + } + ] + }, + { + "id": "f3f45085dd41c8af", + "location": { + "path": "/usr/share/terminfo/x/xterm-direct", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3773 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "21c521345e063c5ecfb8f7e99f8b15abdd984f34" + }, + { + "algorithm": "sha256", + "value": "63a281b88bfa1d525432c712c68887f2b6a321bcf5c1600451d116f5f89babcf" + } + ] + }, + { + "id": "9243f8be77ca5508", + "location": { + "path": "/usr/share/terminfo/x/xterm-direct16", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3843 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "28be03201ca765e264dc9fdf630cbc44c8b45ff4" + }, + { + "algorithm": "sha256", + "value": "767604eb2e2a242db60555bb2e4f801a045a3b03ec02f6aa318c321f7d29110d" + } + ] + }, + { + "id": "0d62abe9ceec72d8", + "location": { + "path": "/usr/share/terminfo/x/xterm-direct2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3763 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "06b536b9aa86e862e87fcd7d7d380980e8600198" + }, + { + "algorithm": "sha256", + "value": "420b7a15d5023a4030742ccd48639de223cfbaeb675d4af7fc5882e822dfded8" + } + ] + }, + { + "id": "9ba2547f37f694f8", + "location": { + "path": "/usr/share/terminfo/x/xterm-direct256", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3901 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "37a4f04ab6ea0726ef48eb063ae89b2f93d3276a" + }, + { + "algorithm": "sha256", + "value": "b80042a930fd54d642f2f4d194894c2b4344acaba4eb6032f30acb5d8b2d0a0c" + } + ] + }, + { + "id": "10b15c7300d1de17", + "location": { + "path": "/usr/share/terminfo/x/xterm-hp", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2344 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "abc01a5137972b9587e7819f08ac6021a230f283" + }, + { + "algorithm": "sha256", + "value": "f11650d98fd186dbeb717ec72a72c9a450a42ee0387d20f5408f75364f04c62b" + } + ] + }, + { + "id": "770bb10fedc6e4ed", + "location": { + "path": "/usr/share/terminfo/x/xterm-mono", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1489 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "554f1f8aa440753daaae49b149a49b3e4c4cf848" + }, + { + "algorithm": "sha256", + "value": "3024be4c36be53d6468fa1e48a0f584a410a17e26c3c6e7826c815b4ef56c595" + } + ] + }, + { + "id": "27fa8cd5292f5759", + "location": { + "path": "/usr/share/terminfo/x/xterm-new", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3714 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "edaa0aad5eca10b8a97413b2a559ecf62b0dd10d" + }, + { + "algorithm": "sha256", + "value": "7ba565ab3d4132d6cb3ee77d4f3a82f74755294b40f155f5fb0f96138dd77e7d" + } + ] + }, + { + "id": "fff2cc852438009f", + "location": { + "path": "/usr/share/terminfo/x/xterm-nic", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3728 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3717b448255e585338148342a97da63d29efc697" + }, + { + "algorithm": "sha256", + "value": "d1ac522553500494c979be8912645b1b6036fb3803898e19d86b032f82ec98bc" + } + ] + }, + { + "id": "b9c6ec960b364afe", + "location": { + "path": "/usr/share/terminfo/x/xterm-noapp", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3676 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fb1a830b20924764a0c66470ec96c0ade2214386" + }, + { + "algorithm": "sha256", + "value": "e4e0c9f4c27f51504e5eb67aa1ce121c663a759b1e2102338c20ecf6259794d7" + } + ] + }, + { + "id": "aeb11193f8402ce7", + "location": { + "path": "/usr/share/terminfo/x/xterm-old", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1493 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "34923577f4a51dbe7a79d1d6274d10e207d28eb7" + }, + { + "algorithm": "sha256", + "value": "927b8821c947b96b020ca7341dffb57bdfa2986fcaecd5fdbf2ca2369eacc285" + } + ] + }, + { + "id": "262bec80ab3b6fc9", + "location": { + "path": "/usr/share/terminfo/x/xterm-pcolor", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1658 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "956b61f6a02ee955b5795e0f35937ef81bb4474e" + }, + { + "algorithm": "sha256", + "value": "1fc3a8c307a46818870ad4313246f62c439ca3ef704a947c09471e8cf335e2fe" + } + ] + }, + { + "id": "8e1d542f8169b000", + "location": { + "path": "/usr/share/terminfo/x/xterm-r5", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1301 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a4283a7cf44e9e4a4a9e5ac166328ba8d6ddf632" + }, + { + "algorithm": "sha256", + "value": "82098ec067be6189e91e8264278bb85fe3b7bfdeaa3754be301313be140522ca" + } + ] + }, + { + "id": "9a82f7c0ce9888c0", + "location": { + "path": "/usr/share/terminfo/x/xterm-r6", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1491 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "97bfc10103a98e54eb646a2e9b39d9e23a983336" + }, + { + "algorithm": "sha256", + "value": "ee12fe6d2d8e1d0b83d1042fe8a38f1aed6fd73e2c7316e6db5ec5b061b09ef8" + } + ] + }, + { + "id": "d00ddd9f869070e6", + "location": { + "path": "/usr/share/terminfo/x/xterm-sco", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2520 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "afd94d9cec40a7e571619d06e4cf41854b2c6a19" + }, + { + "algorithm": "sha256", + "value": "da57c8f3d66ce45f68d8c28dd360201c6e6918bb5da6947a80949129f5a93940" + } + ] + }, + { + "id": "9ae4907d5846a39c", + "location": { + "path": "/usr/share/terminfo/x/xterm-sun", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2596 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0d4572d62c0d6a276e28f1466f77034913b8fa7d" + }, + { + "algorithm": "sha256", + "value": "12a8b1c0907e5a1cd1aa1b8c8815dc85477c7f953113d127a2dfca5eaf04c90d" + } + ] + }, + { + "id": "9ed2eb25fdb82770", + "location": { + "path": "/usr/share/terminfo/x/xterm-utf8", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3737 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1faca6458b3a792e647147459a9149fd3c2fb7a8" + }, + { + "algorithm": "sha256", + "value": "f00daefe425aeec94b657249dd6575b48a58b1a3db5feca318003799e9eac188" + } + ] + }, + { + "id": "10e3777ce389b734", + "location": { + "path": "/usr/share/terminfo/x/xterm-vt220", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2406 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "732f3cba430675fad0760c774b9124c474f27572" + }, + { + "algorithm": "sha256", + "value": "84a21605f8740519373ad315139195949c76cf63abd5a00f4315545c6b7f44be" + } + ] + }, + { + "id": "68e1197e7698a852", + "location": { + "path": "/usr/share/terminfo/x/xterm-vt52", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 537 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "afd9b9c4a321327e4acbed97153bef23dfdf31b3" + }, + { + "algorithm": "sha256", + "value": "b3113c9b349f1fa3ab9d141a67742a14edde60e06a98c6c9adf4aaaf15afbb65" + } + ] + }, + { + "id": "48281070c504d26d", + "location": { + "path": "/usr/share/terminfo/x/xterm-x10mouse", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3696 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0a84c286d399ddf22d3bc43d17124f3d9fbe20b8" + }, + { + "algorithm": "sha256", + "value": "781b3399f614a9a456f266132e6da69a48a8974a2fef418ee0e546a001edc889" + } + ] + }, + { + "id": "36256cdb62622e80", + "location": { + "path": "/usr/share/terminfo/x/xterm-x11hilite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3724 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4659d0b5482fb2ae09ef31f59727954a53c84130" + }, + { + "algorithm": "sha256", + "value": "bc1edd65d8437128d901c1e4534872b9a5cdfc0b1e959c7f90191f20d0b10037" + } + ] + }, + { + "id": "e8c64ca72ddad3e6", + "location": { + "path": "/usr/share/terminfo/x/xterm-x11mouse", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 3708 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6b284ea695088d038e3727f6fca922d5d515ef7d" + }, + { + "algorithm": "sha256", + "value": "9b8944e971bc60997823a6660c79de5fd47f259ebd427b971353f53ff2083ca7" + } + ] + }, + { + "id": "40c55a7db4a229cd", + "location": { + "path": "/usr/share/terminfo/x/xterm-xf86-v32", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2006 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "19840e58a41b5f289c78073fe5eb0e83d0b002c4" + }, + { + "algorithm": "sha256", + "value": "bf8cbc70b73992ca93b22f411bae2f71d613a69a9f0b59f0f9c2d5be12f982d8" + } + ] + }, + { + "id": "c35dd89b3eb05a79", + "location": { + "path": "/usr/share/terminfo/x/xterm-xf86-v33", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1996 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b458625d264a9717e805f17e5415ad9554221e05" + }, + { + "algorithm": "sha256", + "value": "d4127e626af189a2d56cc45e1c60e4e6ac32b4d55b9c417129bcc8369c347515" + } + ] + }, + { + "id": "85c3ed778f0ddb90", + "location": { + "path": "/usr/share/terminfo/x/xterm-xf86-v333", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2006 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "93e84400f5ff9008cd64565d35630e3a121448fe" + }, + { + "algorithm": "sha256", + "value": "24a1f8a18d96d544cef7c4427bee3f4b73fe12156e902ea214cf49d6807b3bb5" + } + ] + }, + { + "id": "5170d1225175e819", + "location": { + "path": "/usr/share/terminfo/x/xterm-xf86-v40", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2212 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dfaacdc92a4bc1c13fddcc7279c9ac5f15233d27" + }, + { + "algorithm": "sha256", + "value": "7da82a4679f772e87f3ca2b93740ee0d0e20f61a263bbfea31199566eab29536" + } + ] + }, + { + "id": "0403744b03ece668", + "location": { + "path": "/usr/share/terminfo/x/xterm-xf86-v43", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2226 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dd74540822b3982624d3f21fd53c37381c21240d" + }, + { + "algorithm": "sha256", + "value": "0507f61ded223aa930b87d22255974423d73fdd860ea588d4fd0b895e5d9d2ea" + } + ] + }, + { + "id": "4745f6daad934514", + "location": { + "path": "/usr/share/terminfo/x/xterm-xf86-v44", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2260 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e17794a406f5afd3082a5a6d0218baae9531fe0b" + }, + { + "algorithm": "sha256", + "value": "1111271420d735b74ecb175e9fcb79847e6c0e298c3abfb2224747502a854adf" + } + ] + }, + { + "id": "b93e2d2cfb64bc9b", + "location": { + "path": "/usr/share/terminfo/x/xterm-xfree86", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 2240 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "735e300eaa0b79dcb0f6683e9861565fd3f884da" + }, + { + "algorithm": "sha256", + "value": "0827497deddd4ec9e9515dd9530e6b0bf92762553d1c4eedbca3459c1931775e" + } + ] + }, + { + "id": "e218da38269c139b", + "location": { + "path": "/usr/share/terminfo/x/xterm-xi", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 1986 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8fdba88c3930d0828f84c09ed998fbc431c0aa49" + }, + { + "algorithm": "sha256", + "value": "d89c9fe77fa62d5df516089d11422ede4b78c167cf061e17a183b663f022c051" + } + ] + }, + { + "id": "318d6eab1c4b4756", + "location": { + "path": "/usr/share/zoneinfo/Africa/Abidjan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 148 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5cc9b028b5bd2222200e20091a18868ea62c4f18" + }, + { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + } + ] + }, + { + "id": "c9f88fd6c52d991f", + "location": { + "path": "/usr/share/zoneinfo/Africa/Addis_Ababa", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 265 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "289d1fb5a419107bc1d23a84a9e06ad3f9ee8403" + }, + { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + } + ] + }, + { + "id": "4f0e212bbcaed305", + "location": { + "path": "/usr/share/zoneinfo/Africa/Algiers", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 735 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "edb95d3dc9238b5545f4f1d85d8bc879cdacdec8" + }, + { + "algorithm": "sha256", + "value": "bda1698cd542c0e6e76dfbbcdab390cdd26f37a9d5826a57a50d5aab37f3b2a6" + } + ] + }, + { + "id": "ef4b2ad66ec4cf22", + "location": { + "path": "/usr/share/zoneinfo/Africa/Bangui", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 235 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "30ba925b4670235915dddfa1dd824dd9d7295eac" + }, + { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + } + ] + }, + { + "id": "322000192658f13d", + "location": { + "path": "/usr/share/zoneinfo/Africa/Bissau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 194 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "adca16c6998258a9ccabcc8d4bcfe883a8d848f5" + }, + { + "algorithm": "sha256", + "value": "223bb10cfe846620c716f97f6c74ba34deec751c4b297965a28042f36f69a1a9" + } + ] + }, + { + "id": "f27d0499d3b1c954", + "location": { + "path": "/usr/share/zoneinfo/Africa/Blantyre", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 149 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b0ff96d087e4c86adb55b851c0d3800dfbb05e9a" + }, + { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + } + ] + }, + { + "id": "eef0a08628daad13", + "location": { + "path": "/usr/share/zoneinfo/Africa/Cairo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2399 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "428e1f5f708eb4c131f29185bd602223027b3eac" + }, + { + "algorithm": "sha256", + "value": "2dfb7e1822d085a4899bd56a526b041681c84b55617daee91499fd1990a989fb" + } + ] + }, + { + "id": "796657e2d7cc9dcf", + "location": { + "path": "/usr/share/zoneinfo/Africa/Casablanca", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2431 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0a90bf261426bdb4544c441d1312c1866b056583" + }, + { + "algorithm": "sha256", + "value": "5f06da20694355706642644e3ffce81779e17cf37e302f7b6c5ef83390bb1723" + } + ] + }, + { + "id": "24d0eefe07c685d5", + "location": { + "path": "/usr/share/zoneinfo/Africa/Ceuta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2052 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "029ce64badb36722c9e2191f3ce858c514aabbc1" + }, + { + "algorithm": "sha256", + "value": "0b0fb6fe714319b37c5aa22c56971abb2668a165fc8f72a6c763e70b47c7badf" + } + ] + }, + { + "id": "9e8d2102ea28598a", + "location": { + "path": "/usr/share/zoneinfo/Africa/El_Aaiun", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2273 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "562677dcaa1d34a7bd9744b5d3fc024d78ce7329" + }, + { + "algorithm": "sha256", + "value": "d47aadca5f9d163223d71c75fc5689fbf418968a805441f9681fecd816c9f0e8" + } + ] + }, + { + "id": "566978418a8582b5", + "location": { + "path": "/usr/share/zoneinfo/Africa/Johannesburg", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 246 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "65c0d4ab314cb72b8d8c768e3d0c3218848b61f1" + }, + { + "algorithm": "sha256", + "value": "6c1bcc752668e77585a308ae8543bd0bccd8e813865626e809bf94f3fe3d977e" + } + ] + }, + { + "id": "6191b262893eb64a", + "location": { + "path": "/usr/share/zoneinfo/Africa/Juba", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 679 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "48173811f532aabc17b3798c40fad46a3df0e543" + }, + { + "algorithm": "sha256", + "value": "5159c8a843c9c072d3302fabe6a6501cdbfda29a1856c29dabeb5aff95d4c3f4" + } + ] + }, + { + "id": "c2a8edf6c75a67a6", + "location": { + "path": "/usr/share/zoneinfo/Africa/Khartoum", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 679 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7cde30d5acfd99119ef22162c1f8bcafb86eaf03" + }, + { + "algorithm": "sha256", + "value": "318583a09dc070222d65d029a1e3a0b565830f1aaec13a27e6fe533863fbd3ea" + } + ] + }, + { + "id": "78f5d71f306ef4ce", + "location": { + "path": "/usr/share/zoneinfo/Africa/Monrovia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 208 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "81b045ed68f73a8806c5f2104b573b0479c19bd0" + }, + { + "algorithm": "sha256", + "value": "f95b095b9714e0a76f7e061a415bf895cbb399a28854531de369cee915ce05d5" + } + ] + }, + { + "id": "86d26aeda90b4234", + "location": { + "path": "/usr/share/zoneinfo/Africa/Ndjamena", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 199 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "035072509f30da9a5a27b48910ae180f9c6b4b15" + }, + { + "algorithm": "sha256", + "value": "f13dc0d199bd1a3d01be6eab77cf2ddc60172a229d1947c7948a98964608d0a3" + } + ] + }, + { + "id": "1ac51dcf88d495c2", + "location": { + "path": "/usr/share/zoneinfo/Africa/Sao_Tome", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 254 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7d2cac076d99bc5e38ba27b67113317ad496d3b1" + }, + { + "algorithm": "sha256", + "value": "31d8f1a50dbaf2ecc9ed9c7566ba0552d454c2ab09e85ff263701857d157c352" + } + ] + }, + { + "id": "e187e467e11bb275", + "location": { + "path": "/usr/share/zoneinfo/Africa/Tripoli", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 625 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fabf4010ab003c26947df60b5e359781670caa70" + }, + { + "algorithm": "sha256", + "value": "5b5769b460fbd13ee9a46a28d1f733150783888a749ee96d2cd3d5eba3300767" + } + ] + }, + { + "id": "9a76fb50afdcaa0e", + "location": { + "path": "/usr/share/zoneinfo/Africa/Tunis", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 689 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c44e2d3c1e351f1004ab69ea559feb8ccdd65f64" + }, + { + "algorithm": "sha256", + "value": "38554c10ce1e613d84cf46deba1114093488a5c165756c6c576b84a1364850d2" + } + ] + }, + { + "id": "722217af7e61be0e", + "location": { + "path": "/usr/share/zoneinfo/Africa/Windhoek", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 993 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "650da30ebf5b460404c98be416f9580d9795dffb" + }, + { + "algorithm": "sha256", + "value": "639c868f5284fdf750a11e21b9aa6a972cb48596c8afbc8f949d8efeb6128d1c" + } + ] + }, + { + "id": "ea0f3b8bf78643a2", + "location": { + "path": "/usr/share/zoneinfo/America/Adak", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2356 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "be58a7c839146fa675eeb6dad748c08d0647542c" + }, + { + "algorithm": "sha256", + "value": "201d4387025000a6e13c9f631cb7fccd6e4369dec7224052f9d86feb81353a53" + } + ] + }, + { + "id": "4f7ebf154c9dee62", + "location": { + "path": "/usr/share/zoneinfo/America/Anchorage", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2371 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "275760f2eb22160c578089566f68042a5f4d2f57" + }, + { + "algorithm": "sha256", + "value": "a190353523d2d8159dca66299c21c53bc0656154be965e4a2e0d84cfd09b113b" + } + ] + }, + { + "id": "c3b81e97789af4f1", + "location": { + "path": "/usr/share/zoneinfo/America/Anguilla", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 246 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fcf8be5296496a5dd3a7a97ed331b0bb5c861450" + }, + { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + } + ] + }, + { + "id": "536a0170a2e837ec", + "location": { + "path": "/usr/share/zoneinfo/America/Araguaina", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 884 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "86307f5f8222c3ae21815c2844f6fca38f94b55d" + }, + { + "algorithm": "sha256", + "value": "929a628b2b6649079eb1f97234660cdebf0d5549750be820bb4f2cf7f4edf9ca" + } + ] + }, + { + "id": "15aec7429804cc49", + "location": { + "path": "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1076 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6e7ba0a5dcf870abab721a47adbbc8f93af1db56" + }, + { + "algorithm": "sha256", + "value": "9ed9ff1851da75bac527866e854ea1daecdb170983c92f665d5e52dbca64185f" + } + ] + }, + { + "id": "ba53573b9cfd0fcb", + "location": { + "path": "/usr/share/zoneinfo/America/Argentina/Catamarca", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1076 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ac9a4e79fe5a861447c23d68cccb35762d5f3aa4" + }, + { + "algorithm": "sha256", + "value": "7621f57fdea46db63eee0258427482347b379fd7701c9a94852746371d4bec8d" + } + ] + }, + { + "id": "d34abf13f23fa547", + "location": { + "path": "/usr/share/zoneinfo/America/Argentina/Cordoba", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1076 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "04f2815d23c3c63ac6bd204a2935f18366c8d182" + }, + { + "algorithm": "sha256", + "value": "d57a883fc428d9b3d1efdd3d86b008faa02db726e6c045b89acec58d903961fc" + } + ] + }, + { + "id": "8ea257eac59089ca", + "location": { + "path": "/usr/share/zoneinfo/America/Argentina/Jujuy", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1048 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "12099cd844cb19e4842eca3457c937dd9580b0fd" + }, + { + "algorithm": "sha256", + "value": "e474744e564589fc09e672d39a0ef25978024f1f664616a17ece3f5aaef4c0e6" + } + ] + }, + { + "id": "ca71f5553b5d6b00", + "location": { + "path": "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1090 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a2c4c6ee89eacd8b99867fddcd8db684e15f8ee9" + }, + { + "algorithm": "sha256", + "value": "65ffc4dda905135614b7d319e31c5b4673aba766c7d43f818ec73448b15f4725" + } + ] + }, + { + "id": "cd9b726fe5f144e5", + "location": { + "path": "/usr/share/zoneinfo/America/Argentina/Mendoza", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1076 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e321681c40214a181d2c4ec2015f740507811fbe" + }, + { + "algorithm": "sha256", + "value": "e43262618790a5c2c147f228209b64e3722cc0978661ac31e46ca4b33b89f8dc" + } + ] + }, + { + "id": "e3f08a267b684227", + "location": { + "path": "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1076 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a508a0daafb22185e4f39d040b2f15053bc2b2a5" + }, + { + "algorithm": "sha256", + "value": "4fded6003c2f6ba25bc480af88d414b7fee2c3d73e9e5a08e10242b1c10d49c9" + } + ] + }, + { + "id": "8bdfa32e69de48fa", + "location": { + "path": "/usr/share/zoneinfo/America/Argentina/Salta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1048 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ba6390b0c61d1c92c30692a309b9cfd3c54f9a41" + }, + { + "algorithm": "sha256", + "value": "013c34b91eaccd628fb3a8f3767eab7af4bb5310970f6e8e44aea3966b232f5f" + } + ] + }, + { + "id": "7a903f7a2c9d5ba9", + "location": { + "path": "/usr/share/zoneinfo/America/Argentina/San_Juan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1090 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2ef1b1742c1daf27a441e1dd81f3ee2e21cbab6f" + }, + { + "algorithm": "sha256", + "value": "aa55baf776b44e7a1fcbe45d71506e598dc3bd34c6c56c1c61d294dd8f7ca57f" + } + ] + }, + { + "id": "79a942968674b495", + "location": { + "path": "/usr/share/zoneinfo/America/Argentina/San_Luis", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1102 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c6469d1173cff2a995e00bef9764294185d65af6" + }, + { + "algorithm": "sha256", + "value": "59875cae8e7e15ef8de8b910b0ac31ff5b55a339a7069e7c0ced7e049b36b2ea" + } + ] + }, + { + "id": "43dbbaa7ed552857", + "location": { + "path": "/usr/share/zoneinfo/America/Argentina/Tucuman", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1104 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9bbe6f5300224148f2451195f471e7f310cd2bde" + }, + { + "algorithm": "sha256", + "value": "c2c8e0d5ae4033574fda08ebd75da4defb79e2dadc38e33f4ad17be31cef0497" + } + ] + }, + { + "id": "38d0fbbdf89964cf", + "location": { + "path": "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1076 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0d6b6844b13bf120a80b7e72147ca94a111ae39e" + }, + { + "algorithm": "sha256", + "value": "f79e3c56fabf929c3f357e6ceb9bd8b886eabf0195f8f071ab099cadf94b2345" + } + ] + }, + { + "id": "7f9562764d10c0b9", + "location": { + "path": "/usr/share/zoneinfo/America/Asuncion", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1658 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e91a29807bc92d61324d265ab40c3fa651e66cb7" + }, + { + "algorithm": "sha256", + "value": "a9e3a3a4b284bb3ed45dabfb7b1df7e14c482e835c7b5856ab6cdfbf1ef4c709" + } + ] + }, + { + "id": "2112b844bdb7263e", + "location": { + "path": "/usr/share/zoneinfo/America/Atikokan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 182 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a94fbc2d567e41723f03629b6c9a864260108a17" + }, + { + "algorithm": "sha256", + "value": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + } + ] + }, + { + "id": "bbc47973b9d50f9f", + "location": { + "path": "/usr/share/zoneinfo/America/Bahia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1024 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f6df0a2d176d0df66fae90bc35a9f8f1ee9b249b" + }, + { + "algorithm": "sha256", + "value": "7262e448003320d9736065c1a800c4537b8f800f52e67b7ea75015dd9cbce956" + } + ] + }, + { + "id": "72bbfbf43a13bdfd", + "location": { + "path": "/usr/share/zoneinfo/America/Bahia_Banderas", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1100 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "33e0f3d5c7eace9077bacfa4f2b6e1e4b374fdb5" + }, + { + "algorithm": "sha256", + "value": "32fad7189e4bcda1ce7a0b89ab1b33c63c4c85569f1956e4fa88d711ceff6042" + } + ] + }, + { + "id": "b3ff2a61ff5b4796", + "location": { + "path": "/usr/share/zoneinfo/America/Barbados", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 436 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5904a49c6c0ce8f10178fe13174ed9c964a8312a" + }, + { + "algorithm": "sha256", + "value": "8a66be42bae16b3bb841fbeed99d3e7ba13e193898927b8906ee9cdb2546f4b1" + } + ] + }, + { + "id": "3bc3cdb4c0d18237", + "location": { + "path": "/usr/share/zoneinfo/America/Belem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 576 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b29f1ee834833e89c06ef39b80b8f8c0b49ad31d" + }, + { + "algorithm": "sha256", + "value": "ff6e7c85064b0845c15fcc512f2412c3e004fa38839a3570257df698de545049" + } + ] + }, + { + "id": "ca05fe3e6305beea", + "location": { + "path": "/usr/share/zoneinfo/America/Belize", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1614 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4728ee967fe9745f4b614e5b511da1c08bd3689c" + }, + { + "algorithm": "sha256", + "value": "a647cb63629f3dc85b7896b5a56717996030a7866546fc562d57b35e7adb930b" + } + ] + }, + { + "id": "7cb88702cda86e95", + "location": { + "path": "/usr/share/zoneinfo/America/Boa_Vista", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 632 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a32d00603897fd4d970a675e5c01656f8652f598" + }, + { + "algorithm": "sha256", + "value": "5785553a4ac5515d6a51f569f44f7be0838916603943142b72d6ad4c111bfa1b" + } + ] + }, + { + "id": "7b2ab2deee4bf264", + "location": { + "path": "/usr/share/zoneinfo/America/Bogota", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 246 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1e810e3d76edd6adf16384b7e49d2236b9c57ee1" + }, + { + "algorithm": "sha256", + "value": "afe3b7e1d826b7507bc08da3c5c7e5d2b0ae33dfb0d7f66a8c63708c98700e24" + } + ] + }, + { + "id": "f6f403ed0f9f3203", + "location": { + "path": "/usr/share/zoneinfo/America/Boise", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2410 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e0608b89be80aaa6660eee5964203ad760b0659a" + }, + { + "algorithm": "sha256", + "value": "ec742c34f262521790805cf99152ef4e77f9c615c061a78036a0ec9312b3d95b" + } + ] + }, + { + "id": "fba6ced282174415", + "location": { + "path": "/usr/share/zoneinfo/America/Cambridge_Bay", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2254 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dcfc3c07c7366b75916af1dccd366fd1077e5b18" + }, + { + "algorithm": "sha256", + "value": "ff8c51957dd6755a4472aa13ea6c83ecd7930979e7f4e624fe21f4d3a6f050ba" + } + ] + }, + { + "id": "da56e399ea6614c0", + "location": { + "path": "/usr/share/zoneinfo/America/Campo_Grande", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1444 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9a7b1e23290eeb4394e91e0ef4adc00b9ba4def5" + }, + { + "algorithm": "sha256", + "value": "e41044351dfff20269e05fd48f6451927bd173824958d44f9d953d13bb5bf102" + } + ] + }, + { + "id": "cfcf3b57eca8267c", + "location": { + "path": "/usr/share/zoneinfo/America/Cancun", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 864 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cf74e0c9c8ba2365819123eaddd6817606064eaf" + }, + { + "algorithm": "sha256", + "value": "11d574370d968cced59e3147a2ae63b126cbbae13b78fd4e13be2eb44c96246e" + } + ] + }, + { + "id": "9f0583310b4acb5b", + "location": { + "path": "/usr/share/zoneinfo/America/Caracas", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 264 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3914e45c3922bc30b89498066fb637cc04886462" + }, + { + "algorithm": "sha256", + "value": "d8da705cf12d42423cd96099b905875dfeba54200371ac0ca5f84a4ecb80d31e" + } + ] + }, + { + "id": "fedcac4633f1430a", + "location": { + "path": "/usr/share/zoneinfo/America/Cayenne", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 198 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4f888b09b894c79fa691466a4f4eaaa83da367e0" + }, + { + "algorithm": "sha256", + "value": "6ad55b5b90a1262290feafb7905b3e0cb4d365af69b64887926265ab8017a18e" + } + ] + }, + { + "id": "dd83a8010444a199", + "location": { + "path": "/usr/share/zoneinfo/America/Chicago", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3592 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0a037f985f6fa0b392c95c7afb247f16a3925a7e" + }, + { + "algorithm": "sha256", + "value": "feba326ebe88eac20017a718748c46c68469a1e7f5e7716dcb8f1d43a6e6f686" + } + ] + }, + { + "id": "532e2f858590f4ad", + "location": { + "path": "/usr/share/zoneinfo/America/Chihuahua", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1102 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e0c67cc4ed5fe366fb39d9e55b02082254606e47" + }, + { + "algorithm": "sha256", + "value": "dcd8336de760f00cc0ab1b1b4121b48d5471f8bc58970d62de4c7e63397ed887" + } + ] + }, + { + "id": "6cad865e5e3d3d96", + "location": { + "path": "/usr/share/zoneinfo/America/Ciudad_Juarez", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1538 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fe11c20a18788db4260afcaa5d952c219f4777d2" + }, + { + "algorithm": "sha256", + "value": "8abe1bdbb0e216b84bd07e1f650f769c46be041a0f7cb588cf7a61537ef77601" + } + ] + }, + { + "id": "b2853301acd2fdab", + "location": { + "path": "/usr/share/zoneinfo/America/Costa_Rica", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 316 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2d1fd66de0198ddfcc1958fbaaaaba9cdb7b1d8f" + }, + { + "algorithm": "sha256", + "value": "ef8ad86ba96b80893296cf4f907a3c482625f683aa8ae1b94bb31676725e94fe" + } + ] + }, + { + "id": "c38520c3d5cfe803", + "location": { + "path": "/usr/share/zoneinfo/America/Coyhaique", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2140 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0922bbda5c964aac267330bedf39deae6d2e0636" + }, + { + "algorithm": "sha256", + "value": "1c54d0a27e44241baf597e2406334a6d29124ccc3a7edce42e070bab4f77c027" + } + ] + }, + { + "id": "7d23b4abca3bf0cf", + "location": { + "path": "/usr/share/zoneinfo/America/Creston", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 360 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a3f54df3a017c38626f04bd9576a0a11663303fd" + }, + { + "algorithm": "sha256", + "value": "8a5973d2c62e2cbf2520f2b44e4a2ee9d2f455c93f0f45bfdeb4533af1584664" + } + ] + }, + { + "id": "93e44073edf8bfa8", + "location": { + "path": "/usr/share/zoneinfo/America/Cuiaba", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1416 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1a6b69bdf16991900ae16a00deb7ffbf722d5486" + }, + { + "algorithm": "sha256", + "value": "33416c47c4fdb388c54aecc3f108baa6ab5be917f6353cf254728666b9f9ea7e" + } + ] + }, + { + "id": "be96d0167c0ac1f9", + "location": { + "path": "/usr/share/zoneinfo/America/Danmarkshavn", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3bfae70ff7ffa8b928ba4bf0bcb5452d09ec0407" + }, + { + "algorithm": "sha256", + "value": "6116407d40a856d68bd4bf8c60c60c1f5c3239a5509df528fe0167bcc5d2bb3c" + } + ] + }, + { + "id": "4b434e46d7216259", + "location": { + "path": "/usr/share/zoneinfo/America/Dawson", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1614 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dc241cb66d50821505cc7708d43ee9b1e77a36dc" + }, + { + "algorithm": "sha256", + "value": "ac01e1cae32eca37ff7b20364811bbe8c4417ff7e3ff18b9140ba2595420261c" + } + ] + }, + { + "id": "ec55daf0b0767148", + "location": { + "path": "/usr/share/zoneinfo/America/Dawson_Creek", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1050 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dd98b887a02f1ae2785d5d6fe7d77e91ec5aae83" + }, + { + "algorithm": "sha256", + "value": "6895c2c8fe23de0804e3018237e2eb4bd8690ffe73587cd04de4802935843d43" + } + ] + }, + { + "id": "f130723512533721", + "location": { + "path": "/usr/share/zoneinfo/America/Denver", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2460 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "faa7d6cf4178d032d8ba8a4d77eac0fd47f8a718" + }, + { + "algorithm": "sha256", + "value": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + } + ] + }, + { + "id": "ffd04305e07a420d", + "location": { + "path": "/usr/share/zoneinfo/America/Detroit", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2230 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6597537b399eab91a66e32bb4edae466de96a146" + }, + { + "algorithm": "sha256", + "value": "85e733f32a98d828f907ad46de02d9740559bd180af65d0ff7473f80dfae0f98" + } + ] + }, + { + "id": "c6e59beebb7b1c28", + "location": { + "path": "/usr/share/zoneinfo/America/Edmonton", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2332 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4f441f7a62122e43a963260550efb1a1ff3100c2" + }, + { + "algorithm": "sha256", + "value": "f939087dcdd096f6827f4a7c08e678dd8d47441025fa7011522f8975778ad6f1" + } + ] + }, + { + "id": "a4f511e1a2654e3c", + "location": { + "path": "/usr/share/zoneinfo/America/Eirunepe", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 656 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "45e5dd1baab63d6970c0424cd8ae77bfadfdfd61" + }, + { + "algorithm": "sha256", + "value": "a52f741d9cd1c07e137fcba098a1df8a9857ef308fa99921ff408d6fe7c43003" + } + ] + }, + { + "id": "66332fc00e499578", + "location": { + "path": "/usr/share/zoneinfo/America/El_Salvador", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 224 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "45b4b952081502968b04b36e7cae24b987e9f532" + }, + { + "algorithm": "sha256", + "value": "82f18df0b923fac1a6dbfaecf0e52300c7f5a0cb4aa765deb3a51f593d16aa05" + } + ] + }, + { + "id": "f9a9c4bb9f9dbc98", + "location": { + "path": "/usr/share/zoneinfo/America/Ensenada", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2906 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6ad63533ea183b2895759a9702ea96f0fff98759" + }, + { + "algorithm": "sha256", + "value": "8c2e7b321726e6345912da396796bdb3672bfc4bd1a91c65ee58b38e004d4ca5" + } + ] + }, + { + "id": "9e8e0dcd6461e814", + "location": { + "path": "/usr/share/zoneinfo/America/Fort_Nelson", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2240 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a453ec818cd948cc2492666443d4e39637ed7040" + }, + { + "algorithm": "sha256", + "value": "7ab7ce0ebdc3ad2a73eb990074eed3b367466d9c6f75d10fea0c78057df2d89d" + } + ] + }, + { + "id": "f17c51d39cbe85b7", + "location": { + "path": "/usr/share/zoneinfo/America/Fort_Wayne", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1682 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ad1a26bddb9304a620b2c6f7ec9f3a5226622906" + }, + { + "algorithm": "sha256", + "value": "90d2b2f4a8fd202b226187c209b020833300edec5ff86a463ccc685e8707532c" + } + ] + }, + { + "id": "55db14dcae4a215e", + "location": { + "path": "/usr/share/zoneinfo/America/Fortaleza", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 716 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "aa8e9c8cd8301dd0a61085ada31923f7e1ccc983" + }, + { + "algorithm": "sha256", + "value": "9884ee32b44b4535b2a22174e0ecbf519f20c59a1f4e95c36e533cb7b721ed28" + } + ] + }, + { + "id": "6396e1bb85ca2420", + "location": { + "path": "/usr/share/zoneinfo/America/Glace_Bay", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2192 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "40ba9843662a853c1d3643395db1a75c1164951f" + }, + { + "algorithm": "sha256", + "value": "1bc0c62c609aa47fda60217f3a168be50a277fb14e02000fc1e94ee61b425817" + } + ] + }, + { + "id": "e26f98fd4ad10e74", + "location": { + "path": "/usr/share/zoneinfo/America/Godthab", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1903 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4ff7ac72af2c09efd8e1779e5fba28288439df41" + }, + { + "algorithm": "sha256", + "value": "d10822ffacf8c01b25cee6d99f0f862eea713a894818a9f1a3b63353519c4202" + } + ] + }, + { + "id": "a82580e6f79f5ff5", + "location": { + "path": "/usr/share/zoneinfo/America/Goose_Bay", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3210 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "21d4df7695accb7b5164e41e28452f9655cd91a0" + }, + { + "algorithm": "sha256", + "value": "26068bb9e8214af5f683bdb914e7c882982fb2ac591b29163a1019586a506516" + } + ] + }, + { + "id": "598379db727de0c1", + "location": { + "path": "/usr/share/zoneinfo/America/Grand_Turk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1834 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "48735366abbf3760087cd1533f24415136763745" + }, + { + "algorithm": "sha256", + "value": "e1838510f2bad017a5dbf7c2b18eaf499c5470c24a8e22adc8e7ff4349211305" + } + ] + }, + { + "id": "be051504c746aade", + "location": { + "path": "/usr/share/zoneinfo/America/Guatemala", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 280 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e0d50c845873aa466c9a2b020326d57af4d39b3d" + }, + { + "algorithm": "sha256", + "value": "76e81480277a418e76c87907b943f88d15b3a39c78dfd2108a06980af105e3a4" + } + ] + }, + { + "id": "f63f6f85c3f220a3", + "location": { + "path": "/usr/share/zoneinfo/America/Guayaquil", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 246 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8415ce0daac4cfe819154671e05b4185b9c08970" + }, + { + "algorithm": "sha256", + "value": "3db705e1bbc6026f9a17076d18fa2d272de46f8370a325b0c60c0bf7c05e5160" + } + ] + }, + { + "id": "15e0b2f49afa5fb8", + "location": { + "path": "/usr/share/zoneinfo/America/Guyana", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 262 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d48d26f50f53db2dd9ddcbb6acb5723cb49e81b2" + }, + { + "algorithm": "sha256", + "value": "89c1eed182c2261c24f43e3b7f85420478277b1eb21ab638245b6391f308783b" + } + ] + }, + { + "id": "79b1a23ae343c28d", + "location": { + "path": "/usr/share/zoneinfo/America/Halifax", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3424 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "93568fd7e148b3f61fca5f36f8ae0a5b3b107fe3" + }, + { + "algorithm": "sha256", + "value": "4d9a667393f05a82df4df42843f6f7535ec113689529278d911d07a3c99b4e7f" + } + ] + }, + { + "id": "e4917ad7e3741dd9", + "location": { + "path": "/usr/share/zoneinfo/America/Havana", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2416 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "51c1a7a700e4028481e506e58faf22f9677c5e29" + }, + { + "algorithm": "sha256", + "value": "1d441e02e281b04908e522d98eaca75c808e51539a8e42b3287e6bf8ebf939d7" + } + ] + }, + { + "id": "ea46ed9196f3d64d", + "location": { + "path": "/usr/share/zoneinfo/America/Hermosillo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 388 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e055ab758b61beef7d8a4ee5a6b38d789c5f6b2c" + }, + { + "algorithm": "sha256", + "value": "8b160a7acb4b992ee05a86e4f4aaba16d2d9a35caa6d601cb6b1542a5bb372dc" + } + ] + }, + { + "id": "097d210877f6bbc8", + "location": { + "path": "/usr/share/zoneinfo/America/Indiana/Knox", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2444 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "41fdfe70a9789d427dc4be468f559a97ee9fcf54" + }, + { + "algorithm": "sha256", + "value": "0acbd9e412b0daa55abf7c7f17c094f6d68974393b8d7e3509fb2a9acea35d5f" + } + ] + }, + { + "id": "f6e3d69d53a65a0e", + "location": { + "path": "/usr/share/zoneinfo/America/Indiana/Marengo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1738 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0530ef4b3396d7031cc5e4ff82dc42c10f2f89a1" + }, + { + "algorithm": "sha256", + "value": "7f7b50fa580c49403b9ef9fae295e12ad24bee65b319a8e809e81ae4c10949b2" + } + ] + }, + { + "id": "00a4fc892c991cfb", + "location": { + "path": "/usr/share/zoneinfo/America/Indiana/Petersburg", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1920 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "570cef94f900163bce34b3f85b9ea5b36df92146" + }, + { + "algorithm": "sha256", + "value": "03cf0e1ee334460de230b1e32a05eafddda36427554b2b5442cfbd5b429c1724" + } + ] + }, + { + "id": "66e3e42e88e3467b", + "location": { + "path": "/usr/share/zoneinfo/America/Indiana/Tell_City", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1700 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "20594c1309a07d4691ff9af0a77782b5e2d95c61" + }, + { + "algorithm": "sha256", + "value": "e1d5aa02bf58d815df2f8a40424fbcd5cde01a5d9c35d1d7383effc09861867f" + } + ] + }, + { + "id": "b1c6be64f1598066", + "location": { + "path": "/usr/share/zoneinfo/America/Indiana/Vevay", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1430 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3959be4d9e86c9c1a7f8febc46554584b2a7ceff" + }, + { + "algorithm": "sha256", + "value": "1fb551d86fbfb03fc2e519b83f78358910b515608f8389b43060f73f53cbcec9" + } + ] + }, + { + "id": "f5a1cbbac5704326", + "location": { + "path": "/usr/share/zoneinfo/America/Indiana/Vincennes", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1710 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f9a3d65b42b008c5a85c73934fcf94eaeac4b931" + }, + { + "algorithm": "sha256", + "value": "eb6980c53ec03c509aa3281f96713374ea5ef9fb96d7239b23a9ba11451c4bb0" + } + ] + }, + { + "id": "a8c22c4c598830b6", + "location": { + "path": "/usr/share/zoneinfo/America/Indiana/Winamac", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1794 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5d169fbd02f628dd6fdafbbab7a7e4a6da54fd21" + }, + { + "algorithm": "sha256", + "value": "69918cda347c087f411d252aed7ca08b078377a768ad72cf5e0db8e97b1b47ab" + } + ] + }, + { + "id": "f232ff6f62af2a7b", + "location": { + "path": "/usr/share/zoneinfo/America/Inuvik", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2074 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1291de8f6d914ee264f0b27a55278ff12a00ad7a" + }, + { + "algorithm": "sha256", + "value": "e89fa66a90e7ae4f40d4bb6cc28137e2da92cbfb9f79d70404dc62c64ac48c8a" + } + ] + }, + { + "id": "b5b43a537b956807", + "location": { + "path": "/usr/share/zoneinfo/America/Iqaluit", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2202 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "210193fdb9be1a88f5d245ddf3dce819469be233" + }, + { + "algorithm": "sha256", + "value": "7de3a7c40374374afe335aa592b03824cc9ac28734b6a69ed2288108f0c0b389" + } + ] + }, + { + "id": "0ee4e00c20eb77b0", + "location": { + "path": "/usr/share/zoneinfo/America/Jamaica", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 482 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "77453a2772c127d0b213f8580ff7890cbf7b4929" + }, + { + "algorithm": "sha256", + "value": "c256a089e50f45fe7e6de89efa1ed0b0e35b3738c6b26f2f32cf2e7f6f29c36f" + } + ] + }, + { + "id": "790fa2b99a8abe0b", + "location": { + "path": "/usr/share/zoneinfo/America/Juneau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2353 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "740e88dcd737d076404c386330bd379d55ee8281" + }, + { + "algorithm": "sha256", + "value": "93b8716f46864677e713e0c18b72e472303344fc807f4fc7c34bd515f8c679bd" + } + ] + }, + { + "id": "cb8e9eb83e52c3ea", + "location": { + "path": "/usr/share/zoneinfo/America/Kentucky/Louisville", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2788 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a63a322042aab6a2583de2f636a5eb15f71eae33" + }, + { + "algorithm": "sha256", + "value": "b4fd3bdb157f9ffbc8423c71709efb0067868fac8bd4a3e99f77f089db3d8355" + } + ] + }, + { + "id": "312cc6f73b42ebc3", + "location": { + "path": "/usr/share/zoneinfo/America/Kentucky/Monticello", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2368 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ad63bf4d1228ab308b2ed6758c21fbebb56395db" + }, + { + "algorithm": "sha256", + "value": "2ed7720a8f3906b5d0b3aae51fad589bef0aa961c7e8fc003a30f44318487733" + } + ] + }, + { + "id": "26a99c7d4a95e43a", + "location": { + "path": "/usr/share/zoneinfo/America/La_Paz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 232 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "631b8d0f538c7ec23d132fd7d72fb1ff64b938ae" + }, + { + "algorithm": "sha256", + "value": "3c0185d9553f40ec36c53d42a9da763fc023f615cc55694207257b72f7c843f9" + } + ] + }, + { + "id": "76c0c45bbfc61e39", + "location": { + "path": "/usr/share/zoneinfo/America/Lima", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 406 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "75864c99309070f61b033c039b7509c89da5ab08" + }, + { + "algorithm": "sha256", + "value": "2470c283de6ec3a044bb86b819fca2926d6cf2b9bc02c60f1bc749c5040d645b" + } + ] + }, + { + "id": "64947a93aceb9392", + "location": { + "path": "/usr/share/zoneinfo/America/Los_Angeles", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2852 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a4f1faebf0f0d032290ef87bb9973c2ff8f84074" + }, + { + "algorithm": "sha256", + "value": "68977bb9ad6d186fefc6c7abd36010a66e30008dcb2d376087a41c49861e7268" + } + ] + }, + { + "id": "17da2ac5fdcc25a6", + "location": { + "path": "/usr/share/zoneinfo/America/Maceio", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 744 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c0295301332918d79abf0bb349cc1fee3b9f2db9" + }, + { + "algorithm": "sha256", + "value": "a738cd82199e1e1bc5e1a237703ab61bfe6def505234621b4401793662720e6c" + } + ] + }, + { + "id": "8abee6515b5f03b5", + "location": { + "path": "/usr/share/zoneinfo/America/Managua", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 430 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "566a887308e8e16a9cebb62f3d4124b42c331674" + }, + { + "algorithm": "sha256", + "value": "c41cc5d350079f61367c3f10772f831c57b7e94aa878da4a3df0a176e04a59d9" + } + ] + }, + { + "id": "b58b430e813e1e19", + "location": { + "path": "/usr/share/zoneinfo/America/Manaus", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 604 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a759afda024a0ba961569017b3003805849c6f61" + }, + { + "algorithm": "sha256", + "value": "969e91964717250ee64ac2aa9c4802f2cbc956b143264ff5eb1c6f7e9352a4ae" + } + ] + }, + { + "id": "cb5ca6e7813dea77", + "location": { + "path": "/usr/share/zoneinfo/America/Martinique", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 232 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "caf0e4c5fdae59d1b6c1278ad7ac84bf03bcb0a9" + }, + { + "algorithm": "sha256", + "value": "7ccb3cd24394d9816f0b47fdcb67a37bdec9780b536016a65eb9e54ee9cd2f34" + } + ] + }, + { + "id": "3994723bfb139261", + "location": { + "path": "/usr/share/zoneinfo/America/Matamoros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1418 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "638e4541bddbb0164c8d62590ff1bb97f88b822e" + }, + { + "algorithm": "sha256", + "value": "7eaf8fa9d999ad0f7c52c1661c0f62be3059bf91840514ceb8b4390aee5a8d6f" + } + ] + }, + { + "id": "8d2a9e70b1763d0f", + "location": { + "path": "/usr/share/zoneinfo/America/Mazatlan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1060 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "44c28415e815f8e2b53604195f85da07b04d829d" + }, + { + "algorithm": "sha256", + "value": "0561f636a54f0353ecc842cf37fd8117c2a596bb26424aa0d5eba3b10be79f1f" + } + ] + }, + { + "id": "b7ff261fe1222dc9", + "location": { + "path": "/usr/share/zoneinfo/America/Menominee", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2274 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "88fd8d108c020a3294eae6c83ad187cf0b01a602" + }, + { + "algorithm": "sha256", + "value": "02bbfd58b6df84d72946c5231c353be7b044770969d3c1addf4022c46de0674e" + } + ] + }, + { + "id": "3ad1c8c3c0c61955", + "location": { + "path": "/usr/share/zoneinfo/America/Merida", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1004 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8e07f8356362c517ef41035a0394a59363cebfc0" + }, + { + "algorithm": "sha256", + "value": "4953441c26b38e899fb67b8f5416b2148f84f884345a696e1df4e91cfd21dddd" + } + ] + }, + { + "id": "cec5d92d2742b191", + "location": { + "path": "/usr/share/zoneinfo/America/Metlakatla", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1423 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9f327158b98652913af4d66c5257cfc014340536" + }, + { + "algorithm": "sha256", + "value": "b709a27864d563657e53c9c5c6abf1edab18bfc1958de59d2edace23b500a552" + } + ] + }, + { + "id": "a59b7b888d5b4655", + "location": { + "path": "/usr/share/zoneinfo/America/Mexico_City", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1222 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f46bb76507fbd52204eef47c12c9320bd7945af7" + }, + { + "algorithm": "sha256", + "value": "528836f85316cf6a35da347ab0af6f7a625a98b7a8e8e105310477b34c53c647" + } + ] + }, + { + "id": "94d8f29154035f0e", + "location": { + "path": "/usr/share/zoneinfo/America/Miquelon", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1666 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1418becc2c2023ac3dba15d27e5fd6b6b3b6fd5a" + }, + { + "algorithm": "sha256", + "value": "c1e3fb359fc8c508ace29266314768a6211b28e217c2457b2d3c6e9e0cdbf06d" + } + ] + }, + { + "id": "418571b0a4cdaf67", + "location": { + "path": "/usr/share/zoneinfo/America/Moncton", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3154 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c08e5d548c3bb971f1a1236c397ded4f7227d769" + }, + { + "algorithm": "sha256", + "value": "5a6bfe6e4f5a28a7165b33a9735505bbaec739fc1a224d969a1dcb82a19cb72b" + } + ] + }, + { + "id": "3589032a6e7d507f", + "location": { + "path": "/usr/share/zoneinfo/America/Monterrey", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1114 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ceaf09cf6075be4ff98b5716e65d197c9f302864" + }, + { + "algorithm": "sha256", + "value": "622c5311226e6dfe990545f2ea0df6840336811e065d73ea394e2dbf42f7906d" + } + ] + }, + { + "id": "043695b356310635", + "location": { + "path": "/usr/share/zoneinfo/America/Montevideo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1510 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "06e3ef1048ffd289a424fba8e053601b353cc2fa" + }, + { + "algorithm": "sha256", + "value": "e237204de80ae57f05d32358ce4fb7a32499e14f57434f546d327f9a5bbc37bd" + } + ] + }, + { + "id": "92b007f40eddfeb5", + "location": { + "path": "/usr/share/zoneinfo/America/Montreal", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3494 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a6d038ecff7126ee19ebb08a40d157c9a79964cd" + }, + { + "algorithm": "sha256", + "value": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + } + ] + }, + { + "id": "d97d6872449d4e6a", + "location": { + "path": "/usr/share/zoneinfo/America/New_York", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3552 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bc9337182ee4bad790b527f56bd3d2130691d693" + }, + { + "algorithm": "sha256", + "value": "e9ed07d7bee0c76a9d442d091ef1f01668fee7c4f26014c0a868b19fe6c18a95" + } + ] + }, + { + "id": "3ee9e9bc94152cab", + "location": { + "path": "/usr/share/zoneinfo/America/Nome", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2367 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1e6cf03e0c8fbb7a079090cf164e73291681bafc" + }, + { + "algorithm": "sha256", + "value": "da2cccdfe3fe3ea27dcdae8c761cc57ccbcf14dabb1a29baf6d02f1303de636b" + } + ] + }, + { + "id": "831f0664c5476a76", + "location": { + "path": "/usr/share/zoneinfo/America/Noronha", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 716 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f0e29b45f9003c1ff8ed350b40b1369e8a569d0f" + }, + { + "algorithm": "sha256", + "value": "dd1e252d5f238394a58e10b9395542939d58efb11f8e8eb309efa8a6983f145a" + } + ] + }, + { + "id": "8f7068be9c87455e", + "location": { + "path": "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2396 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "99080962e50069d5e6a206bff8931a67b5afebe9" + }, + { + "algorithm": "sha256", + "value": "aad81ba8dbbc3370241c5da7fbfa12a6cd69613e12c607256e490f29b5da047b" + } + ] + }, + { + "id": "7c03028642527858", + "location": { + "path": "/usr/share/zoneinfo/America/North_Dakota/Center", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2396 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "16ee5640265f404a2a64cbb48547b834b780cf71" + }, + { + "algorithm": "sha256", + "value": "f5959b2bd60a92ab942f2054152dcbaff89dc5bb7b57bcb85b810ed0a9f6d2cc" + } + ] + }, + { + "id": "2eb23f6b7c6b479e", + "location": { + "path": "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2396 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6d1defaee32cee5fdaaa1405460d9ee4e4dceb55" + }, + { + "algorithm": "sha256", + "value": "0c7fdbb107ee5272b6a1b75bd3a2a08ac3b85cbaa1b75d815ddae052c659bde8" + } + ] + }, + { + "id": "01ce09736956ec2d", + "location": { + "path": "/usr/share/zoneinfo/America/Ojinaga", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1524 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "346cae590643f608e6c31870966e576f2c194936" + }, + { + "algorithm": "sha256", + "value": "6f7f10ffb55d902673695c1bece5ee75d8a1240cd428f4d3a97726a419b59ed1" + } + ] + }, + { + "id": "7e585fce630f1e19", + "location": { + "path": "/usr/share/zoneinfo/America/Paramaribo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 262 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "af2b3e2554003e56ec6e09f4ab2cc646cef58e06" + }, + { + "algorithm": "sha256", + "value": "1e6e6d0f05269e84eb4d43c43b8580adf485ef8663cb0544a1ccb890be751730" + } + ] + }, + { + "id": "9f28d3c8d4d5de91", + "location": { + "path": "/usr/share/zoneinfo/America/Port-au-Prince", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1434 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9901445a7bf4a993111d087ef812890dd44a67be" + }, + { + "algorithm": "sha256", + "value": "d3d64025de083a23297dda54b85d54e3847f851b7a06fa409055ce9d83bdc8e3" + } + ] + }, + { + "id": "797ef78fce0668f0", + "location": { + "path": "/usr/share/zoneinfo/America/Porto_Acre", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 628 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "23649fa3b661b1a7b1332e38479d24bcdb4e902f" + }, + { + "algorithm": "sha256", + "value": "d7ba27926f0ffd580c904ae32bdaebd2ac0d9e2eeaa7db6071467dde0de5b4eb" + } + ] + }, + { + "id": "593cb16b27097278", + "location": { + "path": "/usr/share/zoneinfo/America/Porto_Velho", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 576 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d55253cee37291a6cf91e4bbccca6473cf6679aa" + }, + { + "algorithm": "sha256", + "value": "6517f380612edba86797724fb6264b3921468ff58149b38a7622c2d712327397" + } + ] + }, + { + "id": "013750e15c50f33e", + "location": { + "path": "/usr/share/zoneinfo/America/Punta_Arenas", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1916 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5a64891fd90cbc2ba9e1d7dfe1689dee65affef3" + }, + { + "algorithm": "sha256", + "value": "dfd2c88e86a8399349656b1820dfd061d842e1caea6c2e8b5abc683d6761f441" + } + ] + }, + { + "id": "e9aee5bc271dcd1a", + "location": { + "path": "/usr/share/zoneinfo/America/Rainy_River", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2868 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "684c62d80d16a9256c9123074466cc5d0288daea" + }, + { + "algorithm": "sha256", + "value": "ecffbf610ae77857289fb40a4933a79221a3129a450e7dd9e3c309d6aabc541c" + } + ] + }, + { + "id": "ee5d12e425b2a4f6", + "location": { + "path": "/usr/share/zoneinfo/America/Rankin_Inlet", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2066 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f517c389db4ac89bc79cbf8ee5736f0cad7bc7b9" + }, + { + "algorithm": "sha256", + "value": "9d782a8cbdced815747a6f9793ca9545165bfd7d324261c4eaf9924af23d2b37" + } + ] + }, + { + "id": "29d9570982072ae4", + "location": { + "path": "/usr/share/zoneinfo/America/Recife", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 716 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6a681fe7cafc3cabe9a7ef75699e4e5fa7f6a81a" + }, + { + "algorithm": "sha256", + "value": "8a314dd99cd97b9a0161d97c020dd2c261a38f625e558617d95a3bebb836b3a2" + } + ] + }, + { + "id": "fd29287444e98f95", + "location": { + "path": "/usr/share/zoneinfo/America/Regina", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 980 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ecd6b0c718b65c0c90e8097943a899c0b0cb60d8" + }, + { + "algorithm": "sha256", + "value": "ca3a93d3ca476c80987bcdc7f099ad68306f085a91bfb4dfcdedd8f31b97ba4c" + } + ] + }, + { + "id": "6506494742ab1f9e", + "location": { + "path": "/usr/share/zoneinfo/America/Resolute", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2066 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c01bda981211a1387a2c18d7a57165e72da83d95" + }, + { + "algorithm": "sha256", + "value": "0a7314d9d048fbadefb7cf89d10d51a29c7ef1bf694422e386faf270c21e7468" + } + ] + }, + { + "id": "db9ed6006ae2095f", + "location": { + "path": "/usr/share/zoneinfo/America/Santarem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 602 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f39fa90abacd688c7f6599bdbdd8c144a0b7c5b1" + }, + { + "algorithm": "sha256", + "value": "1a5fe5237a4f679ed42185d6726693a45a960c0e6b7ba6c78759d6b3f674f8d7" + } + ] + }, + { + "id": "56f140668c930944", + "location": { + "path": "/usr/share/zoneinfo/America/Santiago", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2529 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6788d98647fb2019aa749acfb7236e77e84c4533" + }, + { + "algorithm": "sha256", + "value": "ef9d2bf24112c65671eea391722ad6ae2cbf5f2f6ed5fcee8cc2c860780bfa01" + } + ] + }, + { + "id": "06c8dae4fcda6094", + "location": { + "path": "/usr/share/zoneinfo/America/Santo_Domingo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 458 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a135300f73df9c427db37aa9ba29e25f83463211" + }, + { + "algorithm": "sha256", + "value": "0cab5a123f1f43ddb26c84d3594e019b5eb44bda732665156e36964677a7c54e" + } + ] + }, + { + "id": "23e1dd3ee39e9c2e", + "location": { + "path": "/usr/share/zoneinfo/America/Sao_Paulo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1444 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "96caf0f5c9ad021d2ca06e2b48ef7e3e52bff41d" + }, + { + "algorithm": "sha256", + "value": "70edd519e90c19d49fd72e1ffd4824a433117acdbafa5d68194a038252225108" + } + ] + }, + { + "id": "3b1a0b290e22f7ce", + "location": { + "path": "/usr/share/zoneinfo/America/Scoresbysund", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1949 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7497b479af7c157e844a90ecbfc041db4f639f04" + }, + { + "algorithm": "sha256", + "value": "75a39cf7fa0b8f250c4f8453d43588fbcc7d0e0ae58be81e2d45ce8891292c96" + } + ] + }, + { + "id": "2214a1edfbca4d81", + "location": { + "path": "/usr/share/zoneinfo/America/Sitka", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2329 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7bb2fd466acd0399f44f56c2ed9a2a0353fb2f82" + }, + { + "algorithm": "sha256", + "value": "6a24bb164dfb859a7367d56478941e17e06a4cb442d503930a03002704fc5310" + } + ] + }, + { + "id": "6bd19075def974a6", + "location": { + "path": "/usr/share/zoneinfo/America/St_Johns", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3655 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4336075a81adbebeb26ca297ce309dc595b86463" + }, + { + "algorithm": "sha256", + "value": "af5fb5eee2afdbb799dc9b15930fc32d941ba3ac2f8eeb95bbb0b6a43b263a02" + } + ] + }, + { + "id": "db3b41478abd19c9", + "location": { + "path": "/usr/share/zoneinfo/America/Swift_Current", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 560 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e607b1ddf124e4061e437365e16404633bbdc4bd" + }, + { + "algorithm": "sha256", + "value": "45128e17bbd90bc56f6310fc3cfe09d7f8543dac8a04fecbbbcd1abd191f3c36" + } + ] + }, + { + "id": "4293d64c3fcafdb2", + "location": { + "path": "/usr/share/zoneinfo/America/Tegucigalpa", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 252 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fe5537f0f326f4513aaf98ba68268b0798e72e0b" + }, + { + "algorithm": "sha256", + "value": "1333b3ee7b5396b78cabaf4967609c01bf0fb3df15f5b50c378f34b693c8cb0e" + } + ] + }, + { + "id": "181ac7465d94e356", + "location": { + "path": "/usr/share/zoneinfo/America/Thule", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1502 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c4e304073f4f90890439ca6205d60e20d2495f16" + }, + { + "algorithm": "sha256", + "value": "f31b8f45a654f1180ee440aa1581d89a71e2a1cf35b0139a8a5915bbc634da2f" + } + ] + }, + { + "id": "1dafda874efa42e4", + "location": { + "path": "/usr/share/zoneinfo/America/Vancouver", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2892 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b42a450523068cc1434b8774082525d8dc2a8e4f" + }, + { + "algorithm": "sha256", + "value": "b249ca1f48d23d66a6f831df337e6a5ecf0d6a6edde5316591423d4a0c6bcb28" + } + ] + }, + { + "id": "5895d89acd4e3705", + "location": { + "path": "/usr/share/zoneinfo/America/Whitehorse", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1614 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4a8f00d33b5ca551a16cedc68cc8528fb4c111d8" + }, + { + "algorithm": "sha256", + "value": "4eb47a3c29d81be9920a504ca21aa53fcaa76215cc52cc9d23e2feaae5c5c723" + } + ] + }, + { + "id": "be5bb17b40fd50c2", + "location": { + "path": "/usr/share/zoneinfo/America/Yakutat", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2305 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f115ac1b5b64b28cad149f1cdf10fb0649fe5c48" + }, + { + "algorithm": "sha256", + "value": "b45c2729bbf0872ca7e0b353027e727bf2560ddc6309eacd0edee83b05303b63" + } + ] + }, + { + "id": "8f71ccf80b2ad19b", + "location": { + "path": "/usr/share/zoneinfo/Antarctica/Casey", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 437 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "da1d193862e1725420329b257e1b856b13dcdc7a" + }, + { + "algorithm": "sha256", + "value": "f8c45f27605f5b7f12c009a914042a53ad991ac268056fc49b61a093d620be52" + } + ] + }, + { + "id": "0212eb2afb4e13a0", + "location": { + "path": "/usr/share/zoneinfo/Antarctica/Davis", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 297 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "87abeedc268901cc371d93faf9b775634a6c401b" + }, + { + "algorithm": "sha256", + "value": "e8fa24c8e69a212453375dec8acb8681db79bc6e40d98a8da282697cb4dbe524" + } + ] + }, + { + "id": "dfee78d6cc699226", + "location": { + "path": "/usr/share/zoneinfo/Antarctica/DumontDUrville", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 186 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "65f9954328a5fda173ff0ce420428d024a7d32c3" + }, + { + "algorithm": "sha256", + "value": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + } + ] + }, + { + "id": "b0ce1cac5c29fc5c", + "location": { + "path": "/usr/share/zoneinfo/Antarctica/Macquarie", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2260 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "99cbdcf1d9afe0907b96f0ca06636bde4e5383c3" + }, + { + "algorithm": "sha256", + "value": "89eed195a53c4474e8ad5563f8c5fc4ad28cab1fe85dfe141f63d4aa9cdcc1ed" + } + ] + }, + { + "id": "b22d792fc4fc1316", + "location": { + "path": "/usr/share/zoneinfo/Antarctica/Mawson", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 199 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cb34c38a02c76beb5b321971d94869451a5ceab1" + }, + { + "algorithm": "sha256", + "value": "f535b583fcf4b64e447de07b2baf55268f1a80eefe2bd67159b8aa34a9d464d1" + } + ] + }, + { + "id": "24faa7550e718ffd", + "location": { + "path": "/usr/share/zoneinfo/Antarctica/McMurdo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2437 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "78d4d3a481c49ab7ff31722bced30e1c31e8bc98" + }, + { + "algorithm": "sha256", + "value": "8000e3a323e8fd0212414e9426b020707a771c368ca0e151747f9ddb7b814b27" + } + ] + }, + { + "id": "0277a7b6c13e0e18", + "location": { + "path": "/usr/share/zoneinfo/Antarctica/Palmer", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1418 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "12519921ed4c4f6684c5069a251141378f7134a4" + }, + { + "algorithm": "sha256", + "value": "0d6fc35c1c97839327319fb0d5b35dbbc6f494a3980ff120acf45de44732126e" + } + ] + }, + { + "id": "13197f3fca74319d", + "location": { + "path": "/usr/share/zoneinfo/Antarctica/Rothera", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 164 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "05bc718d8f51e2dc23989d149b8dc7529a87bf1b" + }, + { + "algorithm": "sha256", + "value": "4102359b520de3fd9ee816f4cfeace61a3b0c69e178cc24338a33d4850d43ca8" + } + ] + }, + { + "id": "afd4814904e23921", + "location": { + "path": "/usr/share/zoneinfo/Antarctica/Syowa", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 165 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bde5a629fdb78b40544b8018b2578f0b085045cc" + }, + { + "algorithm": "sha256", + "value": "aeaf4a3e3f25d050679ca9fddd690c780d489e036d4f3939fe8578b04661738c" + } + ] + }, + { + "id": "b79fe7da5b4023c6", + "location": { + "path": "/usr/share/zoneinfo/Antarctica/Troll", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1162 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0f3bab6c4d956dd8e8bb969e354e1a211980e244" + }, + { + "algorithm": "sha256", + "value": "df3ae1f8ffe3302b2cf461b01c9247932a5967276ae26920a3f4c3a9cb67ddce" + } + ] + }, + { + "id": "932e0a15f794d6ea", + "location": { + "path": "/usr/share/zoneinfo/Antarctica/Vostok", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 227 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cab2a7ae9eb3304377d15b3761e4beca547fb07e" + }, + { + "algorithm": "sha256", + "value": "fd919da6bacf97141ca6169c92cf789f6a6e5a7c816564b5a9f17b329124355d" + } + ] + }, + { + "id": "734f0946a03d7707", + "location": { + "path": "/usr/share/zoneinfo/Arctic/Longyearbyen", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2298 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "918341ad71f9d3acd28997326e42d5b00fba41e0" + }, + { + "algorithm": "sha256", + "value": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + } + ] + }, + { + "id": "8521e77186536070", + "location": { + "path": "/usr/share/zoneinfo/Asia/Almaty", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 997 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4b4d8aabb1fd81e39b5b8fd2d3506875966a3c34" + }, + { + "algorithm": "sha256", + "value": "0027ca41ce1a18262ee881b9daf8d4c0493240ccc468da435d757868d118c81e" + } + ] + }, + { + "id": "3c1113be1893fc56", + "location": { + "path": "/usr/share/zoneinfo/Asia/Amman", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1447 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fdffb8cdba7aaf42ba9f8e1f1d9093c21ed77027" + }, + { + "algorithm": "sha256", + "value": "5fd1b785b66b85d591515bc49aaf85e05e94a1c4156698f0a2b6c17eee93d9f6" + } + ] + }, + { + "id": "85439c400bbc86d5", + "location": { + "path": "/usr/share/zoneinfo/Asia/Anadyr", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1188 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5e18546688a8d72426a93024673be6a7b890ca49" + }, + { + "algorithm": "sha256", + "value": "8430d3972e397a3a1554ff40974ed398aa5300234625a20f95c5cb45bb06ff88" + } + ] + }, + { + "id": "05134288540b9a17", + "location": { + "path": "/usr/share/zoneinfo/Asia/Aqtau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 983 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b5c1626f08af9ec32dadbbfcdb69f5a2a83445cb" + }, + { + "algorithm": "sha256", + "value": "0397b164ddb9e896a01494dc6ac81d0ab43c8223aa6761053115580564daa990" + } + ] + }, + { + "id": "1977e82ca78998ff", + "location": { + "path": "/usr/share/zoneinfo/Asia/Aqtobe", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1011 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "67f145b5d2958ced37d7c63144ca314cc3a5619c" + }, + { + "algorithm": "sha256", + "value": "2d0ecfe4b1047bb8db59b8eabf398cefd734a3a01d65e084c504be7ce5a9f32c" + } + ] + }, + { + "id": "cabaebda56dc9639", + "location": { + "path": "/usr/share/zoneinfo/Asia/Ashgabat", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 619 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f077f5395b29d53b145792d5e2e309a99c4a7092" + }, + { + "algorithm": "sha256", + "value": "2f80d85769995b272c61e1c8ca95f33ba64d637b43f308e0c5f3d1d993d6dba7" + } + ] + }, + { + "id": "6ba30209572ae26e", + "location": { + "path": "/usr/share/zoneinfo/Asia/Atyrau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 991 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "879556e7e91d36d29c7921b7693b3aafa95ce9bf" + }, + { + "algorithm": "sha256", + "value": "dee128f3d391c8326a43f4ed6907487fd50f681f16a88450562d2079e63d8151" + } + ] + }, + { + "id": "32fa3bb6af7e7c21", + "location": { + "path": "/usr/share/zoneinfo/Asia/Baghdad", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 983 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "10843b2e6588534f57e4c05255923c461fcaf40d" + }, + { + "algorithm": "sha256", + "value": "9503125273ae8a36dca13682a8c3676219ef2ad4b62153ff917140cde3d53435" + } + ] + }, + { + "id": "6df9f4201e1bd0e4", + "location": { + "path": "/usr/share/zoneinfo/Asia/Bahrain", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 199 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "918dda414e2e89ca2b735946a84d94c42a24f452" + }, + { + "algorithm": "sha256", + "value": "574ac525d2c722b4e82795a5dbc573568c3009566863c65949e369fbb90ebe36" + } + ] + }, + { + "id": "7c204caa0f4f162d", + "location": { + "path": "/usr/share/zoneinfo/Asia/Baku", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1227 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8409d8a1289864bf61dd17a80524eb6aa36e9be8" + }, + { + "algorithm": "sha256", + "value": "be11e796268e751c8db9d974b0524574bca7120d0773423e22264d7db0de09b3" + } + ] + }, + { + "id": "e7bbcf8faecb67e1", + "location": { + "path": "/usr/share/zoneinfo/Asia/Bangkok", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 199 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5c81d559f702a0239d5bf025c97e70b2c577682e" + }, + { + "algorithm": "sha256", + "value": "798ab4be1f3d3758f4ebd511a10bed06ed277446a5e853ebb5b17c58228aa43c" + } + ] + }, + { + "id": "17d210f51ceceff4", + "location": { + "path": "/usr/share/zoneinfo/Asia/Barnaul", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1221 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1391b2598eff6e35378e261f36dd2f57b3e491bf" + }, + { + "algorithm": "sha256", + "value": "d9cd42abc5d89418326d140c3fcc343427fb91a2c3acf66d1a7e0ce622596c9a" + } + ] + }, + { + "id": "1184d1f54fa15648", + "location": { + "path": "/usr/share/zoneinfo/Asia/Beirut", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2154 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fba8b66863fcd6bcabec3a13467e0b3450650ad5" + }, + { + "algorithm": "sha256", + "value": "fd9ff664083f88bf6f539d490c1f02074e2e5c10eb7f590b222b3e2675da4b6a" + } + ] + }, + { + "id": "ddf4a0d970493a4c", + "location": { + "path": "/usr/share/zoneinfo/Asia/Bishkek", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 983 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d6c73a90b411c39d97ccda0ad8a57f252456881c" + }, + { + "algorithm": "sha256", + "value": "768ff8922d49bd22aea54aef973f634641eca4385dbe4d43d88901c85b248c93" + } + ] + }, + { + "id": "c8ee22b893a72c95", + "location": { + "path": "/usr/share/zoneinfo/Asia/Brunei", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 483 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "951d0ec46419658895f8005b2583badeff166bdb" + }, + { + "algorithm": "sha256", + "value": "2ac02d4346a8708368ce2c705bb0a4a2b63ed4f4cb96c8fb5149d01903046134" + } + ] + }, + { + "id": "b5e862a573d7ed9f", + "location": { + "path": "/usr/share/zoneinfo/Asia/Calcutta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 285 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "856df72f3f593ff1e183505d743bf65e40a30aca" + }, + { + "algorithm": "sha256", + "value": "e90c341036cb7203200e293cb3b513267e104a39a594f35e195254e6bc0a17cf" + } + ] + }, + { + "id": "f3cd5fc16ded8e9f", + "location": { + "path": "/usr/share/zoneinfo/Asia/Chita", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1221 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4a265169da96777e85b65b87ed5a3d64d801e791" + }, + { + "algorithm": "sha256", + "value": "e0808e7005401169cff9c75ffd826ed7f90262760f1b6fef61f49bb8d23e5702" + } + ] + }, + { + "id": "6a58270c4e19e86c", + "location": { + "path": "/usr/share/zoneinfo/Asia/Choibalsan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 891 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "90cad7fd7da7d6546622901db622595f1880f593" + }, + { + "algorithm": "sha256", + "value": "bb2412cc8065d1fd935c7ae6526dd53ecd42f6ba34d77858980971eb25238776" + } + ] + }, + { + "id": "5f259ebabd9e8726", + "location": { + "path": "/usr/share/zoneinfo/Asia/Chongqing", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 561 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "79360e38e040eaa15b6e880296c1d1531f537b6f" + }, + { + "algorithm": "sha256", + "value": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + } + ] + }, + { + "id": "ee9fd2a420997207", + "location": { + "path": "/usr/share/zoneinfo/Asia/Colombo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 372 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0fe53f0c887f168201f4c4767068dadb1a698581" + }, + { + "algorithm": "sha256", + "value": "1c679af63b30208833ee4db42d3cdb2ad43252e9faec83f91efb19ae60096496" + } + ] + }, + { + "id": "d4e57dbd2e2c4a50", + "location": { + "path": "/usr/share/zoneinfo/Asia/Dacca", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 337 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5779829aea6d010cea872e6c2b6f1ac661d825e3" + }, + { + "algorithm": "sha256", + "value": "dcae6594685ca4275930c709ba8988095bfb9599434695383d46f90ed171f25e" + } + ] + }, + { + "id": "86808dddd6ed4312", + "location": { + "path": "/usr/share/zoneinfo/Asia/Damascus", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1887 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "716b40d34b96db89c27eeb936693481abad8288b" + }, + { + "algorithm": "sha256", + "value": "fb90ce2ad6329e7b146189c13108a7dd7b2d850f58e651bebdd9e20fde6d2037" + } + ] + }, + { + "id": "0373ef1d181d86a6", + "location": { + "path": "/usr/share/zoneinfo/Asia/Dili", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 271 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f71f19932f5f7e625447e241be76b34dd2e75115" + }, + { + "algorithm": "sha256", + "value": "9d4384e3039ac9fc4b4d9c3becc8aa43802f9ccecd8e0b20bbb82fb1ba227f61" + } + ] + }, + { + "id": "cbb0ce76dec7a451", + "location": { + "path": "/usr/share/zoneinfo/Asia/Dubai", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 165 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "612f06ce47e5c3acb96b2b6eb8075d89ece41f90" + }, + { + "algorithm": "sha256", + "value": "fa06b49b7b9af58ea4496444cf6fd576d715024abcdd6ad6defc63048ed6346b" + } + ] + }, + { + "id": "7206f4575066d8b5", + "location": { + "path": "/usr/share/zoneinfo/Asia/Dushanbe", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 591 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1694cb3276a637899c86f26176b2b1f862d47eda" + }, + { + "algorithm": "sha256", + "value": "15493d4edfc68a67d1ba57166a612fb8ebc0ec5439d987d9a90db0f3ca8cc7a3" + } + ] + }, + { + "id": "75275687a666710d", + "location": { + "path": "/usr/share/zoneinfo/Asia/Famagusta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2028 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d7f718a82b28e4fedb4e6501fc94ca2a6ec758c8" + }, + { + "algorithm": "sha256", + "value": "085adcca077cb9d7b9c7a384b5f33f0f0d0a607a31a4f3f3ab8e8aa075718e37" + } + ] + }, + { + "id": "abb8a442c65a8e3d", + "location": { + "path": "/usr/share/zoneinfo/Asia/Gaza", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3844 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "169848cd25c3fe443c5d0bdd5c96d68a949cfe78" + }, + { + "algorithm": "sha256", + "value": "b7463171440be7754d2a729b2a28e7d0e13f31aaf21329e89da6ec7be893b73b" + } + ] + }, + { + "id": "c7583b1a24cdbb05", + "location": { + "path": "/usr/share/zoneinfo/Asia/Hebron", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3872 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "201832bdac94204b130b3d01a26f608357e8da26" + }, + { + "algorithm": "sha256", + "value": "e98d144872b1fb1a02c42aff5a90ae337a253f5bd41a7ceb7271a2c9015ca9d4" + } + ] + }, + { + "id": "bab9e9f85c79c245", + "location": { + "path": "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 351 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a96c3b96b551d852706b95e0bb739f8e62aee915" + }, + { + "algorithm": "sha256", + "value": "e23774e40786df8d8cc1ef0fb6a6a72ba32c94d9cb7765fb06ed4dfd8c96065e" + } + ] + }, + { + "id": "ff72e7d686c2154d", + "location": { + "path": "/usr/share/zoneinfo/Asia/Hong_Kong", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1233 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0c3205dd5ec08d17c2161af789df8d05b1bda1b6" + }, + { + "algorithm": "sha256", + "value": "6a5fcee243e5ab92698242d88c4699ceb7208a22ee97d342d11e41ebd2555a17" + } + ] + }, + { + "id": "bb847c5ee50cdda3", + "location": { + "path": "/usr/share/zoneinfo/Asia/Hovd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 891 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5f8950afc6522a8c920cbeb079ac39ca26d52e38" + }, + { + "algorithm": "sha256", + "value": "2549cea2cecf3538b65512b10fa5e7695477369ba1b17fcf8b5f2b23355ed71c" + } + ] + }, + { + "id": "b32984eb37225c93", + "location": { + "path": "/usr/share/zoneinfo/Asia/Irkutsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1243 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f82e877820027d4c48be625842047a6cfe008234" + }, + { + "algorithm": "sha256", + "value": "894259095063a5f078acd2893abea0d33519b5c718624fc6934c13925c7c623d" + } + ] + }, + { + "id": "698282e99a14057e", + "location": { + "path": "/usr/share/zoneinfo/Asia/Istanbul", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1947 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "df6cbece3d9afb3aedb44e131b6e68a6cf74ca8e" + }, + { + "algorithm": "sha256", + "value": "d92d00fdfed5c6fc84ac930c08fa8adf7002840dbd21590caf5a3e4a932d3319" + } + ] + }, + { + "id": "c66466b6e18873a5", + "location": { + "path": "/usr/share/zoneinfo/Asia/Jakarta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 383 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "be35b8895cd70cc9c5744d30260e82f0421a9337" + }, + { + "algorithm": "sha256", + "value": "4ef13306f4b37f314274eb0c019d10811f79240e717f790064e361cb98045d11" + } + ] + }, + { + "id": "3ebb04112fa6864c", + "location": { + "path": "/usr/share/zoneinfo/Asia/Jayapura", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 221 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "70cd707f6e144cf0cb40af01a70b9c4739208e48" + }, + { + "algorithm": "sha256", + "value": "8a1cd477e2fc1d456a1be35ad743323c4f986308d5163fb17abaa34cde04259b" + } + ] + }, + { + "id": "77dec77de21ce078", + "location": { + "path": "/usr/share/zoneinfo/Asia/Jerusalem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2388 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "89e42d27cfb78255ae18ee02f5a4c8e3ba57dde0" + }, + { + "algorithm": "sha256", + "value": "254b964265b94e16b4a498f0eb543968dec25f4cf80fba29b3d38e4a775ae837" + } + ] + }, + { + "id": "2f19b94e364a70a5", + "location": { + "path": "/usr/share/zoneinfo/Asia/Kabul", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 208 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b2379e605267b8766f9e34d322a5e3a657df7113" + }, + { + "algorithm": "sha256", + "value": "89a97b4afc1e1d34170e5efd3275e6e901ed8b0da2ed9b757b9bab2d753c4aaf" + } + ] + }, + { + "id": "af2692a760bcc3d7", + "location": { + "path": "/usr/share/zoneinfo/Asia/Kamchatka", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1166 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9902b94b8a6fbc3d4533f43d9be5cdb6302693ce" + }, + { + "algorithm": "sha256", + "value": "a4103445bca72932ac30299fda124c67f8605543de9a6b3e55c78c309ed00bae" + } + ] + }, + { + "id": "56962c5b00032699", + "location": { + "path": "/usr/share/zoneinfo/Asia/Karachi", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 379 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a4c69f1551a0a9bdd8d1817c547bd18218b570a3" + }, + { + "algorithm": "sha256", + "value": "881fa658c4d75327c1c00919773f3f526130d31b20c48b9bf8a348eda9338649" + } + ] + }, + { + "id": "1e4ac086c3c7f220", + "location": { + "path": "/usr/share/zoneinfo/Asia/Kashgar", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 165 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c4fba0cb8c5f2ef8232782883fca5e7af1b1fdb2" + }, + { + "algorithm": "sha256", + "value": "0045c32793f140e85e3d9670d50665f7c9a80cd6be6d6dc8dd654d4191c13d80" + } + ] + }, + { + "id": "2137faa0e906ad55", + "location": { + "path": "/usr/share/zoneinfo/Asia/Kathmandu", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 212 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "454f1d251f8a9cd2c1559897f6b38a53fdbfe249" + }, + { + "algorithm": "sha256", + "value": "4d4796eeb0d289f3934ac371be8f628086197c621311951ffb4123825c910d6b" + } + ] + }, + { + "id": "3dd26d3784448dae", + "location": { + "path": "/usr/share/zoneinfo/Asia/Khandyga", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1271 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7ddab9699af73544e5b52a7477e0c5532216c59a" + }, + { + "algorithm": "sha256", + "value": "5d8cc4dadb04e526b2f698347070d090413d693bb2da988548b006c7f77e7663" + } + ] + }, + { + "id": "f8e012ae6fbc2748", + "location": { + "path": "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1207 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ec3786f8744bad78bbfc370674ad33ccba5d4080" + }, + { + "algorithm": "sha256", + "value": "9f3470e0f2360222bf19ef39e1bf14ed3483c342c6432ddc6b962e38e5365f02" + } + ] + }, + { + "id": "7cd97aee09ee2a47", + "location": { + "path": "/usr/share/zoneinfo/Asia/Kuala_Lumpur", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 415 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "429a0689e9ed127265705febf2c9aa5f47ac3547" + }, + { + "algorithm": "sha256", + "value": "739e349e40a3e820c222f70c4c9d55810b65987ffb14e494d08b145ed3445711" + } + ] + }, + { + "id": "7d447b2ce9446c96", + "location": { + "path": "/usr/share/zoneinfo/Asia/Macao", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1227 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bbd377edbc12abe7cd74edc80086dd21bb34a6ca" + }, + { + "algorithm": "sha256", + "value": "32f02447246cac0dabd39d88b65c85e5b8761617918c8d233f0834b88887d989" + } + ] + }, + { + "id": "3c1f0c7b44068f06", + "location": { + "path": "/usr/share/zoneinfo/Asia/Magadan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1222 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "34134a81b737efcc82e3be92b2d222319b36f510" + }, + { + "algorithm": "sha256", + "value": "72ac23290b7c4e5ce7335c360decc066ecf512378e7cbc4f792635f62f7391f4" + } + ] + }, + { + "id": "f1dd28afef6d6466", + "location": { + "path": "/usr/share/zoneinfo/Asia/Makassar", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 254 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2d411fa607c974fe3d77ee18612a21717d226b5e" + }, + { + "algorithm": "sha256", + "value": "3a126d0aa493114faee67d28a4154ee41bbec10cdc60fcbd4bfe9a02125780ec" + } + ] + }, + { + "id": "18a968f29e5740c6", + "location": { + "path": "/usr/share/zoneinfo/Asia/Manila", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 422 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d1cabdadc66cf3536c77a812baa074080b2140ca" + }, + { + "algorithm": "sha256", + "value": "f314d21c542e615756dd385d36a896cd57ba16fef983fe6b4d061444bbf1ac9e" + } + ] + }, + { + "id": "99b2bdbf14ff57d8", + "location": { + "path": "/usr/share/zoneinfo/Asia/Nicosia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2002 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "642099c037f5f40aa6152f7590e3cee90b7ae64a" + }, + { + "algorithm": "sha256", + "value": "d149e6d08153ec7c86790ec5def4daffe9257f2b0282bba5a853ba043d699595" + } + ] + }, + { + "id": "371e66a63ad5cb5d", + "location": { + "path": "/usr/share/zoneinfo/Asia/Novokuznetsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1165 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "52b0a7aff4332d6481b146155abbe90912bc1aaf" + }, + { + "algorithm": "sha256", + "value": "bd019ca8a766626583765ef740f65373269d9e8a5ed513c9e2806065e950bbdd" + } + ] + }, + { + "id": "b1a17607f30e3edf", + "location": { + "path": "/usr/share/zoneinfo/Asia/Novosibirsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1221 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "823fbd64d76bfdcb6e3b0206b731fe407a6a188d" + }, + { + "algorithm": "sha256", + "value": "0292f7b36d075f6788027a34dc709ad915dd94ba2d55bf49be7665ed6d6c334d" + } + ] + }, + { + "id": "aa8af4fed1af33d2", + "location": { + "path": "/usr/share/zoneinfo/Asia/Omsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1207 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cb67208994f35a825847c36964546c8b8d1ad243" + }, + { + "algorithm": "sha256", + "value": "c316c47ac7deedd24e90d3df7ea4f04fac2e4d249333a13d7f4b85300cb33023" + } + ] + }, + { + "id": "9621ef6c92b03c21", + "location": { + "path": "/usr/share/zoneinfo/Asia/Oral", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1005 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "deec78c1cebcbd9efb7c57486ca0344e5f8f1fb3" + }, + { + "algorithm": "sha256", + "value": "88c8ea0f82ef0e0cb1375e6fec2ab211d043c8115a3a50a1c17d701f3d898954" + } + ] + }, + { + "id": "132a3666861a86da", + "location": { + "path": "/usr/share/zoneinfo/Asia/Pontianak", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 353 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ce2c32e874ec64696f76be4439aad95cc7e3c4e7" + }, + { + "algorithm": "sha256", + "value": "8a7397c2e2ad8cabf5cff7a588f65222a8d2b7ac21b6ec613de1b56298d4fc14" + } + ] + }, + { + "id": "398efbbacb77ff35", + "location": { + "path": "/usr/share/zoneinfo/Asia/Pyongyang", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 237 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "99b004e8e97b94265617932951e7227b635ced64" + }, + { + "algorithm": "sha256", + "value": "ffe8371a70c0b5f0d7e17024b571fd8c5a2e2d40e63a8be78e839fbd1a540ec1" + } + ] + }, + { + "id": "a0e0fb0ab31ce0e1", + "location": { + "path": "/usr/share/zoneinfo/Asia/Qostanay", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1039 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f7e8708a8ae86992953f273773b65d1e36e4afe4" + }, + { + "algorithm": "sha256", + "value": "f76633d7074fa667abc02f50d5685c95e2023102c3c1c68d8550ae36c09e77b5" + } + ] + }, + { + "id": "57ebb2104f6050b6", + "location": { + "path": "/usr/share/zoneinfo/Asia/Qyzylorda", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1025 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "001a7c9f9de8d7edab286c756c0d0c03e90fad88" + }, + { + "algorithm": "sha256", + "value": "6a2491c70a146d0f930477f6c1cc9a3a141bf3a8f78d0a57c1c41a48f9c0b705" + } + ] + }, + { + "id": "64ec135af71c4d24", + "location": { + "path": "/usr/share/zoneinfo/Asia/Rangoon", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 268 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b800894b13386d65d24df73322e82ee622f843de" + }, + { + "algorithm": "sha256", + "value": "647b97f97547afc746263acf439716edbf23414bf78a1c9df95ccde78e6694c0" + } + ] + }, + { + "id": "722044944ad58575", + "location": { + "path": "/usr/share/zoneinfo/Asia/Sakhalin", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1202 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ebaa95b0bf93239c1ccf8f96856b86dc58afe726" + }, + { + "algorithm": "sha256", + "value": "f7901d3f03a049ed20f70771ebb90a2c36e3bd8dc5b697950680166c955ca34c" + } + ] + }, + { + "id": "9c5a7e6750b42fe2", + "location": { + "path": "/usr/share/zoneinfo/Asia/Samarkand", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 577 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7bbf5c916ddd50548e8e5ed0324c59dc1fe9a693" + }, + { + "algorithm": "sha256", + "value": "0417ba1a0fca95242e4b9840cafbe165698295c2c96858e708d182dfdd471d03" + } + ] + }, + { + "id": "27b7ebcc965ed969", + "location": { + "path": "/usr/share/zoneinfo/Asia/Seoul", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 617 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "53c1223d1f4dec149d0cadd6d488672619abf0d6" + }, + { + "algorithm": "sha256", + "value": "2c8f4bb15dd77090b497e2a841ff3323ecbbae4f9dbb9edead2f8dd8fb5d8bb4" + } + ] + }, + { + "id": "8c8ab4bea52abb5b", + "location": { + "path": "/usr/share/zoneinfo/Asia/Srednekolymsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1208 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e860fc369629019ed59b45f5fed235cc6ea8dfb2" + }, + { + "algorithm": "sha256", + "value": "d039655bcab95605c4315e5cfe72c912566c3696aebcd84d00242972076a125d" + } + ] + }, + { + "id": "07dd2930e1b6b74f", + "location": { + "path": "/usr/share/zoneinfo/Asia/Taipei", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 761 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "515e1ab82b216406f364cf666dae998e4b8dc6f8" + }, + { + "algorithm": "sha256", + "value": "0cc990c0ea4faa5db9b9edcd7fcbc028a4f87a6d3a0f567dac76cb222b718b19" + } + ] + }, + { + "id": "179ea1c3ef1bc59c", + "location": { + "path": "/usr/share/zoneinfo/Asia/Tashkent", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 591 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bbc8a292471ac05d8774b14bcb177ab7fd7f7398" + }, + { + "algorithm": "sha256", + "value": "2d2fb24f1874bf5be626843d23a7d8f8811193bba43e6a2f571d94b7ff9bf888" + } + ] + }, + { + "id": "2d4abebbc2b2bf97", + "location": { + "path": "/usr/share/zoneinfo/Asia/Tbilisi", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1035 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7cb93f7abf7171eb40186248ecc885b541836e74" + }, + { + "algorithm": "sha256", + "value": "c3a50dc60ca7e015554c5e56900b71a3fbbb9e7218dba99a90a4399d18227ddb" + } + ] + }, + { + "id": "61c77f2293826510", + "location": { + "path": "/usr/share/zoneinfo/Asia/Tehran", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1262 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a7cb8bf300b3177e2506a838f7fd218880350e57" + }, + { + "algorithm": "sha256", + "value": "a996eb28d87f8c73af608beada143b344fc2e9c297d84da7915d731ba97566b4" + } + ] + }, + { + "id": "9da0d06e1fcead8c", + "location": { + "path": "/usr/share/zoneinfo/Asia/Thimbu", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 203 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "16dc4bbfe2b3668b9b737033f4ecb2a9c1ee7e6a" + }, + { + "algorithm": "sha256", + "value": "ba26bca2be5db4393155466b70bc248db4f3f42ed984bab44f88e513862fbaf4" + } + ] + }, + { + "id": "66ccf3fa33e02a87", + "location": { + "path": "/usr/share/zoneinfo/Asia/Tokyo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 309 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "41852e7fc829ff3ace521bc3ebc60b6e43b56da6" + }, + { + "algorithm": "sha256", + "value": "a02b9e66044dc5c35c5f76467627fdcba4aee1cc958606b85c777095cad82ceb" + } + ] + }, + { + "id": "ecf9f03cf839599b", + "location": { + "path": "/usr/share/zoneinfo/Asia/Tomsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1221 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5e7464939be7db8572e95aea8381f94bca70f91d" + }, + { + "algorithm": "sha256", + "value": "efb6207492f111344a8d08e76871dfe78c4102a372c130f0410999e6fe80ab6f" + } + ] + }, + { + "id": "45e7be0fc4d7ce7b", + "location": { + "path": "/usr/share/zoneinfo/Asia/Ust-Nera", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1252 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0040f6ac898a101ca796115d646c4825833c0290" + }, + { + "algorithm": "sha256", + "value": "2406614403dd6ce2fd00bf961ce2fc6998f1759c4b9860cd046302c3d4cab51f" + } + ] + }, + { + "id": "e32f01816e708557", + "location": { + "path": "/usr/share/zoneinfo/Asia/Vladivostok", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1208 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7480790ddac173ba580e52d0f8754eeacbff02b6" + }, + { + "algorithm": "sha256", + "value": "5a892182d8f69f0523f7dda1ed2c9f07f7d134700a7cf37386c7ffa19a629bc7" + } + ] + }, + { + "id": "b3b0e2f90433506e", + "location": { + "path": "/usr/share/zoneinfo/Asia/Yakutsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1207 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "79d6a645076e873ce22c53a10b3de9e27df7b2fe" + }, + { + "algorithm": "sha256", + "value": "455088979d84bccae9d911b6860d9c8c34abf5086cb1c6804fe355f35c70ef37" + } + ] + }, + { + "id": "af2f85e92c305a99", + "location": { + "path": "/usr/share/zoneinfo/Asia/Yekaterinburg", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1243 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "16f2954e67502e5e98391383ab4712700e456ee8" + }, + { + "algorithm": "sha256", + "value": "37355cd8388f7b2c3415d307c123d0245f64dedbd676dac44d988de7ca72c4b9" + } + ] + }, + { + "id": "6da615580f542f67", + "location": { + "path": "/usr/share/zoneinfo/Asia/Yerevan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1151 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f10e1a31e38b267009bed042efd8a54c7b2043a2" + }, + { + "algorithm": "sha256", + "value": "934587b56416fdc0428dc12ff273f4d5c54f79354395fd7c950d3fbba7229f5a" + } + ] + }, + { + "id": "1a84896fd2eb9d3e", + "location": { + "path": "/usr/share/zoneinfo/Atlantic/Azores", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3456 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "088e1a1365d0e0c8091f595e30e1791b5f468313" + }, + { + "algorithm": "sha256", + "value": "5daae581a2cbfa4926b50ac964e31f453141d0d3803ca4a4eea06a993d53c76f" + } + ] + }, + { + "id": "20b7ddeebb4a8e6b", + "location": { + "path": "/usr/share/zoneinfo/Atlantic/Bermuda", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2396 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "44e7011574ab916094cc410221bcff4960831155" + }, + { + "algorithm": "sha256", + "value": "2cd18a7ccb2762fc089a34f2cd7acb84c3871c3bbba88ebb45b60d2afbc8d792" + } + ] + }, + { + "id": "b4f91d8034801ec4", + "location": { + "path": "/usr/share/zoneinfo/Atlantic/Canary", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1897 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "395c4e66b52d9181e31450d07b5365a10ec26aa3" + }, + { + "algorithm": "sha256", + "value": "ca62bdb9faa986f3630cade1ce290de067e4711dd07820623cac9573a16395b0" + } + ] + }, + { + "id": "4f2072b67274b92c", + "location": { + "path": "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 270 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "897189e0cda96bfb3248ee7f48706fe94d687fc1" + }, + { + "algorithm": "sha256", + "value": "11242f13775e308fa5c7d986d3224b12c157e4a465fbb73a803e4eda1d199bd4" + } + ] + }, + { + "id": "0e1e1c595cca2f74", + "location": { + "path": "/usr/share/zoneinfo/Atlantic/Faeroe", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1815 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dd6b1178a2066e496edfcd2426d44ea5dd23a3d8" + }, + { + "algorithm": "sha256", + "value": "3626dd64f66d6a99d847f9b22199cc753692286b0e04682e8e3d3f4f636f033b" + } + ] + }, + { + "id": "9f207aa74c31f0b8", + "location": { + "path": "/usr/share/zoneinfo/Atlantic/Madeira", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3377 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e8dce3b2d2a4db52d0b3d19afd01d5b5473cd179" + }, + { + "algorithm": "sha256", + "value": "4cac333702082b0d818dede51b57dde86e68f3e2fcb6d897a20d5b844ecdcc46" + } + ] + }, + { + "id": "fb61b3c1d01776f4", + "location": { + "path": "/usr/share/zoneinfo/Atlantic/South_Georgia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 164 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b2acac8196001a9458b5e6c6921d781df3290d78" + }, + { + "algorithm": "sha256", + "value": "419ef67d12a9e8a82fcbb0dfc871a1b753159f31a048fba32d07785cc8cdaeb7" + } + ] + }, + { + "id": "41c24463c1caeb9c", + "location": { + "path": "/usr/share/zoneinfo/Atlantic/Stanley", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1214 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f612730123deabdd609145696adeea2ea26f499f" + }, + { + "algorithm": "sha256", + "value": "7b128c2f0f8ff79db04b5153c558e7514d66903d8ebca503c2d0edf081a07fcc" + } + ] + }, + { + "id": "dd7c01fb057a54fc", + "location": { + "path": "/usr/share/zoneinfo/Australia/ACT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2190 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ca9f55088c536a5cb6993b1a5fe361c0617bc4fd" + }, + { + "algorithm": "sha256", + "value": "42c3857585b16db2f8ffd47ba19faa60f473340de8d4fe9320ea7be861605906" + } + ] + }, + { + "id": "07a3a3a51a8e3f6c", + "location": { + "path": "/usr/share/zoneinfo/Australia/Adelaide", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2208 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "91e31f0fe53950a7e8ac0bd66964069d4d7dabe9" + }, + { + "algorithm": "sha256", + "value": "95dd846f153be6856098f7bbd37cfe23a6aa2e0d0a9afeb665c086ce44f9476d" + } + ] + }, + { + "id": "3090009812f92579", + "location": { + "path": "/usr/share/zoneinfo/Australia/Brisbane", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 419 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d1cae3c294b3bc9e1d4a1e1e5457f63abb6b554e" + }, + { + "algorithm": "sha256", + "value": "796e90cf37b6b74faca5e2669afb7524ccdb91269d20a744f385c773b254b467" + } + ] + }, + { + "id": "4195cb7a999e6f5f", + "location": { + "path": "/usr/share/zoneinfo/Australia/Broken_Hill", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2229 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7f8d2d9322173a3390737371410592ecbcb9e858" + }, + { + "algorithm": "sha256", + "value": "de4ff79634ef4b91927e8ed787ac3bd54811dda03060f06c9c227e9a51180aa4" + } + ] + }, + { + "id": "38955202e36be11d", + "location": { + "path": "/usr/share/zoneinfo/Australia/Currie", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2358 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "db8884f4beb55ae0c292403cdb8ffc47c18effcd" + }, + { + "algorithm": "sha256", + "value": "18b412ce021fb16c4ebe628eae1a5fa1f5aa20d41fea1dfa358cb799caba81c8" + } + ] + }, + { + "id": "2262e80d8459d76e", + "location": { + "path": "/usr/share/zoneinfo/Australia/Darwin", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 325 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fa21b92f3596419128a660acccf2f1cf6aa66ab0" + }, + { + "algorithm": "sha256", + "value": "7e7d08661216f7c1409f32e283efc606d5b92c0e788da8dd79e533838b421afa" + } + ] + }, + { + "id": "180c377ec849fba4", + "location": { + "path": "/usr/share/zoneinfo/Australia/Eucla", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 470 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "abf9ae83cf5720d60dfc849f06ea666b6e6c1a0f" + }, + { + "algorithm": "sha256", + "value": "2f112e156c8cb1efdc00b56d4560a47fab08204935de34382575bc9366a049df" + } + ] + }, + { + "id": "dbc117de4035649c", + "location": { + "path": "/usr/share/zoneinfo/Australia/LHI", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1860 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2304257244b530bcd036aae724f99aff416198f8" + }, + { + "algorithm": "sha256", + "value": "2ee7f42f1fe2247ba1de465de0bc518dfdfab4b179fb05b650531534a353ee08" + } + ] + }, + { + "id": "ce26ee87860739cc", + "location": { + "path": "/usr/share/zoneinfo/Australia/Lindeman", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 475 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8ac554523fc5300e535323ce58e46f8adb72c2e5" + }, + { + "algorithm": "sha256", + "value": "c4ce94771db6a0b3682d1d58ec64211ce628bfc9f0df140daa073f35543624ae" + } + ] + }, + { + "id": "1514165139b117f0", + "location": { + "path": "/usr/share/zoneinfo/Australia/Melbourne", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2190 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d6f744692e6c8b73de1eef051814f00e0d159e6a" + }, + { + "algorithm": "sha256", + "value": "96fc7f31072e9cc73abb6b2622b97c5f8dbb6cbb17be3920a4249d8d80933413" + } + ] + }, + { + "id": "d21755e322b75c3f", + "location": { + "path": "/usr/share/zoneinfo/Australia/Perth", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 446 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bb00a26c7ab0df1054fa1c4a71f0bd836a9be5f8" + }, + { + "algorithm": "sha256", + "value": "025d4339487853fa1f3144127959734b20f7c7b4948cff5d72149a0541a67968" + } + ] + }, + { + "id": "781ba5c6912c8771", + "location": { + "path": "/usr/share/zoneinfo/CET", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2933 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d90f3247c4716c2e1068d5ad9c88ca2091bec4e8" + }, + { + "algorithm": "sha256", + "value": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + } + ] + }, + { + "id": "62d6b89873f37a68", + "location": { + "path": "/usr/share/zoneinfo/Chile/EasterIsland", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2233 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "17b3f0bf160601c93bdda3e7a0b834ecc1e06f20" + }, + { + "algorithm": "sha256", + "value": "64eefdb1ed60766dd954d0fdaf98b5162ad501313612ce55f61fdd506b0788d3" + } + ] + }, + { + "id": "5ed840c9cb2b6f34", + "location": { + "path": "/usr/share/zoneinfo/EET", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2262 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fd241e817c1f999471c30d301238211a16f95866" + }, + { + "algorithm": "sha256", + "value": "5c363e14151d751c901cdf06c502d9e1ac23b8e956973954763bfb39d5c53730" + } + ] + }, + { + "id": "ffd566d34fc1d2f9", + "location": { + "path": "/usr/share/zoneinfo/Eire", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3490 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dbd27ca1fc5b5d8b864c48e92bb42dc49a8f442b" + }, + { + "algorithm": "sha256", + "value": "75b0b9a6bad4fb50a098ebfffb8afdf1f0ffe6a9908fdd3d108f7148b647c889" + } + ] + }, + { + "id": "971b147bcac60dc4", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 114 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2a8483df5c2809f1dfe0c595102c474874338379" + }, + { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + } + ] + }, + { + "id": "99ada4e07c31c653", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT+1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "694bd47ee2b5d93fd043dd144c5dce214e163dd8" + }, + { + "algorithm": "sha256", + "value": "d50ce5d97f6b43f45711fd75c87d3dc10642affa61e947453fb134caef6cf884" + } + ] + }, + { + "id": "badb4b2cb912dd47", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT+10", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "df25f8ee32cd9ac7f9d3fdafb6ccc897e0675a5c" + }, + { + "algorithm": "sha256", + "value": "244432432425902d28e994dd7958d984220e87a70ae5317b1f4d0f925b3eb142" + } + ] + }, + { + "id": "ce9e052bb4f505ea", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT+11", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "326fa090be74ccc8e561a72ff2833a9a80460977" + }, + { + "algorithm": "sha256", + "value": "b56bdcbd830509a13ad27255bc3aeba2feecb49becd4a4183b2ae1977773714b" + } + ] + }, + { + "id": "5871dfbf7874cae3", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT+12", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9813523e1f092d2f0c0cd3e5f13e2738a51cb350" + }, + { + "algorithm": "sha256", + "value": "6fbd0712112babc2099aaf31edc399cb8791fffddfab9b871e98ef3c1107a8c0" + } + ] + }, + { + "id": "b2e4e38ed8791f04", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT+2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e3c40ede5206526dd50a7f8d710afad3da46c12e" + }, + { + "algorithm": "sha256", + "value": "4fa129e7386c94129b61a10215407a8142a1de24d93f23285b59238689f1ad4a" + } + ] + }, + { + "id": "9583da24d1cf6bdb", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT+3", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8f68d2cb81ec1c386f80f820d6aaf54b7444f5cd" + }, + { + "algorithm": "sha256", + "value": "406a18ac4d386d427e3b32f7eddb763194f917158d2e92433d55e025bb2d6190" + } + ] + }, + { + "id": "7e295ef0c947ca85", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT+4", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "32cfcd637174d91744d7dff4744e199750faf9d1" + }, + { + "algorithm": "sha256", + "value": "456ae43648bec15ed7f9ca1ed15bee7c17ba2eb595a643c98226b94106049c1a" + } + ] + }, + { + "id": "38c93329f777744a", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT+5", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cef7ce7bf61e746cc1ae39bbab9112bf1dfdc455" + }, + { + "algorithm": "sha256", + "value": "a1199e0b8d5d8185d3fb3cf264844a5cdf48bdd2f60dae674eec261b6fe9ac80" + } + ] + }, + { + "id": "4312a77b0dee8bd3", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT+6", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "750271da92432a39887c376cd346144d785d4445" + }, + { + "algorithm": "sha256", + "value": "77a7409f089e8f2148da7ec0cc59455b4685013eb360d123048106d2ebb4b1b4" + } + ] + }, + { + "id": "9168bad0b03ce195", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT+7", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6ca6def25e8ec04a636003be3f3642e9b165b5f0" + }, + { + "algorithm": "sha256", + "value": "4ea8d86f3774607a71d708ac160d3c275f704e983aced24b2e89e0658fe5a33b" + } + ] + }, + { + "id": "59bc2fa9b50cd094", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT+8", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5c83913964f148a5e9d5add7eb511586880f4373" + }, + { + "algorithm": "sha256", + "value": "b61ffc6c832662044f09eb01adb981851af48d03bbc2177bd0b898f477f02729" + } + ] + }, + { + "id": "226ab5fdc7401d2f", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT+9", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fefc384f96a7e856e72e7d723eb2638cb3e7d469" + }, + { + "algorithm": "sha256", + "value": "42ae44ea2512ec9309232993ed8a2a948f0cb6ab55cb49abf6deb3585b5673d6" + } + ] + }, + { + "id": "36c654c8c660a279", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT-1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0ab7ceaed57872977f2162ead3e08b3a2984757c" + }, + { + "algorithm": "sha256", + "value": "ef7175794f2e01018fde6728076abdf428df31a9c61479377de7e58e9f69602e" + } + ] + }, + { + "id": "a0fa56c69164af96", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT-10", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 118 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4081769004bdca6d05daa595d53c5e64e9da7dfd" + }, + { + "algorithm": "sha256", + "value": "7ca5963702c13a9d4e90a8ed735c3d2c85c94759934c3f8976f61f951cb522b5" + } + ] + }, + { + "id": "5786305fa98ec735", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT-11", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 118 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "268a542f171d142870c273ea63d2b297e9132424" + }, + { + "algorithm": "sha256", + "value": "0f64bbf67ea9b1af6df7fdaf8f9c08ac5a471f63892dc08a3fabedc3315920d6" + } + ] + }, + { + "id": "645ebfede035aaea", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT-12", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 118 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7a7f58e042a671281dbf35baa7db93fc4661a80b" + }, + { + "algorithm": "sha256", + "value": "99ee15ea599623c812afc1fb378d56003d04c30d5a9e1fc4177e10afd5284a72" + } + ] + }, + { + "id": "4ae492f507985141", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT-13", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 118 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9f692f0a177436496fa8381438ee7ed1f9ae3f1a" + }, + { + "algorithm": "sha256", + "value": "c5b99b1b505003a0e5a5afe2530106c89c56e1adedea599ac1d3ca004f2f6d1f" + } + ] + }, + { + "id": "28b506d95f98eff8", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT-14", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 118 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f073c38db02ac6096f4f32948eda1574a34d9d0b" + }, + { + "algorithm": "sha256", + "value": "3e95e8444061d36a85a6fc55323da957d200cd242f044ed73ef9cdf6a499f8a7" + } + ] + }, + { + "id": "4eb3fe00ba14e9c4", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT-2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "44c80b54e02666339300ec84db1f6f5566b5ba92" + }, + { + "algorithm": "sha256", + "value": "bdeea158b75eba22e1a9a81a58ba8c0fa1cdc9b4b57214708ee75f4d9d9b6011" + } + ] + }, + { + "id": "91327d43c35f78a6", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT-3", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3de0e41581d474c91db326d9e755fe1b11172983" + }, + { + "algorithm": "sha256", + "value": "37bee320b6a7b8b0d590bb1dba35d94aef9db078b0379308a7087b7cc5227eca" + } + ] + }, + { + "id": "049b90f71d2fe7e8", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT-4", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b81f76f5a16830f56841502d65c3d271a0d94ee4" + }, + { + "algorithm": "sha256", + "value": "2d2928e5f547a8f979cdfc231aa91b31afce167beda53ea8ff8c58c4dcfd9f9a" + } + ] + }, + { + "id": "90d2820f5da684dd", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT-5", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4978924cbee929c87b2726c9d9b4d2d5d7590da6" + }, + { + "algorithm": "sha256", + "value": "b8b69247931bd7c1d14ec000e52bde63d3c027dedd3bc433216a8d5dedf065be" + } + ] + }, + { + "id": "fbb68aefc6ca041b", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT-6", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "773e9072d36b0f3dca58dc5de24b9947f3fefdeb" + }, + { + "algorithm": "sha256", + "value": "25237e454029849e747e922fedc602eae9ebb6bcfd4b55a66bea620c79467bb7" + } + ] + }, + { + "id": "8822a65fabe47778", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT-7", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6c3c180b690aee6c0320e6703f2f781618c4221e" + }, + { + "algorithm": "sha256", + "value": "bd500e17cc54f53f444a7c3af1cd12157a5cbe4a28a5a8b04d1d336de7c71d25" + } + ] + }, + { + "id": "51bd19b360dbd27e", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT-8", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "280e22a595351b1fa0fdc3b3a3deed4e4840e31a" + }, + { + "algorithm": "sha256", + "value": "4bbc4541b14ca620d9cb8bf92f80fd7c2ae3448cf3a0b0b9a7c49edb7c62eeeb" + } + ] + }, + { + "id": "0bf6c8d5e79525f9", + "location": { + "path": "/usr/share/zoneinfo/Etc/GMT-9", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f62a1c06f8a901efa933208ae9501c9a2f78a269" + }, + { + "algorithm": "sha256", + "value": "239bc736650af98ca0fd2d6c905378e15195cc1824b6316055088320a3b868c2" + } + ] + }, + { + "id": "3289702b1d71d398", + "location": { + "path": "/usr/share/zoneinfo/Etc/UCT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 114 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d0b8991654116e9395714102c41d858c1454b3bd" + }, + { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + } + ] + }, + { + "id": "c1243c1120ba7c56", + "location": { + "path": "/usr/share/zoneinfo/Europe/Andorra", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1742 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4fbea0614a049786c42ba65ea8bea4b12a7a6ef3" + }, + { + "algorithm": "sha256", + "value": "8130798c2426bc8c372498b5fef01c398ba1b733c147a457531f60555ea9eae8" + } + ] + }, + { + "id": "4ea56c2152db1aaf", + "location": { + "path": "/usr/share/zoneinfo/Europe/Astrakhan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1165 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6bdbac46bf6de697e0cb750be284973b05035877" + }, + { + "algorithm": "sha256", + "value": "cb0b732fdd8a55fa326ce980844f5e1ea98c72f2599b96f48ece460dd5882444" + } + ] + }, + { + "id": "006b1ef26c19fa86", + "location": { + "path": "/usr/share/zoneinfo/Europe/Belfast", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1beba7108ea93c7111dabc9d7f4e4bfdea383992" + }, + { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + } + ] + }, + { + "id": "5c6bfcdbc4578b60", + "location": { + "path": "/usr/share/zoneinfo/Europe/Belgrade", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1920 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "961a2223fd1573ab344930109fbd905336175c5f" + }, + { + "algorithm": "sha256", + "value": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + } + ] + }, + { + "id": "dd8aa6a155f509af", + "location": { + "path": "/usr/share/zoneinfo/Europe/Bratislava", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2301 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "396eb952fc9ee942964181ca4e5a2dcdb5e92901" + }, + { + "algorithm": "sha256", + "value": "fadd1d112954ec192506fb9421d7a22a80764fe4ae7b2eb116290437fec33167" + } + ] + }, + { + "id": "e1ede9996d1494c2", + "location": { + "path": "/usr/share/zoneinfo/Europe/Bucharest", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2184 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7176e5201942e3b2db81c853b0215abc86fd0ae7" + }, + { + "algorithm": "sha256", + "value": "9df83af9b5360fa0cc1166fd10c2014799319cdb1b0d2c7450a7c71ff673a857" + } + ] + }, + { + "id": "eba681381951981d", + "location": { + "path": "/usr/share/zoneinfo/Europe/Budapest", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2368 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "91adb207dce9a1bfffd91c527c87591862b5befa" + }, + { + "algorithm": "sha256", + "value": "94dc2ac5672206fc3d7a2f35550c082876c2fd90c98e980753a1c5838c025246" + } + ] + }, + { + "id": "a0e66e6c4fdddb35", + "location": { + "path": "/usr/share/zoneinfo/Europe/Busingen", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1909 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "782d7d6812933a263ebfff012a0120d480071b1b" + }, + { + "algorithm": "sha256", + "value": "2b9418ed48e3d9551c84a4786e185bd2181d009866c040fbd729170d038629ef" + } + ] + }, + { + "id": "a040004dfdfc4b8f", + "location": { + "path": "/usr/share/zoneinfo/Europe/Chisinau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2390 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3c7ec1a8e357d2bbaead94d299dbe16db67b43ba" + }, + { + "algorithm": "sha256", + "value": "a7527faea144d77a4bf1ca4146b1057beb5e088f1fd1f28ae2e4d4cbfe1d885e" + } + ] + }, + { + "id": "67a4fe6b7b5e0b6a", + "location": { + "path": "/usr/share/zoneinfo/Europe/Gibraltar", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3068 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "122f8383ab55c80eb33fe83cb2c8e870104260ee" + }, + { + "algorithm": "sha256", + "value": "6bced6a5a065bf123880053d3a940e90df155096e2ad55987fe55f14b4c8a12e" + } + ] + }, + { + "id": "dda9eee877f7aecc", + "location": { + "path": "/usr/share/zoneinfo/Europe/Helsinki", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1900 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3f01ceaf46492fcbd8753bc6cff72ca73df6d1f1" + }, + { + "algorithm": "sha256", + "value": "184901ecbb158667a0b7b62eb9685e083bc3182edbecdc3d6d3743192f6a9097" + } + ] + }, + { + "id": "38303342a053167e", + "location": { + "path": "/usr/share/zoneinfo/Europe/Kaliningrad", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1493 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a02a78fd9fd74fa6cd9abe6546273519018d5030" + }, + { + "algorithm": "sha256", + "value": "b3b19749ed58bcc72cec089484735303a2389c03909ff2a6cff66a2583be2cc3" + } + ] + }, + { + "id": "108c1e7b2a68808d", + "location": { + "path": "/usr/share/zoneinfo/Europe/Kiev", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2120 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "946d9ae0ff7ee36e2d8809629da945ae868f4d65" + }, + { + "algorithm": "sha256", + "value": "fb0ae91bd8cfb882853f5360055be7c6c3117fd2ff879cf727a4378e3d40c0d3" + } + ] + }, + { + "id": "23c601af39604c0a", + "location": { + "path": "/usr/share/zoneinfo/Europe/Kirov", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1185 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "22357ac98d315c82d585badfb9afe934a709f107" + }, + { + "algorithm": "sha256", + "value": "3fb4f665fe44a3aa382f80db83f05f8858d48138f47505e5af063e419d5e0559" + } + ] + }, + { + "id": "e5b5caa8f8fc650a", + "location": { + "path": "/usr/share/zoneinfo/Europe/Lisbon", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3527 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b9298daf385db9e18080b3d9f46be2c944714ec1" + }, + { + "algorithm": "sha256", + "value": "92b07cb24689226bf934308d1f1bd33c306aa4da610c52cd5bce25077960502c" + } + ] + }, + { + "id": "641ee0288cbb8df5", + "location": { + "path": "/usr/share/zoneinfo/Europe/Madrid", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2614 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "373ee9e3d0ba9edf1ebd6497d5f1ffb50a62984f" + }, + { + "algorithm": "sha256", + "value": "9a42d7d37ad6dedd2d9b328120f7bf9e852f6850c4af00baff964f659b161cea" + } + ] + }, + { + "id": "74fcc1b62422ba79", + "location": { + "path": "/usr/share/zoneinfo/Europe/Malta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2620 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "eede4ec7a48fc8ada059d1462e2c090eda8c6c91" + }, + { + "algorithm": "sha256", + "value": "12129c6cf2f8efbeb9b56022439edcbac68ad9368842a64282d268119b3751dd" + } + ] + }, + { + "id": "05042171f6eec703", + "location": { + "path": "/usr/share/zoneinfo/Europe/Minsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1321 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e36f1daec8979122825de4903770b79e0eabcd88" + }, + { + "algorithm": "sha256", + "value": "9a7f3acddacd5a92580df139d48cbd9f5f998b6a624f26fd10f692d80fae1894" + } + ] + }, + { + "id": "1ac852847005acbb", + "location": { + "path": "/usr/share/zoneinfo/Europe/Monaco", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2962 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f065dd54ad27c008caa5e96b7fec1e7859fcc003" + }, + { + "algorithm": "sha256", + "value": "ab77a1488a2dd4667a4f23072236e0d2845fe208405eec1b4834985629ba7af8" + } + ] + }, + { + "id": "2fcff6eb734c19f3", + "location": { + "path": "/usr/share/zoneinfo/Europe/Moscow", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1535 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d4d01723421789b2d2b54ffedee60283e94f5e65" + }, + { + "algorithm": "sha256", + "value": "2a69287d1723e93f0f876f0f242866f09569d77b91bde7fa4d9d06b8fcd4883c" + } + ] + }, + { + "id": "70dad2ef15073618", + "location": { + "path": "/usr/share/zoneinfo/Europe/Riga", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2198 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "799671bdcad326eb5707eb620342c69bac5e6580" + }, + { + "algorithm": "sha256", + "value": "849dbfd26d6d696f48b80fa13323f99fe597ed83ab47485e2accc98609634569" + } + ] + }, + { + "id": "ca432ae695acaa61", + "location": { + "path": "/usr/share/zoneinfo/Europe/Rome", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2641 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2ef35f507ab176828a5c751f702144ede463e385" + }, + { + "algorithm": "sha256", + "value": "d5ade82cc4a232949b87d43157c84b2c355b66a6ac87cf6250ed6ead80b5018f" + } + ] + }, + { + "id": "8a0f58a73f65f6b8", + "location": { + "path": "/usr/share/zoneinfo/Europe/Samara", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1215 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a8bab29224d52a19e5960c2c66557748fb55c4e5" + }, + { + "algorithm": "sha256", + "value": "cf68a79ea499f3f964132f1c23217d24cfc57e73b6b1665aa9e16a3a1f290fb3" + } + ] + }, + { + "id": "2b2e27e3c71746d4", + "location": { + "path": "/usr/share/zoneinfo/Europe/Saratov", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1183 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "916029e1ff74b86bd860098a43bacbac34677fb5" + }, + { + "algorithm": "sha256", + "value": "04c7a3e3d1e5406db80960a1e5538436b0778cfb893d270fb3346d6fb32b2772" + } + ] + }, + { + "id": "37dbd70f590af32f", + "location": { + "path": "/usr/share/zoneinfo/Europe/Simferopol", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1469 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f1773f7624c418081fb3ab76ac1a64ab60f2e9be" + }, + { + "algorithm": "sha256", + "value": "b7397bc5d355499a6b342ba5e181392d2a6847d268ba398eabc55b6c1f301e27" + } + ] + }, + { + "id": "201518c5bc694622", + "location": { + "path": "/usr/share/zoneinfo/Europe/Sofia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2077 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "541f61fa9ef15b102f8661b684ad9976bd81b929" + }, + { + "algorithm": "sha256", + "value": "84240a5df30dae7039c47370feecd38cacd5c38f81becab9a063b8c940afe6d6" + } + ] + }, + { + "id": "bc8d998b99a817ae", + "location": { + "path": "/usr/share/zoneinfo/Europe/Tallinn", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2148 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dff1b1743ddf6474e691fae0a6dab8ee93d81789" + }, + { + "algorithm": "sha256", + "value": "e1ae890b4688a4ccea215ecedf9ce81b42cb270910ab90285d9da2be489cebec" + } + ] + }, + { + "id": "d056db3910810802", + "location": { + "path": "/usr/share/zoneinfo/Europe/Tirane", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2084 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3b9be3df7968b0c46feed0a46349324179daaa84" + }, + { + "algorithm": "sha256", + "value": "ced959c824bd5825de556f2706e9f74f28b91d463412d15b8816c473582e72ec" + } + ] + }, + { + "id": "2eb274251cae73a6", + "location": { + "path": "/usr/share/zoneinfo/Europe/Ulyanovsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1267 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f5d943bf83a0dffa86018b8512df7179536fb4ae" + }, + { + "algorithm": "sha256", + "value": "9c5b207154e64e2885cc7b722434673bedc7e064407c079c79be9bda31472d44" + } + ] + }, + { + "id": "77b6dbb3b0b69bc1", + "location": { + "path": "/usr/share/zoneinfo/Europe/Vienna", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2200 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1da9833989405bd5ff21d58013704f9f00cefd7b" + }, + { + "algorithm": "sha256", + "value": "6662379000c4e9b9eb24471caa1ef75d7058dfa2f51b80e4a624d0226b4dad49" + } + ] + }, + { + "id": "14a8522223084a28", + "location": { + "path": "/usr/share/zoneinfo/Europe/Vilnius", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2162 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "88bfe2ba142bad0856984a813ac8b93939fd6b3e" + }, + { + "algorithm": "sha256", + "value": "505cd15f7a2b09307c77d23397124fcb9794036a013ee0aed54265fb60fb0b75" + } + ] + }, + { + "id": "09d951f943e65978", + "location": { + "path": "/usr/share/zoneinfo/Europe/Volgograd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1193 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a4deb32b25919c4fbeec94d043abbdcc27b45bd6" + }, + { + "algorithm": "sha256", + "value": "46016fb7b9b367e4ed20a2fd0551e6a0d64b21e2c8ba20dd5de635d20dbfbe4b" + } + ] + }, + { + "id": "bd9dbbf07eac4f97", + "location": { + "path": "/usr/share/zoneinfo/Europe/Warsaw", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2654 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "011e06118f3e209794b175332ffb109e2583e4f7" + }, + { + "algorithm": "sha256", + "value": "4e22c33db79517472480b54491a49e0da299f3072d7490ce97f1c4fd6779acab" + } + ] + }, + { + "id": "1146b88da7a69dde", + "location": { + "path": "/usr/share/zoneinfo/Factory", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d970812ef3dca71b59cc3dab08ba3391d4dd1418" + }, + { + "algorithm": "sha256", + "value": "6851652b1f771d7a09a05e124ae4e50fc719b4903e9dee682b301ae9e5f65789" + } + ] + }, + { + "id": "b6f45f1dbbc5ee47", + "location": { + "path": "/usr/share/zoneinfo/HST", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 329 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5d5313bee3a467f7b5311b263c7d38b52f182164" + }, + { + "algorithm": "sha256", + "value": "7f03d1bf5264e7ab023a2ef9b997ddfc8cb6936692407c770762b9c549523f33" + } + ] + }, + { + "id": "6a7104b310debc0d", + "location": { + "path": "/usr/share/zoneinfo/Indian/Chagos", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 199 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e56a740e0b4703426b63bf2ea71650a2ae0defda" + }, + { + "algorithm": "sha256", + "value": "db7076ea9c302b48315bb4cfefa1a5b7263e454fe8e911864ab17dde917b4b51" + } + ] + }, + { + "id": "e3cc6d32a56f65b7", + "location": { + "path": "/usr/share/zoneinfo/Indian/Kerguelen", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 199 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a77b20e17ce1c1f9c4767d1ddf03a67b0312ce6c" + }, + { + "algorithm": "sha256", + "value": "7544016eb9a8077a1d5ac32ddcad58527078e3b03a9e45b7691d5a1f374b17b3" + } + ] + }, + { + "id": "4156ca814b032d3f", + "location": { + "path": "/usr/share/zoneinfo/Indian/Mauritius", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 241 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1c264edb46f9058fb482a727ec95bb67807ec804" + }, + { + "algorithm": "sha256", + "value": "93abd651571f537812d4ad767bf68cc3a05e49d32f74bc822510802fb083d20a" + } + ] + }, + { + "id": "48f50aeeac70e98a", + "location": { + "path": "/usr/share/zoneinfo/Kwajalein", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 316 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6c90cce9681748e9c5c59ba8a9070c1425a71f79" + }, + { + "algorithm": "sha256", + "value": "2f89c7deac6fe4404a551c58b7aedbf487d97c1ce0e4a264d7d8aeef1de804c9" + } + ] + }, + { + "id": "f62c57c5ad5fd2a6", + "location": { + "path": "/usr/share/zoneinfo/NZ-CHAT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2068 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cb54cbb65da9481265fbb1005f8860efa5170042" + }, + { + "algorithm": "sha256", + "value": "96456a692175596a6ffc1d8afa4dae269dac7ad4552ba5db8ec437f200c65448" + } + ] + }, + { + "id": "d1bfaa52e4bebb5c", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Apia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 612 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "442116a1776e38b80a519df388e5e3e992081f74" + }, + { + "algorithm": "sha256", + "value": "726e92e83d15747b1da8b264ba95091faa4bca76a8e50970a4c99123d9b9647e" + } + ] + }, + { + "id": "e9b0a023122242cd", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Bougainville", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 268 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4438f6699a844ec19aabc63f4ea9df91e1714ffb" + }, + { + "algorithm": "sha256", + "value": "64a0dafd2ff68129663968b35750eac47df06c4e7cadf2b5bca64766aaebb632" + } + ] + }, + { + "id": "5cddee3c98d816cc", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Efate", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 538 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dfcdfadd0146e60fdfa6c9a457f4fd94c062fb1a" + }, + { + "algorithm": "sha256", + "value": "a46e0d31578cde10494d99d99aa78bab3dd0e680a08135b81cef91f457bddba0" + } + ] + }, + { + "id": "81b79f4927e50813", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Enderbury", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 234 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ae7f372f20b1ed3a9bbc2eeabd3a67156f9e65f4" + }, + { + "algorithm": "sha256", + "value": "52f13b7d5b79bc64bb968297d7489b84d8a596288dab0bd001757d3518588603" + } + ] + }, + { + "id": "69d0293d392d7b80", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Fakaofo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 200 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4ae0c959818fd9aad8518baa00dab9172c77f1d7" + }, + { + "algorithm": "sha256", + "value": "828c3e4a0139af973c27f020e67bc9e5250f0e0eb21fca6d87f6be40b0dc3eff" + } + ] + }, + { + "id": "b57a36a92b5eb980", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Fiji", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 578 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3c657bce2b4fd4ebd6fbf6e435eac77d0704d3a0" + }, + { + "algorithm": "sha256", + "value": "c955305c2fc9c0bc9f929adf08d4e7580add30ba925c600e7a479ee37b191a23" + } + ] + }, + { + "id": "aeb4b9efd34fc302", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Funafuti", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 166 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cb335dbaaa6de98cf1f54d4a9e665c21e2cd4088" + }, + { + "algorithm": "sha256", + "value": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + } + ] + }, + { + "id": "17dfdf30d4d5c5f2", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Galapagos", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 238 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e4dac5e58655145a568ed53ebe3c2acf5f4a3724" + }, + { + "algorithm": "sha256", + "value": "31db650be7dfa7cade202cc3c6c43cb5632c4e4ab965c37e8f73b2ca18e8915f" + } + ] + }, + { + "id": "d7c5fd0bd56e8a21", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Gambier", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 164 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1fb4054e9a560e58b8e482bc29621d1e88201a75" + }, + { + "algorithm": "sha256", + "value": "cfa79817cb2cccb8e47e9aa65a76c1040501fa26da4799e874a68061bbd739ed" + } + ] + }, + { + "id": "d7982316838b14d5", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Guadalcanal", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 166 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5011d0291e183a54b67e5cffba2d54278478ebe5" + }, + { + "algorithm": "sha256", + "value": "e865fe5e9c5c0b203ae2a50c77124c14cab8b0f93466385ec6a19baf2cdf8231" + } + ] + }, + { + "id": "5d624fa9a429b1e6", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Guam", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 494 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e89887209cf2ea7f4223ca7298e9377b233eaba6" + }, + { + "algorithm": "sha256", + "value": "131f739e67faacd7c6cdeea036964908caf54d3e2b925d929eb85e72b749b9f2" + } + ] + }, + { + "id": "80b12f5602f95d7f", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Kiritimati", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 238 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "37395a0b6f3d7510d03c13e1a0a92b399f7b303c" + }, + { + "algorithm": "sha256", + "value": "5474778aec22bf7b71eb95ad8ad5470a840483754977cd76559e5d8ee4b25317" + } + ] + }, + { + "id": "17f16514685ef7f0", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Kosrae", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 351 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "59dabc00195b0e9a26c1304e866284e7c9963d09" + }, + { + "algorithm": "sha256", + "value": "566e40288e8dbee612cf9f2cf3ddb658d2225a8a8f722c7624e24e8b1d669525" + } + ] + }, + { + "id": "f08e65df79237a22", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Marquesas", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 173 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "57ac5495306a7ca1ce93df12ef67956ed2d81c44" + }, + { + "algorithm": "sha256", + "value": "bb3b2356896eb46457a7f1519ef5e85340290c46f865a628cffafad03ee3b9f8" + } + ] + }, + { + "id": "980393f7bdf1e927", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Midway", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 175 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4c388c7f9a7700517fc6577943f3efe3bdddd3eb" + }, + { + "algorithm": "sha256", + "value": "7c262b62985863aad47f13b0ef5db2e5cc917b5d38002de9a2ea83ddb0883458" + } + ] + }, + { + "id": "551b0b4dd1919168", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Nauru", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 252 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "58548fa30aafa75c04f88b266404875a11a2c6f0" + }, + { + "algorithm": "sha256", + "value": "a06c68718b2ab2c67f11e4077f77143f9720d2ab6acf1d41ce81235568c4ffb8" + } + ] + }, + { + "id": "7f11aa76fb1d8e80", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Niue", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 203 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d65969431f77c6ed51c69499305c8bacad1e8ba6" + }, + { + "algorithm": "sha256", + "value": "29cd01460b2eee0d904d1f5edfb0eea91a35b140960c5328c00438c0ee98350d" + } + ] + }, + { + "id": "82bdd4a41a73e93f", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Norfolk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 880 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0f70543c0407a341ec68b97c13354ad6bc5f5000" + }, + { + "algorithm": "sha256", + "value": "09d11733d48a602f569fb68cc43dac5798bccc4f3c350a36e59fcbf3be09b612" + } + ] + }, + { + "id": "863e3e46bb44ff41", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Noumea", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 304 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d8e75639c5dbd5aacc617f37e2d5003747a8a2e7" + }, + { + "algorithm": "sha256", + "value": "1526a7a4038213b58741e8a8a78404aca57d642dd3ceed86c641fcfad217b076" + } + ] + }, + { + "id": "bc7a57e20262ee4f", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Palau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 180 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5d7598739759a6bc5a4907695beebb6c41a8d045" + }, + { + "algorithm": "sha256", + "value": "0915bffcc7173e539ac68d92f641cc1da05d8efeeee7d65613062e242a27ce64" + } + ] + }, + { + "id": "576fa0b745d60603", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Pitcairn", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 202 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e650a33fa02e1507b3b1720fa483a3a505784d67" + }, + { + "algorithm": "sha256", + "value": "3bae4477514e085ff4ac48e960f02ab83c2d005de1c7224d8ae8e0a60655d247" + } + ] + }, + { + "id": "ed3622667116df82", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Rarotonga", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 603 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dbdac5a429cf392f51c37a685c51690e4ff97263" + }, + { + "algorithm": "sha256", + "value": "deeaf48e2050a94db457228c2376d27c0f8705a43e1e18c4953aac1d69359227" + } + ] + }, + { + "id": "e2295f10ac3fcc40", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Tahiti", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 165 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c38a00fdc386eabc2c267e49cf2b84f7f5b5e7ba" + }, + { + "algorithm": "sha256", + "value": "f62a335d11580e104e2e28e60e4da6452e0c6fe2d7596d6eee7efdd2304d2b13" + } + ] + }, + { + "id": "8bacd41007b5e109", + "location": { + "path": "/usr/share/zoneinfo/Pacific/Tongatapu", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 372 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2948107fca9a51b432da408630a8507d5c6a1a59" + }, + { + "algorithm": "sha256", + "value": "6f44db6da6015031243c8a5c4be12720a099e4a4a0d8734e188649f4f6bc4c42" + } + ] + }, + { + "id": "798f2ecf54223fbe", + "location": { + "path": "/usr/share/zoneinfo/iso3166.tab", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/tab-separated-values", + "size": 4841 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "658298663cd122665c3f4b2019be2663aab26185" + }, + { + "algorithm": "sha256", + "value": "837c80785080c8433fd9d4ea87e78f161ac7a40389301c5153d4f90198baeb2a" + } + ] + }, + { + "id": "a9190084e3644c0e", + "location": { + "path": "/usr/share/zoneinfo/leap-seconds.list", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 5065 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4948216423b85b93f9552524d99c528f5742202c" + }, + { + "algorithm": "sha256", + "value": "f060924e3a76ee4e464f6664035b7beae834155dd93a81c50e922f94dfdb1d20" + } + ] + }, + { + "id": "7481b9a678cfb593", + "location": { + "path": "/usr/share/zoneinfo/leapseconds", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/tab-separated-values", + "size": 3694 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "83b99035e7a8067c846b48ac29c8319348800cc6" + }, + { + "algorithm": "sha256", + "value": "5514348190a3ef9f0f65fee87fca59b4d6d9292702ae0e84960011159a7c2767" + } + ] + }, + { + "id": "708dd170b218f2c7", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Abidjan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 148 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5cc9b028b5bd2222200e20091a18868ea62c4f18" + }, + { + "algorithm": "sha256", + "value": "d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997" + } + ] + }, + { + "id": "f2d63fcbed1ebf04", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Addis_Ababa", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 265 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "289d1fb5a419107bc1d23a84a9e06ad3f9ee8403" + }, + { + "algorithm": "sha256", + "value": "c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968" + } + ] + }, + { + "id": "5eaa64d615bfbbf6", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Algiers", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 735 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "edb95d3dc9238b5545f4f1d85d8bc879cdacdec8" + }, + { + "algorithm": "sha256", + "value": "bda1698cd542c0e6e76dfbbcdab390cdd26f37a9d5826a57a50d5aab37f3b2a6" + } + ] + }, + { + "id": "b426a0890ba8c900", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Bangui", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 235 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "30ba925b4670235915dddfa1dd824dd9d7295eac" + }, + { + "algorithm": "sha256", + "value": "cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846" + } + ] + }, + { + "id": "4054b00b1ba2fbcf", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Bissau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 194 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "adca16c6998258a9ccabcc8d4bcfe883a8d848f5" + }, + { + "algorithm": "sha256", + "value": "223bb10cfe846620c716f97f6c74ba34deec751c4b297965a28042f36f69a1a9" + } + ] + }, + { + "id": "e9a7daefbb8b52fc", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Blantyre", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 149 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b0ff96d087e4c86adb55b851c0d3800dfbb05e9a" + }, + { + "algorithm": "sha256", + "value": "444ed3a710414bc6bf43eb27e591da49d3be3db153449a6a0c9473f7e39fdbcb" + } + ] + }, + { + "id": "ae535b182d40b06e", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Cairo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2399 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "428e1f5f708eb4c131f29185bd602223027b3eac" + }, + { + "algorithm": "sha256", + "value": "2dfb7e1822d085a4899bd56a526b041681c84b55617daee91499fd1990a989fb" + } + ] + }, + { + "id": "706b737aa97ab26b", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Casablanca", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2431 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0a90bf261426bdb4544c441d1312c1866b056583" + }, + { + "algorithm": "sha256", + "value": "5f06da20694355706642644e3ffce81779e17cf37e302f7b6c5ef83390bb1723" + } + ] + }, + { + "id": "4c4c00f75a1b2521", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Ceuta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2052 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "029ce64badb36722c9e2191f3ce858c514aabbc1" + }, + { + "algorithm": "sha256", + "value": "0b0fb6fe714319b37c5aa22c56971abb2668a165fc8f72a6c763e70b47c7badf" + } + ] + }, + { + "id": "f4063f58b813e126", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/El_Aaiun", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2273 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "562677dcaa1d34a7bd9744b5d3fc024d78ce7329" + }, + { + "algorithm": "sha256", + "value": "d47aadca5f9d163223d71c75fc5689fbf418968a805441f9681fecd816c9f0e8" + } + ] + }, + { + "id": "4cab43b7a6d64883", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Johannesburg", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 246 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "65c0d4ab314cb72b8d8c768e3d0c3218848b61f1" + }, + { + "algorithm": "sha256", + "value": "6c1bcc752668e77585a308ae8543bd0bccd8e813865626e809bf94f3fe3d977e" + } + ] + }, + { + "id": "1da9452bc193c348", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Juba", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 679 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "48173811f532aabc17b3798c40fad46a3df0e543" + }, + { + "algorithm": "sha256", + "value": "5159c8a843c9c072d3302fabe6a6501cdbfda29a1856c29dabeb5aff95d4c3f4" + } + ] + }, + { + "id": "762dee584417a829", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Khartoum", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 679 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7cde30d5acfd99119ef22162c1f8bcafb86eaf03" + }, + { + "algorithm": "sha256", + "value": "318583a09dc070222d65d029a1e3a0b565830f1aaec13a27e6fe533863fbd3ea" + } + ] + }, + { + "id": "891be320c08c7dcc", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Monrovia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 208 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "81b045ed68f73a8806c5f2104b573b0479c19bd0" + }, + { + "algorithm": "sha256", + "value": "f95b095b9714e0a76f7e061a415bf895cbb399a28854531de369cee915ce05d5" + } + ] + }, + { + "id": "ce3dfe4995c8f24f", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Ndjamena", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 199 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "035072509f30da9a5a27b48910ae180f9c6b4b15" + }, + { + "algorithm": "sha256", + "value": "f13dc0d199bd1a3d01be6eab77cf2ddc60172a229d1947c7948a98964608d0a3" + } + ] + }, + { + "id": "7b0126f480a1d35a", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Sao_Tome", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 254 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7d2cac076d99bc5e38ba27b67113317ad496d3b1" + }, + { + "algorithm": "sha256", + "value": "31d8f1a50dbaf2ecc9ed9c7566ba0552d454c2ab09e85ff263701857d157c352" + } + ] + }, + { + "id": "67626b40a8ea206b", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Tripoli", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 625 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fabf4010ab003c26947df60b5e359781670caa70" + }, + { + "algorithm": "sha256", + "value": "5b5769b460fbd13ee9a46a28d1f733150783888a749ee96d2cd3d5eba3300767" + } + ] + }, + { + "id": "cf7f960b881084d1", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Tunis", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 689 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c44e2d3c1e351f1004ab69ea559feb8ccdd65f64" + }, + { + "algorithm": "sha256", + "value": "38554c10ce1e613d84cf46deba1114093488a5c165756c6c576b84a1364850d2" + } + ] + }, + { + "id": "4f17e9450cb616ff", + "location": { + "path": "/usr/share/zoneinfo/posix/Africa/Windhoek", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 993 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "650da30ebf5b460404c98be416f9580d9795dffb" + }, + { + "algorithm": "sha256", + "value": "639c868f5284fdf750a11e21b9aa6a972cb48596c8afbc8f949d8efeb6128d1c" + } + ] + }, + { + "id": "4e1ca7b19d9ea1e5", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Adak", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2356 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "be58a7c839146fa675eeb6dad748c08d0647542c" + }, + { + "algorithm": "sha256", + "value": "201d4387025000a6e13c9f631cb7fccd6e4369dec7224052f9d86feb81353a53" + } + ] + }, + { + "id": "7366e6a01808526e", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Anchorage", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2371 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "275760f2eb22160c578089566f68042a5f4d2f57" + }, + { + "algorithm": "sha256", + "value": "a190353523d2d8159dca66299c21c53bc0656154be965e4a2e0d84cfd09b113b" + } + ] + }, + { + "id": "636826ee7c43e6fa", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Anguilla", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 246 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fcf8be5296496a5dd3a7a97ed331b0bb5c861450" + }, + { + "algorithm": "sha256", + "value": "8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497" + } + ] + }, + { + "id": "d3edd44f6865e2b6", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Araguaina", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 884 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "86307f5f8222c3ae21815c2844f6fca38f94b55d" + }, + { + "algorithm": "sha256", + "value": "929a628b2b6649079eb1f97234660cdebf0d5549750be820bb4f2cf7f4edf9ca" + } + ] + }, + { + "id": "028dadd23d403b43", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Buenos_Aires", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1076 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6e7ba0a5dcf870abab721a47adbbc8f93af1db56" + }, + { + "algorithm": "sha256", + "value": "9ed9ff1851da75bac527866e854ea1daecdb170983c92f665d5e52dbca64185f" + } + ] + }, + { + "id": "e5b54b73ef3461ad", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Catamarca", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1076 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ac9a4e79fe5a861447c23d68cccb35762d5f3aa4" + }, + { + "algorithm": "sha256", + "value": "7621f57fdea46db63eee0258427482347b379fd7701c9a94852746371d4bec8d" + } + ] + }, + { + "id": "9447ec7fc9baea14", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Cordoba", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1076 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "04f2815d23c3c63ac6bd204a2935f18366c8d182" + }, + { + "algorithm": "sha256", + "value": "d57a883fc428d9b3d1efdd3d86b008faa02db726e6c045b89acec58d903961fc" + } + ] + }, + { + "id": "f79fda36a0e19923", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Jujuy", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1048 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "12099cd844cb19e4842eca3457c937dd9580b0fd" + }, + { + "algorithm": "sha256", + "value": "e474744e564589fc09e672d39a0ef25978024f1f664616a17ece3f5aaef4c0e6" + } + ] + }, + { + "id": "6dc93bf4829cb8ce", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Argentina/La_Rioja", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1090 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a2c4c6ee89eacd8b99867fddcd8db684e15f8ee9" + }, + { + "algorithm": "sha256", + "value": "65ffc4dda905135614b7d319e31c5b4673aba766c7d43f818ec73448b15f4725" + } + ] + }, + { + "id": "e7a70bbb02e6931f", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Mendoza", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1076 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e321681c40214a181d2c4ec2015f740507811fbe" + }, + { + "algorithm": "sha256", + "value": "e43262618790a5c2c147f228209b64e3722cc0978661ac31e46ca4b33b89f8dc" + } + ] + }, + { + "id": "4a547b957bb16238", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Rio_Gallegos", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1076 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a508a0daafb22185e4f39d040b2f15053bc2b2a5" + }, + { + "algorithm": "sha256", + "value": "4fded6003c2f6ba25bc480af88d414b7fee2c3d73e9e5a08e10242b1c10d49c9" + } + ] + }, + { + "id": "5fec325ab2367c56", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Salta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1048 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ba6390b0c61d1c92c30692a309b9cfd3c54f9a41" + }, + { + "algorithm": "sha256", + "value": "013c34b91eaccd628fb3a8f3767eab7af4bb5310970f6e8e44aea3966b232f5f" + } + ] + }, + { + "id": "4983ebde4b36d4bd", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Argentina/San_Juan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1090 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2ef1b1742c1daf27a441e1dd81f3ee2e21cbab6f" + }, + { + "algorithm": "sha256", + "value": "aa55baf776b44e7a1fcbe45d71506e598dc3bd34c6c56c1c61d294dd8f7ca57f" + } + ] + }, + { + "id": "5ea9fa5ae87e7aed", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Argentina/San_Luis", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1102 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c6469d1173cff2a995e00bef9764294185d65af6" + }, + { + "algorithm": "sha256", + "value": "59875cae8e7e15ef8de8b910b0ac31ff5b55a339a7069e7c0ced7e049b36b2ea" + } + ] + }, + { + "id": "9b647f55ebb0b60b", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Tucuman", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1104 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9bbe6f5300224148f2451195f471e7f310cd2bde" + }, + { + "algorithm": "sha256", + "value": "c2c8e0d5ae4033574fda08ebd75da4defb79e2dadc38e33f4ad17be31cef0497" + } + ] + }, + { + "id": "ad88d08f39df0077", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Argentina/Ushuaia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1076 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0d6b6844b13bf120a80b7e72147ca94a111ae39e" + }, + { + "algorithm": "sha256", + "value": "f79e3c56fabf929c3f357e6ceb9bd8b886eabf0195f8f071ab099cadf94b2345" + } + ] + }, + { + "id": "84989d803046a4cc", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Asuncion", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1658 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e91a29807bc92d61324d265ab40c3fa651e66cb7" + }, + { + "algorithm": "sha256", + "value": "a9e3a3a4b284bb3ed45dabfb7b1df7e14c482e835c7b5856ab6cdfbf1ef4c709" + } + ] + }, + { + "id": "c52ed71aa894aa39", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Atikokan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 182 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a94fbc2d567e41723f03629b6c9a864260108a17" + }, + { + "algorithm": "sha256", + "value": "91ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0" + } + ] + }, + { + "id": "3b945d58d746a6b6", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Bahia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1024 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f6df0a2d176d0df66fae90bc35a9f8f1ee9b249b" + }, + { + "algorithm": "sha256", + "value": "7262e448003320d9736065c1a800c4537b8f800f52e67b7ea75015dd9cbce956" + } + ] + }, + { + "id": "d306fdcd238494dd", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Bahia_Banderas", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1100 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "33e0f3d5c7eace9077bacfa4f2b6e1e4b374fdb5" + }, + { + "algorithm": "sha256", + "value": "32fad7189e4bcda1ce7a0b89ab1b33c63c4c85569f1956e4fa88d711ceff6042" + } + ] + }, + { + "id": "27b60de34eee0b61", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Barbados", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 436 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5904a49c6c0ce8f10178fe13174ed9c964a8312a" + }, + { + "algorithm": "sha256", + "value": "8a66be42bae16b3bb841fbeed99d3e7ba13e193898927b8906ee9cdb2546f4b1" + } + ] + }, + { + "id": "6fcc59ea1daed1c0", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Belem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 576 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b29f1ee834833e89c06ef39b80b8f8c0b49ad31d" + }, + { + "algorithm": "sha256", + "value": "ff6e7c85064b0845c15fcc512f2412c3e004fa38839a3570257df698de545049" + } + ] + }, + { + "id": "35312210bdc0464f", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Belize", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1614 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4728ee967fe9745f4b614e5b511da1c08bd3689c" + }, + { + "algorithm": "sha256", + "value": "a647cb63629f3dc85b7896b5a56717996030a7866546fc562d57b35e7adb930b" + } + ] + }, + { + "id": "3d034132e6079387", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Boa_Vista", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 632 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a32d00603897fd4d970a675e5c01656f8652f598" + }, + { + "algorithm": "sha256", + "value": "5785553a4ac5515d6a51f569f44f7be0838916603943142b72d6ad4c111bfa1b" + } + ] + }, + { + "id": "08c0d75a4724966d", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Bogota", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 246 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1e810e3d76edd6adf16384b7e49d2236b9c57ee1" + }, + { + "algorithm": "sha256", + "value": "afe3b7e1d826b7507bc08da3c5c7e5d2b0ae33dfb0d7f66a8c63708c98700e24" + } + ] + }, + { + "id": "800aa6d1893bdd9e", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Boise", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2410 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e0608b89be80aaa6660eee5964203ad760b0659a" + }, + { + "algorithm": "sha256", + "value": "ec742c34f262521790805cf99152ef4e77f9c615c061a78036a0ec9312b3d95b" + } + ] + }, + { + "id": "f895d61410f55511", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Cambridge_Bay", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2254 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dcfc3c07c7366b75916af1dccd366fd1077e5b18" + }, + { + "algorithm": "sha256", + "value": "ff8c51957dd6755a4472aa13ea6c83ecd7930979e7f4e624fe21f4d3a6f050ba" + } + ] + }, + { + "id": "57174e40dd79a7b8", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Campo_Grande", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1444 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9a7b1e23290eeb4394e91e0ef4adc00b9ba4def5" + }, + { + "algorithm": "sha256", + "value": "e41044351dfff20269e05fd48f6451927bd173824958d44f9d953d13bb5bf102" + } + ] + }, + { + "id": "d60a955930ff4a3f", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Cancun", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 864 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cf74e0c9c8ba2365819123eaddd6817606064eaf" + }, + { + "algorithm": "sha256", + "value": "11d574370d968cced59e3147a2ae63b126cbbae13b78fd4e13be2eb44c96246e" + } + ] + }, + { + "id": "404e0f2c906fcf3e", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Caracas", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 264 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3914e45c3922bc30b89498066fb637cc04886462" + }, + { + "algorithm": "sha256", + "value": "d8da705cf12d42423cd96099b905875dfeba54200371ac0ca5f84a4ecb80d31e" + } + ] + }, + { + "id": "2390dfa51e4ff768", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Cayenne", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 198 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4f888b09b894c79fa691466a4f4eaaa83da367e0" + }, + { + "algorithm": "sha256", + "value": "6ad55b5b90a1262290feafb7905b3e0cb4d365af69b64887926265ab8017a18e" + } + ] + }, + { + "id": "b91225324d6263a0", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Chicago", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3592 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0a037f985f6fa0b392c95c7afb247f16a3925a7e" + }, + { + "algorithm": "sha256", + "value": "feba326ebe88eac20017a718748c46c68469a1e7f5e7716dcb8f1d43a6e6f686" + } + ] + }, + { + "id": "f3e2614697a555d3", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Chihuahua", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1102 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e0c67cc4ed5fe366fb39d9e55b02082254606e47" + }, + { + "algorithm": "sha256", + "value": "dcd8336de760f00cc0ab1b1b4121b48d5471f8bc58970d62de4c7e63397ed887" + } + ] + }, + { + "id": "b8afad39a9ebfd7c", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Ciudad_Juarez", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1538 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fe11c20a18788db4260afcaa5d952c219f4777d2" + }, + { + "algorithm": "sha256", + "value": "8abe1bdbb0e216b84bd07e1f650f769c46be041a0f7cb588cf7a61537ef77601" + } + ] + }, + { + "id": "6ef6737447295ce7", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Costa_Rica", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 316 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2d1fd66de0198ddfcc1958fbaaaaba9cdb7b1d8f" + }, + { + "algorithm": "sha256", + "value": "ef8ad86ba96b80893296cf4f907a3c482625f683aa8ae1b94bb31676725e94fe" + } + ] + }, + { + "id": "807df220f5b72e03", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Coyhaique", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2140 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0922bbda5c964aac267330bedf39deae6d2e0636" + }, + { + "algorithm": "sha256", + "value": "1c54d0a27e44241baf597e2406334a6d29124ccc3a7edce42e070bab4f77c027" + } + ] + }, + { + "id": "10db08e203dc8002", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Creston", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 360 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a3f54df3a017c38626f04bd9576a0a11663303fd" + }, + { + "algorithm": "sha256", + "value": "8a5973d2c62e2cbf2520f2b44e4a2ee9d2f455c93f0f45bfdeb4533af1584664" + } + ] + }, + { + "id": "ba42caa71e93d958", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Cuiaba", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1416 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1a6b69bdf16991900ae16a00deb7ffbf722d5486" + }, + { + "algorithm": "sha256", + "value": "33416c47c4fdb388c54aecc3f108baa6ab5be917f6353cf254728666b9f9ea7e" + } + ] + }, + { + "id": "8bed8fda8c543629", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Danmarkshavn", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3bfae70ff7ffa8b928ba4bf0bcb5452d09ec0407" + }, + { + "algorithm": "sha256", + "value": "6116407d40a856d68bd4bf8c60c60c1f5c3239a5509df528fe0167bcc5d2bb3c" + } + ] + }, + { + "id": "0554a04109a113fa", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Dawson", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1614 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dc241cb66d50821505cc7708d43ee9b1e77a36dc" + }, + { + "algorithm": "sha256", + "value": "ac01e1cae32eca37ff7b20364811bbe8c4417ff7e3ff18b9140ba2595420261c" + } + ] + }, + { + "id": "cd840c892dbec610", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Dawson_Creek", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1050 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dd98b887a02f1ae2785d5d6fe7d77e91ec5aae83" + }, + { + "algorithm": "sha256", + "value": "6895c2c8fe23de0804e3018237e2eb4bd8690ffe73587cd04de4802935843d43" + } + ] + }, + { + "id": "f3ee23e99741aee9", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Denver", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2460 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "faa7d6cf4178d032d8ba8a4d77eac0fd47f8a718" + }, + { + "algorithm": "sha256", + "value": "32e819c00a43b3c348f539d700d425504f20b8d068c16418d26fa9b693e775c9" + } + ] + }, + { + "id": "503e22ea1ae00bff", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Detroit", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2230 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6597537b399eab91a66e32bb4edae466de96a146" + }, + { + "algorithm": "sha256", + "value": "85e733f32a98d828f907ad46de02d9740559bd180af65d0ff7473f80dfae0f98" + } + ] + }, + { + "id": "84289022f58576ce", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Edmonton", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2332 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4f441f7a62122e43a963260550efb1a1ff3100c2" + }, + { + "algorithm": "sha256", + "value": "f939087dcdd096f6827f4a7c08e678dd8d47441025fa7011522f8975778ad6f1" + } + ] + }, + { + "id": "bbd8826fbc7d4c0b", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Eirunepe", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 656 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "45e5dd1baab63d6970c0424cd8ae77bfadfdfd61" + }, + { + "algorithm": "sha256", + "value": "a52f741d9cd1c07e137fcba098a1df8a9857ef308fa99921ff408d6fe7c43003" + } + ] + }, + { + "id": "5f2e5395ca7b421f", + "location": { + "path": "/usr/share/zoneinfo/posix/America/El_Salvador", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 224 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "45b4b952081502968b04b36e7cae24b987e9f532" + }, + { + "algorithm": "sha256", + "value": "82f18df0b923fac1a6dbfaecf0e52300c7f5a0cb4aa765deb3a51f593d16aa05" + } + ] + }, + { + "id": "96c7c4394fb89eb7", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Ensenada", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2906 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6ad63533ea183b2895759a9702ea96f0fff98759" + }, + { + "algorithm": "sha256", + "value": "8c2e7b321726e6345912da396796bdb3672bfc4bd1a91c65ee58b38e004d4ca5" + } + ] + }, + { + "id": "ca000ca372e4d431", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Fort_Nelson", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2240 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a453ec818cd948cc2492666443d4e39637ed7040" + }, + { + "algorithm": "sha256", + "value": "7ab7ce0ebdc3ad2a73eb990074eed3b367466d9c6f75d10fea0c78057df2d89d" + } + ] + }, + { + "id": "337818befc3ad70c", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Fort_Wayne", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1682 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ad1a26bddb9304a620b2c6f7ec9f3a5226622906" + }, + { + "algorithm": "sha256", + "value": "90d2b2f4a8fd202b226187c209b020833300edec5ff86a463ccc685e8707532c" + } + ] + }, + { + "id": "29bc63839999e78e", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Fortaleza", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 716 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "aa8e9c8cd8301dd0a61085ada31923f7e1ccc983" + }, + { + "algorithm": "sha256", + "value": "9884ee32b44b4535b2a22174e0ecbf519f20c59a1f4e95c36e533cb7b721ed28" + } + ] + }, + { + "id": "e9f26b2889649ba5", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Glace_Bay", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2192 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "40ba9843662a853c1d3643395db1a75c1164951f" + }, + { + "algorithm": "sha256", + "value": "1bc0c62c609aa47fda60217f3a168be50a277fb14e02000fc1e94ee61b425817" + } + ] + }, + { + "id": "62a35e2874bfe2d7", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Godthab", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1903 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4ff7ac72af2c09efd8e1779e5fba28288439df41" + }, + { + "algorithm": "sha256", + "value": "d10822ffacf8c01b25cee6d99f0f862eea713a894818a9f1a3b63353519c4202" + } + ] + }, + { + "id": "0e64f6f90d9e0545", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Goose_Bay", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3210 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "21d4df7695accb7b5164e41e28452f9655cd91a0" + }, + { + "algorithm": "sha256", + "value": "26068bb9e8214af5f683bdb914e7c882982fb2ac591b29163a1019586a506516" + } + ] + }, + { + "id": "6c7dffa3a28243d1", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Grand_Turk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1834 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "48735366abbf3760087cd1533f24415136763745" + }, + { + "algorithm": "sha256", + "value": "e1838510f2bad017a5dbf7c2b18eaf499c5470c24a8e22adc8e7ff4349211305" + } + ] + }, + { + "id": "783ef47a4b6cc7c7", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Guatemala", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 280 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e0d50c845873aa466c9a2b020326d57af4d39b3d" + }, + { + "algorithm": "sha256", + "value": "76e81480277a418e76c87907b943f88d15b3a39c78dfd2108a06980af105e3a4" + } + ] + }, + { + "id": "ac44cca1e7a44914", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Guayaquil", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 246 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8415ce0daac4cfe819154671e05b4185b9c08970" + }, + { + "algorithm": "sha256", + "value": "3db705e1bbc6026f9a17076d18fa2d272de46f8370a325b0c60c0bf7c05e5160" + } + ] + }, + { + "id": "043fb5366c6c3f62", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Guyana", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 262 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d48d26f50f53db2dd9ddcbb6acb5723cb49e81b2" + }, + { + "algorithm": "sha256", + "value": "89c1eed182c2261c24f43e3b7f85420478277b1eb21ab638245b6391f308783b" + } + ] + }, + { + "id": "259405cab0d1a560", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Halifax", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3424 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "93568fd7e148b3f61fca5f36f8ae0a5b3b107fe3" + }, + { + "algorithm": "sha256", + "value": "4d9a667393f05a82df4df42843f6f7535ec113689529278d911d07a3c99b4e7f" + } + ] + }, + { + "id": "634e2721b391cd86", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Havana", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2416 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "51c1a7a700e4028481e506e58faf22f9677c5e29" + }, + { + "algorithm": "sha256", + "value": "1d441e02e281b04908e522d98eaca75c808e51539a8e42b3287e6bf8ebf939d7" + } + ] + }, + { + "id": "78ccdae019d28585", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Hermosillo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 388 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e055ab758b61beef7d8a4ee5a6b38d789c5f6b2c" + }, + { + "algorithm": "sha256", + "value": "8b160a7acb4b992ee05a86e4f4aaba16d2d9a35caa6d601cb6b1542a5bb372dc" + } + ] + }, + { + "id": "ff7c90f720c54752", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Indiana/Knox", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2444 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "41fdfe70a9789d427dc4be468f559a97ee9fcf54" + }, + { + "algorithm": "sha256", + "value": "0acbd9e412b0daa55abf7c7f17c094f6d68974393b8d7e3509fb2a9acea35d5f" + } + ] + }, + { + "id": "4dde89b97050f0d3", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Indiana/Marengo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1738 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0530ef4b3396d7031cc5e4ff82dc42c10f2f89a1" + }, + { + "algorithm": "sha256", + "value": "7f7b50fa580c49403b9ef9fae295e12ad24bee65b319a8e809e81ae4c10949b2" + } + ] + }, + { + "id": "551a77d088635f9b", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Indiana/Petersburg", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1920 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "570cef94f900163bce34b3f85b9ea5b36df92146" + }, + { + "algorithm": "sha256", + "value": "03cf0e1ee334460de230b1e32a05eafddda36427554b2b5442cfbd5b429c1724" + } + ] + }, + { + "id": "38c3fabbad78e2b0", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Indiana/Tell_City", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1700 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "20594c1309a07d4691ff9af0a77782b5e2d95c61" + }, + { + "algorithm": "sha256", + "value": "e1d5aa02bf58d815df2f8a40424fbcd5cde01a5d9c35d1d7383effc09861867f" + } + ] + }, + { + "id": "a1f9e28be9e1515a", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Indiana/Vevay", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1430 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3959be4d9e86c9c1a7f8febc46554584b2a7ceff" + }, + { + "algorithm": "sha256", + "value": "1fb551d86fbfb03fc2e519b83f78358910b515608f8389b43060f73f53cbcec9" + } + ] + }, + { + "id": "4bb7d8e23c355cf0", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Indiana/Vincennes", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1710 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f9a3d65b42b008c5a85c73934fcf94eaeac4b931" + }, + { + "algorithm": "sha256", + "value": "eb6980c53ec03c509aa3281f96713374ea5ef9fb96d7239b23a9ba11451c4bb0" + } + ] + }, + { + "id": "385ad24ba0f04bad", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Indiana/Winamac", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1794 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5d169fbd02f628dd6fdafbbab7a7e4a6da54fd21" + }, + { + "algorithm": "sha256", + "value": "69918cda347c087f411d252aed7ca08b078377a768ad72cf5e0db8e97b1b47ab" + } + ] + }, + { + "id": "20811c14c8ff84dd", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Inuvik", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2074 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1291de8f6d914ee264f0b27a55278ff12a00ad7a" + }, + { + "algorithm": "sha256", + "value": "e89fa66a90e7ae4f40d4bb6cc28137e2da92cbfb9f79d70404dc62c64ac48c8a" + } + ] + }, + { + "id": "51e5cd74bb2ff2b6", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Iqaluit", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2202 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "210193fdb9be1a88f5d245ddf3dce819469be233" + }, + { + "algorithm": "sha256", + "value": "7de3a7c40374374afe335aa592b03824cc9ac28734b6a69ed2288108f0c0b389" + } + ] + }, + { + "id": "47eaba1f98f04820", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Jamaica", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 482 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "77453a2772c127d0b213f8580ff7890cbf7b4929" + }, + { + "algorithm": "sha256", + "value": "c256a089e50f45fe7e6de89efa1ed0b0e35b3738c6b26f2f32cf2e7f6f29c36f" + } + ] + }, + { + "id": "b0fa9cbd276df6bd", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Juneau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2353 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "740e88dcd737d076404c386330bd379d55ee8281" + }, + { + "algorithm": "sha256", + "value": "93b8716f46864677e713e0c18b72e472303344fc807f4fc7c34bd515f8c679bd" + } + ] + }, + { + "id": "5fb2236f15b7246f", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Kentucky/Louisville", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2788 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a63a322042aab6a2583de2f636a5eb15f71eae33" + }, + { + "algorithm": "sha256", + "value": "b4fd3bdb157f9ffbc8423c71709efb0067868fac8bd4a3e99f77f089db3d8355" + } + ] + }, + { + "id": "57338feedf76dae2", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Kentucky/Monticello", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2368 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ad63bf4d1228ab308b2ed6758c21fbebb56395db" + }, + { + "algorithm": "sha256", + "value": "2ed7720a8f3906b5d0b3aae51fad589bef0aa961c7e8fc003a30f44318487733" + } + ] + }, + { + "id": "be1fb51e4d61dcd6", + "location": { + "path": "/usr/share/zoneinfo/posix/America/La_Paz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 232 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "631b8d0f538c7ec23d132fd7d72fb1ff64b938ae" + }, + { + "algorithm": "sha256", + "value": "3c0185d9553f40ec36c53d42a9da763fc023f615cc55694207257b72f7c843f9" + } + ] + }, + { + "id": "0aab09bf1271c5bd", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Lima", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 406 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "75864c99309070f61b033c039b7509c89da5ab08" + }, + { + "algorithm": "sha256", + "value": "2470c283de6ec3a044bb86b819fca2926d6cf2b9bc02c60f1bc749c5040d645b" + } + ] + }, + { + "id": "31b6aed83a59a4d7", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Los_Angeles", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2852 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a4f1faebf0f0d032290ef87bb9973c2ff8f84074" + }, + { + "algorithm": "sha256", + "value": "68977bb9ad6d186fefc6c7abd36010a66e30008dcb2d376087a41c49861e7268" + } + ] + }, + { + "id": "f754203069453f64", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Maceio", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 744 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c0295301332918d79abf0bb349cc1fee3b9f2db9" + }, + { + "algorithm": "sha256", + "value": "a738cd82199e1e1bc5e1a237703ab61bfe6def505234621b4401793662720e6c" + } + ] + }, + { + "id": "155deab0d1b75139", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Managua", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 430 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "566a887308e8e16a9cebb62f3d4124b42c331674" + }, + { + "algorithm": "sha256", + "value": "c41cc5d350079f61367c3f10772f831c57b7e94aa878da4a3df0a176e04a59d9" + } + ] + }, + { + "id": "7d5d839b76215ad9", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Manaus", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 604 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a759afda024a0ba961569017b3003805849c6f61" + }, + { + "algorithm": "sha256", + "value": "969e91964717250ee64ac2aa9c4802f2cbc956b143264ff5eb1c6f7e9352a4ae" + } + ] + }, + { + "id": "16588574ba987865", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Martinique", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 232 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "caf0e4c5fdae59d1b6c1278ad7ac84bf03bcb0a9" + }, + { + "algorithm": "sha256", + "value": "7ccb3cd24394d9816f0b47fdcb67a37bdec9780b536016a65eb9e54ee9cd2f34" + } + ] + }, + { + "id": "b4ccccec0713b3e6", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Matamoros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1418 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "638e4541bddbb0164c8d62590ff1bb97f88b822e" + }, + { + "algorithm": "sha256", + "value": "7eaf8fa9d999ad0f7c52c1661c0f62be3059bf91840514ceb8b4390aee5a8d6f" + } + ] + }, + { + "id": "a94c967281cc09b1", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Mazatlan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1060 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "44c28415e815f8e2b53604195f85da07b04d829d" + }, + { + "algorithm": "sha256", + "value": "0561f636a54f0353ecc842cf37fd8117c2a596bb26424aa0d5eba3b10be79f1f" + } + ] + }, + { + "id": "aa7c6fe4e206bc29", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Menominee", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2274 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "88fd8d108c020a3294eae6c83ad187cf0b01a602" + }, + { + "algorithm": "sha256", + "value": "02bbfd58b6df84d72946c5231c353be7b044770969d3c1addf4022c46de0674e" + } + ] + }, + { + "id": "5815083ad3d1b4cd", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Merida", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1004 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8e07f8356362c517ef41035a0394a59363cebfc0" + }, + { + "algorithm": "sha256", + "value": "4953441c26b38e899fb67b8f5416b2148f84f884345a696e1df4e91cfd21dddd" + } + ] + }, + { + "id": "b7f83def08194949", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Metlakatla", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1423 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9f327158b98652913af4d66c5257cfc014340536" + }, + { + "algorithm": "sha256", + "value": "b709a27864d563657e53c9c5c6abf1edab18bfc1958de59d2edace23b500a552" + } + ] + }, + { + "id": "fa1a0ca8233565f2", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Mexico_City", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1222 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f46bb76507fbd52204eef47c12c9320bd7945af7" + }, + { + "algorithm": "sha256", + "value": "528836f85316cf6a35da347ab0af6f7a625a98b7a8e8e105310477b34c53c647" + } + ] + }, + { + "id": "bc4114dabf5c1926", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Miquelon", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1666 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1418becc2c2023ac3dba15d27e5fd6b6b3b6fd5a" + }, + { + "algorithm": "sha256", + "value": "c1e3fb359fc8c508ace29266314768a6211b28e217c2457b2d3c6e9e0cdbf06d" + } + ] + }, + { + "id": "2419686c77b5d0d7", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Moncton", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3154 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c08e5d548c3bb971f1a1236c397ded4f7227d769" + }, + { + "algorithm": "sha256", + "value": "5a6bfe6e4f5a28a7165b33a9735505bbaec739fc1a224d969a1dcb82a19cb72b" + } + ] + }, + { + "id": "f024214f6c82dc25", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Monterrey", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1114 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ceaf09cf6075be4ff98b5716e65d197c9f302864" + }, + { + "algorithm": "sha256", + "value": "622c5311226e6dfe990545f2ea0df6840336811e065d73ea394e2dbf42f7906d" + } + ] + }, + { + "id": "fc2d9d293f0e545b", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Montevideo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1510 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "06e3ef1048ffd289a424fba8e053601b353cc2fa" + }, + { + "algorithm": "sha256", + "value": "e237204de80ae57f05d32358ce4fb7a32499e14f57434f546d327f9a5bbc37bd" + } + ] + }, + { + "id": "8a8d315146c83b5b", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Montreal", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3494 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a6d038ecff7126ee19ebb08a40d157c9a79964cd" + }, + { + "algorithm": "sha256", + "value": "a587a1a1607439f7bac283e1815f2bdbafb9649a453d18e06c2e44e6996d888f" + } + ] + }, + { + "id": "949f877ffcc782bd", + "location": { + "path": "/usr/share/zoneinfo/posix/America/New_York", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3552 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bc9337182ee4bad790b527f56bd3d2130691d693" + }, + { + "algorithm": "sha256", + "value": "e9ed07d7bee0c76a9d442d091ef1f01668fee7c4f26014c0a868b19fe6c18a95" + } + ] + }, + { + "id": "b527118fa63d4dce", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Nome", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2367 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1e6cf03e0c8fbb7a079090cf164e73291681bafc" + }, + { + "algorithm": "sha256", + "value": "da2cccdfe3fe3ea27dcdae8c761cc57ccbcf14dabb1a29baf6d02f1303de636b" + } + ] + }, + { + "id": "d4d597f6762866c3", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Noronha", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 716 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f0e29b45f9003c1ff8ed350b40b1369e8a569d0f" + }, + { + "algorithm": "sha256", + "value": "dd1e252d5f238394a58e10b9395542939d58efb11f8e8eb309efa8a6983f145a" + } + ] + }, + { + "id": "b73e44fe1c60ab9b", + "location": { + "path": "/usr/share/zoneinfo/posix/America/North_Dakota/Beulah", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2396 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "99080962e50069d5e6a206bff8931a67b5afebe9" + }, + { + "algorithm": "sha256", + "value": "aad81ba8dbbc3370241c5da7fbfa12a6cd69613e12c607256e490f29b5da047b" + } + ] + }, + { + "id": "3a22b177ad565097", + "location": { + "path": "/usr/share/zoneinfo/posix/America/North_Dakota/Center", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2396 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "16ee5640265f404a2a64cbb48547b834b780cf71" + }, + { + "algorithm": "sha256", + "value": "f5959b2bd60a92ab942f2054152dcbaff89dc5bb7b57bcb85b810ed0a9f6d2cc" + } + ] + }, + { + "id": "48f69c3bd2c4dfe3", + "location": { + "path": "/usr/share/zoneinfo/posix/America/North_Dakota/New_Salem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2396 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6d1defaee32cee5fdaaa1405460d9ee4e4dceb55" + }, + { + "algorithm": "sha256", + "value": "0c7fdbb107ee5272b6a1b75bd3a2a08ac3b85cbaa1b75d815ddae052c659bde8" + } + ] + }, + { + "id": "2f7d8e71fee1aaef", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Ojinaga", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1524 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "346cae590643f608e6c31870966e576f2c194936" + }, + { + "algorithm": "sha256", + "value": "6f7f10ffb55d902673695c1bece5ee75d8a1240cd428f4d3a97726a419b59ed1" + } + ] + }, + { + "id": "c8310a6caaf65f94", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Paramaribo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 262 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "af2b3e2554003e56ec6e09f4ab2cc646cef58e06" + }, + { + "algorithm": "sha256", + "value": "1e6e6d0f05269e84eb4d43c43b8580adf485ef8663cb0544a1ccb890be751730" + } + ] + }, + { + "id": "e679befc0207bb79", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Port-au-Prince", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1434 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9901445a7bf4a993111d087ef812890dd44a67be" + }, + { + "algorithm": "sha256", + "value": "d3d64025de083a23297dda54b85d54e3847f851b7a06fa409055ce9d83bdc8e3" + } + ] + }, + { + "id": "74a1c70f5b7de613", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Porto_Acre", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 628 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "23649fa3b661b1a7b1332e38479d24bcdb4e902f" + }, + { + "algorithm": "sha256", + "value": "d7ba27926f0ffd580c904ae32bdaebd2ac0d9e2eeaa7db6071467dde0de5b4eb" + } + ] + }, + { + "id": "07d76771e560a228", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Porto_Velho", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 576 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d55253cee37291a6cf91e4bbccca6473cf6679aa" + }, + { + "algorithm": "sha256", + "value": "6517f380612edba86797724fb6264b3921468ff58149b38a7622c2d712327397" + } + ] + }, + { + "id": "611985209674e281", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Punta_Arenas", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1916 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5a64891fd90cbc2ba9e1d7dfe1689dee65affef3" + }, + { + "algorithm": "sha256", + "value": "dfd2c88e86a8399349656b1820dfd061d842e1caea6c2e8b5abc683d6761f441" + } + ] + }, + { + "id": "2b395eebcb4a67ff", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Rainy_River", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2868 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "684c62d80d16a9256c9123074466cc5d0288daea" + }, + { + "algorithm": "sha256", + "value": "ecffbf610ae77857289fb40a4933a79221a3129a450e7dd9e3c309d6aabc541c" + } + ] + }, + { + "id": "ae752373b648ec23", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Rankin_Inlet", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2066 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f517c389db4ac89bc79cbf8ee5736f0cad7bc7b9" + }, + { + "algorithm": "sha256", + "value": "9d782a8cbdced815747a6f9793ca9545165bfd7d324261c4eaf9924af23d2b37" + } + ] + }, + { + "id": "aea59607411935a9", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Recife", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 716 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6a681fe7cafc3cabe9a7ef75699e4e5fa7f6a81a" + }, + { + "algorithm": "sha256", + "value": "8a314dd99cd97b9a0161d97c020dd2c261a38f625e558617d95a3bebb836b3a2" + } + ] + }, + { + "id": "da2575a45478ba4c", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Regina", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 980 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ecd6b0c718b65c0c90e8097943a899c0b0cb60d8" + }, + { + "algorithm": "sha256", + "value": "ca3a93d3ca476c80987bcdc7f099ad68306f085a91bfb4dfcdedd8f31b97ba4c" + } + ] + }, + { + "id": "f742ec86d0af67ef", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Resolute", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2066 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c01bda981211a1387a2c18d7a57165e72da83d95" + }, + { + "algorithm": "sha256", + "value": "0a7314d9d048fbadefb7cf89d10d51a29c7ef1bf694422e386faf270c21e7468" + } + ] + }, + { + "id": "0654d6e280f96ad4", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Santarem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 602 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f39fa90abacd688c7f6599bdbdd8c144a0b7c5b1" + }, + { + "algorithm": "sha256", + "value": "1a5fe5237a4f679ed42185d6726693a45a960c0e6b7ba6c78759d6b3f674f8d7" + } + ] + }, + { + "id": "6f773f10edc48288", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Santiago", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2529 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6788d98647fb2019aa749acfb7236e77e84c4533" + }, + { + "algorithm": "sha256", + "value": "ef9d2bf24112c65671eea391722ad6ae2cbf5f2f6ed5fcee8cc2c860780bfa01" + } + ] + }, + { + "id": "451a2d4d79e5ff2f", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Santo_Domingo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 458 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a135300f73df9c427db37aa9ba29e25f83463211" + }, + { + "algorithm": "sha256", + "value": "0cab5a123f1f43ddb26c84d3594e019b5eb44bda732665156e36964677a7c54e" + } + ] + }, + { + "id": "d1c1756746a5da30", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Sao_Paulo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1444 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "96caf0f5c9ad021d2ca06e2b48ef7e3e52bff41d" + }, + { + "algorithm": "sha256", + "value": "70edd519e90c19d49fd72e1ffd4824a433117acdbafa5d68194a038252225108" + } + ] + }, + { + "id": "8a4a91898f4982f7", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Scoresbysund", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1949 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7497b479af7c157e844a90ecbfc041db4f639f04" + }, + { + "algorithm": "sha256", + "value": "75a39cf7fa0b8f250c4f8453d43588fbcc7d0e0ae58be81e2d45ce8891292c96" + } + ] + }, + { + "id": "f07efa25045dc460", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Sitka", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2329 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7bb2fd466acd0399f44f56c2ed9a2a0353fb2f82" + }, + { + "algorithm": "sha256", + "value": "6a24bb164dfb859a7367d56478941e17e06a4cb442d503930a03002704fc5310" + } + ] + }, + { + "id": "bef62ea9048f0f45", + "location": { + "path": "/usr/share/zoneinfo/posix/America/St_Johns", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3655 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4336075a81adbebeb26ca297ce309dc595b86463" + }, + { + "algorithm": "sha256", + "value": "af5fb5eee2afdbb799dc9b15930fc32d941ba3ac2f8eeb95bbb0b6a43b263a02" + } + ] + }, + { + "id": "169a1f9cb1911cff", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Swift_Current", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 560 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e607b1ddf124e4061e437365e16404633bbdc4bd" + }, + { + "algorithm": "sha256", + "value": "45128e17bbd90bc56f6310fc3cfe09d7f8543dac8a04fecbbbcd1abd191f3c36" + } + ] + }, + { + "id": "dbf2cd9405019f59", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Tegucigalpa", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 252 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fe5537f0f326f4513aaf98ba68268b0798e72e0b" + }, + { + "algorithm": "sha256", + "value": "1333b3ee7b5396b78cabaf4967609c01bf0fb3df15f5b50c378f34b693c8cb0e" + } + ] + }, + { + "id": "4014146544af9f8f", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Thule", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1502 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c4e304073f4f90890439ca6205d60e20d2495f16" + }, + { + "algorithm": "sha256", + "value": "f31b8f45a654f1180ee440aa1581d89a71e2a1cf35b0139a8a5915bbc634da2f" + } + ] + }, + { + "id": "322f6ad2ea49ba49", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Vancouver", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2892 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b42a450523068cc1434b8774082525d8dc2a8e4f" + }, + { + "algorithm": "sha256", + "value": "b249ca1f48d23d66a6f831df337e6a5ecf0d6a6edde5316591423d4a0c6bcb28" + } + ] + }, + { + "id": "fe7a4a0368fdcf2a", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Whitehorse", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1614 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4a8f00d33b5ca551a16cedc68cc8528fb4c111d8" + }, + { + "algorithm": "sha256", + "value": "4eb47a3c29d81be9920a504ca21aa53fcaa76215cc52cc9d23e2feaae5c5c723" + } + ] + }, + { + "id": "b1bc1a2041ffcfa5", + "location": { + "path": "/usr/share/zoneinfo/posix/America/Yakutat", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2305 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f115ac1b5b64b28cad149f1cdf10fb0649fe5c48" + }, + { + "algorithm": "sha256", + "value": "b45c2729bbf0872ca7e0b353027e727bf2560ddc6309eacd0edee83b05303b63" + } + ] + }, + { + "id": "4cd086e938b5d439", + "location": { + "path": "/usr/share/zoneinfo/posix/Antarctica/Casey", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 437 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "da1d193862e1725420329b257e1b856b13dcdc7a" + }, + { + "algorithm": "sha256", + "value": "f8c45f27605f5b7f12c009a914042a53ad991ac268056fc49b61a093d620be52" + } + ] + }, + { + "id": "99aca4dbfb4ccfdb", + "location": { + "path": "/usr/share/zoneinfo/posix/Antarctica/Davis", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 297 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "87abeedc268901cc371d93faf9b775634a6c401b" + }, + { + "algorithm": "sha256", + "value": "e8fa24c8e69a212453375dec8acb8681db79bc6e40d98a8da282697cb4dbe524" + } + ] + }, + { + "id": "5bbdcf82423f512e", + "location": { + "path": "/usr/share/zoneinfo/posix/Antarctica/DumontDUrville", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 186 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "65f9954328a5fda173ff0ce420428d024a7d32c3" + }, + { + "algorithm": "sha256", + "value": "7a2fd78e68910cb87e454f78bafcfd0822084451f5af45fb58bfac07ee8317ad" + } + ] + }, + { + "id": "3e7aad594196cf97", + "location": { + "path": "/usr/share/zoneinfo/posix/Antarctica/Macquarie", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2260 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "99cbdcf1d9afe0907b96f0ca06636bde4e5383c3" + }, + { + "algorithm": "sha256", + "value": "89eed195a53c4474e8ad5563f8c5fc4ad28cab1fe85dfe141f63d4aa9cdcc1ed" + } + ] + }, + { + "id": "a183734120280e91", + "location": { + "path": "/usr/share/zoneinfo/posix/Antarctica/Mawson", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 199 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cb34c38a02c76beb5b321971d94869451a5ceab1" + }, + { + "algorithm": "sha256", + "value": "f535b583fcf4b64e447de07b2baf55268f1a80eefe2bd67159b8aa34a9d464d1" + } + ] + }, + { + "id": "5e7841414f3ab611", + "location": { + "path": "/usr/share/zoneinfo/posix/Antarctica/McMurdo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2437 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "78d4d3a481c49ab7ff31722bced30e1c31e8bc98" + }, + { + "algorithm": "sha256", + "value": "8000e3a323e8fd0212414e9426b020707a771c368ca0e151747f9ddb7b814b27" + } + ] + }, + { + "id": "b0f960fcd690076b", + "location": { + "path": "/usr/share/zoneinfo/posix/Antarctica/Palmer", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1418 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "12519921ed4c4f6684c5069a251141378f7134a4" + }, + { + "algorithm": "sha256", + "value": "0d6fc35c1c97839327319fb0d5b35dbbc6f494a3980ff120acf45de44732126e" + } + ] + }, + { + "id": "47389c1f2788315a", + "location": { + "path": "/usr/share/zoneinfo/posix/Antarctica/Rothera", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 164 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "05bc718d8f51e2dc23989d149b8dc7529a87bf1b" + }, + { + "algorithm": "sha256", + "value": "4102359b520de3fd9ee816f4cfeace61a3b0c69e178cc24338a33d4850d43ca8" + } + ] + }, + { + "id": "6dd7c3f7988a57c3", + "location": { + "path": "/usr/share/zoneinfo/posix/Antarctica/Syowa", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 165 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bde5a629fdb78b40544b8018b2578f0b085045cc" + }, + { + "algorithm": "sha256", + "value": "aeaf4a3e3f25d050679ca9fddd690c780d489e036d4f3939fe8578b04661738c" + } + ] + }, + { + "id": "016d8025fd9f110b", + "location": { + "path": "/usr/share/zoneinfo/posix/Antarctica/Troll", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1162 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0f3bab6c4d956dd8e8bb969e354e1a211980e244" + }, + { + "algorithm": "sha256", + "value": "df3ae1f8ffe3302b2cf461b01c9247932a5967276ae26920a3f4c3a9cb67ddce" + } + ] + }, + { + "id": "12d1add738110cee", + "location": { + "path": "/usr/share/zoneinfo/posix/Antarctica/Vostok", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 227 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cab2a7ae9eb3304377d15b3761e4beca547fb07e" + }, + { + "algorithm": "sha256", + "value": "fd919da6bacf97141ca6169c92cf789f6a6e5a7c816564b5a9f17b329124355d" + } + ] + }, + { + "id": "909c114e91953fa5", + "location": { + "path": "/usr/share/zoneinfo/posix/Arctic/Longyearbyen", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2298 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "918341ad71f9d3acd28997326e42d5b00fba41e0" + }, + { + "algorithm": "sha256", + "value": "5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701" + } + ] + }, + { + "id": "edd8438e8eab25c7", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Almaty", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 997 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4b4d8aabb1fd81e39b5b8fd2d3506875966a3c34" + }, + { + "algorithm": "sha256", + "value": "0027ca41ce1a18262ee881b9daf8d4c0493240ccc468da435d757868d118c81e" + } + ] + }, + { + "id": "9623aead673ec6f5", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Amman", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1447 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fdffb8cdba7aaf42ba9f8e1f1d9093c21ed77027" + }, + { + "algorithm": "sha256", + "value": "5fd1b785b66b85d591515bc49aaf85e05e94a1c4156698f0a2b6c17eee93d9f6" + } + ] + }, + { + "id": "9188cae0e2d7e66c", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Anadyr", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1188 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5e18546688a8d72426a93024673be6a7b890ca49" + }, + { + "algorithm": "sha256", + "value": "8430d3972e397a3a1554ff40974ed398aa5300234625a20f95c5cb45bb06ff88" + } + ] + }, + { + "id": "9aed0a30b0b87a05", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Aqtau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 983 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b5c1626f08af9ec32dadbbfcdb69f5a2a83445cb" + }, + { + "algorithm": "sha256", + "value": "0397b164ddb9e896a01494dc6ac81d0ab43c8223aa6761053115580564daa990" + } + ] + }, + { + "id": "7bdec1c6f9ad7660", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Aqtobe", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1011 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "67f145b5d2958ced37d7c63144ca314cc3a5619c" + }, + { + "algorithm": "sha256", + "value": "2d0ecfe4b1047bb8db59b8eabf398cefd734a3a01d65e084c504be7ce5a9f32c" + } + ] + }, + { + "id": "ec2603cc92b83da1", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Ashgabat", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 619 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f077f5395b29d53b145792d5e2e309a99c4a7092" + }, + { + "algorithm": "sha256", + "value": "2f80d85769995b272c61e1c8ca95f33ba64d637b43f308e0c5f3d1d993d6dba7" + } + ] + }, + { + "id": "9da9e525e01ac96a", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Atyrau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 991 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "879556e7e91d36d29c7921b7693b3aafa95ce9bf" + }, + { + "algorithm": "sha256", + "value": "dee128f3d391c8326a43f4ed6907487fd50f681f16a88450562d2079e63d8151" + } + ] + }, + { + "id": "0e4d5e3dea1ba873", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Baghdad", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 983 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "10843b2e6588534f57e4c05255923c461fcaf40d" + }, + { + "algorithm": "sha256", + "value": "9503125273ae8a36dca13682a8c3676219ef2ad4b62153ff917140cde3d53435" + } + ] + }, + { + "id": "41310208a3651bff", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Bahrain", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 199 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "918dda414e2e89ca2b735946a84d94c42a24f452" + }, + { + "algorithm": "sha256", + "value": "574ac525d2c722b4e82795a5dbc573568c3009566863c65949e369fbb90ebe36" + } + ] + }, + { + "id": "e9d853b7613e991d", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Baku", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1227 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8409d8a1289864bf61dd17a80524eb6aa36e9be8" + }, + { + "algorithm": "sha256", + "value": "be11e796268e751c8db9d974b0524574bca7120d0773423e22264d7db0de09b3" + } + ] + }, + { + "id": "8369533c70045307", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Bangkok", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 199 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5c81d559f702a0239d5bf025c97e70b2c577682e" + }, + { + "algorithm": "sha256", + "value": "798ab4be1f3d3758f4ebd511a10bed06ed277446a5e853ebb5b17c58228aa43c" + } + ] + }, + { + "id": "e17549bc40721333", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Barnaul", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1221 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1391b2598eff6e35378e261f36dd2f57b3e491bf" + }, + { + "algorithm": "sha256", + "value": "d9cd42abc5d89418326d140c3fcc343427fb91a2c3acf66d1a7e0ce622596c9a" + } + ] + }, + { + "id": "cd5cef0f0e983751", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Beirut", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2154 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fba8b66863fcd6bcabec3a13467e0b3450650ad5" + }, + { + "algorithm": "sha256", + "value": "fd9ff664083f88bf6f539d490c1f02074e2e5c10eb7f590b222b3e2675da4b6a" + } + ] + }, + { + "id": "11b695663ecd0f36", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Bishkek", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 983 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d6c73a90b411c39d97ccda0ad8a57f252456881c" + }, + { + "algorithm": "sha256", + "value": "768ff8922d49bd22aea54aef973f634641eca4385dbe4d43d88901c85b248c93" + } + ] + }, + { + "id": "20d6cf74fbe318d1", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Brunei", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 483 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "951d0ec46419658895f8005b2583badeff166bdb" + }, + { + "algorithm": "sha256", + "value": "2ac02d4346a8708368ce2c705bb0a4a2b63ed4f4cb96c8fb5149d01903046134" + } + ] + }, + { + "id": "41e55d95d3e71834", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Calcutta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 285 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "856df72f3f593ff1e183505d743bf65e40a30aca" + }, + { + "algorithm": "sha256", + "value": "e90c341036cb7203200e293cb3b513267e104a39a594f35e195254e6bc0a17cf" + } + ] + }, + { + "id": "0939219069390b95", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Chita", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1221 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4a265169da96777e85b65b87ed5a3d64d801e791" + }, + { + "algorithm": "sha256", + "value": "e0808e7005401169cff9c75ffd826ed7f90262760f1b6fef61f49bb8d23e5702" + } + ] + }, + { + "id": "cff69e2dbc82f86c", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Choibalsan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 891 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "90cad7fd7da7d6546622901db622595f1880f593" + }, + { + "algorithm": "sha256", + "value": "bb2412cc8065d1fd935c7ae6526dd53ecd42f6ba34d77858980971eb25238776" + } + ] + }, + { + "id": "2a7a7d29536a09d1", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Chongqing", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 561 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "79360e38e040eaa15b6e880296c1d1531f537b6f" + }, + { + "algorithm": "sha256", + "value": "64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6" + } + ] + }, + { + "id": "fba5531118eb4f00", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Colombo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 372 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0fe53f0c887f168201f4c4767068dadb1a698581" + }, + { + "algorithm": "sha256", + "value": "1c679af63b30208833ee4db42d3cdb2ad43252e9faec83f91efb19ae60096496" + } + ] + }, + { + "id": "238cecb2a77ae8a6", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Dacca", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 337 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5779829aea6d010cea872e6c2b6f1ac661d825e3" + }, + { + "algorithm": "sha256", + "value": "dcae6594685ca4275930c709ba8988095bfb9599434695383d46f90ed171f25e" + } + ] + }, + { + "id": "ebdf0273c85b7f11", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Damascus", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1887 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "716b40d34b96db89c27eeb936693481abad8288b" + }, + { + "algorithm": "sha256", + "value": "fb90ce2ad6329e7b146189c13108a7dd7b2d850f58e651bebdd9e20fde6d2037" + } + ] + }, + { + "id": "3e09cd0ce754bdbf", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Dili", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 271 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f71f19932f5f7e625447e241be76b34dd2e75115" + }, + { + "algorithm": "sha256", + "value": "9d4384e3039ac9fc4b4d9c3becc8aa43802f9ccecd8e0b20bbb82fb1ba227f61" + } + ] + }, + { + "id": "83090e6d3da79b8e", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Dubai", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 165 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "612f06ce47e5c3acb96b2b6eb8075d89ece41f90" + }, + { + "algorithm": "sha256", + "value": "fa06b49b7b9af58ea4496444cf6fd576d715024abcdd6ad6defc63048ed6346b" + } + ] + }, + { + "id": "4cf67b5bdef43c1e", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Dushanbe", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 591 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1694cb3276a637899c86f26176b2b1f862d47eda" + }, + { + "algorithm": "sha256", + "value": "15493d4edfc68a67d1ba57166a612fb8ebc0ec5439d987d9a90db0f3ca8cc7a3" + } + ] + }, + { + "id": "7ae7878adef825f3", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Famagusta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2028 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d7f718a82b28e4fedb4e6501fc94ca2a6ec758c8" + }, + { + "algorithm": "sha256", + "value": "085adcca077cb9d7b9c7a384b5f33f0f0d0a607a31a4f3f3ab8e8aa075718e37" + } + ] + }, + { + "id": "a07326b416b47314", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Gaza", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3844 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "169848cd25c3fe443c5d0bdd5c96d68a949cfe78" + }, + { + "algorithm": "sha256", + "value": "b7463171440be7754d2a729b2a28e7d0e13f31aaf21329e89da6ec7be893b73b" + } + ] + }, + { + "id": "aaf8680b8bfcb498", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Hebron", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3872 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "201832bdac94204b130b3d01a26f608357e8da26" + }, + { + "algorithm": "sha256", + "value": "e98d144872b1fb1a02c42aff5a90ae337a253f5bd41a7ceb7271a2c9015ca9d4" + } + ] + }, + { + "id": "54e7b7be1b3ae175", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Ho_Chi_Minh", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 351 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a96c3b96b551d852706b95e0bb739f8e62aee915" + }, + { + "algorithm": "sha256", + "value": "e23774e40786df8d8cc1ef0fb6a6a72ba32c94d9cb7765fb06ed4dfd8c96065e" + } + ] + }, + { + "id": "e930291958ab98ae", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Hong_Kong", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1233 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0c3205dd5ec08d17c2161af789df8d05b1bda1b6" + }, + { + "algorithm": "sha256", + "value": "6a5fcee243e5ab92698242d88c4699ceb7208a22ee97d342d11e41ebd2555a17" + } + ] + }, + { + "id": "020b84622fb900db", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Hovd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 891 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5f8950afc6522a8c920cbeb079ac39ca26d52e38" + }, + { + "algorithm": "sha256", + "value": "2549cea2cecf3538b65512b10fa5e7695477369ba1b17fcf8b5f2b23355ed71c" + } + ] + }, + { + "id": "8048172bf741c0f9", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Irkutsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1243 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f82e877820027d4c48be625842047a6cfe008234" + }, + { + "algorithm": "sha256", + "value": "894259095063a5f078acd2893abea0d33519b5c718624fc6934c13925c7c623d" + } + ] + }, + { + "id": "0488de992cd66915", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Istanbul", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1947 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "df6cbece3d9afb3aedb44e131b6e68a6cf74ca8e" + }, + { + "algorithm": "sha256", + "value": "d92d00fdfed5c6fc84ac930c08fa8adf7002840dbd21590caf5a3e4a932d3319" + } + ] + }, + { + "id": "41a5726c799af744", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Jakarta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 383 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "be35b8895cd70cc9c5744d30260e82f0421a9337" + }, + { + "algorithm": "sha256", + "value": "4ef13306f4b37f314274eb0c019d10811f79240e717f790064e361cb98045d11" + } + ] + }, + { + "id": "d033123020293d3c", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Jayapura", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 221 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "70cd707f6e144cf0cb40af01a70b9c4739208e48" + }, + { + "algorithm": "sha256", + "value": "8a1cd477e2fc1d456a1be35ad743323c4f986308d5163fb17abaa34cde04259b" + } + ] + }, + { + "id": "7375efccc3679997", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Jerusalem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2388 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "89e42d27cfb78255ae18ee02f5a4c8e3ba57dde0" + }, + { + "algorithm": "sha256", + "value": "254b964265b94e16b4a498f0eb543968dec25f4cf80fba29b3d38e4a775ae837" + } + ] + }, + { + "id": "cb22050893636562", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Kabul", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 208 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b2379e605267b8766f9e34d322a5e3a657df7113" + }, + { + "algorithm": "sha256", + "value": "89a97b4afc1e1d34170e5efd3275e6e901ed8b0da2ed9b757b9bab2d753c4aaf" + } + ] + }, + { + "id": "6df7fa08b1ea1e63", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Kamchatka", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1166 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9902b94b8a6fbc3d4533f43d9be5cdb6302693ce" + }, + { + "algorithm": "sha256", + "value": "a4103445bca72932ac30299fda124c67f8605543de9a6b3e55c78c309ed00bae" + } + ] + }, + { + "id": "403b6dd2aea67f45", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Karachi", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 379 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a4c69f1551a0a9bdd8d1817c547bd18218b570a3" + }, + { + "algorithm": "sha256", + "value": "881fa658c4d75327c1c00919773f3f526130d31b20c48b9bf8a348eda9338649" + } + ] + }, + { + "id": "2ba37f18f5bf7884", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Kashgar", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 165 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c4fba0cb8c5f2ef8232782883fca5e7af1b1fdb2" + }, + { + "algorithm": "sha256", + "value": "0045c32793f140e85e3d9670d50665f7c9a80cd6be6d6dc8dd654d4191c13d80" + } + ] + }, + { + "id": "3eda3ebfd73285c0", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Kathmandu", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 212 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "454f1d251f8a9cd2c1559897f6b38a53fdbfe249" + }, + { + "algorithm": "sha256", + "value": "4d4796eeb0d289f3934ac371be8f628086197c621311951ffb4123825c910d6b" + } + ] + }, + { + "id": "f3259f345ccd3b65", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Khandyga", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1271 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7ddab9699af73544e5b52a7477e0c5532216c59a" + }, + { + "algorithm": "sha256", + "value": "5d8cc4dadb04e526b2f698347070d090413d693bb2da988548b006c7f77e7663" + } + ] + }, + { + "id": "26f75c5ac6f16539", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Krasnoyarsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1207 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ec3786f8744bad78bbfc370674ad33ccba5d4080" + }, + { + "algorithm": "sha256", + "value": "9f3470e0f2360222bf19ef39e1bf14ed3483c342c6432ddc6b962e38e5365f02" + } + ] + }, + { + "id": "1c5427fce54bfbeb", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Kuala_Lumpur", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 415 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "429a0689e9ed127265705febf2c9aa5f47ac3547" + }, + { + "algorithm": "sha256", + "value": "739e349e40a3e820c222f70c4c9d55810b65987ffb14e494d08b145ed3445711" + } + ] + }, + { + "id": "1f5e8f8731296243", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Macao", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1227 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bbd377edbc12abe7cd74edc80086dd21bb34a6ca" + }, + { + "algorithm": "sha256", + "value": "32f02447246cac0dabd39d88b65c85e5b8761617918c8d233f0834b88887d989" + } + ] + }, + { + "id": "834807d11e38bf7d", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Magadan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1222 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "34134a81b737efcc82e3be92b2d222319b36f510" + }, + { + "algorithm": "sha256", + "value": "72ac23290b7c4e5ce7335c360decc066ecf512378e7cbc4f792635f62f7391f4" + } + ] + }, + { + "id": "f6488689362ca2d1", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Makassar", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 254 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2d411fa607c974fe3d77ee18612a21717d226b5e" + }, + { + "algorithm": "sha256", + "value": "3a126d0aa493114faee67d28a4154ee41bbec10cdc60fcbd4bfe9a02125780ec" + } + ] + }, + { + "id": "c6d0dd5d4cf5c061", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Manila", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 422 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d1cabdadc66cf3536c77a812baa074080b2140ca" + }, + { + "algorithm": "sha256", + "value": "f314d21c542e615756dd385d36a896cd57ba16fef983fe6b4d061444bbf1ac9e" + } + ] + }, + { + "id": "366e61f85b8f86e1", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Nicosia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2002 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "642099c037f5f40aa6152f7590e3cee90b7ae64a" + }, + { + "algorithm": "sha256", + "value": "d149e6d08153ec7c86790ec5def4daffe9257f2b0282bba5a853ba043d699595" + } + ] + }, + { + "id": "fc4b946bb5757bb5", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Novokuznetsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1165 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "52b0a7aff4332d6481b146155abbe90912bc1aaf" + }, + { + "algorithm": "sha256", + "value": "bd019ca8a766626583765ef740f65373269d9e8a5ed513c9e2806065e950bbdd" + } + ] + }, + { + "id": "0d8efe1900de9bc8", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Novosibirsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1221 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "823fbd64d76bfdcb6e3b0206b731fe407a6a188d" + }, + { + "algorithm": "sha256", + "value": "0292f7b36d075f6788027a34dc709ad915dd94ba2d55bf49be7665ed6d6c334d" + } + ] + }, + { + "id": "823bd205cf39249a", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Omsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1207 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cb67208994f35a825847c36964546c8b8d1ad243" + }, + { + "algorithm": "sha256", + "value": "c316c47ac7deedd24e90d3df7ea4f04fac2e4d249333a13d7f4b85300cb33023" + } + ] + }, + { + "id": "3df03911c231f0a6", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Oral", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1005 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "deec78c1cebcbd9efb7c57486ca0344e5f8f1fb3" + }, + { + "algorithm": "sha256", + "value": "88c8ea0f82ef0e0cb1375e6fec2ab211d043c8115a3a50a1c17d701f3d898954" + } + ] + }, + { + "id": "2b506f7f2e1c9f60", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Pontianak", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 353 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ce2c32e874ec64696f76be4439aad95cc7e3c4e7" + }, + { + "algorithm": "sha256", + "value": "8a7397c2e2ad8cabf5cff7a588f65222a8d2b7ac21b6ec613de1b56298d4fc14" + } + ] + }, + { + "id": "ccc7cbc8cf1cb1bb", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Pyongyang", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 237 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "99b004e8e97b94265617932951e7227b635ced64" + }, + { + "algorithm": "sha256", + "value": "ffe8371a70c0b5f0d7e17024b571fd8c5a2e2d40e63a8be78e839fbd1a540ec1" + } + ] + }, + { + "id": "fe919bc0bce64ff9", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Qostanay", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1039 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f7e8708a8ae86992953f273773b65d1e36e4afe4" + }, + { + "algorithm": "sha256", + "value": "f76633d7074fa667abc02f50d5685c95e2023102c3c1c68d8550ae36c09e77b5" + } + ] + }, + { + "id": "6b2728a383c7712f", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Qyzylorda", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1025 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "001a7c9f9de8d7edab286c756c0d0c03e90fad88" + }, + { + "algorithm": "sha256", + "value": "6a2491c70a146d0f930477f6c1cc9a3a141bf3a8f78d0a57c1c41a48f9c0b705" + } + ] + }, + { + "id": "926b2a78a71c5bdd", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Rangoon", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 268 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b800894b13386d65d24df73322e82ee622f843de" + }, + { + "algorithm": "sha256", + "value": "647b97f97547afc746263acf439716edbf23414bf78a1c9df95ccde78e6694c0" + } + ] + }, + { + "id": "97f3937e1790735c", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Sakhalin", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1202 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ebaa95b0bf93239c1ccf8f96856b86dc58afe726" + }, + { + "algorithm": "sha256", + "value": "f7901d3f03a049ed20f70771ebb90a2c36e3bd8dc5b697950680166c955ca34c" + } + ] + }, + { + "id": "637c30cb07068c21", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Samarkand", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 577 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7bbf5c916ddd50548e8e5ed0324c59dc1fe9a693" + }, + { + "algorithm": "sha256", + "value": "0417ba1a0fca95242e4b9840cafbe165698295c2c96858e708d182dfdd471d03" + } + ] + }, + { + "id": "84d8c27f9fc6385d", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Seoul", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 617 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "53c1223d1f4dec149d0cadd6d488672619abf0d6" + }, + { + "algorithm": "sha256", + "value": "2c8f4bb15dd77090b497e2a841ff3323ecbbae4f9dbb9edead2f8dd8fb5d8bb4" + } + ] + }, + { + "id": "0d9243f8d38fed47", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Srednekolymsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1208 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e860fc369629019ed59b45f5fed235cc6ea8dfb2" + }, + { + "algorithm": "sha256", + "value": "d039655bcab95605c4315e5cfe72c912566c3696aebcd84d00242972076a125d" + } + ] + }, + { + "id": "01757da876968567", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Taipei", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 761 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "515e1ab82b216406f364cf666dae998e4b8dc6f8" + }, + { + "algorithm": "sha256", + "value": "0cc990c0ea4faa5db9b9edcd7fcbc028a4f87a6d3a0f567dac76cb222b718b19" + } + ] + }, + { + "id": "1c1c8c076ee8a8fd", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Tashkent", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 591 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bbc8a292471ac05d8774b14bcb177ab7fd7f7398" + }, + { + "algorithm": "sha256", + "value": "2d2fb24f1874bf5be626843d23a7d8f8811193bba43e6a2f571d94b7ff9bf888" + } + ] + }, + { + "id": "d2b2ca8e16fefbdf", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Tbilisi", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1035 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7cb93f7abf7171eb40186248ecc885b541836e74" + }, + { + "algorithm": "sha256", + "value": "c3a50dc60ca7e015554c5e56900b71a3fbbb9e7218dba99a90a4399d18227ddb" + } + ] + }, + { + "id": "02ad88301776db65", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Tehran", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1262 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a7cb8bf300b3177e2506a838f7fd218880350e57" + }, + { + "algorithm": "sha256", + "value": "a996eb28d87f8c73af608beada143b344fc2e9c297d84da7915d731ba97566b4" + } + ] + }, + { + "id": "13240979e9b0a02b", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Thimbu", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 203 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "16dc4bbfe2b3668b9b737033f4ecb2a9c1ee7e6a" + }, + { + "algorithm": "sha256", + "value": "ba26bca2be5db4393155466b70bc248db4f3f42ed984bab44f88e513862fbaf4" + } + ] + }, + { + "id": "2af6995ed37d66e2", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Tokyo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 309 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "41852e7fc829ff3ace521bc3ebc60b6e43b56da6" + }, + { + "algorithm": "sha256", + "value": "a02b9e66044dc5c35c5f76467627fdcba4aee1cc958606b85c777095cad82ceb" + } + ] + }, + { + "id": "fef4f22ce4e0a641", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Tomsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1221 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5e7464939be7db8572e95aea8381f94bca70f91d" + }, + { + "algorithm": "sha256", + "value": "efb6207492f111344a8d08e76871dfe78c4102a372c130f0410999e6fe80ab6f" + } + ] + }, + { + "id": "3d4aa454e7520182", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Ust-Nera", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1252 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0040f6ac898a101ca796115d646c4825833c0290" + }, + { + "algorithm": "sha256", + "value": "2406614403dd6ce2fd00bf961ce2fc6998f1759c4b9860cd046302c3d4cab51f" + } + ] + }, + { + "id": "4599e19ac72591d0", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Vladivostok", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1208 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7480790ddac173ba580e52d0f8754eeacbff02b6" + }, + { + "algorithm": "sha256", + "value": "5a892182d8f69f0523f7dda1ed2c9f07f7d134700a7cf37386c7ffa19a629bc7" + } + ] + }, + { + "id": "0486da6e1e56e929", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Yakutsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1207 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "79d6a645076e873ce22c53a10b3de9e27df7b2fe" + }, + { + "algorithm": "sha256", + "value": "455088979d84bccae9d911b6860d9c8c34abf5086cb1c6804fe355f35c70ef37" + } + ] + }, + { + "id": "7354ff083fb2caea", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Yekaterinburg", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1243 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "16f2954e67502e5e98391383ab4712700e456ee8" + }, + { + "algorithm": "sha256", + "value": "37355cd8388f7b2c3415d307c123d0245f64dedbd676dac44d988de7ca72c4b9" + } + ] + }, + { + "id": "6f27318e991b55ff", + "location": { + "path": "/usr/share/zoneinfo/posix/Asia/Yerevan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1151 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f10e1a31e38b267009bed042efd8a54c7b2043a2" + }, + { + "algorithm": "sha256", + "value": "934587b56416fdc0428dc12ff273f4d5c54f79354395fd7c950d3fbba7229f5a" + } + ] + }, + { + "id": "c3326ed61922a612", + "location": { + "path": "/usr/share/zoneinfo/posix/Atlantic/Azores", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3456 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "088e1a1365d0e0c8091f595e30e1791b5f468313" + }, + { + "algorithm": "sha256", + "value": "5daae581a2cbfa4926b50ac964e31f453141d0d3803ca4a4eea06a993d53c76f" + } + ] + }, + { + "id": "340f6ac7059eaca6", + "location": { + "path": "/usr/share/zoneinfo/posix/Atlantic/Bermuda", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2396 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "44e7011574ab916094cc410221bcff4960831155" + }, + { + "algorithm": "sha256", + "value": "2cd18a7ccb2762fc089a34f2cd7acb84c3871c3bbba88ebb45b60d2afbc8d792" + } + ] + }, + { + "id": "70ae1d36282a9c44", + "location": { + "path": "/usr/share/zoneinfo/posix/Atlantic/Canary", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1897 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "395c4e66b52d9181e31450d07b5365a10ec26aa3" + }, + { + "algorithm": "sha256", + "value": "ca62bdb9faa986f3630cade1ce290de067e4711dd07820623cac9573a16395b0" + } + ] + }, + { + "id": "ac38ff5072279c22", + "location": { + "path": "/usr/share/zoneinfo/posix/Atlantic/Cape_Verde", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 270 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "897189e0cda96bfb3248ee7f48706fe94d687fc1" + }, + { + "algorithm": "sha256", + "value": "11242f13775e308fa5c7d986d3224b12c157e4a465fbb73a803e4eda1d199bd4" + } + ] + }, + { + "id": "a80940ed5b5ba2cc", + "location": { + "path": "/usr/share/zoneinfo/posix/Atlantic/Faeroe", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1815 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dd6b1178a2066e496edfcd2426d44ea5dd23a3d8" + }, + { + "algorithm": "sha256", + "value": "3626dd64f66d6a99d847f9b22199cc753692286b0e04682e8e3d3f4f636f033b" + } + ] + }, + { + "id": "f477ad75112e2997", + "location": { + "path": "/usr/share/zoneinfo/posix/Atlantic/Madeira", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3377 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e8dce3b2d2a4db52d0b3d19afd01d5b5473cd179" + }, + { + "algorithm": "sha256", + "value": "4cac333702082b0d818dede51b57dde86e68f3e2fcb6d897a20d5b844ecdcc46" + } + ] + }, + { + "id": "3b0bede735021781", + "location": { + "path": "/usr/share/zoneinfo/posix/Atlantic/South_Georgia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 164 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b2acac8196001a9458b5e6c6921d781df3290d78" + }, + { + "algorithm": "sha256", + "value": "419ef67d12a9e8a82fcbb0dfc871a1b753159f31a048fba32d07785cc8cdaeb7" + } + ] + }, + { + "id": "9a10afe86413fe1b", + "location": { + "path": "/usr/share/zoneinfo/posix/Atlantic/Stanley", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1214 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f612730123deabdd609145696adeea2ea26f499f" + }, + { + "algorithm": "sha256", + "value": "7b128c2f0f8ff79db04b5153c558e7514d66903d8ebca503c2d0edf081a07fcc" + } + ] + }, + { + "id": "47b76754d929de5f", + "location": { + "path": "/usr/share/zoneinfo/posix/Australia/ACT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2190 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ca9f55088c536a5cb6993b1a5fe361c0617bc4fd" + }, + { + "algorithm": "sha256", + "value": "42c3857585b16db2f8ffd47ba19faa60f473340de8d4fe9320ea7be861605906" + } + ] + }, + { + "id": "124bba0ca3ded7a4", + "location": { + "path": "/usr/share/zoneinfo/posix/Australia/Adelaide", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2208 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "91e31f0fe53950a7e8ac0bd66964069d4d7dabe9" + }, + { + "algorithm": "sha256", + "value": "95dd846f153be6856098f7bbd37cfe23a6aa2e0d0a9afeb665c086ce44f9476d" + } + ] + }, + { + "id": "61870667349de61b", + "location": { + "path": "/usr/share/zoneinfo/posix/Australia/Brisbane", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 419 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d1cae3c294b3bc9e1d4a1e1e5457f63abb6b554e" + }, + { + "algorithm": "sha256", + "value": "796e90cf37b6b74faca5e2669afb7524ccdb91269d20a744f385c773b254b467" + } + ] + }, + { + "id": "ff3491878d8985ba", + "location": { + "path": "/usr/share/zoneinfo/posix/Australia/Broken_Hill", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2229 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7f8d2d9322173a3390737371410592ecbcb9e858" + }, + { + "algorithm": "sha256", + "value": "de4ff79634ef4b91927e8ed787ac3bd54811dda03060f06c9c227e9a51180aa4" + } + ] + }, + { + "id": "b6b2b2ff2c14c4f7", + "location": { + "path": "/usr/share/zoneinfo/posix/Australia/Currie", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2358 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "db8884f4beb55ae0c292403cdb8ffc47c18effcd" + }, + { + "algorithm": "sha256", + "value": "18b412ce021fb16c4ebe628eae1a5fa1f5aa20d41fea1dfa358cb799caba81c8" + } + ] + }, + { + "id": "b941d058a9e60caf", + "location": { + "path": "/usr/share/zoneinfo/posix/Australia/Darwin", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 325 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fa21b92f3596419128a660acccf2f1cf6aa66ab0" + }, + { + "algorithm": "sha256", + "value": "7e7d08661216f7c1409f32e283efc606d5b92c0e788da8dd79e533838b421afa" + } + ] + }, + { + "id": "14653b642de8a981", + "location": { + "path": "/usr/share/zoneinfo/posix/Australia/Eucla", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 470 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "abf9ae83cf5720d60dfc849f06ea666b6e6c1a0f" + }, + { + "algorithm": "sha256", + "value": "2f112e156c8cb1efdc00b56d4560a47fab08204935de34382575bc9366a049df" + } + ] + }, + { + "id": "e46d52a77ffd2012", + "location": { + "path": "/usr/share/zoneinfo/posix/Australia/LHI", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1860 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2304257244b530bcd036aae724f99aff416198f8" + }, + { + "algorithm": "sha256", + "value": "2ee7f42f1fe2247ba1de465de0bc518dfdfab4b179fb05b650531534a353ee08" + } + ] + }, + { + "id": "4e8cc4fdeeac808a", + "location": { + "path": "/usr/share/zoneinfo/posix/Australia/Lindeman", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 475 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8ac554523fc5300e535323ce58e46f8adb72c2e5" + }, + { + "algorithm": "sha256", + "value": "c4ce94771db6a0b3682d1d58ec64211ce628bfc9f0df140daa073f35543624ae" + } + ] + }, + { + "id": "5a5b31c6ed441c58", + "location": { + "path": "/usr/share/zoneinfo/posix/Australia/Melbourne", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2190 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d6f744692e6c8b73de1eef051814f00e0d159e6a" + }, + { + "algorithm": "sha256", + "value": "96fc7f31072e9cc73abb6b2622b97c5f8dbb6cbb17be3920a4249d8d80933413" + } + ] + }, + { + "id": "4af1abc60ed4b3ae", + "location": { + "path": "/usr/share/zoneinfo/posix/Australia/Perth", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 446 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bb00a26c7ab0df1054fa1c4a71f0bd836a9be5f8" + }, + { + "algorithm": "sha256", + "value": "025d4339487853fa1f3144127959734b20f7c7b4948cff5d72149a0541a67968" + } + ] + }, + { + "id": "a7395e2e631fe286", + "location": { + "path": "/usr/share/zoneinfo/posix/CET", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2933 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d90f3247c4716c2e1068d5ad9c88ca2091bec4e8" + }, + { + "algorithm": "sha256", + "value": "812f55aeb6e8cde9ddf4786e15eb4256b21e82cf5f5d28da1bad17d94570cac0" + } + ] + }, + { + "id": "2b4e7cf7323c8867", + "location": { + "path": "/usr/share/zoneinfo/posix/Chile/EasterIsland", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2233 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "17b3f0bf160601c93bdda3e7a0b834ecc1e06f20" + }, + { + "algorithm": "sha256", + "value": "64eefdb1ed60766dd954d0fdaf98b5162ad501313612ce55f61fdd506b0788d3" + } + ] + }, + { + "id": "d67ac102d34d7339", + "location": { + "path": "/usr/share/zoneinfo/posix/EET", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2262 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fd241e817c1f999471c30d301238211a16f95866" + }, + { + "algorithm": "sha256", + "value": "5c363e14151d751c901cdf06c502d9e1ac23b8e956973954763bfb39d5c53730" + } + ] + }, + { + "id": "3d800320aae0d855", + "location": { + "path": "/usr/share/zoneinfo/posix/Eire", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3490 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dbd27ca1fc5b5d8b864c48e92bb42dc49a8f442b" + }, + { + "algorithm": "sha256", + "value": "75b0b9a6bad4fb50a098ebfffb8afdf1f0ffe6a9908fdd3d108f7148b647c889" + } + ] + }, + { + "id": "df34fa3daf0ac99c", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 114 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2a8483df5c2809f1dfe0c595102c474874338379" + }, + { + "algorithm": "sha256", + "value": "6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d" + } + ] + }, + { + "id": "b30ea32dd3503666", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "694bd47ee2b5d93fd043dd144c5dce214e163dd8" + }, + { + "algorithm": "sha256", + "value": "d50ce5d97f6b43f45711fd75c87d3dc10642affa61e947453fb134caef6cf884" + } + ] + }, + { + "id": "e6730eb41efbdecf", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+10", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "df25f8ee32cd9ac7f9d3fdafb6ccc897e0675a5c" + }, + { + "algorithm": "sha256", + "value": "244432432425902d28e994dd7958d984220e87a70ae5317b1f4d0f925b3eb142" + } + ] + }, + { + "id": "adba9de770a57ed4", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+11", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "326fa090be74ccc8e561a72ff2833a9a80460977" + }, + { + "algorithm": "sha256", + "value": "b56bdcbd830509a13ad27255bc3aeba2feecb49becd4a4183b2ae1977773714b" + } + ] + }, + { + "id": "5eaeeecf47e10af1", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+12", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9813523e1f092d2f0c0cd3e5f13e2738a51cb350" + }, + { + "algorithm": "sha256", + "value": "6fbd0712112babc2099aaf31edc399cb8791fffddfab9b871e98ef3c1107a8c0" + } + ] + }, + { + "id": "085b8e3d17b13241", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e3c40ede5206526dd50a7f8d710afad3da46c12e" + }, + { + "algorithm": "sha256", + "value": "4fa129e7386c94129b61a10215407a8142a1de24d93f23285b59238689f1ad4a" + } + ] + }, + { + "id": "1118f4bdea71fa15", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+3", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8f68d2cb81ec1c386f80f820d6aaf54b7444f5cd" + }, + { + "algorithm": "sha256", + "value": "406a18ac4d386d427e3b32f7eddb763194f917158d2e92433d55e025bb2d6190" + } + ] + }, + { + "id": "abd2c8452b9b1897", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+4", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "32cfcd637174d91744d7dff4744e199750faf9d1" + }, + { + "algorithm": "sha256", + "value": "456ae43648bec15ed7f9ca1ed15bee7c17ba2eb595a643c98226b94106049c1a" + } + ] + }, + { + "id": "3f71bb83b42bf7fe", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+5", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cef7ce7bf61e746cc1ae39bbab9112bf1dfdc455" + }, + { + "algorithm": "sha256", + "value": "a1199e0b8d5d8185d3fb3cf264844a5cdf48bdd2f60dae674eec261b6fe9ac80" + } + ] + }, + { + "id": "98fb9bceea211a42", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+6", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "750271da92432a39887c376cd346144d785d4445" + }, + { + "algorithm": "sha256", + "value": "77a7409f089e8f2148da7ec0cc59455b4685013eb360d123048106d2ebb4b1b4" + } + ] + }, + { + "id": "2116c5a9302e3f0a", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+7", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6ca6def25e8ec04a636003be3f3642e9b165b5f0" + }, + { + "algorithm": "sha256", + "value": "4ea8d86f3774607a71d708ac160d3c275f704e983aced24b2e89e0658fe5a33b" + } + ] + }, + { + "id": "c1c398fa2c623ea8", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+8", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5c83913964f148a5e9d5add7eb511586880f4373" + }, + { + "algorithm": "sha256", + "value": "b61ffc6c832662044f09eb01adb981851af48d03bbc2177bd0b898f477f02729" + } + ] + }, + { + "id": "3e587927663bf2d2", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT+9", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fefc384f96a7e856e72e7d723eb2638cb3e7d469" + }, + { + "algorithm": "sha256", + "value": "42ae44ea2512ec9309232993ed8a2a948f0cb6ab55cb49abf6deb3585b5673d6" + } + ] + }, + { + "id": "e75e96a04cbc7bad", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0ab7ceaed57872977f2162ead3e08b3a2984757c" + }, + { + "algorithm": "sha256", + "value": "ef7175794f2e01018fde6728076abdf428df31a9c61479377de7e58e9f69602e" + } + ] + }, + { + "id": "0b6064d0ab67205f", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-10", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 118 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4081769004bdca6d05daa595d53c5e64e9da7dfd" + }, + { + "algorithm": "sha256", + "value": "7ca5963702c13a9d4e90a8ed735c3d2c85c94759934c3f8976f61f951cb522b5" + } + ] + }, + { + "id": "4f362059c2bd5a60", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-11", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 118 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "268a542f171d142870c273ea63d2b297e9132424" + }, + { + "algorithm": "sha256", + "value": "0f64bbf67ea9b1af6df7fdaf8f9c08ac5a471f63892dc08a3fabedc3315920d6" + } + ] + }, + { + "id": "ed031e2497e62995", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-12", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 118 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7a7f58e042a671281dbf35baa7db93fc4661a80b" + }, + { + "algorithm": "sha256", + "value": "99ee15ea599623c812afc1fb378d56003d04c30d5a9e1fc4177e10afd5284a72" + } + ] + }, + { + "id": "5447e42cb615d2d3", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-13", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 118 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9f692f0a177436496fa8381438ee7ed1f9ae3f1a" + }, + { + "algorithm": "sha256", + "value": "c5b99b1b505003a0e5a5afe2530106c89c56e1adedea599ac1d3ca004f2f6d1f" + } + ] + }, + { + "id": "4df260a5a6d61b81", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-14", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 118 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f073c38db02ac6096f4f32948eda1574a34d9d0b" + }, + { + "algorithm": "sha256", + "value": "3e95e8444061d36a85a6fc55323da957d200cd242f044ed73ef9cdf6a499f8a7" + } + ] + }, + { + "id": "0e3d7fa5ccaa00b8", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "44c80b54e02666339300ec84db1f6f5566b5ba92" + }, + { + "algorithm": "sha256", + "value": "bdeea158b75eba22e1a9a81a58ba8c0fa1cdc9b4b57214708ee75f4d9d9b6011" + } + ] + }, + { + "id": "4773fa53cdd52e44", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-3", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3de0e41581d474c91db326d9e755fe1b11172983" + }, + { + "algorithm": "sha256", + "value": "37bee320b6a7b8b0d590bb1dba35d94aef9db078b0379308a7087b7cc5227eca" + } + ] + }, + { + "id": "c89f38590453da25", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-4", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b81f76f5a16830f56841502d65c3d271a0d94ee4" + }, + { + "algorithm": "sha256", + "value": "2d2928e5f547a8f979cdfc231aa91b31afce167beda53ea8ff8c58c4dcfd9f9a" + } + ] + }, + { + "id": "e4a6f4a56ddcfb16", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-5", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4978924cbee929c87b2726c9d9b4d2d5d7590da6" + }, + { + "algorithm": "sha256", + "value": "b8b69247931bd7c1d14ec000e52bde63d3c027dedd3bc433216a8d5dedf065be" + } + ] + }, + { + "id": "f1956bd1a3691380", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-6", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "773e9072d36b0f3dca58dc5de24b9947f3fefdeb" + }, + { + "algorithm": "sha256", + "value": "25237e454029849e747e922fedc602eae9ebb6bcfd4b55a66bea620c79467bb7" + } + ] + }, + { + "id": "21e63581b7b02e9f", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-7", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6c3c180b690aee6c0320e6703f2f781618c4221e" + }, + { + "algorithm": "sha256", + "value": "bd500e17cc54f53f444a7c3af1cd12157a5cbe4a28a5a8b04d1d336de7c71d25" + } + ] + }, + { + "id": "cbf72f5b9543b190", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-8", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "280e22a595351b1fa0fdc3b3a3deed4e4840e31a" + }, + { + "algorithm": "sha256", + "value": "4bbc4541b14ca620d9cb8bf92f80fd7c2ae3448cf3a0b0b9a7c49edb7c62eeeb" + } + ] + }, + { + "id": "4cc17f4e31664845", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/GMT-9", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 117 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f62a1c06f8a901efa933208ae9501c9a2f78a269" + }, + { + "algorithm": "sha256", + "value": "239bc736650af98ca0fd2d6c905378e15195cc1824b6316055088320a3b868c2" + } + ] + }, + { + "id": "4834666be23b0336", + "location": { + "path": "/usr/share/zoneinfo/posix/Etc/UCT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 114 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d0b8991654116e9395714102c41d858c1454b3bd" + }, + { + "algorithm": "sha256", + "value": "8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2" + } + ] + }, + { + "id": "909799b37a21942e", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Andorra", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1742 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4fbea0614a049786c42ba65ea8bea4b12a7a6ef3" + }, + { + "algorithm": "sha256", + "value": "8130798c2426bc8c372498b5fef01c398ba1b733c147a457531f60555ea9eae8" + } + ] + }, + { + "id": "9afaa370e1493930", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Astrakhan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1165 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6bdbac46bf6de697e0cb750be284973b05035877" + }, + { + "algorithm": "sha256", + "value": "cb0b732fdd8a55fa326ce980844f5e1ea98c72f2599b96f48ece460dd5882444" + } + ] + }, + { + "id": "5c421e73c56aad12", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Belfast", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1beba7108ea93c7111dabc9d7f4e4bfdea383992" + }, + { + "algorithm": "sha256", + "value": "c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4" + } + ] + }, + { + "id": "51cdda05f997befc", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Belgrade", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1920 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "961a2223fd1573ab344930109fbd905336175c5f" + }, + { + "algorithm": "sha256", + "value": "3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a" + } + ] + }, + { + "id": "7052a3c37eb89373", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Bratislava", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2301 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "396eb952fc9ee942964181ca4e5a2dcdb5e92901" + }, + { + "algorithm": "sha256", + "value": "fadd1d112954ec192506fb9421d7a22a80764fe4ae7b2eb116290437fec33167" + } + ] + }, + { + "id": "1ecc2805c23bda81", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Bucharest", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2184 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7176e5201942e3b2db81c853b0215abc86fd0ae7" + }, + { + "algorithm": "sha256", + "value": "9df83af9b5360fa0cc1166fd10c2014799319cdb1b0d2c7450a7c71ff673a857" + } + ] + }, + { + "id": "4e0f832ccffb5bf8", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Budapest", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2368 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "91adb207dce9a1bfffd91c527c87591862b5befa" + }, + { + "algorithm": "sha256", + "value": "94dc2ac5672206fc3d7a2f35550c082876c2fd90c98e980753a1c5838c025246" + } + ] + }, + { + "id": "d527689295f8a310", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Busingen", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1909 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "782d7d6812933a263ebfff012a0120d480071b1b" + }, + { + "algorithm": "sha256", + "value": "2b9418ed48e3d9551c84a4786e185bd2181d009866c040fbd729170d038629ef" + } + ] + }, + { + "id": "463fd1185acb3ea7", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Chisinau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2390 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3c7ec1a8e357d2bbaead94d299dbe16db67b43ba" + }, + { + "algorithm": "sha256", + "value": "a7527faea144d77a4bf1ca4146b1057beb5e088f1fd1f28ae2e4d4cbfe1d885e" + } + ] + }, + { + "id": "e0ede8868e534771", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Gibraltar", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3068 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "122f8383ab55c80eb33fe83cb2c8e870104260ee" + }, + { + "algorithm": "sha256", + "value": "6bced6a5a065bf123880053d3a940e90df155096e2ad55987fe55f14b4c8a12e" + } + ] + }, + { + "id": "0ba296fdbd0793ad", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Helsinki", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1900 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3f01ceaf46492fcbd8753bc6cff72ca73df6d1f1" + }, + { + "algorithm": "sha256", + "value": "184901ecbb158667a0b7b62eb9685e083bc3182edbecdc3d6d3743192f6a9097" + } + ] + }, + { + "id": "d75f7a1687554234", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Kaliningrad", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1493 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a02a78fd9fd74fa6cd9abe6546273519018d5030" + }, + { + "algorithm": "sha256", + "value": "b3b19749ed58bcc72cec089484735303a2389c03909ff2a6cff66a2583be2cc3" + } + ] + }, + { + "id": "373ae748a8cbcd46", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Kiev", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2120 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "946d9ae0ff7ee36e2d8809629da945ae868f4d65" + }, + { + "algorithm": "sha256", + "value": "fb0ae91bd8cfb882853f5360055be7c6c3117fd2ff879cf727a4378e3d40c0d3" + } + ] + }, + { + "id": "d705fc609541cf5f", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Kirov", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1185 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "22357ac98d315c82d585badfb9afe934a709f107" + }, + { + "algorithm": "sha256", + "value": "3fb4f665fe44a3aa382f80db83f05f8858d48138f47505e5af063e419d5e0559" + } + ] + }, + { + "id": "ba21fd1aa2af3853", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Lisbon", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3527 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b9298daf385db9e18080b3d9f46be2c944714ec1" + }, + { + "algorithm": "sha256", + "value": "92b07cb24689226bf934308d1f1bd33c306aa4da610c52cd5bce25077960502c" + } + ] + }, + { + "id": "f2d3cfaacbb01880", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Madrid", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2614 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "373ee9e3d0ba9edf1ebd6497d5f1ffb50a62984f" + }, + { + "algorithm": "sha256", + "value": "9a42d7d37ad6dedd2d9b328120f7bf9e852f6850c4af00baff964f659b161cea" + } + ] + }, + { + "id": "70b83a93e0a21641", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Malta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2620 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "eede4ec7a48fc8ada059d1462e2c090eda8c6c91" + }, + { + "algorithm": "sha256", + "value": "12129c6cf2f8efbeb9b56022439edcbac68ad9368842a64282d268119b3751dd" + } + ] + }, + { + "id": "d93c522207cbf1bf", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Minsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1321 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e36f1daec8979122825de4903770b79e0eabcd88" + }, + { + "algorithm": "sha256", + "value": "9a7f3acddacd5a92580df139d48cbd9f5f998b6a624f26fd10f692d80fae1894" + } + ] + }, + { + "id": "211f559c0f4bbf4a", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Monaco", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2962 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f065dd54ad27c008caa5e96b7fec1e7859fcc003" + }, + { + "algorithm": "sha256", + "value": "ab77a1488a2dd4667a4f23072236e0d2845fe208405eec1b4834985629ba7af8" + } + ] + }, + { + "id": "f78d3bb4be66b75b", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Moscow", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1535 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d4d01723421789b2d2b54ffedee60283e94f5e65" + }, + { + "algorithm": "sha256", + "value": "2a69287d1723e93f0f876f0f242866f09569d77b91bde7fa4d9d06b8fcd4883c" + } + ] + }, + { + "id": "fcef089df6ff596a", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Riga", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2198 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "799671bdcad326eb5707eb620342c69bac5e6580" + }, + { + "algorithm": "sha256", + "value": "849dbfd26d6d696f48b80fa13323f99fe597ed83ab47485e2accc98609634569" + } + ] + }, + { + "id": "194c99d5c6dfd860", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Rome", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2641 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2ef35f507ab176828a5c751f702144ede463e385" + }, + { + "algorithm": "sha256", + "value": "d5ade82cc4a232949b87d43157c84b2c355b66a6ac87cf6250ed6ead80b5018f" + } + ] + }, + { + "id": "fa730dd75d64d5a3", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Samara", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1215 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a8bab29224d52a19e5960c2c66557748fb55c4e5" + }, + { + "algorithm": "sha256", + "value": "cf68a79ea499f3f964132f1c23217d24cfc57e73b6b1665aa9e16a3a1f290fb3" + } + ] + }, + { + "id": "48f8c2a987661df7", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Saratov", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1183 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "916029e1ff74b86bd860098a43bacbac34677fb5" + }, + { + "algorithm": "sha256", + "value": "04c7a3e3d1e5406db80960a1e5538436b0778cfb893d270fb3346d6fb32b2772" + } + ] + }, + { + "id": "c817df2401644d95", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Simferopol", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1469 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f1773f7624c418081fb3ab76ac1a64ab60f2e9be" + }, + { + "algorithm": "sha256", + "value": "b7397bc5d355499a6b342ba5e181392d2a6847d268ba398eabc55b6c1f301e27" + } + ] + }, + { + "id": "385f39c9f2fe1333", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Sofia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2077 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "541f61fa9ef15b102f8661b684ad9976bd81b929" + }, + { + "algorithm": "sha256", + "value": "84240a5df30dae7039c47370feecd38cacd5c38f81becab9a063b8c940afe6d6" + } + ] + }, + { + "id": "5fc0468959b8e2ca", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Tallinn", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2148 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dff1b1743ddf6474e691fae0a6dab8ee93d81789" + }, + { + "algorithm": "sha256", + "value": "e1ae890b4688a4ccea215ecedf9ce81b42cb270910ab90285d9da2be489cebec" + } + ] + }, + { + "id": "514cb52107ce34ed", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Tirane", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2084 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3b9be3df7968b0c46feed0a46349324179daaa84" + }, + { + "algorithm": "sha256", + "value": "ced959c824bd5825de556f2706e9f74f28b91d463412d15b8816c473582e72ec" + } + ] + }, + { + "id": "a179fa54cf5c4c26", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Ulyanovsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1267 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f5d943bf83a0dffa86018b8512df7179536fb4ae" + }, + { + "algorithm": "sha256", + "value": "9c5b207154e64e2885cc7b722434673bedc7e064407c079c79be9bda31472d44" + } + ] + }, + { + "id": "ee42227bc84df0ea", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Vienna", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2200 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1da9833989405bd5ff21d58013704f9f00cefd7b" + }, + { + "algorithm": "sha256", + "value": "6662379000c4e9b9eb24471caa1ef75d7058dfa2f51b80e4a624d0226b4dad49" + } + ] + }, + { + "id": "2eac927b46cddaa0", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Vilnius", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2162 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "88bfe2ba142bad0856984a813ac8b93939fd6b3e" + }, + { + "algorithm": "sha256", + "value": "505cd15f7a2b09307c77d23397124fcb9794036a013ee0aed54265fb60fb0b75" + } + ] + }, + { + "id": "0011d80650bd57b7", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Volgograd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1193 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a4deb32b25919c4fbeec94d043abbdcc27b45bd6" + }, + { + "algorithm": "sha256", + "value": "46016fb7b9b367e4ed20a2fd0551e6a0d64b21e2c8ba20dd5de635d20dbfbe4b" + } + ] + }, + { + "id": "d5106c46a9567f39", + "location": { + "path": "/usr/share/zoneinfo/posix/Europe/Warsaw", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2654 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "011e06118f3e209794b175332ffb109e2583e4f7" + }, + { + "algorithm": "sha256", + "value": "4e22c33db79517472480b54491a49e0da299f3072d7490ce97f1c4fd6779acab" + } + ] + }, + { + "id": "066e06135920a3fe", + "location": { + "path": "/usr/share/zoneinfo/posix/Factory", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d970812ef3dca71b59cc3dab08ba3391d4dd1418" + }, + { + "algorithm": "sha256", + "value": "6851652b1f771d7a09a05e124ae4e50fc719b4903e9dee682b301ae9e5f65789" + } + ] + }, + { + "id": "fa4e8eab62182cad", + "location": { + "path": "/usr/share/zoneinfo/posix/HST", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 329 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5d5313bee3a467f7b5311b263c7d38b52f182164" + }, + { + "algorithm": "sha256", + "value": "7f03d1bf5264e7ab023a2ef9b997ddfc8cb6936692407c770762b9c549523f33" + } + ] + }, + { + "id": "6d6688aea27fa8fa", + "location": { + "path": "/usr/share/zoneinfo/posix/Indian/Chagos", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 199 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e56a740e0b4703426b63bf2ea71650a2ae0defda" + }, + { + "algorithm": "sha256", + "value": "db7076ea9c302b48315bb4cfefa1a5b7263e454fe8e911864ab17dde917b4b51" + } + ] + }, + { + "id": "4f21c2134ca3699d", + "location": { + "path": "/usr/share/zoneinfo/posix/Indian/Kerguelen", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 199 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a77b20e17ce1c1f9c4767d1ddf03a67b0312ce6c" + }, + { + "algorithm": "sha256", + "value": "7544016eb9a8077a1d5ac32ddcad58527078e3b03a9e45b7691d5a1f374b17b3" + } + ] + }, + { + "id": "d1c10e34d3aafde3", + "location": { + "path": "/usr/share/zoneinfo/posix/Indian/Mauritius", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 241 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1c264edb46f9058fb482a727ec95bb67807ec804" + }, + { + "algorithm": "sha256", + "value": "93abd651571f537812d4ad767bf68cc3a05e49d32f74bc822510802fb083d20a" + } + ] + }, + { + "id": "dbdc3b07da2deabb", + "location": { + "path": "/usr/share/zoneinfo/posix/Kwajalein", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 316 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6c90cce9681748e9c5c59ba8a9070c1425a71f79" + }, + { + "algorithm": "sha256", + "value": "2f89c7deac6fe4404a551c58b7aedbf487d97c1ce0e4a264d7d8aeef1de804c9" + } + ] + }, + { + "id": "94958ba44fa043aa", + "location": { + "path": "/usr/share/zoneinfo/posix/NZ-CHAT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2068 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cb54cbb65da9481265fbb1005f8860efa5170042" + }, + { + "algorithm": "sha256", + "value": "96456a692175596a6ffc1d8afa4dae269dac7ad4552ba5db8ec437f200c65448" + } + ] + }, + { + "id": "ac704fff8d045cef", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Apia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 612 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "442116a1776e38b80a519df388e5e3e992081f74" + }, + { + "algorithm": "sha256", + "value": "726e92e83d15747b1da8b264ba95091faa4bca76a8e50970a4c99123d9b9647e" + } + ] + }, + { + "id": "c985cb2dc1a169bc", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Bougainville", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 268 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4438f6699a844ec19aabc63f4ea9df91e1714ffb" + }, + { + "algorithm": "sha256", + "value": "64a0dafd2ff68129663968b35750eac47df06c4e7cadf2b5bca64766aaebb632" + } + ] + }, + { + "id": "2cf98fe7a8654079", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Efate", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 538 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dfcdfadd0146e60fdfa6c9a457f4fd94c062fb1a" + }, + { + "algorithm": "sha256", + "value": "a46e0d31578cde10494d99d99aa78bab3dd0e680a08135b81cef91f457bddba0" + } + ] + }, + { + "id": "f049ddb3599ce35d", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Enderbury", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 234 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ae7f372f20b1ed3a9bbc2eeabd3a67156f9e65f4" + }, + { + "algorithm": "sha256", + "value": "52f13b7d5b79bc64bb968297d7489b84d8a596288dab0bd001757d3518588603" + } + ] + }, + { + "id": "057a5f6ec928791d", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Fakaofo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 200 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4ae0c959818fd9aad8518baa00dab9172c77f1d7" + }, + { + "algorithm": "sha256", + "value": "828c3e4a0139af973c27f020e67bc9e5250f0e0eb21fca6d87f6be40b0dc3eff" + } + ] + }, + { + "id": "c6de8cfabb0d2d20", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Fiji", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 578 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3c657bce2b4fd4ebd6fbf6e435eac77d0704d3a0" + }, + { + "algorithm": "sha256", + "value": "c955305c2fc9c0bc9f929adf08d4e7580add30ba925c600e7a479ee37b191a23" + } + ] + }, + { + "id": "6cec62463126b762", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Funafuti", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 166 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cb335dbaaa6de98cf1f54d4a9e665c21e2cd4088" + }, + { + "algorithm": "sha256", + "value": "bd3e94c56eca786a6d761f34163f404804c698bc7c59a8badf494c2f89b083cd" + } + ] + }, + { + "id": "4205f8b4e25f7938", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Galapagos", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 238 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e4dac5e58655145a568ed53ebe3c2acf5f4a3724" + }, + { + "algorithm": "sha256", + "value": "31db650be7dfa7cade202cc3c6c43cb5632c4e4ab965c37e8f73b2ca18e8915f" + } + ] + }, + { + "id": "7daee65cf4a04418", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Gambier", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 164 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1fb4054e9a560e58b8e482bc29621d1e88201a75" + }, + { + "algorithm": "sha256", + "value": "cfa79817cb2cccb8e47e9aa65a76c1040501fa26da4799e874a68061bbd739ed" + } + ] + }, + { + "id": "18dea002d13130a1", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Guadalcanal", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 166 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5011d0291e183a54b67e5cffba2d54278478ebe5" + }, + { + "algorithm": "sha256", + "value": "e865fe5e9c5c0b203ae2a50c77124c14cab8b0f93466385ec6a19baf2cdf8231" + } + ] + }, + { + "id": "44028b6bb5dd7fc0", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Guam", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 494 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e89887209cf2ea7f4223ca7298e9377b233eaba6" + }, + { + "algorithm": "sha256", + "value": "131f739e67faacd7c6cdeea036964908caf54d3e2b925d929eb85e72b749b9f2" + } + ] + }, + { + "id": "90771ac81ab468b8", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Kiritimati", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 238 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "37395a0b6f3d7510d03c13e1a0a92b399f7b303c" + }, + { + "algorithm": "sha256", + "value": "5474778aec22bf7b71eb95ad8ad5470a840483754977cd76559e5d8ee4b25317" + } + ] + }, + { + "id": "7ead89c2b331912b", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Kosrae", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 351 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "59dabc00195b0e9a26c1304e866284e7c9963d09" + }, + { + "algorithm": "sha256", + "value": "566e40288e8dbee612cf9f2cf3ddb658d2225a8a8f722c7624e24e8b1d669525" + } + ] + }, + { + "id": "2ee3a5a33392d02c", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Marquesas", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 173 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "57ac5495306a7ca1ce93df12ef67956ed2d81c44" + }, + { + "algorithm": "sha256", + "value": "bb3b2356896eb46457a7f1519ef5e85340290c46f865a628cffafad03ee3b9f8" + } + ] + }, + { + "id": "21aebeff396d90d6", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Midway", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 175 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4c388c7f9a7700517fc6577943f3efe3bdddd3eb" + }, + { + "algorithm": "sha256", + "value": "7c262b62985863aad47f13b0ef5db2e5cc917b5d38002de9a2ea83ddb0883458" + } + ] + }, + { + "id": "46d8ffd21be5a635", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Nauru", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 252 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "58548fa30aafa75c04f88b266404875a11a2c6f0" + }, + { + "algorithm": "sha256", + "value": "a06c68718b2ab2c67f11e4077f77143f9720d2ab6acf1d41ce81235568c4ffb8" + } + ] + }, + { + "id": "c276e24691787eff", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Niue", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 203 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d65969431f77c6ed51c69499305c8bacad1e8ba6" + }, + { + "algorithm": "sha256", + "value": "29cd01460b2eee0d904d1f5edfb0eea91a35b140960c5328c00438c0ee98350d" + } + ] + }, + { + "id": "72bd1bf6a1f8325a", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Norfolk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 880 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0f70543c0407a341ec68b97c13354ad6bc5f5000" + }, + { + "algorithm": "sha256", + "value": "09d11733d48a602f569fb68cc43dac5798bccc4f3c350a36e59fcbf3be09b612" + } + ] + }, + { + "id": "ac44ce4edaa057c8", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Noumea", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 304 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d8e75639c5dbd5aacc617f37e2d5003747a8a2e7" + }, + { + "algorithm": "sha256", + "value": "1526a7a4038213b58741e8a8a78404aca57d642dd3ceed86c641fcfad217b076" + } + ] + }, + { + "id": "f889562e18d25a1a", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Palau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 180 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5d7598739759a6bc5a4907695beebb6c41a8d045" + }, + { + "algorithm": "sha256", + "value": "0915bffcc7173e539ac68d92f641cc1da05d8efeeee7d65613062e242a27ce64" + } + ] + }, + { + "id": "26f1e9f423da2438", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Pitcairn", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 202 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e650a33fa02e1507b3b1720fa483a3a505784d67" + }, + { + "algorithm": "sha256", + "value": "3bae4477514e085ff4ac48e960f02ab83c2d005de1c7224d8ae8e0a60655d247" + } + ] + }, + { + "id": "5e58792604a2de92", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Rarotonga", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 603 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dbdac5a429cf392f51c37a685c51690e4ff97263" + }, + { + "algorithm": "sha256", + "value": "deeaf48e2050a94db457228c2376d27c0f8705a43e1e18c4953aac1d69359227" + } + ] + }, + { + "id": "2ba0227f0817622e", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Tahiti", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 165 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c38a00fdc386eabc2c267e49cf2b84f7f5b5e7ba" + }, + { + "algorithm": "sha256", + "value": "f62a335d11580e104e2e28e60e4da6452e0c6fe2d7596d6eee7efdd2304d2b13" + } + ] + }, + { + "id": "86b1760d0094da18", + "location": { + "path": "/usr/share/zoneinfo/posix/Pacific/Tongatapu", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 372 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2948107fca9a51b432da408630a8507d5c6a1a59" + }, + { + "algorithm": "sha256", + "value": "6f44db6da6015031243c8a5c4be12720a099e4a4a0d8734e188649f4f6bc4c42" + } + ] + }, + { + "id": "1e12e2b7baffc502", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Abidjan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e7548658d1a556108a7d589d4a6b1f25f04f6b08" + }, + { + "algorithm": "sha256", + "value": "6d99040f3d1a740a722ac0b6c1ed8ae8f50b5a85810467ac8b5199065d9a28ec" + } + ] + }, + { + "id": "28a58a71753afd9d", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Addis_Ababa", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 814 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "44b45d7471b73915facdce9fdc9970ce60b96931" + }, + { + "algorithm": "sha256", + "value": "0452df41e535930e88a7c4783bd33c4284d5cae96daa6915fffb9a27ccf2f4d6" + } + ] + }, + { + "id": "0caf887c9a2180c1", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Algiers", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1284 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bfc4f856b5cac64495446fac945078961f54dd49" + }, + { + "algorithm": "sha256", + "value": "b82210ca1dcb1915525fe6ecb6447113998bb3848e6d9c6129908894b9cf69dd" + } + ] + }, + { + "id": "12ae5e9461e3b5ae", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Bangui", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 784 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e5d3299b0b6f60a64c4b4df90740be055967fc7d" + }, + { + "algorithm": "sha256", + "value": "b498fd4a1c3b46c690f2b78e39afd2f8c31e4b1506115e12a82c89260dfce48e" + } + ] + }, + { + "id": "1ea40f38c3af340f", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Bissau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 744 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2943c4a3ec06a4966a3971b3bb8d815f46f64452" + }, + { + "algorithm": "sha256", + "value": "69cb21ce2a4876370726a0d53384cb91070b3b5395957017eb8e3baf1545bf5a" + } + ] + }, + { + "id": "81ab02364bf1f697", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Blantyre", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0500a5fe71a16431b84e65d0f5f99c77530f0d9d" + }, + { + "algorithm": "sha256", + "value": "50e495f300ed648bcd599326561fa29edc695ba8cdb27469b2008460406e0aaa" + } + ] + }, + { + "id": "8aca294312e655c7", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Cairo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2602 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3b3134acbe48516f6813276fa36d9236df991dfa" + }, + { + "algorithm": "sha256", + "value": "0cf2295a003fcdf7e72d5254f968c7f9b9fee98fba0fca1aeef2630d898ac313" + } + ] + }, + { + "id": "43ecffc436a18913", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Casablanca", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1708 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9366ebbee7b43a448d279d54cc0085d26034d2da" + }, + { + "algorithm": "sha256", + "value": "7308ffbd19caeb2e0236505cb098f2771a518d5f49dd7b5087bb67ad5716cc16" + } + ] + }, + { + "id": "0515ffe984f626d8", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Ceuta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2258 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cee9b26d6ed72dd814fab10daace29b72b351fd7" + }, + { + "algorithm": "sha256", + "value": "c24c8fd8f15c5cfd8a0af1c6f82ddb123376866eb592ae8e2ae3b729d5ed1142" + } + ] + }, + { + "id": "27f5c384e6257312", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/El_Aaiun", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1550 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dd6645412fb1a7ee30a59c9eae83ac765e76fd0f" + }, + { + "algorithm": "sha256", + "value": "4b87e565d279ef251825c24160a0e4975fb46c390838159e3d82246d5890eb08" + } + ] + }, + { + "id": "eafe51e1e824cc94", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Johannesburg", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 794 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b20061340f101ac794048fa8766100a024975d9f" + }, + { + "algorithm": "sha256", + "value": "23430ce1b491d37d0cf263434c913117b38588a7bcd3d19644733d94c24c3d80" + } + ] + }, + { + "id": "b2cfd17a18d5a1bd", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Juba", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1228 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3ff4e966824737fa7aa81adf5f45666ef639b82a" + }, + { + "algorithm": "sha256", + "value": "95f824cbcdef20db8f196141d752f3a745a67377d1c42d81c1b305a13dfbbf75" + } + ] + }, + { + "id": "967e3a10ec37458f", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Khartoum", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1228 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2b7f24674b1ea7f9e36ec487ef3a6fb65ccd1f0b" + }, + { + "algorithm": "sha256", + "value": "e2f1a0bfcda4b70b929a141d995899ea42b717ece0c3c5d2b30fa7eadee4185f" + } + ] + }, + { + "id": "3dc2ade608bb09da", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Monrovia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 758 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5197b4769725d1519361d251e989640fc15dd012" + }, + { + "algorithm": "sha256", + "value": "23c47fbe43d31c1c2eab3fc40909480a9f797368d8fa8e429774e16f8202d33a" + } + ] + }, + { + "id": "673d21dbd2158552", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Ndjamena", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 748 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1466337323b061589dd7cc745374281199aaf05d" + }, + { + "algorithm": "sha256", + "value": "72b90718f783f47d1194762dfdf1e9476f1272c92e3e674221605191ba9642ce" + } + ] + }, + { + "id": "b97a7a2f3fbf4c36", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Sao_Tome", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 804 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dc20e74114c7db3a25a850d085b51b29b0433a82" + }, + { + "algorithm": "sha256", + "value": "eac39b97f89cb5c9a5a6e8188fcdc2254c5e470bdba79cfd7dcc430f86ab23e3" + } + ] + }, + { + "id": "63f5243af314e0b5", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Tripoli", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1174 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "82bc65e952b18495bfb2098430c0cbc2ddd97aac" + }, + { + "algorithm": "sha256", + "value": "bb5d4058b24832f4d9d47f2464b01b458efabc17243252c13cb1f7732eab4d0e" + } + ] + }, + { + "id": "996f559bdbcdf702", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Tunis", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1238 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e6665aa405449ac0c941f56c0c9217d117314ca1" + }, + { + "algorithm": "sha256", + "value": "5e2b3f9e67dba3db5f16186bb601bf9eddc930026bd9729a87de1e67b9215d7d" + } + ] + }, + { + "id": "3efdc5b032bda724", + "location": { + "path": "/usr/share/zoneinfo/right/Africa/Windhoek", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1542 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ac60a291de8bb89d63a4e622da21b394f446cacb" + }, + { + "algorithm": "sha256", + "value": "423d39a12510b844303818beaf7ca9bbab64f1d89bc74693dff4cc3538c7208a" + } + ] + }, + { + "id": "644aa8c946738c20", + "location": { + "path": "/usr/share/zoneinfo/right/America/Adak", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2565 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c921275cc32abe4f70a1ea81fd0d458801a5c744" + }, + { + "algorithm": "sha256", + "value": "eda5938e2a7bcf04fe49e8f88a54725faa398319b93206dfaeb2d0915887d560" + } + ] + }, + { + "id": "545524b58c8b745e", + "location": { + "path": "/usr/share/zoneinfo/right/America/Anchorage", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2579 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a73d9214b762c019f498661d08cacfddc44f6afc" + }, + { + "algorithm": "sha256", + "value": "822caa627009cfbaec50af294a81c1e237ac690033f0f424468f1fa29ca60bf8" + } + ] + }, + { + "id": "5d7943c7e30119bb", + "location": { + "path": "/usr/share/zoneinfo/right/America/Anguilla", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 796 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3dcef79cf8beabaffc49ae9d4e988d96501e4b20" + }, + { + "algorithm": "sha256", + "value": "a2bf544d7793ff7b75bd833679e7c5969e1d1115b051f4cecb2ad2d9217b45cb" + } + ] + }, + { + "id": "0d9f97c062a39e17", + "location": { + "path": "/usr/share/zoneinfo/right/America/Araguaina", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1418 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bfdb939a148ce3f185acabd6c07f559662ae19e2" + }, + { + "algorithm": "sha256", + "value": "48d382d8c4965a56dd7385bdf6b751c369359681530fdf04115ea1394b5bbee7" + } + ] + }, + { + "id": "fba85d57dfe36e70", + "location": { + "path": "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1610 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "697701087c7ac1a4b746a296a2283dc3b5493a7d" + }, + { + "algorithm": "sha256", + "value": "2e14211d1ef17ff25d3e08567e9e53ef9ef4d1f81db55396a8e5cdff73d6a9ef" + } + ] + }, + { + "id": "a9fee61f29c681de", + "location": { + "path": "/usr/share/zoneinfo/right/America/Argentina/Catamarca", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1610 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9bbede667590f00caee022f7167f82dbc8db3cf7" + }, + { + "algorithm": "sha256", + "value": "905ae931fb0eaada8c616b75e4df4d37499c4086cac66edd0ee9b16d0cbebbe5" + } + ] + }, + { + "id": "ee089b91a7005898", + "location": { + "path": "/usr/share/zoneinfo/right/America/Argentina/Cordoba", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1610 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0835c7d8517c8f6a686b7e3087a61f1d54f9a13b" + }, + { + "algorithm": "sha256", + "value": "8484fedab6db3db014c76102c714037f36dbc2577448550f7ab0162ee918c3ca" + } + ] + }, + { + "id": "4a3eda6da3ff252c", + "location": { + "path": "/usr/share/zoneinfo/right/America/Argentina/Jujuy", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1582 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d875cc4a963602e78a4409759b0c5d3195785400" + }, + { + "algorithm": "sha256", + "value": "33ca10a968a8b941e09fd3fe3af2ea04309c7fe62f46d3a38b592767ef73f681" + } + ] + }, + { + "id": "9f31d5e035978451", + "location": { + "path": "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1624 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0cecc54e7f53eb376d2d8edb011ad46e858c3b78" + }, + { + "algorithm": "sha256", + "value": "c874c359a6133f8d351124e131096e560c85745697b855a0dc7c39349a0f8816" + } + ] + }, + { + "id": "749cbcc52c60375e", + "location": { + "path": "/usr/share/zoneinfo/right/America/Argentina/Mendoza", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1610 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7c2cf695ed4e8c9c070d49b0e2866ec006d3abfe" + }, + { + "algorithm": "sha256", + "value": "c8f0a41e270f3428b7266e7b5286811b0c5a649b7e54f91e3e31f254c59154bb" + } + ] + }, + { + "id": "82f885559c79e03e", + "location": { + "path": "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1610 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a9adafc9a85f01105bf5052887ebeed030f5d9f8" + }, + { + "algorithm": "sha256", + "value": "eff23fa4ef928a02ece1a45edda3c609d87b20e89739e6e6583d9a4270b53773" + } + ] + }, + { + "id": "7775c68823622bef", + "location": { + "path": "/usr/share/zoneinfo/right/America/Argentina/Salta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1582 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0f3c89361fb6564234176d775fcbdcaf7108158b" + }, + { + "algorithm": "sha256", + "value": "4afc8318be82f56fbc93b31cfeb5d14be09bbe8a06c769184da425fa923025c9" + } + ] + }, + { + "id": "dc9f06d4ba7b9f7c", + "location": { + "path": "/usr/share/zoneinfo/right/America/Argentina/San_Juan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1624 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ce97e1aaa2abdca23a4dc4cdaa28cc454e286f13" + }, + { + "algorithm": "sha256", + "value": "3bd8dea3ac42e9a2d1a0163bfe8f016fe2fc646a1ab6fc140a9f773bab427e46" + } + ] + }, + { + "id": "79bced351aedbd0c", + "location": { + "path": "/usr/share/zoneinfo/right/America/Argentina/San_Luis", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1636 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "937abcdeac1c95cbd38515b9119063150ede536c" + }, + { + "algorithm": "sha256", + "value": "2de51d378aa922263bbc8f8dd76127d4ad696a6fd477d7951c6f0fa4cb3f919f" + } + ] + }, + { + "id": "c63555534c04dfd9", + "location": { + "path": "/usr/share/zoneinfo/right/America/Argentina/Tucuman", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1638 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dee2141bb5a8bc7287a9d0467f341549aa8bcd3f" + }, + { + "algorithm": "sha256", + "value": "f459b3b4bdbd76e51a8058fcee5e33edc125ad05a7aab1c942d00d0ba720d24c" + } + ] + }, + { + "id": "765160302ae1e137", + "location": { + "path": "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1610 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "68351592dc160973545d19bcba752dd9ec38285b" + }, + { + "algorithm": "sha256", + "value": "0819bab11849a3ecc0c9bcea0859010c658df967ef0f223d2d6f9cfe2f9bc160" + } + ] + }, + { + "id": "91904eed74ebab7c", + "location": { + "path": "/usr/share/zoneinfo/right/America/Asuncion", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2192 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "908416e61183e5a1131a46c66936100262634180" + }, + { + "algorithm": "sha256", + "value": "2af7198626a523401b074059d12974998b644d8e1e5bebfd27e78bb4ac64e740" + } + ] + }, + { + "id": "74c4ec0cba7629ee", + "location": { + "path": "/usr/share/zoneinfo/right/America/Atikokan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 732 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "77c866c688c3c37eb3272ae5270f7e60c2f03c5d" + }, + { + "algorithm": "sha256", + "value": "52d82dae24e548fb8be6b53a7c8bf2f6a008600afb7c4616caf40f620f191174" + } + ] + }, + { + "id": "0ade089dd60c5f85", + "location": { + "path": "/usr/share/zoneinfo/right/America/Bahia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1558 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a38a14db8a11570310d7c8a449caec651c63d4dc" + }, + { + "algorithm": "sha256", + "value": "5e242c35d73d4f3bdabe156f23b114144f9cc359d3400ab7d7464b86b16d21c5" + } + ] + }, + { + "id": "6c1e03e0ff4c5fc4", + "location": { + "path": "/usr/share/zoneinfo/right/America/Bahia_Banderas", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1650 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2b6c1b1ef8512fa0c5692083e4940676163339ff" + }, + { + "algorithm": "sha256", + "value": "3b928d2fea6733afd52890678319e08e13112bb79a96ece242ed0d3c96235ef9" + } + ] + }, + { + "id": "68dc887745847a95", + "location": { + "path": "/usr/share/zoneinfo/right/America/Barbados", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 986 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "76deee72250ee11d6cf49901ebac9fe5bd0257be" + }, + { + "algorithm": "sha256", + "value": "978e1e4bb9e907b25efd9c990c7e2fa4cce322aa08063ebd73983187d7db033d" + } + ] + }, + { + "id": "ccf81edcc32a4f29", + "location": { + "path": "/usr/share/zoneinfo/right/America/Belem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1110 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "584bcbc5b5a22a963ce7beeceb1d4f59238a113b" + }, + { + "algorithm": "sha256", + "value": "30fedc0e5f3334ab4cbd939be48d7d8ef22d3d79927c136b88fd7bfee27601ab" + } + ] + }, + { + "id": "6b00277688781bab", + "location": { + "path": "/usr/share/zoneinfo/right/America/Belize", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2164 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2297abc95b74ebe5736627f3a3136ef00f5bd964" + }, + { + "algorithm": "sha256", + "value": "7c378a7a12875e3dc0e8ec6232c6d057f7bf03335dcf9aa59afb4c3fcda21b26" + } + ] + }, + { + "id": "d34cf2a21c861c20", + "location": { + "path": "/usr/share/zoneinfo/right/America/Boa_Vista", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1166 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "06b9a02570482a74fb0e9941e94654a75ffa414d" + }, + { + "algorithm": "sha256", + "value": "d727d0877afc200e80e9ce5c2e5b77bdb21b6f01a2b52854f392b5bf1c45f9ee" + } + ] + }, + { + "id": "64fd9f51d9d2fe9a", + "location": { + "path": "/usr/share/zoneinfo/right/America/Bogota", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 780 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "600f9b4e22da9f75a8cc72db02c9d5a8ef9765fd" + }, + { + "algorithm": "sha256", + "value": "a7e9b73f5a0e6c85c3823c4da7336b0863ed53d62410c721e6cac0cdf5133991" + } + ] + }, + { + "id": "bbb1f2b3570b915e", + "location": { + "path": "/usr/share/zoneinfo/right/America/Boise", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2620 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7afeb0784832e7cac3aa7fdd3cb82c913e3a31f0" + }, + { + "algorithm": "sha256", + "value": "dd82ebade8f4b3c53cb5eae589c1061aa473cdae1b9f39076569e168f349a618" + } + ] + }, + { + "id": "c0252d612386b659", + "location": { + "path": "/usr/share/zoneinfo/right/America/Cambridge_Bay", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2464 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "58e50b3cb9c3bc35ab3c63c41d21393d1ac29547" + }, + { + "algorithm": "sha256", + "value": "43b852b08512ed5a2eed675bfd74dfd8be60427b531bcfe77a443d8ebf0a5583" + } + ] + }, + { + "id": "cdb7c18c637626be", + "location": { + "path": "/usr/share/zoneinfo/right/America/Campo_Grande", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1978 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5bbaa1ccd86d7ce5a8e88c6318cffff0074c9222" + }, + { + "algorithm": "sha256", + "value": "de2c0178c7d83e45a841ad3747e791804738aae41ad147ce8a88c0aea562361a" + } + ] + }, + { + "id": "f385e92015c773bf", + "location": { + "path": "/usr/share/zoneinfo/right/America/Cancun", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1414 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b9ff7c91a88e941b25ec9fc713f13a555d14042b" + }, + { + "algorithm": "sha256", + "value": "20096d8861f681fbcc5f4347a53ad0f163a470edabcb25add585a2ab078e024f" + } + ] + }, + { + "id": "6db85fd6485015b1", + "location": { + "path": "/usr/share/zoneinfo/right/America/Caracas", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 798 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f830943f35569a6c4caa9389aff6b432e23ba7e7" + }, + { + "algorithm": "sha256", + "value": "d43948c2d59a0dec759017b9c336ea5b44f1d24c487ee0938fcca43e0328264f" + } + ] + }, + { + "id": "491311a52b2465d3", + "location": { + "path": "/usr/share/zoneinfo/right/America/Cayenne", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 732 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b51196e45252291d6a2c72fac46a8679728cdc08" + }, + { + "algorithm": "sha256", + "value": "0409a1d87a48254170b4561e085e4c4b39af2f257bdf440f1664861972eed754" + } + ] + }, + { + "id": "2a187ef845ab494a", + "location": { + "path": "/usr/share/zoneinfo/right/America/Chicago", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3802 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0159261005c43775514868a401bef85696f021a5" + }, + { + "algorithm": "sha256", + "value": "508cca4fb0cd8f8c0fa7cbcd2bef318dd1c13234733675f18c353e39190888f7" + } + ] + }, + { + "id": "ce9ff7ae1a540ba3", + "location": { + "path": "/usr/share/zoneinfo/right/America/Chihuahua", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1652 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b46090c2ced7fff1031172e0d6edb3c402e9b44c" + }, + { + "algorithm": "sha256", + "value": "4b7c51f5b3eb517fedaa16555abc06f2c9eef1bd74f13338dcfd1d2d813b1ad9" + } + ] + }, + { + "id": "acaf22218730a5df", + "location": { + "path": "/usr/share/zoneinfo/right/America/Ciudad_Juarez", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1748 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e1a620d5713bcfda1f83dde1d4a765086df2cfcc" + }, + { + "algorithm": "sha256", + "value": "53a22d0f650666a63c4dea821d59578c6eaee0fff02e0e264eed8ac58d72defc" + } + ] + }, + { + "id": "a318b559e8ec5e01", + "location": { + "path": "/usr/share/zoneinfo/right/America/Costa_Rica", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 866 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2d20e8fa36a69086733d1323fbee627c6a594195" + }, + { + "algorithm": "sha256", + "value": "3b1c0b45d274ae11b0d6b804f36aa49130434f81e936b6d3221c344d432665c7" + } + ] + }, + { + "id": "8979cba7762ce8f1", + "location": { + "path": "/usr/share/zoneinfo/right/America/Coyhaique", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2674 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "06dbe6b92e4e0c9b4d33b011b73c980a94a984a8" + }, + { + "algorithm": "sha256", + "value": "5840f696649edae1ff3a58946e5a1cfe1b79cfc2d3999f2277c35724ef08b239" + } + ] + }, + { + "id": "87a32bf8148754ae", + "location": { + "path": "/usr/share/zoneinfo/right/America/Creston", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 910 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "472714da56acdc186179da8421a6b2b64bbc5cd5" + }, + { + "algorithm": "sha256", + "value": "2c497e17c3ec106cd3b05bcc0fc89f225cac710c30874b2443ef5e9247f171cb" + } + ] + }, + { + "id": "a0f2d7770002fb9c", + "location": { + "path": "/usr/share/zoneinfo/right/America/Cuiaba", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1950 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "38a3118cffe4ad6d6779dc4783345a6ee33138ac" + }, + { + "algorithm": "sha256", + "value": "61f4864f28eab14abc8dfbd85af412514f117c9970c9351d14d6e8dade5f59ce" + } + ] + }, + { + "id": "b57e758310e08e08", + "location": { + "path": "/usr/share/zoneinfo/right/America/Danmarkshavn", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1248 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fcd423f8c7dce5c588425ed82ca8b8167cfe68ce" + }, + { + "algorithm": "sha256", + "value": "5a2614344b77a66b5cb9f736165ecbff65a459d5dc5c4fc2a6eb65cdb162a878" + } + ] + }, + { + "id": "ef3d410ae8f703b8", + "location": { + "path": "/usr/share/zoneinfo/right/America/Dawson", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2164 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2ea70cf070e6dd99b02ce8399109d036fc80d008" + }, + { + "algorithm": "sha256", + "value": "3adb27eb1135311a63552717850232daadd5f47f6b10871fc42625a5c4b044e8" + } + ] + }, + { + "id": "5abb4c317c67493e", + "location": { + "path": "/usr/share/zoneinfo/right/America/Dawson_Creek", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1600 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d1ba3f6b477ced812a1d1b6dbc4ba54ad54b877c" + }, + { + "algorithm": "sha256", + "value": "caae6cca9f37e6f82a0d32eeb7a4f0b9cbad2b610647714e8fc3380e3f3fe5ea" + } + ] + }, + { + "id": "2e3d233ce4bf3668", + "location": { + "path": "/usr/share/zoneinfo/right/America/Denver", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2670 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "652c1b3ce219d090bb9bd7df5e454ae2b869fd17" + }, + { + "algorithm": "sha256", + "value": "009b1d983df4e7e214c72eb8b510fb1a7793c6f6765a14fb82d1a00ca1dacf4f" + } + ] + }, + { + "id": "e10bb262a37a0d1a", + "location": { + "path": "/usr/share/zoneinfo/right/America/Detroit", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2440 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "38c72887d68bb438f0d62619369f608fde90ebde" + }, + { + "algorithm": "sha256", + "value": "36ca32bc9140609c6ebabf35e479741fc2e98fed91eea751fe591e0a26689633" + } + ] + }, + { + "id": "27e84291ee71ad39", + "location": { + "path": "/usr/share/zoneinfo/right/America/Edmonton", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2542 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fe293bdc69734c07ce6253da5a2633ec653c641e" + }, + { + "algorithm": "sha256", + "value": "afa6d497bc5818c957d3808fd514e1c9d8c3d5dc6d73eb827fd9887a706f0236" + } + ] + }, + { + "id": "43c2072ca7c33906", + "location": { + "path": "/usr/share/zoneinfo/right/America/Eirunepe", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1190 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2da18cea3f9a57d84e370e59773935f0b2f6adfe" + }, + { + "algorithm": "sha256", + "value": "245360c9d41ad26bcfa74c470afe94960a4ef9856ad135fb9409c632bf4110d4" + } + ] + }, + { + "id": "4032531ee2615597", + "location": { + "path": "/usr/share/zoneinfo/right/America/El_Salvador", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 774 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3e5c42f7a2f4ab21c4d6bc1d2a13a171eec08d55" + }, + { + "algorithm": "sha256", + "value": "2340aa52619e7a57372cbe9ae51f7ebb1b9ce83aa63ca0fd7f62c070eec378ce" + } + ] + }, + { + "id": "b47ee08b9c7d4905", + "location": { + "path": "/usr/share/zoneinfo/right/America/Ensenada", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3116 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4e378e5b45ade3d44884b1be2689f652b0d5188f" + }, + { + "algorithm": "sha256", + "value": "9b7623823f34274fcf498f5d4dcad2c1998f01a41cac6d1503df53fcd6b30e98" + } + ] + }, + { + "id": "ce5074f2b7cd35e5", + "location": { + "path": "/usr/share/zoneinfo/right/America/Fort_Nelson", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2790 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8aaeba56dd53d64512593248417dbf2e7bbb58f8" + }, + { + "algorithm": "sha256", + "value": "90cdaf661b23c31d02c3117f15f784d862722edee856ef88d596770b56545e43" + } + ] + }, + { + "id": "cd4926f945491db3", + "location": { + "path": "/usr/share/zoneinfo/right/America/Fort_Wayne", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1892 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0dbe0809406c5c01c56598dd9a942d71938d2191" + }, + { + "algorithm": "sha256", + "value": "95f90a543d0cbb550509c74f43492a26efc3160d4cecf10dc01e4412e0b77d32" + } + ] + }, + { + "id": "25a4abe4eaf7d07e", + "location": { + "path": "/usr/share/zoneinfo/right/America/Fortaleza", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1250 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cc66ef1c941c2a5972d28c40d444f30bd486ec99" + }, + { + "algorithm": "sha256", + "value": "6fb50feee952dd0613a9c3ac25174d154287cd24dddeec0aac7ec1b088dd4e8d" + } + ] + }, + { + "id": "3e1cf308907ffd0d", + "location": { + "path": "/usr/share/zoneinfo/right/America/Glace_Bay", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2402 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a3b7b9a8876e86be894779811c0ad62e70fba77a" + }, + { + "algorithm": "sha256", + "value": "8689c6d71429789da2e34330e7da391e0e7b814478e882870edd4d67a03d05d0" + } + ] + }, + { + "id": "2835b9af3f19e1d2", + "location": { + "path": "/usr/share/zoneinfo/right/America/Godthab", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2090 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "76136c44d149fcbd5bbf67f79a0d33c36ccb874f" + }, + { + "algorithm": "sha256", + "value": "b2268d9af4acbba78fbeb12253078472f1c32694c2b9c288c292bfc565559c7f" + } + ] + }, + { + "id": "f9fb5ff594c9fda7", + "location": { + "path": "/usr/share/zoneinfo/right/America/Goose_Bay", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3420 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ad81fab24be9adc389cf5d3d73962a0e3b99ac8e" + }, + { + "algorithm": "sha256", + "value": "e7493665d2774ac378e7ddc0e229027e8682d78374fe2484459b57da6fa52d2b" + } + ] + }, + { + "id": "1f9eb38b4f39d50b", + "location": { + "path": "/usr/share/zoneinfo/right/America/Grand_Turk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2044 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5e6ea65b02b0dc20c429171109e872062a3aada6" + }, + { + "algorithm": "sha256", + "value": "39845b71ff73d93286d04e50434d2a604cdc546ed5976af2b991f16e88dd6866" + } + ] + }, + { + "id": "f7a89b46185949c9", + "location": { + "path": "/usr/share/zoneinfo/right/America/Guatemala", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 830 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d25689c45457893cedaa5b6370c8382401e1049f" + }, + { + "algorithm": "sha256", + "value": "bbe6000920225bd9f2dc14ae1f6a52e017e053764e651f8bc9b95c1bcf5a8f1a" + } + ] + }, + { + "id": "bd312d7e54bbf346", + "location": { + "path": "/usr/share/zoneinfo/right/America/Guayaquil", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 780 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f41324e19c60617f63c9a37f77e4de530de4ea20" + }, + { + "algorithm": "sha256", + "value": "27667cee3f74c7cf1136efc77a5ab4efcda8bb441427250fb9a083bc7696c423" + } + ] + }, + { + "id": "6c7ce05349566d0b", + "location": { + "path": "/usr/share/zoneinfo/right/America/Guyana", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 796 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "593de97913b7cd7a2413a5cf2605a4644afe08d8" + }, + { + "algorithm": "sha256", + "value": "6e579e187207c29c2900788fa37af2bdc3f30e55d386a37c02b7bdac3cacb19c" + } + ] + }, + { + "id": "a8012fc33e8f27f8", + "location": { + "path": "/usr/share/zoneinfo/right/America/Halifax", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3634 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9d70b78f098b98ac64c205e2d7f02a519e9dbc33" + }, + { + "algorithm": "sha256", + "value": "e3d54dd2fc3666188c6b90bfbcc18901b65c37f6c77e19a4839a1e72a33bf824" + } + ] + }, + { + "id": "fd82b327989fca18", + "location": { + "path": "/usr/share/zoneinfo/right/America/Havana", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2622 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "987225f29fb9969a25dd273a6fc2038a90c4ba42" + }, + { + "algorithm": "sha256", + "value": "8028af31cdd0d78b7df66f5226e6bc41fd7ac6f565bb6223a3ad2e2dcdacfc28" + } + ] + }, + { + "id": "831849ec1a38a628", + "location": { + "path": "/usr/share/zoneinfo/right/America/Hermosillo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 938 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d2973f5f78cb43b9a7e9abac2d4cc63db40be64d" + }, + { + "algorithm": "sha256", + "value": "c9570d55caed4ccd2bc1f01b2ccd8bea0c4874a5ebfa480b20291fee76176493" + } + ] + }, + { + "id": "acdc2927b4f053b0", + "location": { + "path": "/usr/share/zoneinfo/right/America/Indiana/Knox", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2654 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "41e5a20fd811e8ab112588ec78e30aefe2aa68f9" + }, + { + "algorithm": "sha256", + "value": "b253321849d846469f82aaabc9024d51a5d9d9255e923dbdd9e87dbfe4417a0b" + } + ] + }, + { + "id": "8f79201038155384", + "location": { + "path": "/usr/share/zoneinfo/right/America/Indiana/Marengo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1948 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8fa595ebd0d9d8d26e498031ad840e1b216d94ec" + }, + { + "algorithm": "sha256", + "value": "1614069da3538889f0a7e4f1bc7e4debfe09e7faa035858ae7367e6680a3c8e3" + } + ] + }, + { + "id": "179ff93f13c1cfb2", + "location": { + "path": "/usr/share/zoneinfo/right/America/Indiana/Petersburg", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2130 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "21d8613f527ae64a2263dfd3ea36cfaed1e24770" + }, + { + "algorithm": "sha256", + "value": "8d7aa8f6495d9216d239780c0690f7517bb0ba582cc555568c50cbfb628bf5d5" + } + ] + }, + { + "id": "3347c3874ec8f3f8", + "location": { + "path": "/usr/share/zoneinfo/right/America/Indiana/Tell_City", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1910 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "37472457ca146eba959d24831544220823626cc7" + }, + { + "algorithm": "sha256", + "value": "9dd5ecf8014dfbd548457fde23d6b11edba3a9e4e61409b34d840bcd7bfc6e53" + } + ] + }, + { + "id": "af4a7dc03fc61093", + "location": { + "path": "/usr/share/zoneinfo/right/America/Indiana/Vevay", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1640 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b5ceaa12f5e0a12fb18c7970f939d4eaf4999147" + }, + { + "algorithm": "sha256", + "value": "4dd0b872317af6466735bd2957516de64ad3c9ffc32153f67314eeb73a8a1de3" + } + ] + }, + { + "id": "09ccf06d5abdc234", + "location": { + "path": "/usr/share/zoneinfo/right/America/Indiana/Vincennes", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1920 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "eaf4a307ff6fddf05b6464a962ce6a12a151c9d5" + }, + { + "algorithm": "sha256", + "value": "7741c4fb0b37e5bf498cfdf3d86450732e5a048a591274a43dc93903d819fae8" + } + ] + }, + { + "id": "3b2083b83dd7a371", + "location": { + "path": "/usr/share/zoneinfo/right/America/Indiana/Winamac", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2004 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7968813220b5afea6dab72d5c5e1692bff7be909" + }, + { + "algorithm": "sha256", + "value": "d8cd67020740116a33c551b2c1d99f2a1134c344d99772753590d9aeb15bf7d9" + } + ] + }, + { + "id": "af64189d59f68a6c", + "location": { + "path": "/usr/share/zoneinfo/right/America/Inuvik", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2284 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ce0425c5991acb3975d5760cc3215acaf9ab5451" + }, + { + "algorithm": "sha256", + "value": "1727c844eb1ae4ba69d85272788b825c53ea4dfad2bce3f0769da92834b84129" + } + ] + }, + { + "id": "c6c2b5321e7e8d16", + "location": { + "path": "/usr/share/zoneinfo/right/America/Iqaluit", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2412 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "432aed15c0c1624b4e41f90a7c3513660768f658" + }, + { + "algorithm": "sha256", + "value": "5599db0e4a8dff27506e5e116957712b4448075dc6f615286232559d3ce772b8" + } + ] + }, + { + "id": "fc2e43f73453940e", + "location": { + "path": "/usr/share/zoneinfo/right/America/Jamaica", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1032 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "673a476e6ef1a447b2a5e11f0677aff2bbcde6b7" + }, + { + "algorithm": "sha256", + "value": "066c0660cb97453bf01c9107491f05eb45de90f34c9b001530a5af69b728b312" + } + ] + }, + { + "id": "a7047fe6e2fe36b1", + "location": { + "path": "/usr/share/zoneinfo/right/America/Juneau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2561 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ea83593dc2454cf3390dac9673a959f0e75484ce" + }, + { + "algorithm": "sha256", + "value": "90013fbad458645176b558a153cfa76886766a90f6bd5f9f13ad13611ac59115" + } + ] + }, + { + "id": "801d2a76dc576570", + "location": { + "path": "/usr/share/zoneinfo/right/America/Kentucky/Louisville", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2998 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e2ac7afd5078586f930c5719cd4af5ba31e49fce" + }, + { + "algorithm": "sha256", + "value": "7eacfbe7dc579d0b6419ff0ffbce9b492ed9ea146bea00062e2baed4c8007b44" + } + ] + }, + { + "id": "c67e353ca5e7bbeb", + "location": { + "path": "/usr/share/zoneinfo/right/America/Kentucky/Monticello", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2578 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5550d22dd61c2df81bb4b0f8859f7c14f839de69" + }, + { + "algorithm": "sha256", + "value": "f00f8fe3447b51bd50317d7a042a5e549f486f027077a6c85a9b161f0baba943" + } + ] + }, + { + "id": "d477339a413ab91d", + "location": { + "path": "/usr/share/zoneinfo/right/America/La_Paz", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 766 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7abe95660e0ae53088bcfaa9995efe2ddce17225" + }, + { + "algorithm": "sha256", + "value": "218d77afcba8a419201babfa27d0cdd559a32954dee4600d593e8155dd30cdc6" + } + ] + }, + { + "id": "d759c5b545415d1d", + "location": { + "path": "/usr/share/zoneinfo/right/America/Lima", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 940 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9b51698eea57efed5ac42c614e1a0d4c339af160" + }, + { + "algorithm": "sha256", + "value": "61ae3c588fed2c476275e1fff7d4e45ef8541655540e1abe52066c9a97e83d53" + } + ] + }, + { + "id": "1a08dc105bfa3288", + "location": { + "path": "/usr/share/zoneinfo/right/America/Los_Angeles", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3062 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "41cf7ff3426c66723c909d9f5c24c477538c8c3f" + }, + { + "algorithm": "sha256", + "value": "b40a39d8debb895ca0e5ef0cd6bc4521d867c3b45f404d1226a1cb1cda5eb922" + } + ] + }, + { + "id": "43db8d93cbb13f3c", + "location": { + "path": "/usr/share/zoneinfo/right/America/Maceio", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1278 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "28e5118b9b9d712031f8f15143e6def19bf0cda3" + }, + { + "algorithm": "sha256", + "value": "64e2ac99140770e8a99706abaa8bbc04ed11e1c48fddefeb3252d66c192de87a" + } + ] + }, + { + "id": "af628877550cb038", + "location": { + "path": "/usr/share/zoneinfo/right/America/Managua", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 980 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8907cb6a010110a224c29cae20e2cb22f22950d8" + }, + { + "algorithm": "sha256", + "value": "498566bab900866aabc7d189349de4276e268d62ef51c07f192209246fc6c945" + } + ] + }, + { + "id": "c9676d8f122f5c89", + "location": { + "path": "/usr/share/zoneinfo/right/America/Manaus", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1138 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "06c5d81e39e1b5d90ea834728a6b4c355ee4fe44" + }, + { + "algorithm": "sha256", + "value": "f162c969260f6bfb6e26478b8750959119262a6aa36ae5878bae7500f0b145ff" + } + ] + }, + { + "id": "3110956f3338d30e", + "location": { + "path": "/usr/share/zoneinfo/right/America/Martinique", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 782 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "767c3b069b6881dc6c1dc7c65968b5acaa19dc5e" + }, + { + "algorithm": "sha256", + "value": "a835d8b3c5e8e11e669ebb8bb256753516a3c593ae84618c37c77f81e737b1ea" + } + ] + }, + { + "id": "8750144d13781f83", + "location": { + "path": "/usr/share/zoneinfo/right/America/Matamoros", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1628 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9ea5b306db64166aa7c592d3c5ff5d6ffb53c74b" + }, + { + "algorithm": "sha256", + "value": "d898fcbdf925555508486e707010dfcb2e3866fa55d70274e83eff51f7b5c178" + } + ] + }, + { + "id": "9d50067b8f8ca339", + "location": { + "path": "/usr/share/zoneinfo/right/America/Mazatlan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1610 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "54e58fcebebb4202b740390e0b6f35b308e4076d" + }, + { + "algorithm": "sha256", + "value": "50f02ec5dbf826efdb74219c2e548f72f8a693bd03ae8661fa65ce8c7574859c" + } + ] + }, + { + "id": "a09763c9eea2c126", + "location": { + "path": "/usr/share/zoneinfo/right/America/Menominee", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2484 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bdac4beec27e7ceaeb136994fe6ec54875c6730f" + }, + { + "algorithm": "sha256", + "value": "0f5590586230464a1e9b1d5b9fcb4ebc71cf9edbf095b5fda3043579e331b42c" + } + ] + }, + { + "id": "b6d69186fa08c51a", + "location": { + "path": "/usr/share/zoneinfo/right/America/Merida", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1554 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a5bbff9178b835318c1b5427ea7cdd7e6427dd9f" + }, + { + "algorithm": "sha256", + "value": "c50cba406c5824dfc5cbdd47b592ea54a78240eb86bcd96c95a351fdf90cb3cd" + } + ] + }, + { + "id": "7f2410592e4e0a98", + "location": { + "path": "/usr/share/zoneinfo/right/America/Metlakatla", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1631 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ff900f28ca3cda52767e3734481759c1504f745d" + }, + { + "algorithm": "sha256", + "value": "a5d691ffae4be4257acb5583e9dd9f72d296514f14d906aea1ba69bd5754b22b" + } + ] + }, + { + "id": "9e4be64056e719aa", + "location": { + "path": "/usr/share/zoneinfo/right/America/Mexico_City", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1772 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5636591856979234e77bcf0b7c03fd956f6d8561" + }, + { + "algorithm": "sha256", + "value": "38cf0b0b9baf9ddd8c236c22d47ce8c73766d2946586caca1a91530f7fed0182" + } + ] + }, + { + "id": "1ee20c6134fae95f", + "location": { + "path": "/usr/share/zoneinfo/right/America/Miquelon", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1858 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fa6f7418d2b96e141c4797c8d6b4c0b92e37805b" + }, + { + "algorithm": "sha256", + "value": "1d7cbad8c75bc9b6cc7db5d0c43a872066bf3fb6b623a20d53575c4757237949" + } + ] + }, + { + "id": "185090340733aeea", + "location": { + "path": "/usr/share/zoneinfo/right/America/Moncton", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3364 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e01021897660839b22ca4cc8fc31d65f1f64756b" + }, + { + "algorithm": "sha256", + "value": "e4e6c11b1dc04ac8e3148f38c4e3d205924a9a6d2d666cda0a7f9678f391cfbf" + } + ] + }, + { + "id": "bbd67870ff51785b", + "location": { + "path": "/usr/share/zoneinfo/right/America/Monterrey", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b2f72b9e5744d5ee790f331f6b3c2e7382f4c655" + }, + { + "algorithm": "sha256", + "value": "2f853ca6bbd3d0b113a5128a025cfdd84d7b6318541208522c3372fc48495c76" + } + ] + }, + { + "id": "efd33b0c03f7f2d1", + "location": { + "path": "/usr/share/zoneinfo/right/America/Montevideo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2044 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "889f62f38b9bd34741de0dc09a48335bd1287a1f" + }, + { + "algorithm": "sha256", + "value": "3321c222a35086ee3eabf562076e3c4cb0eaf800976b721e08c32b253b4d085f" + } + ] + }, + { + "id": "6106ccc4337dac51", + "location": { + "path": "/usr/share/zoneinfo/right/America/Montreal", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3704 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7be4ae7afcdac48c0853d5993a69014b12eaf0ba" + }, + { + "algorithm": "sha256", + "value": "48d64bfabc72975ed46e01ed1a2420ebfbaa219c776afa5c9aefb369c707e39c" + } + ] + }, + { + "id": "ae8194cca135c514", + "location": { + "path": "/usr/share/zoneinfo/right/America/New_York", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3762 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cdd3021d116fee74b8d201456a8c7ef744534a96" + }, + { + "algorithm": "sha256", + "value": "f7f1a62c6b3c2ef445eb4f8e2d79480623b927eb218b5d56c32f4c0bb6747e02" + } + ] + }, + { + "id": "59b4af6842b248c3", + "location": { + "path": "/usr/share/zoneinfo/right/America/Nome", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2575 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "46f8a75493b35b02424350d56a23577c8f252bb9" + }, + { + "algorithm": "sha256", + "value": "71c2fdd3fc2daa3670b40994d5b0132507879b69cbddc5e0445b2c90a11087c6" + } + ] + }, + { + "id": "5828e12a7f5886ad", + "location": { + "path": "/usr/share/zoneinfo/right/America/Noronha", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1250 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "17b452b638a45ac66fa0c37dac73647322b580c9" + }, + { + "algorithm": "sha256", + "value": "d47c47c7faba76d805fadb6fde14087023df5bff9b9dae7cb49a2907efea8537" + } + ] + }, + { + "id": "050892a3c53da237", + "location": { + "path": "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2606 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f56da4a372e09fddb4b21529dd236ceded7aae3c" + }, + { + "algorithm": "sha256", + "value": "33e570d57ff43a8ecc4eb2b5fff849c37fcb488d18dfbf5da9961acc989ee248" + } + ] + }, + { + "id": "67c098182522533e", + "location": { + "path": "/usr/share/zoneinfo/right/America/North_Dakota/Center", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2606 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "212d1613e8e744716c1098ed56816a8026f63db4" + }, + { + "algorithm": "sha256", + "value": "75847a6592b29c5f010bfd063ae285cee2c4990331b31c0eeaa4f02197b063d8" + } + ] + }, + { + "id": "f887330ad2508114", + "location": { + "path": "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2606 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2dcf86f09a933961680ff5a819bd0cb4aaa5b58a" + }, + { + "algorithm": "sha256", + "value": "63a7e424c49f9cc222424e6857ce09d909319aec22285ebfbef7d16f6c2afc61" + } + ] + }, + { + "id": "fffd5cb4f74e83f6", + "location": { + "path": "/usr/share/zoneinfo/right/America/Ojinaga", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1734 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "60ac2b7e95cf5ace3dbfe8f85c032da8f67c2e3e" + }, + { + "algorithm": "sha256", + "value": "1d7e9c203e1876396d4f554b69111994472f185d682cfd3d7bba9dea957e21db" + } + ] + }, + { + "id": "d4614fe385f00f79", + "location": { + "path": "/usr/share/zoneinfo/right/America/Paramaribo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 796 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a2942764c9bc9e8deab17ca740881f7a84521535" + }, + { + "algorithm": "sha256", + "value": "e56d27942c7770d739698012db60f59808bc59a59638d2961c55590cfe693ee6" + } + ] + }, + { + "id": "12a05d87e75dab27", + "location": { + "path": "/usr/share/zoneinfo/right/America/Port-au-Prince", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1644 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "44d4b0e2a9cf0054e954327c627d9f8c86b7d0c4" + }, + { + "algorithm": "sha256", + "value": "2a2e9854608f9c5e984399ed7ee325a5632165e7a8e8fb5aa3b0afbf65e7ed9e" + } + ] + }, + { + "id": "395ebb726ab52116", + "location": { + "path": "/usr/share/zoneinfo/right/America/Porto_Acre", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1162 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "59a07fb803d31728c2750def5532643c7cc1a6c5" + }, + { + "algorithm": "sha256", + "value": "d3c4b22423c1999a0b2a1aaf11967b27df7d7d3ae095313c14b1eb190a74bcf2" + } + ] + }, + { + "id": "3c8284764dc0f389", + "location": { + "path": "/usr/share/zoneinfo/right/America/Porto_Velho", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1110 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e9508588ee1dbd3f35b2ccc9847c82288e1c8efd" + }, + { + "algorithm": "sha256", + "value": "686e94634d729f9aa8307bc248431a43c1ec476515c3e5c0e73b57d74e3f14cd" + } + ] + }, + { + "id": "6a3f7d2a8302e01a", + "location": { + "path": "/usr/share/zoneinfo/right/America/Punta_Arenas", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2450 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9aec5b58d2bc70ade6a554363c2548e7f6ffa451" + }, + { + "algorithm": "sha256", + "value": "a13d6ed6df004a5761a851d49f48360f98c21a184eba51578c4d0be7ed496cdb" + } + ] + }, + { + "id": "f13a66478d1d4f7f", + "location": { + "path": "/usr/share/zoneinfo/right/America/Rainy_River", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3078 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f9dc02d184bdb9a6569cc1692fd05b66515c7c52" + }, + { + "algorithm": "sha256", + "value": "d319be96dde3c4101f61279e1d11487b5257e5231ab4aa3edf14cadf149097f2" + } + ] + }, + { + "id": "e4284902313b756c", + "location": { + "path": "/usr/share/zoneinfo/right/America/Rankin_Inlet", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2276 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ace24220687586e910d6fc64dfa49d0eba7ac247" + }, + { + "algorithm": "sha256", + "value": "6a4a295ef6c89d44cc4ff815c6d8589440f64c531dea4f0a09c91f1439fa5e9f" + } + ] + }, + { + "id": "5fb70be249c632ec", + "location": { + "path": "/usr/share/zoneinfo/right/America/Recife", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1250 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dbc7eba08a96c826476c38bba06344a37916d052" + }, + { + "algorithm": "sha256", + "value": "764feb407ef17a1fd465a69be32f25669ca09f25cfe686bbc111bbcab88031c9" + } + ] + }, + { + "id": "394f853a78e79d09", + "location": { + "path": "/usr/share/zoneinfo/right/America/Regina", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "16cb13021bb4c482433af3f758793f86fba79213" + }, + { + "algorithm": "sha256", + "value": "ec572e3bd6fea3d591fd296ef3e2e95adf12e929ac5516c3800a960105d035e5" + } + ] + }, + { + "id": "8fac2a05f0ced3b9", + "location": { + "path": "/usr/share/zoneinfo/right/America/Resolute", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2276 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "de2c2dd8ca96f2a42fc05032a9fd66dc161f5b63" + }, + { + "algorithm": "sha256", + "value": "73b701dea80faffe0cfb8172a99b7bab90a77666e71ddc712a0c5273c305e40d" + } + ] + }, + { + "id": "0fb73c464008585a", + "location": { + "path": "/usr/share/zoneinfo/right/America/Santarem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1136 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "414ab4090f546c9a12c5c5941d321125091f5fb5" + }, + { + "algorithm": "sha256", + "value": "91d7fc19bfecb703a724ad11a17f67a7095cd9d494ccebdd506bc2bc776e000d" + } + ] + }, + { + "id": "e7bef37a1e89212c", + "location": { + "path": "/usr/share/zoneinfo/right/America/Santiago", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2716 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "da7cfc0c9348276da6a369cfb57e98f24bb6d5bd" + }, + { + "algorithm": "sha256", + "value": "30acb9f36104eb92e583e873f2daa58abacda173d476d7d0433d811cef20dcfc" + } + ] + }, + { + "id": "f98ad82667182c2e", + "location": { + "path": "/usr/share/zoneinfo/right/America/Santo_Domingo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1008 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4c3d3548c87c381ca3c8f6920d2626793ffa6b2e" + }, + { + "algorithm": "sha256", + "value": "14f58c692f142bdcb59cf3d700aa9604be1ff22827c6c17140953d0611b9a924" + } + ] + }, + { + "id": "99c5c1db23551e10", + "location": { + "path": "/usr/share/zoneinfo/right/America/Sao_Paulo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1978 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1dba6b1e8a63ce0e93829f2421ec318205bff3b0" + }, + { + "algorithm": "sha256", + "value": "fede3897f0ae7fe27958092c4ac1848b45c6443898883096702eea92f1c63edb" + } + ] + }, + { + "id": "d6f4c046a9800974", + "location": { + "path": "/usr/share/zoneinfo/right/America/Scoresbysund", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2136 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f08b8257e0a581fc83ded1927d7a0b360c840f8d" + }, + { + "algorithm": "sha256", + "value": "4e01cc705341e29b44036a82cff81732b50b3e540d55ccd087433918d27f0da6" + } + ] + }, + { + "id": "f1b33c0757415541", + "location": { + "path": "/usr/share/zoneinfo/right/America/Sitka", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2537 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0ebbf1b0654e6a259715df1def2f1e0c7c4fa229" + }, + { + "algorithm": "sha256", + "value": "3236f77d934ce9d5a591961e15838a0b5e7c2134edf43cce18c0ccd7d0b37955" + } + ] + }, + { + "id": "522bcaed0e9fdeef", + "location": { + "path": "/usr/share/zoneinfo/right/America/St_Johns", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3862 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4934b83930525c3c309352f6af496e087faf9948" + }, + { + "algorithm": "sha256", + "value": "c981661bea74f4fb22944f78424489cec690f056a5dc2b9255fe0fabd24f041c" + } + ] + }, + { + "id": "fc3b98a8f6d637fb", + "location": { + "path": "/usr/share/zoneinfo/right/America/Swift_Current", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1110 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "099493700a99ed9851592b991123b3a8cc8781a2" + }, + { + "algorithm": "sha256", + "value": "2ef279908fc95e3d2a430c7201b837b2763e56e8650b767c2641f557d1461681" + } + ] + }, + { + "id": "88f0454222a38655", + "location": { + "path": "/usr/share/zoneinfo/right/America/Tegucigalpa", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 802 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "008d8db61342a3e193eb1b8e1a053e8f20e616ce" + }, + { + "algorithm": "sha256", + "value": "a08df830c1e23a5f1bf1469ee4fa780aafaf25ff94894d28cfae7bce83b9b9f1" + } + ] + }, + { + "id": "85e8535fbb307dd2", + "location": { + "path": "/usr/share/zoneinfo/right/America/Thule", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1712 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a3080d45c06e80045b2031b1e8c025bc53fb1382" + }, + { + "algorithm": "sha256", + "value": "c52d066a190b66826c90f918412d1723846983693c4193a571bb6f51a3fdca36" + } + ] + }, + { + "id": "2da65ec945716182", + "location": { + "path": "/usr/share/zoneinfo/right/America/Vancouver", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3102 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "037c0602a89e54427c6f83f271162a765291cd3c" + }, + { + "algorithm": "sha256", + "value": "656726b667e9b7abce63ab5788c32152b1bcd20ddf3e9fd7056ec39a4df2542c" + } + ] + }, + { + "id": "83cd44460d30719d", + "location": { + "path": "/usr/share/zoneinfo/right/America/Whitehorse", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2164 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d3fa562af8fbe7b14d6ee9913557a483b5806b4d" + }, + { + "algorithm": "sha256", + "value": "413ee9b56dcd0788468a0ae8d5d2d3b55a7186c054d2917b2b7dd94200f9921c" + } + ] + }, + { + "id": "cd64b079efb31e36", + "location": { + "path": "/usr/share/zoneinfo/right/America/Yakutat", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2513 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c7956e7d9ac30efe42af9cdb330410782e3abc88" + }, + { + "algorithm": "sha256", + "value": "5cde21c64c156969bd1b2983d1ad9d608b0de21ca2da793c6c48db21f3543f11" + } + ] + }, + { + "id": "124763e4f24095a1", + "location": { + "path": "/usr/share/zoneinfo/right/Antarctica/Casey", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 970 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1699ff811a5392d13da6e21f372a6b3e66716dae" + }, + { + "algorithm": "sha256", + "value": "9407c27aea0e373d4c9c9d3b5e97bc269135adcd82569e8a1fa8324dfd17efbe" + } + ] + }, + { + "id": "35cd04a7b1fcde3f", + "location": { + "path": "/usr/share/zoneinfo/right/Antarctica/Davis", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 830 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6109ff72cda1e276f699111987f26e9d8bd22b51" + }, + { + "algorithm": "sha256", + "value": "32917626152dcdd9eb7279663fe0b33ff383f2a8e07ce5b10cd53fd26aba0bcb" + } + ] + }, + { + "id": "2f2ed61fb4309f30", + "location": { + "path": "/usr/share/zoneinfo/right/Antarctica/DumontDUrville", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 718 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "672b5118da5f67bee1a6df1ce396367dda086852" + }, + { + "algorithm": "sha256", + "value": "dfcbe211275b20b5959c160ac363d99dbd25ef6ae357e2bcf161a9ed9eca6f0d" + } + ] + }, + { + "id": "54c6380fa829bb2d", + "location": { + "path": "/usr/share/zoneinfo/right/Antarctica/Macquarie", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2464 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "545f2a975c9c40e02f06e24fea94f246aad7d1ff" + }, + { + "algorithm": "sha256", + "value": "3e03e6ffa22cbdf5d509e165100d10b3b80f8c5dc5e53fa2346eb894fc1fd060" + } + ] + }, + { + "id": "2f0f0490c9bb437a", + "location": { + "path": "/usr/share/zoneinfo/right/Antarctica/Mawson", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 732 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1c5b016e9f0583ba5f1ca79852a1456fd05f5146" + }, + { + "algorithm": "sha256", + "value": "293a4db864cd6373b3862a753d10c5e66801365dc9e6343e9fb427f2915ff96b" + } + ] + }, + { + "id": "59f00c4a6afaeca3", + "location": { + "path": "/usr/share/zoneinfo/right/Antarctica/McMurdo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2642 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "16f941f3eba51cec1909197d1def8e981c90c95d" + }, + { + "algorithm": "sha256", + "value": "6cf0475f637a0105f80af3aed943f6c86ccec3dd8d7aa3a0882147a54001e69a" + } + ] + }, + { + "id": "ced3c624b6bc6637", + "location": { + "path": "/usr/share/zoneinfo/right/Antarctica/Palmer", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1952 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c57dff985f208423be9acbb1cbc83ede8b9f83dc" + }, + { + "algorithm": "sha256", + "value": "9e60db920af40199feb2c3b32901b596c8a7fd710e34ff44b298259fddd637b0" + } + ] + }, + { + "id": "b567b01303e388da", + "location": { + "path": "/usr/share/zoneinfo/right/Antarctica/Rothera", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "138923d95b5e8a57b673c54c8621188d0f6d2641" + }, + { + "algorithm": "sha256", + "value": "881b79a6f03a9cb3ff504b40ff4307c3b1ee2440b504fca46b00efbb7c11a352" + } + ] + }, + { + "id": "07ed7d3b280f15db", + "location": { + "path": "/usr/share/zoneinfo/right/Antarctica/Syowa", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "96520ac840c70593586f6a4a6a147bf7a6ed8aa5" + }, + { + "algorithm": "sha256", + "value": "a0fe59eb5abbde35b25c7daa4ae408c7efb3668be6a0ed8d6b341ec2c30b0bcf" + } + ] + }, + { + "id": "45d19be0cbb7d625", + "location": { + "path": "/usr/share/zoneinfo/right/Antarctica/Troll", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1348 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5ea49961c1b0a81c70bf70a67500c3228cb91915" + }, + { + "algorithm": "sha256", + "value": "76825c28587b56d36bfcbe02ac96979f3633bcddff0ab8b00da0edc1e9a81c8f" + } + ] + }, + { + "id": "b678bb63d669a6a1", + "location": { + "path": "/usr/share/zoneinfo/right/Antarctica/Vostok", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 760 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9b070ff80d6b53034fbcc06f7f47317e0f0ea6db" + }, + { + "algorithm": "sha256", + "value": "29a5a255c288f672ee381983970da9090c81b4056b9506db3d67a453ae739dc5" + } + ] + }, + { + "id": "b2efc539cf50ff1e", + "location": { + "path": "/usr/share/zoneinfo/right/Arctic/Longyearbyen", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2504 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "75502b16b3d1e853d5586c71ff73e94f4f665017" + }, + { + "algorithm": "sha256", + "value": "485189e858e34ea0dc8467797379074240effd120e3cf71a3d64b830888b6d8d" + } + ] + }, + { + "id": "4007c15f993f184f", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Almaty", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1530 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d2f6672521c36d12a25e96400adf46bd649d2420" + }, + { + "algorithm": "sha256", + "value": "2af708dde05b31b79c1df7a3b656c4e9b0cef50c4db8e458afd3e029dc89a0da" + } + ] + }, + { + "id": "78a9c1310740c8aa", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Amman", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1980 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3009c0144755c35fb50c5bba84b231ceb645ee50" + }, + { + "algorithm": "sha256", + "value": "c4870a6a4221ff72066f8aa21499a2bb92d452a3b50576fa7f4e2203bd8517da" + } + ] + }, + { + "id": "7b07abce48102625", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Anadyr", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1720 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "84c139bd92c0debc37a2b7212c81bc31cebb5de7" + }, + { + "algorithm": "sha256", + "value": "72d3c61e7fbae5c1374d5eff46194ee654a074f4cc85adfe12de8094b260348c" + } + ] + }, + { + "id": "b0b15fae3ce98719", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Aqtau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1516 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "78e3bbab2f5f5b757bd0c27789c77bc2610eef5f" + }, + { + "algorithm": "sha256", + "value": "0a722faee98ac9e960da4978754434daf29921a1a5758920eb098940c0f20cdf" + } + ] + }, + { + "id": "4bf08701e5e976fd", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Aqtobe", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1544 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "640135b378d540b8c5cd82bf9b53fb7996be7b26" + }, + { + "algorithm": "sha256", + "value": "ed7b46d90e245917536bc492068a7dc4b123df5ad90cd586a055139bf8e1f5ae" + } + ] + }, + { + "id": "20897921da67aa61", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Ashgabat", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1152 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0a2d482cc7977bee041d4782384724ab74f255b1" + }, + { + "algorithm": "sha256", + "value": "20eda1eddf2d458e73637f4504a7756b071f4ac39403e726c023b606395e7c4d" + } + ] + }, + { + "id": "9c27a24c4e4022cf", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Atyrau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1524 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ff442cd1c0cd3ec8862463c37e0b37b7b13735ee" + }, + { + "algorithm": "sha256", + "value": "a0baa3c0f54e9c5972aaeceaaed4f5bf256be1747728cbe2d334175363e771c1" + } + ] + }, + { + "id": "11347187883af73d", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Baghdad", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1516 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f2d497edd20f89908a7861a896d12a54009cb7e6" + }, + { + "algorithm": "sha256", + "value": "bfc112458498dfd4b6965d5538b164b568d923505c6d6b12aee5f58b692dc047" + } + ] + }, + { + "id": "b0e384f6d27da550", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Bahrain", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 732 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b1786773a9fc906067a20ab4b8d13bd5fb7b928f" + }, + { + "algorithm": "sha256", + "value": "b183e0ed340781649a8870e63bd860aba246a0924f5c318e7cac551f2ae82b78" + } + ] + }, + { + "id": "a41093a0e71bc7c5", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Baku", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1760 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c8b2e461264483de94495bb176a8abf43755156e" + }, + { + "algorithm": "sha256", + "value": "b213a1ba26f4f9684ba98ee41f988dfa780d348b28a94fcb85898fe3cd5ce4ab" + } + ] + }, + { + "id": "dc37220cbb44f0d2", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Bangkok", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 732 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0a3f4c0d17550194b24f4b9ada015be8cb6fc0b5" + }, + { + "algorithm": "sha256", + "value": "6a9ab5fcd3ec2c28ba6de7223f5e036219dcbfb8c12cf180095268be1e03f969" + } + ] + }, + { + "id": "a64a0b29550b0350", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Barnaul", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1754 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "146cfbda228a6e302e4fc47f2e9a9ab6d03b0318" + }, + { + "algorithm": "sha256", + "value": "a811724f90d0d3b317fec7844eeca62f481e40b55723f7c49adbbb3b66dcd9e7" + } + ] + }, + { + "id": "e366832f15f000fb", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Beirut", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2358 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "91631f4be4a1d64ddbdee7cb915d9b013bda6f8a" + }, + { + "algorithm": "sha256", + "value": "12facfe95d656a35dde148d2e220e01a0aafa1e7b9b71b40396c91abfcb4c140" + } + ] + }, + { + "id": "43b40b3dc6d5af7f", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Bishkek", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1516 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d2be9177efcc3ff48369d6d55ca99dd07047dbcf" + }, + { + "algorithm": "sha256", + "value": "742d9eb1d99e5183e33c817af952ac5a54f8d73b1b5e6c6ab676ce048b47ea79" + } + ] + }, + { + "id": "f184a8de6446ce39", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Brunei", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1016 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "aca968c21717c987da3ae47008c8549470b83f84" + }, + { + "algorithm": "sha256", + "value": "1378d7bffa56e11bd0a5185b50264ce7deb763051a80b84e6015c2dcb5abc46d" + } + ] + }, + { + "id": "5b7463d3a87f99ef", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Calcutta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 831 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b53017fc884b3d75cef1f966d48b4c81b1b0bbf8" + }, + { + "algorithm": "sha256", + "value": "8c4b2523c8fbf932c166659e8545f8e130c007436643bae5d87b493fbec00618" + } + ] + }, + { + "id": "b8952e82b53fd6c8", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Chita", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1754 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1d5e51e255bb40d3c5723605b9fb54f9b747b4af" + }, + { + "algorithm": "sha256", + "value": "d432791b40f33a27d26fa8015da821cbbbd342e5f0f446f08dcb335f61114480" + } + ] + }, + { + "id": "91442d4b20abbb1f", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Choibalsan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1424 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "55b3eaa0a380d475b0f79f30c2c2d7247275b644" + }, + { + "algorithm": "sha256", + "value": "a85c3f8409af204452a090c8f8dc073ba63ef07f9c54abc647bdd3d73320f84f" + } + ] + }, + { + "id": "a6d8fd571d0c2a85", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Chongqing", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1110 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5340ad3c4a745aa72e53c45730f5d37ef9595247" + }, + { + "algorithm": "sha256", + "value": "3dabb2cbd654bfeff65ce40f9e3e6e1f8905196bf11dbb7d09da90bfee0902dc" + } + ] + }, + { + "id": "97ed177bcc7d9709", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Colombo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 900 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3f2ad711403100a37148a39dd3eefab62f7d932b" + }, + { + "algorithm": "sha256", + "value": "9568be7d3c15c035fe21d134fcf3e4cbbe9fb88630669e1d5a82856045a1894e" + } + ] + }, + { + "id": "b0545a2e8bf99f5a", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Dacca", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 870 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d3f2af008bc8df50bb2d2de41d9f14cfd4e974a2" + }, + { + "algorithm": "sha256", + "value": "883255334c7a560186731a994545992a58ddb7ebe0046d9bfac5d9bc0404fc31" + } + ] + }, + { + "id": "89257e7dc821cd7b", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Damascus", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2420 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "176a3b5071cb03b245ad878bcdc92c1ce8dc439c" + }, + { + "algorithm": "sha256", + "value": "905ca552d118390d8a55d110ccc510fd8ca62ee1c924b8fedb6e51ee06723bfd" + } + ] + }, + { + "id": "6ef9a3f0d37591ae", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Dili", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 804 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a54f0751e09c9141f190d1205a760ef6b6b0767d" + }, + { + "algorithm": "sha256", + "value": "7f774195ded2dcae0fd35ad7c8631e25592b1dfaf7adf2f1a6fdfc57a756117d" + } + ] + }, + { + "id": "d02947be782f9df4", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Dubai", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "077ec02fa7bda3c9f944ed47697c01b65180b80e" + }, + { + "algorithm": "sha256", + "value": "e81a84a54de891c2d04582ff7df63e4216f7b8da850a85f408295e5d4563cbd7" + } + ] + }, + { + "id": "531fb4d3a25e9d01", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Dushanbe", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1124 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9f0215b35da9609585714253883b2c4380371661" + }, + { + "algorithm": "sha256", + "value": "ea635b2d543c7cef8e22a7f5e4908237b7b0f9c0d0913e0fac541005034e449c" + } + ] + }, + { + "id": "33b6e90ad7e50c5c", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Famagusta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2232 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "defd649b9777d729621e77010ea776b2791b0475" + }, + { + "algorithm": "sha256", + "value": "20091893b43e49e89146c6565d0354a3e66eddf8cd7a684543516320cc43df79" + } + ] + }, + { + "id": "79077984a7a6c0be", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Gaza", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2624 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "da2270f493b9e2357ea72c2a270885792746a648" + }, + { + "algorithm": "sha256", + "value": "9944849e649605ade7f9135704640d03377e79ec844685baedd067dd089df7fc" + } + ] + }, + { + "id": "7b4af5d654131a8d", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Hebron", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2652 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "70db72dfdaa561ddc6c56bf23aca11f67df4cffa" + }, + { + "algorithm": "sha256", + "value": "c14954909bece0963016e16fe991109861c3f321423dd66f8f079294a7a1763e" + } + ] + }, + { + "id": "c709cc0873ef5444", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 884 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a51e212d56cdab39de95f9e7eac13f67e759b40d" + }, + { + "algorithm": "sha256", + "value": "2506d16a1e40756e93071eeb87eb390d80677e97af93cfba0a8db85c0c30a78a" + } + ] + }, + { + "id": "371522ecf1be2592", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Hong_Kong", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1782 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "587a8219541e44b0459a210ba7b625cc06b624d7" + }, + { + "algorithm": "sha256", + "value": "7b7d0ca6c638c25f978f1634aa550dbc6b581fc68c7fb8fc8206f185916d13d5" + } + ] + }, + { + "id": "574ad9a4c8b3c8b5", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Hovd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1424 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e2ecdd163565c11c67efb1198a68bddb71ad0588" + }, + { + "algorithm": "sha256", + "value": "65ae13b140b91e71ad833667bfc7f2e6800fc302b58226ef423fc1ecbda4d604" + } + ] + }, + { + "id": "3ff198d678ddcf52", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Irkutsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1776 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b15464ed6ab87ebb0c8f6be715daf95119b672d5" + }, + { + "algorithm": "sha256", + "value": "e949dd759bcfadcb7222bfc64add3bc627604ca295a6550295d4d15a1610f7d3" + } + ] + }, + { + "id": "0a387cdfe63b745c", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Istanbul", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2480 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b06cbed22013bddcc7a8af2f850737f65ed40a7b" + }, + { + "algorithm": "sha256", + "value": "79e7252772bb1e751c4051a881290654a091b48eb6c5f7e8dbd75b902e9b69e3" + } + ] + }, + { + "id": "5afcb57400b1d273", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Jakarta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 932 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3cacbf372d92a7c42c564f6859e97cee44b4911d" + }, + { + "algorithm": "sha256", + "value": "4a01dcddf56ccd3dce9bd268e1a9c2f8f45d01599ad1d2756e24b322c88ddf81" + } + ] + }, + { + "id": "78fcf48c6bbbb712", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Jayapura", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 770 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "265b7fc6621a75620d91291e1b71761046de7304" + }, + { + "algorithm": "sha256", + "value": "aab37ddf857fffe26ae3c74d6b0be399d4315c1f3e626b51d7c371ca33aa632b" + } + ] + }, + { + "id": "713b27e7e4132849", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Jerusalem", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2594 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e63bea2777e898f46d31d48fb58620ac679df656" + }, + { + "algorithm": "sha256", + "value": "b0148f8add566bc74f6812b19c7b6ab83946b49391062d57594b48ff68b4a579" + } + ] + }, + { + "id": "70bcd976ef21e4ce", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Kabul", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 736 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e0df8d7ae7f8e92d34378048011ca397e4b5167e" + }, + { + "algorithm": "sha256", + "value": "b6801f8238f3facc093d3599d29a938743de04c8bd02a34232b47e2902da0a75" + } + ] + }, + { + "id": "5d2df31116d2dd9b", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Kamchatka", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5a01c1b5aa80e6fa206d7bbc36567ec3524ac5ff" + }, + { + "algorithm": "sha256", + "value": "59e32ed392ec42cdd6a82e8442393d7a26cff5a4efa91463e853ea341bfb9ebd" + } + ] + }, + { + "id": "3dca7d224d87d7d8", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Karachi", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 928 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bf60ac118bf88a296775eeb8694559d7618b165e" + }, + { + "algorithm": "sha256", + "value": "d553bc3c156e678388d870fb20fec1f3a5fafd6df697c16764303d549a0bbc5d" + } + ] + }, + { + "id": "5c026a85d6a1887f", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Kashgar", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7d625fc50ef3a86a76f0f01604d21602f9f32b6a" + }, + { + "algorithm": "sha256", + "value": "e89dcc179fd438c7f0bfdd7c36386e1ef6ade581a140444a799c36c739218bf8" + } + ] + }, + { + "id": "5de4946ca871786c", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Kathmandu", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 740 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d56400746ef3b83c38c9ecd2071817065252fe08" + }, + { + "algorithm": "sha256", + "value": "6d72acb61184a8dd4aeb228b7df667a1af8e3166bcd2f942b1500d0c487605b9" + } + ] + }, + { + "id": "40bd8c2c972b948c", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Khandyga", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1804 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "344e5db35ac3ed8eb0341e1cccbc2b87d9b8dc45" + }, + { + "algorithm": "sha256", + "value": "34541fa47299957178a872c4b5a406acca305eb0491a505397590de3790b87a7" + } + ] + }, + { + "id": "35ec5541946df3cd", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1740 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "43a289f8733c46b541869d84e1c4a77f934df252" + }, + { + "algorithm": "sha256", + "value": "3af7c4abd423ffcfbb41c76ce325460e94806b01670507a84d24479a743bc57a" + } + ] + }, + { + "id": "ca1e99cc58ec3d45", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Kuala_Lumpur", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 948 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2c388208210d01c39a9bf79d6afead374663deda" + }, + { + "algorithm": "sha256", + "value": "9aae6b3d02b5d8e625f614d3db703803868cbfd6307370c1ec8f189d23d38e86" + } + ] + }, + { + "id": "7b7d0bc6cc970d9d", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Macao", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1776 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "db0ecdfdd50b43906fb3592143a868c0dbfe7dfd" + }, + { + "algorithm": "sha256", + "value": "1bca990b0f1a5a1cd670a97844a919313f001fcd1300e759646b07777464afc0" + } + ] + }, + { + "id": "ad6d58d932f042d8", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Magadan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1754 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4ae22b2290bd04ca166c0a812ff1377e54631241" + }, + { + "algorithm": "sha256", + "value": "e5c4dc15e34614bb39258cf6c02e86e42ceb62ec7af0b5ca925d34ff2b838de3" + } + ] + }, + { + "id": "d3868b101b37c63b", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Makassar", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 802 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b79b9b60fcaf395c3341ec0c41d4fb65b63ac746" + }, + { + "algorithm": "sha256", + "value": "9baf5051a31815f8e742137b58b84d39d2e18f7523e31c661154e98cc94236ab" + } + ] + }, + { + "id": "2311536ec353a770", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Manila", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 971 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e67d75f88df518cb33bca6c471a26450adb86af0" + }, + { + "algorithm": "sha256", + "value": "da9a7302d5e020e9c8a25de5c2658913221c6ee6de2fd3c73a9f916d9e092ac6" + } + ] + }, + { + "id": "8ff5c8f99542c1c7", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Nicosia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2206 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a0da0714d20196df2041f5b5a2a3b2d6ae43bc29" + }, + { + "algorithm": "sha256", + "value": "816ece597d51a1dc8fb9f2b5f704fb92ca46f39193c82d203b3e0f76022bfe6f" + } + ] + }, + { + "id": "1b6367971456eec2", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Novokuznetsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "07d3d5334fe7e49ceb735707b9edc9ba0115ab9a" + }, + { + "algorithm": "sha256", + "value": "ecd1e87524dbea8b32301ab86d801059ea058c4a44ef91413366d0ea1e55a7dd" + } + ] + }, + { + "id": "1dad11ed20ccd12e", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Novosibirsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1754 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5574778e4f064d3d26a6703294fa021235df3ad8" + }, + { + "algorithm": "sha256", + "value": "4bc8670b03af61f39638e08b06b3233505dd623976ab72df7382989687ac3cfa" + } + ] + }, + { + "id": "7b73295968c5c5b6", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Omsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1740 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "202ff5a4e480ff3b4a077d5eb5e81effdeb3865b" + }, + { + "algorithm": "sha256", + "value": "ba4e12684ef834b2d8fd16eec35fc1f7e742ec9880203294572bdab53d3b5684" + } + ] + }, + { + "id": "b6134efb4ea8a235", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Oral", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1538 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3bd92541768138fa2551d1459103a6d9c3ea71da" + }, + { + "algorithm": "sha256", + "value": "8dab88f61eba53c08e408d58d78c4c18dfc34d03bfdea4ac75b6c69c110227d0" + } + ] + }, + { + "id": "d33f966ebcd34c24", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Pontianak", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 902 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e5896712386099f47f8df07d3909eea0c54be1e9" + }, + { + "algorithm": "sha256", + "value": "24665b40a1d184b383861fb511ac1842c9697b172aa95553cdbeee510e85207b" + } + ] + }, + { + "id": "1b00c1885d3691e0", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Pyongyang", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 786 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ced971b1b3eec6699ff05f271586ea5c0f5fbf9e" + }, + { + "algorithm": "sha256", + "value": "2e6cd3912e92ad2ab9de080ad938668ca91dee96f5ff3dc16236e92411cd4970" + } + ] + }, + { + "id": "f03b09dbcd6e79f9", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Qostanay", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1572 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e7ac0c5da28e5f4f4710a6825655004397a48156" + }, + { + "algorithm": "sha256", + "value": "f0c637df806e7d9b767f035b731651d98766fffbacdfbe46427317142c1c5e18" + } + ] + }, + { + "id": "9c820b6005b1fd42", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Qyzylorda", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1558 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5c38ccea287faba02ab1a07bdd5a207bbbc80ae8" + }, + { + "algorithm": "sha256", + "value": "a1f7f65b16b26a0ee985c46961fdf72b555a11c8179c07dd07178c45950f33cc" + } + ] + }, + { + "id": "4c1da9027422da97", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Rangoon", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 796 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "990c68c465dd9fff8f342b00f254a26f685c9b01" + }, + { + "algorithm": "sha256", + "value": "1cfd8f0fa6de43e4e9ed265490c9456349f6d1432d16df8b800d6f05523cd652" + } + ] + }, + { + "id": "4fdb123fe106361d", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Sakhalin", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1734 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "94cebfc4a48a7c51ba46a3a203d3de3c3de42622" + }, + { + "algorithm": "sha256", + "value": "200016884eeb4dd0e79b6510428bf4abf98b7a2f7ceb9b01c1243b71a019b4c1" + } + ] + }, + { + "id": "947292ead3b1c9f5", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Samarkand", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1110 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "19a0174685ff5936c6be38d45d347a0bf00c5f20" + }, + { + "algorithm": "sha256", + "value": "0a16a07b835821e5d7df7d673e31e8c23f73a9566756810728c1a714254963ff" + } + ] + }, + { + "id": "659a69b949b557bc", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Seoul", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1166 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6d292554fd0aeaf5985d169df46a41588618723b" + }, + { + "algorithm": "sha256", + "value": "ada505a6950423e64d3dc95d6fb5e49035d9c0660f45196f379fb98ef2db464d" + } + ] + }, + { + "id": "cb7e4d427ef498c2", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Srednekolymsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1740 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b6fca82b92113e65f6c65b3f2b125dc8e5c1f07d" + }, + { + "algorithm": "sha256", + "value": "b71e39c85bc690caa7d5eff6cd8812de59147ae3d734327fa93c6c161541081d" + } + ] + }, + { + "id": "5f6f49aadfb5db41", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Taipei", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1310 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8d4be4d3b722864b1f536d03b2a70e018f118fba" + }, + { + "algorithm": "sha256", + "value": "2e0fab6e1dc06ffab787f03fbedb00bfba79cd7e24111d4bba043941951da401" + } + ] + }, + { + "id": "d6fa85942ba9725e", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Tashkent", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1124 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3210cb6407d585cc697a2d9bc389d379305a1d8c" + }, + { + "algorithm": "sha256", + "value": "a401a4c5888b6a017118b63716cd5d511601ee0414546facf1c6b13b11e2d778" + } + ] + }, + { + "id": "c2f4ae12b0131be4", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Tbilisi", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1568 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "49a179a3182d043b2dfa369a00622d7574e72da0" + }, + { + "algorithm": "sha256", + "value": "6a88a837d9b4cfe9763a39074af7cee568b4b8301ce76f554648cfd591bb2c40" + } + ] + }, + { + "id": "41cde13c4321af41", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Tehran", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1790 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "81e8997961e94c1c42e96a58f792efd6a66eb341" + }, + { + "algorithm": "sha256", + "value": "51517431e87fc787c60334fea3fdcac3212d69cfe68efdfab1af7078db475421" + } + ] + }, + { + "id": "5d03d5cceb52edcb", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Thimbu", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 736 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "631dd80eab2ce1452fdc509a5cd697a2fd5bf8f7" + }, + { + "algorithm": "sha256", + "value": "8b68b1bd1b172cc41d1182634f6396d1883a07472294a1b9b08b53f22c7d526b" + } + ] + }, + { + "id": "79f74fce7309437f", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Tokyo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 858 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7e4053e2e29443711029309c48578ca7f62b1414" + }, + { + "algorithm": "sha256", + "value": "ebd0981ce34f6067ae2a1ac10cb93045e2c53207739cd4c4e5a5182c1e58eb29" + } + ] + }, + { + "id": "9f2344594005c427", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Tomsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1754 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "96da6262867933a3013a35be44ddbadc699ee94a" + }, + { + "algorithm": "sha256", + "value": "d097fcdc0791e3ad95b57007487139d569daa9cc454201a3b5a9e23eabc5ad12" + } + ] + }, + { + "id": "1bfda69ae0d15947", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Ust-Nera", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1784 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1bd1dea8749ad76123c9dcb37f3dcb751e97b0c9" + }, + { + "algorithm": "sha256", + "value": "2e5ae847187fe508b769c504e5374d1849bb96538dbc8c37734c8e0fe7fe0d64" + } + ] + }, + { + "id": "462943816575345e", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Vladivostok", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1740 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3d89cafa4a299c829df4f12872113f0822cf38eb" + }, + { + "algorithm": "sha256", + "value": "3169967b2fdc43cf45958af33ba6f68d1b21e77483de43a4c2e7bb9937ae09e0" + } + ] + }, + { + "id": "773da227ed26a95c", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Yakutsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1740 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3ca9614080780401f816ba7ef31281f6b7c1d163" + }, + { + "algorithm": "sha256", + "value": "6a008c10551d500021b9656ac0275359050f7dfeeb95c6f09a5e92ff947a929c" + } + ] + }, + { + "id": "61975e0fc245b5fd", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Yekaterinburg", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1776 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6f1c15a33f56104325f5a7986e0c41675f673343" + }, + { + "algorithm": "sha256", + "value": "a38ccdd3308be5ba8d0d05a194034f8f878df83efae43f9542f2bf32d12f371e" + } + ] + }, + { + "id": "c69343349cab865d", + "location": { + "path": "/usr/share/zoneinfo/right/Asia/Yerevan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1684 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5b0d5cc2fa7bcf8e12eb1f5cdb666add3baebb6f" + }, + { + "algorithm": "sha256", + "value": "eb1d78885ef08e71fbd252a8a94211a75ef5945df8d13cef0a2b7ecb1b4327db" + } + ] + }, + { + "id": "1da72657d491b1fe", + "location": { + "path": "/usr/share/zoneinfo/right/Atlantic/Azores", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3644 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4a8a3046c83115427014d718232321dfb529bb6f" + }, + { + "algorithm": "sha256", + "value": "8d43571970c544ffa840bf6a6c36e22ba2e61f0a08f305b872550533cdbbe84d" + } + ] + }, + { + "id": "01626c7aa79391d6", + "location": { + "path": "/usr/share/zoneinfo/right/Atlantic/Bermuda", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2606 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "497f4fdb96607af07ad67240e4158ade5450621e" + }, + { + "algorithm": "sha256", + "value": "acde2d95e4d36821033d1dabbc8a8411b9e6350c23a2ad2d80801f7fec87a6d0" + } + ] + }, + { + "id": "e7e899b1ce982e9c", + "location": { + "path": "/usr/share/zoneinfo/right/Atlantic/Canary", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2104 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4a4e277bfe3e7523b5d5e874249f1e4613117c56" + }, + { + "algorithm": "sha256", + "value": "9c494307b553c65f8b98288d007d865588e17f02fccd5198dae5d8a304506df7" + } + ] + }, + { + "id": "8697e4a748fbd08f", + "location": { + "path": "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 804 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "36fe56da97a23c6a4cd48e284dac698d2969ed5f" + }, + { + "algorithm": "sha256", + "value": "80298c8e9532d3c7f14575b254803ee66856504126bdec0c78bbea9a5c11023d" + } + ] + }, + { + "id": "a1df52b82f376959", + "location": { + "path": "/usr/share/zoneinfo/right/Atlantic/Faeroe", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2022 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ecd696a5d84c7b21495e64362be3986c8daf4e7d" + }, + { + "algorithm": "sha256", + "value": "e4bc706cbf76ac1b6af63a674384a5b29bce64d961cc701453de33a9df2da140" + } + ] + }, + { + "id": "3c62995ac83b64e2", + "location": { + "path": "/usr/share/zoneinfo/right/Atlantic/Madeira", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3584 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fce98afb032cef8850ec9b2772823f7cc7ece926" + }, + { + "algorithm": "sha256", + "value": "c9d7c63adae12bd3b067d9da920e70b46c80918958f66fe8e58e763fe39b9e3d" + } + ] + }, + { + "id": "4bd39480910fe7cd", + "location": { + "path": "/usr/share/zoneinfo/right/Atlantic/South_Georgia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "15dcfd9b6d4f1e8ca1621b42696dfff5db443b4a" + }, + { + "algorithm": "sha256", + "value": "230b5565a00d4a87d68c1aa7f36316522fb46f2b10de37b8ba6f03276c40851f" + } + ] + }, + { + "id": "5a07402af5bd1e09", + "location": { + "path": "/usr/share/zoneinfo/right/Atlantic/Stanley", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1748 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c8cd11ae9b9598e3b0e65f696bd387c2a1f3ed26" + }, + { + "algorithm": "sha256", + "value": "8e17fa24405bdeab427f31d715b75aad22ff767bca0f421f47a0c1ea57410bba" + } + ] + }, + { + "id": "340e43cc61beadc0", + "location": { + "path": "/usr/share/zoneinfo/right/Australia/ACT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2394 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c1b019759c3304c37cff6105c21ff7be8bef593c" + }, + { + "algorithm": "sha256", + "value": "642e4c43482e65d17e43cbc5fe2c665bcfc6500fbd7be117997a958519357c54" + } + ] + }, + { + "id": "59e5eb2178088d7e", + "location": { + "path": "/usr/share/zoneinfo/right/Australia/Adelaide", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2410 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ab180f8298580a42f5ed6abd9a863fb670ba90a5" + }, + { + "algorithm": "sha256", + "value": "ba3b9c88bef36f4b814ca5049c06b5eb2a1935a61c237c79aa2c88b2292819a3" + } + ] + }, + { + "id": "c8e1ea9e021b8c14", + "location": { + "path": "/usr/share/zoneinfo/right/Australia/Brisbane", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 966 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cfc68f176bd8111ac8b958d4eb46e035e210c963" + }, + { + "algorithm": "sha256", + "value": "0d0dd2a38a62d3fe7b8d7b26719631363df500dd58c34194c7615bd369465309" + } + ] + }, + { + "id": "60abe0e813d2f612", + "location": { + "path": "/usr/share/zoneinfo/right/Australia/Broken_Hill", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2431 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e54f8b79e01a528999736c56ac706ed8dd81779a" + }, + { + "algorithm": "sha256", + "value": "2f15cd9d3c530060a73b2bb4a5f6e9d88cadd4eee4fa132a688fe592a7a24e66" + } + ] + }, + { + "id": "b31d04042b9abaf5", + "location": { + "path": "/usr/share/zoneinfo/right/Australia/Currie", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2562 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fcc12af93d2a8076f2a17bca6524e4a3d586a284" + }, + { + "algorithm": "sha256", + "value": "ed21235521d7650b7ab9c2fbac6670b52ef1c316a7d3387c3468ffcc2f1c4e56" + } + ] + }, + { + "id": "9794c76a6eab5ba0", + "location": { + "path": "/usr/share/zoneinfo/right/Australia/Darwin", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 870 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "13e1296d4be729fb8d9a86919df1f195f7218d91" + }, + { + "algorithm": "sha256", + "value": "e6a593646f567712af1a334e9386b4e2b12af1bfbb84478bfa03a1a752ed1041" + } + ] + }, + { + "id": "3cb1bec0eab9a923", + "location": { + "path": "/usr/share/zoneinfo/right/Australia/Eucla", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 998 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c4844badf7172980dc1503f8830d88e926a8d94e" + }, + { + "algorithm": "sha256", + "value": "b7d2a342295c3224ba9d297b001af131566ef88a3546cbe8c225ce5053414a8c" + } + ] + }, + { + "id": "8d77a21b60654221", + "location": { + "path": "/usr/share/zoneinfo/right/Australia/LHI", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2042 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f3a4cd1061d946c78e1967a6f915fb2e3f0dc9c5" + }, + { + "algorithm": "sha256", + "value": "76162efac0f2925905052ab5cf35988527658a004db0d2c441ad97db8a3e22d7" + } + ] + }, + { + "id": "39a1cf12e24e2f4f", + "location": { + "path": "/usr/share/zoneinfo/right/Australia/Lindeman", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1022 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "05a8ef9490a9c58d3ea4e86aa511215d1d775785" + }, + { + "algorithm": "sha256", + "value": "a8d5b962760b0cfd9dd1f008029b15ae5e074855e82ec66d742563027eb55d24" + } + ] + }, + { + "id": "670e6465ecf7620e", + "location": { + "path": "/usr/share/zoneinfo/right/Australia/Melbourne", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2394 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "003ff467e9e0c888fb7cedfa58e1b36ca95fa8d3" + }, + { + "algorithm": "sha256", + "value": "84ab5e18504d4001ee4e97c6008760e6851ec1b81ff2fac5c33a5551cbb1001e" + } + ] + }, + { + "id": "b53344cb3ffb3226", + "location": { + "path": "/usr/share/zoneinfo/right/Australia/Perth", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 994 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "88a7b56f6c36745706c5035e016c88c14b92d328" + }, + { + "algorithm": "sha256", + "value": "27a4964d7927ddd70e9940a5b0bd82611825ec6e505195cd4a4a46605e5d6b2d" + } + ] + }, + { + "id": "9e2ad02256d0b761", + "location": { + "path": "/usr/share/zoneinfo/right/CET", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3139 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9cb0d4b1bf570da2aafc521c224a0076cbad101b" + }, + { + "algorithm": "sha256", + "value": "f335b2e2a80f9fa6c01a7ab22bff2167484a28c1dd50fbeb24921e7b78d19ab7" + } + ] + }, + { + "id": "3698970716458c61", + "location": { + "path": "/usr/share/zoneinfo/right/Chile/EasterIsland", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2420 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9967efcbbd039d1b943aa7c9a774f55a84c874a5" + }, + { + "algorithm": "sha256", + "value": "b0635e8bb3a3efb07b5e4955576082a7ea8886d6ccc9a7b7eb80792e75a81aae" + } + ] + }, + { + "id": "6d7e70e2ecdac341", + "location": { + "path": "/usr/share/zoneinfo/right/EET", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2466 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8e411b27520abf1944f05001a51366011b2a4659" + }, + { + "algorithm": "sha256", + "value": "51319031e6a4e42a4c15c2952140f2d428a71255bfd4ad0dce25b8fde7d00585" + } + ] + }, + { + "id": "33a9f4a242c7ac02", + "location": { + "path": "/usr/share/zoneinfo/right/Eire", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "34b501693409050c81f7e6a862e2f99a9fda73e2" + }, + { + "algorithm": "sha256", + "value": "2cd23fa1542d2e8f07e27e17560d1f6283b8b525e8a9ca4be9f0c16ce66aa7dd" + } + ] + }, + { + "id": "98e838ae849e045b", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5d11e5d055b0cfce4cb63d5bca81cfd4ef55eb09" + }, + { + "algorithm": "sha256", + "value": "c0ae0c488922dfe5baff09fea6c5d252a8f2d5cdd8f3cd280c68e31d2d8ac6fb" + } + ] + }, + { + "id": "e0797c1b8a059c87", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT+1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dc800a1905e6bde8f42a1ea7ecf7bf9a704744ae" + }, + { + "algorithm": "sha256", + "value": "16ea18914e1676430fee370b242d86587d3117b432482ec8a497db8bd14453ba" + } + ] + }, + { + "id": "6ba439dbb90f5c3f", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT+10", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "b8845ee6ea17122ce40fa360c14c9d24149cbee0" + }, + { + "algorithm": "sha256", + "value": "c683654d0864baadc2f98ba9fa75b5f203af117c4e611cc8cc4c73eaac254cd5" + } + ] + }, + { + "id": "1246b723e35244d7", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT+11", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0941313052cbfa8accf728c69863a5437e8906e7" + }, + { + "algorithm": "sha256", + "value": "5fea7c2d91940b17e15f78137ab3d40073ea161c858899498a7b90c79d84d48d" + } + ] + }, + { + "id": "e9f47ff9032019c5", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT+12", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6b30c13e7049e88b5e0016af86b62a81b0f51a39" + }, + { + "algorithm": "sha256", + "value": "24bbfaa6ff8159d3012fe838b6db32b77c13164f652c84dc43d7d3dc6a25f265" + } + ] + }, + { + "id": "ee1f0d09827619d5", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT+2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e1aeb70315ae8d7fceca5287ec0d3f8269121c83" + }, + { + "algorithm": "sha256", + "value": "580fa5dae9587a6a260d0933985575b20cfefc9e7e17ce0587c24df848b82700" + } + ] + }, + { + "id": "4e0485fa464e8a3a", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT+3", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "271eb39e95bd06b8c97934fe4ac5516427d3d7e8" + }, + { + "algorithm": "sha256", + "value": "4e52fa3acf4d068ab35ec9d0fb5c10122bee012c6fd0bc1fbb3ed6419d2d8db9" + } + ] + }, + { + "id": "caf0ea4d1eb037ab", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT+4", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f8e307c55d9665cc75744b2ed80937bfc0ae2101" + }, + { + "algorithm": "sha256", + "value": "ec22c8e01edffa45b339dedcbcbdf8be615094f09b649213183cd75a5ab29800" + } + ] + }, + { + "id": "ed6e7e869c1525c3", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT+5", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ed1e43a6942cf3e9c52ca3730c75bf3bcbd037c4" + }, + { + "algorithm": "sha256", + "value": "46fdd6be7520a43a5465619781bdd047e72c0b1a8e6a16a5b31b00b758221a57" + } + ] + }, + { + "id": "e475ca363045a9d6", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT+6", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "950c2c31bb8ace71a719fa73b49ed46bd4d19500" + }, + { + "algorithm": "sha256", + "value": "0439857b0b94981df61fbf4070041d0f3f26f6102012843bca69e750e5b49ad8" + } + ] + }, + { + "id": "ec0a17f08b1c7038", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT+7", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2f0211b60ac2b4e2b2e3827930dfb025a0675f99" + }, + { + "algorithm": "sha256", + "value": "75138491c3bd0ac7b172c3cf9c878159f557d7346144d71c89001fa0b5434eef" + } + ] + }, + { + "id": "307bb7c30af3573a", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT+8", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9abd61d2abe5b7e131d6736950497f70400f6f01" + }, + { + "algorithm": "sha256", + "value": "65f78112a4e299dd478d06bef4569e93ca88781f5a7aca82861aca64f2a54921" + } + ] + }, + { + "id": "9c17adc7a7394b19", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT+9", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "00d5ff8a8ce24a0f1080f33ab566a3e830cc439b" + }, + { + "algorithm": "sha256", + "value": "14fa76a891398da90e64238f578675169038c2aabdece2bdd807c7e5c8014423" + } + ] + }, + { + "id": "b2ebeea47dd5475f", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT-1", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6316c3634f21e6bf13d207a591033a271d94eb8e" + }, + { + "algorithm": "sha256", + "value": "bd9f157a6d4ed2edaecc9986c6a37a15b4cf24b4ec285d1fb033f60a8b6b40ea" + } + ] + }, + { + "id": "1d82694b1ecba6e9", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT-10", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "062ab53272e54f1769b6f995b655e322f4aa4acb" + }, + { + "algorithm": "sha256", + "value": "31ad29ec2374b91ee2c65ec4a3d55a9a349f656cf147e88ceab2078866118555" + } + ] + }, + { + "id": "6741fb1bc0959778", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT-11", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "78b796490451519ed6c6ffa51b451769c4589ac2" + }, + { + "algorithm": "sha256", + "value": "7e8147d18a82011ce5c40cfdb3e72ee7c9f663a36319c769ff34c861c07d46e0" + } + ] + }, + { + "id": "15cafed9eea83afd", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT-12", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2a14e214d1402045660aff1597c1d453ef7e51d2" + }, + { + "algorithm": "sha256", + "value": "1643f375f77a9cfa4f5a43a7edc5b1c9aaf6b142e38f5f11a5ad424d3c3bc50e" + } + ] + }, + { + "id": "5d4a7c3f72373cd3", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT-13", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "140541627964666ae10d5711e792f057b8a39189" + }, + { + "algorithm": "sha256", + "value": "ae045edea58729a07bf482af7f0514ef1f58cf0229da64203d847cbd73091ced" + } + ] + }, + { + "id": "6d909f42127f418d", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT-14", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f489ecbc9b0b1b9f9ea2eeb722f750869d3d4856" + }, + { + "algorithm": "sha256", + "value": "6cfd1aea860e6e5bdc9acf61fb9d73b8157a184699af09ec60a7ac9105129d09" + } + ] + }, + { + "id": "b6e3181a3e6614ee", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT-2", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8e159ada07f1178c4535b0dd44e022030bc3d55a" + }, + { + "algorithm": "sha256", + "value": "ab411c42f81cf32921ba066b3fd207c19f8fadfc7a645ac498d0cd99403e08b4" + } + ] + }, + { + "id": "178617aa61acb30a", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT-3", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7dc6d972313812676501ed51d41af4f2e7fe5869" + }, + { + "algorithm": "sha256", + "value": "456321d4535e73ea2f90d57b4c6a01985b6c61975d3192079010ecba1756319a" + } + ] + }, + { + "id": "7730cbb1fd359e9b", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT-4", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5f2e5d838282a6bf1aa35598a125aa2c24bc5c15" + }, + { + "algorithm": "sha256", + "value": "3bd4a880605600d48d2c6a66bb8c06f8311517e66ab8f36033712637741804aa" + } + ] + }, + { + "id": "29e48de2cfb8b31b", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT-5", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a8e2f8a4a1101008e9dcffed0f6879935341a22b" + }, + { + "algorithm": "sha256", + "value": "1d1c996246907f0f3a9acd5e718e2081d09fa9302db8cdba699970f042ec2bb7" + } + ] + }, + { + "id": "a6a2bc1498452340", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT-6", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d9d202e8903ebdcbf04072991b0996f0b0539291" + }, + { + "algorithm": "sha256", + "value": "240967a18e32890d63fbf85c36a4f68ee7e34ee2e74369ca7cc302e8d5628081" + } + ] + }, + { + "id": "a8f39bbe81d9520e", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT-7", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a1a6365d8ff5442395e22ef58c2ea8c9aafdac99" + }, + { + "algorithm": "sha256", + "value": "d64bfa44a85bf15af2bae860eb7c983d37e105feec38bbac7abdb68e7301db9e" + } + ] + }, + { + "id": "0ab86e68732c77f6", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT-8", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "40c731d7f7e968f858d51e7144576cdff2def224" + }, + { + "algorithm": "sha256", + "value": "5a45eb9a1793d21016cca402103fc96cada05665bb04419479a8c16dfb2d127d" + } + ] + }, + { + "id": "91a6a39db5404ccc", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/GMT-9", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9725dcf44d5eaa7324839093a4b0fe8407250ca7" + }, + { + "algorithm": "sha256", + "value": "7b073597e60378b11510062f4763f5b028665d89a202f460f8076a66ce9c1e86" + } + ] + }, + { + "id": "d551f7fcc01926ec", + "location": { + "path": "/usr/share/zoneinfo/right/Etc/UCT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4babbaada1d584e9a3e28f98cb69eb7b10e860cb" + }, + { + "algorithm": "sha256", + "value": "d8ae7a9298ef0de0e84b7cbe5988f476d9ac76168506ad4a15ba2a4c77d0f882" + } + ] + }, + { + "id": "b92545c8f9a22670", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Andorra", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1948 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9ef865d4570c9281fabd04323b6ac113646d09ea" + }, + { + "algorithm": "sha256", + "value": "636f35db63ba2d24513234d0aaeac9176dffe5c59b992fb8ec284306fc1e8e55" + } + ] + }, + { + "id": "bad99f1041412d06", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Astrakhan", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8031b764ca3ceb16cda37326490e43d364371877" + }, + { + "algorithm": "sha256", + "value": "db0f7db18f4422f75f50905bbe3e1385d9beb785ac3ab4830c95e60ed6d26663" + } + ] + }, + { + "id": "d0e7561284493ba4", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Belfast", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3872 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8202180a4ee1e918ddd75ed206143b34886acaf4" + }, + { + "algorithm": "sha256", + "value": "46b7d10bfe167c8abbe0a6b9568a56254b1d32bf709c59f79730d434c01f620a" + } + ] + }, + { + "id": "eebe74989742d15d", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Belgrade", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2126 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "72f2469525d821fe40ae93906dac331aa4e6a353" + }, + { + "algorithm": "sha256", + "value": "424a31c5076e7e8df83719bef2256bfc462950cb25dbe4757ec6bf2bffc73407" + } + ] + }, + { + "id": "8211995d747ee077", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Bratislava", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2507 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6cb5e7db1f99c055196d9de1dda31791a357e602" + }, + { + "algorithm": "sha256", + "value": "2724db32864ac46c3519d2e65ceaab5c5aa47ea40fc7ef223b0e95f1d6123478" + } + ] + }, + { + "id": "1b1888dd3d110bb1", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Bucharest", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2388 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "06a411a4631ed971e9151302d5ecb4da38760ebc" + }, + { + "algorithm": "sha256", + "value": "1c344ffd880bb10fab22505e6a155ede7966118ffe8154f9823d636f539f1fad" + } + ] + }, + { + "id": "4c6b58c8cfeb69bb", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Budapest", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2574 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0907d069c1491bce06d4a3c159f9e5a1fc421a35" + }, + { + "algorithm": "sha256", + "value": "b794eb2756f3064a56dc6d69b6283d782c4fe5b847f08e8f01791febc2aa7d64" + } + ] + }, + { + "id": "93a77504158cd24d", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Busingen", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2115 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2919e708ebcfd645a1fca479db8d9da144622cd3" + }, + { + "algorithm": "sha256", + "value": "c7933f897854ae9ba3f186d4e69e6a4d8c83a7aadeac05bfc6ad24b352902c87" + } + ] + }, + { + "id": "4c04952207bfba6c", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Chisinau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2596 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8459d95aa0efd7870ebf490143f02cde3dc95aef" + }, + { + "algorithm": "sha256", + "value": "7f5a8ec399f624b8c76af090704ff395e751d5a1b01d97d591e6bb7456e50707" + } + ] + }, + { + "id": "3ed169a32febde4c", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Gibraltar", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3274 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2fb18702fea92748f0e68e346f08457574e106c2" + }, + { + "algorithm": "sha256", + "value": "bfa36a2a92509b37f9ce349039b318cfacd1a8f42b8d45a90123441b0bc5f614" + } + ] + }, + { + "id": "f225389200f0e315", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Helsinki", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2104 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "633ba90f4a99c66bc44c66a8e4be1c276bbfcb9b" + }, + { + "algorithm": "sha256", + "value": "99774635d3673503f5f9a68bfa0a8ed22904a6aa240a54ca146c769a6b44f04f" + } + ] + }, + { + "id": "eacd3bb0a1f85734", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Kaliningrad", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2042 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7a867ecfbc653667d2c2792a668e5f0af91ae86e" + }, + { + "algorithm": "sha256", + "value": "4e9d028d6e75c1d8dee0ea1d2911be263c15986ce0d85f7962fc3a74980abea3" + } + ] + }, + { + "id": "f6fd23d435484c92", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Kiev", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2324 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ee04aa646c89c29b550a518214803d26e5db56e9" + }, + { + "algorithm": "sha256", + "value": "2908feb1a02054053d38f4237fef440ecb8c4823532447f37dd40496081a7aab" + } + ] + }, + { + "id": "023abd2d44bed68c", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Kirov", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1734 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3b690fe08dc1e06a508cf8fba1b63db998b0a13b" + }, + { + "algorithm": "sha256", + "value": "cd4ce071df873475dae25a8f9bc6669f210ffb2f59459177ba85cecdb1066869" + } + ] + }, + { + "id": "94da58a2c071562e", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Lisbon", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3734 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6f602fd5c09c3445a92f17f53ec85d406f937702" + }, + { + "algorithm": "sha256", + "value": "a36f7b5c14745fcf1ce8d81bd69ddf2a5f54acb42ae257b4f9a76979af60d2fd" + } + ] + }, + { + "id": "dc2b397038a0500b", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Madrid", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2820 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "1b90f061a2bc9f220d6e57b22bc5fae57a5b3ed3" + }, + { + "algorithm": "sha256", + "value": "60a674aaf464d0c1c6449054d431dbf18e3530563279b8a504816f3652a16d24" + } + ] + }, + { + "id": "c9d4c510e981e36d", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Malta", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2826 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "be80e8ebb0f0a88fac52cf2cf1efbf79f6560a8f" + }, + { + "algorithm": "sha256", + "value": "cff70fde0bb281552820a88054c3474f60421052182e1f5c5dfc6f79d9964d20" + } + ] + }, + { + "id": "8dce2c711372eb31", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Minsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1854 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "50dc57fce2464261b4c032870b5fcce6e195e768" + }, + { + "algorithm": "sha256", + "value": "2143110d5ab8d697694075f8a9f9e6e4db2e9ae3fc864588dc4aaf06bd215940" + } + ] + }, + { + "id": "920898bb95373af4", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Monaco", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 3168 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "96625c03b0e4ac66d5f325769c475d7c964feae5" + }, + { + "algorithm": "sha256", + "value": "843e7e61f730fd653c286c01cbc9cd290b79e3e61d2fb2e9f216bbe3f7db31f8" + } + ] + }, + { + "id": "680b9e96e231e221", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Moscow", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2084 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8ec8d15220779bf4ceeaf6814c5542031c68d483" + }, + { + "algorithm": "sha256", + "value": "fbe286e4e8b537f98c782958f935e648f86643a4db89bf8566f4037afe216d15" + } + ] + }, + { + "id": "a80c7b5ed6f75459", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Riga", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2402 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fc0350b614040545ac06259e2a92a8ec9a9dc2b2" + }, + { + "algorithm": "sha256", + "value": "8ba637f5e64e2e7ec5c3f78b2e60905d33107a9ef6f81ed9d7c4f4e0c3a5f1c6" + } + ] + }, + { + "id": "f297d7e288331d68", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Rome", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2847 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "33ffe1aff43f2af208c9f04dc79e801b2d9f22a5" + }, + { + "algorithm": "sha256", + "value": "c5891612c9a5e83e5ed103fe82045826dcd6c82c7c566622fdb9e77eafc7d50a" + } + ] + }, + { + "id": "e64353ec62870cf0", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Samara", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1748 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "2cf00481bef1b358434913d33d679b084885e832" + }, + { + "algorithm": "sha256", + "value": "82f9a27b9f643a01a4dc1da68b08864a6713345326309721466b128e72c32231" + } + ] + }, + { + "id": "d35cc7feb6820a60", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Saratov", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1716 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "20228b853bba740b6cc6205d650ac0eeada223e9" + }, + { + "algorithm": "sha256", + "value": "bf2199a05b90cb3b923d20bc669acf2f86fd843130a1d9dfe3383807d5245941" + } + ] + }, + { + "id": "39ac364a9c3507b7", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Simferopol", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2018 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5200c2fb1e905aecbef1eddb41a9a1af95b6a464" + }, + { + "algorithm": "sha256", + "value": "58dbfa564500222376adbd40333a91130fa799752e66bdf1a45551c726e27faa" + } + ] + }, + { + "id": "d229438e006fa531", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Sofia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2281 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "893df349a8c4ccd2f07ec0e45925b2c11df032e9" + }, + { + "algorithm": "sha256", + "value": "37bbdd3d0a1bbb85dddaf9bd9379405f1c7ccda6b319f0344818e1a92731aed8" + } + ] + }, + { + "id": "5fd92881aac7828d", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Tallinn", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2352 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ad32f4c0baca3b9e0711042ec04f507c1fe5c617" + }, + { + "algorithm": "sha256", + "value": "fe35837b7201844c0f4cc40926df64aca256425ef499bafb5d4dddac7231fbb9" + } + ] + }, + { + "id": "18b452a763fa2e4f", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Tirane", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2290 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c198540a74d481f47672421b8b0aa12c6f05369f" + }, + { + "algorithm": "sha256", + "value": "728eeba75e4e7c47d50342c1d0cb77442d5433ec082942f4291d404af86e9b38" + } + ] + }, + { + "id": "760e015bda49528c", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Ulyanovsk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1800 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6dbadd79da1915515246c07efd473fadb711e6da" + }, + { + "algorithm": "sha256", + "value": "178ebea5ec84691a5e29c09f05b268bb6a3839bd2b6069537acab096b2608dce" + } + ] + }, + { + "id": "9aae9fa192834b5f", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Vienna", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2406 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3a6106f78fa6d278254ed381107f79f1f72ae590" + }, + { + "algorithm": "sha256", + "value": "1978e5d57f4ae3db762ad0cc8d9b1825467ddb6e7b37add40589ad88d67dcf12" + } + ] + }, + { + "id": "a446144c2a8db246", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Vilnius", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2366 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dd4651522a8fc50fbfeab9138139c0a98be78160" + }, + { + "algorithm": "sha256", + "value": "9e0346c05bd62e5062c3e9c1af6abb3a76cac647d69904414df525dc699a8da1" + } + ] + }, + { + "id": "7081a0e34a6b350e", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Volgograd", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1742 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "87ff92ee927befd36a5776064b50a60b015cc344" + }, + { + "algorithm": "sha256", + "value": "c0a89c4186f6cb4116f953bee1e96336d76a95fe242958b36f1d343d3feae1ae" + } + ] + }, + { + "id": "a2ed9481b9ffb2f0", + "location": { + "path": "/usr/share/zoneinfo/right/Europe/Warsaw", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2860 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "8425ef070f27439d0e75b3cd1907a26833f06efc" + }, + { + "algorithm": "sha256", + "value": "9e8225d49707e4b369634eb200212e63222e6ea0a8ef16a346ea6e32a12ca651" + } + ] + }, + { + "id": "b350ce7ab7810a11", + "location": { + "path": "/usr/share/zoneinfo/right/Factory", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 664 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "6db6f78bd95bed7639ecfa9fbcb32e5e53fae236" + }, + { + "algorithm": "sha256", + "value": "1562a07bd51e51e00a99a8db7ceac2bc5d473008d9798b66d1046ff7ca69f2e3" + } + ] + }, + { + "id": "50f76fc25a911876", + "location": { + "path": "/usr/share/zoneinfo/right/HST", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 878 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "dcfa0711611efd412cfc39a00e06a7a651c24f39" + }, + { + "algorithm": "sha256", + "value": "3cd58372124c8149411f3b1e7a923096293afb60d234258ae9230e768f906175" + } + ] + }, + { + "id": "7d27e81560137a98", + "location": { + "path": "/usr/share/zoneinfo/right/Indian/Chagos", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 732 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "58a379fb0376e5abbb370c26f5311d1daec2498f" + }, + { + "algorithm": "sha256", + "value": "a56c856698ed900dd9f105de3ecfa7c02a47d3e0a72cf9b0b2dda8d78e1ca668" + } + ] + }, + { + "id": "a5d6c087f1ce0421", + "location": { + "path": "/usr/share/zoneinfo/right/Indian/Kerguelen", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 732 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "836b7f8b8924e979f9d150043ed836fb9e031066" + }, + { + "algorithm": "sha256", + "value": "6f460c82f439e2d45a82af8290775e71ebe2ee472d802c2fc36ca477151ed03a" + } + ] + }, + { + "id": "948a7edf6e965ad2", + "location": { + "path": "/usr/share/zoneinfo/right/Indian/Mauritius", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 774 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "ae6aa848ebef8ed4b361a36ff2760a1d05ccacbb" + }, + { + "algorithm": "sha256", + "value": "392bac1d8217b660b7affe6623ef563ab1deefd077661e4ca48746f20ff07e73" + } + ] + }, + { + "id": "27e20379fcc146d1", + "location": { + "path": "/usr/share/zoneinfo/right/Kwajalein", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 848 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "34af0076af4a4341be0f8b2abc0ebfda3b1371bb" + }, + { + "algorithm": "sha256", + "value": "fe0269639dfeb4da4a29422764e8ce5d131bceb70eb858288feacb33adb93357" + } + ] + }, + { + "id": "bda3f09d4ce029a2", + "location": { + "path": "/usr/share/zoneinfo/right/NZ-CHAT", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 2242 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "cd84961c4d50e4185f3a741815a51c13b712ff01" + }, + { + "algorithm": "sha256", + "value": "7418e8e399cac56ecc7db3b17dd98b99af2a78c01009f6090b81fa74bb9ed1be" + } + ] + }, + { + "id": "47d47bfe9daa28df", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Apia", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1144 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9b7740ef01a83771a188c6a3eea515420a4b1e7e" + }, + { + "algorithm": "sha256", + "value": "9232e8d2e7c4b0851c24b934806eed6ad8c782b70b5f8077ecd085a344cf21a6" + } + ] + }, + { + "id": "78855593e2583a9e", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Bougainville", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 800 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "52def485011a03bf0630796589a006350826d7fe" + }, + { + "algorithm": "sha256", + "value": "3424ec28a42e16e2aecfedcb0e9460623e322ef6e91b0cbcd0f30ea3f81a38ea" + } + ] + }, + { + "id": "799f8d5301678c96", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Efate", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1070 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a8ee1e5ccf78182632c20c0b8017100c83a66c3a" + }, + { + "algorithm": "sha256", + "value": "2c3fa89e70a1e6f04d32a1425a7c4a17ea831bdb2991e2b2e7a6207eb2a2da34" + } + ] + }, + { + "id": "7a1210001590214a", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Enderbury", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 766 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "c3800c386333b9234fe998a348859ef6800892ab" + }, + { + "algorithm": "sha256", + "value": "0d861c486407a2cfa76dcb792e29ab6b5a7dc23fc88e436fcf0e91aa934ce50f" + } + ] + }, + { + "id": "17c26a924f613a8f", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Fakaofo", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 732 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "242e87d997bca50490a5963afbd296e9db98d42d" + }, + { + "algorithm": "sha256", + "value": "310746ea8f1df6f1fda801edfd8bf9dbe668ff0d67fc8f2ee6b09d13e08b1342" + } + ] + }, + { + "id": "d8442b79c9bb211f", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Fiji", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1110 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "003ab2f2e58a95975dc0bedb26c6239f5f63ca2d" + }, + { + "algorithm": "sha256", + "value": "61d9791f14bdcd80003cc510d466349ddddae5425da99a15ff54363e61c82663" + } + ] + }, + { + "id": "10ecd7443a2e0f8d", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Funafuti", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "264561f06a4b450a54c2958aa0a31c9aab233fd2" + }, + { + "algorithm": "sha256", + "value": "a19599331d7971282a3d99d552f3580e18e1a3f291fe1c2a724b732b28d19dda" + } + ] + }, + { + "id": "d755b234f0f5e121", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Galapagos", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 772 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "063fd61ea477769597792730fcb4e1db44da00e3" + }, + { + "algorithm": "sha256", + "value": "e11d59240fad0b7863207bf94d2a3b1a1bee3dd638562cd52ad82dff0c5500cc" + } + ] + }, + { + "id": "e3be249111356540", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Gambier", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a7bdf929ff895c8fd766a9b01ec7768a55239487" + }, + { + "algorithm": "sha256", + "value": "e740a7ffbc13dd2ceba41ad306ef0ea8648404f94647a5f0acb6a53cc7fd07bd" + } + ] + }, + { + "id": "6669f53a5e886496", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Guadalcanal", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "9f1ae4c71492393dd281cca4c25fb9c02d9424cb" + }, + { + "algorithm": "sha256", + "value": "395078e1bda2f361dadc972e7cac74766378db47e93ab0eb40831c1bd3cd0eb4" + } + ] + }, + { + "id": "de70877551d180b8", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Guam", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1041 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "96217fa9b9e0900f36df167e05a1be6285e7304c" + }, + { + "algorithm": "sha256", + "value": "dd2618ab40e4937e8a7e77ee99cb16850d680dd751fbafbc7f1315910c1c654d" + } + ] + }, + { + "id": "86462bf7cfae9fca", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Kiritimati", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 770 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5c23c7d62279762fdc99e27b913b4e5614131095" + }, + { + "algorithm": "sha256", + "value": "174e89b399cdcb099e3fbdb56726bcd5e4ff5407143375bbe3f325c2d9681ec7" + } + ] + }, + { + "id": "7846ce6f1446a572", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Kosrae", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 883 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "badfb6360e23281f1586f8cc31f9bf0ddead03f0" + }, + { + "algorithm": "sha256", + "value": "f3e0ee73aa07ea88079d523f04e18013c2faa1f451c16e84d8ce44b508ed1e7c" + } + ] + }, + { + "id": "f42ed6977c96b3f6", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Marquesas", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 702 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "f9ab84a187a3dc1bd186524d4b475544aed3297f" + }, + { + "algorithm": "sha256", + "value": "ec00139c96225da5c430689485dad62c37f3ea2a44bbfdbba984779ec39898ab" + } + ] + }, + { + "id": "009ece66b505db9a", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Midway", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 724 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "a22abb4b6195611dfb909670078c38c2fcd02a7e" + }, + { + "algorithm": "sha256", + "value": "123dc0bb0c84f740272684766dfe16f0bc190dbf9c221b944e4df2c98788d95c" + } + ] + }, + { + "id": "bc1dc5a11617ff3b", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Nauru", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 784 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "38b372bc34a518151fdbb18bd40313f9f1003331" + }, + { + "algorithm": "sha256", + "value": "bd939db4129d29f0b99daaa023926e04a75f26de36dd4bde3af05093998da477" + } + ] + }, + { + "id": "287406beb3a9c308", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Niue", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 736 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "219ce89833abdfb6f7900ef96259a079b33f98bb" + }, + { + "algorithm": "sha256", + "value": "30cc62073dfdf73d40c8ba8cac33a52f7313e04a431a48f0576772745565afa4" + } + ] + }, + { + "id": "893640ffaadb3fd7", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Norfolk", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1068 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "771eb27866fb346a346dc123dad325bd0406dee2" + }, + { + "algorithm": "sha256", + "value": "5c71894f23b70d59b166ba89cd77cc2f5e04587b07dff3db877ba131ec16e1dd" + } + ] + }, + { + "id": "5b3923f8e2b41631", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Noumea", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 836 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3a634960055fea8fa21f3c7335ca008e7e8ad7c5" + }, + { + "algorithm": "sha256", + "value": "2c0159163af1753811f401a39dec7e715cd509e0240350bf4509319894f09a01" + } + ] + }, + { + "id": "92cfdd5827806bea", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Palau", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 713 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "3616d2b603942be1a069e138538be2a2554ef30f" + }, + { + "algorithm": "sha256", + "value": "77b1aa8530b84c1e02080129746a797d03c2b34dab1c40f97067774e13e3c2fc" + } + ] + }, + { + "id": "5eb1e4f5972cf9c2", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Pitcairn", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 736 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "32772a169319c0efe77169ddfdc6c7882306db47" + }, + { + "algorithm": "sha256", + "value": "1a54aed7b3405c034a9d551e64c096b46e7edada97236f17844998ea7cd19665" + } + ] + }, + { + "id": "b94bacb68e7641d6", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Rarotonga", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 1136 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0bff8c5944b3830f71a3aa7a904c209d2786db6f" + }, + { + "algorithm": "sha256", + "value": "1a0b149b0644a1079e60c30e2568dc33201afabf080753a8ae61163c9f6614f3" + } + ] + }, + { + "id": "0a7fb6e5bfc5fc19", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Tahiti", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 698 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "16b52774376b3b8dcb2ae812ef0f28bce49abd88" + }, + { + "algorithm": "sha256", + "value": "692b326779d3a5f9ce9469353c2646ccfcba1c22ec790d06a76c382d41f8ac7f" + } + ] + }, + { + "id": "c10ae445b88bd9c2", + "location": { + "path": "/usr/share/zoneinfo/right/Pacific/Tongatapu", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/tzif", + "size": 904 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4a9cc0b35e2db131553cd7f89e9a2d8e8ecac8c1" + }, + { + "algorithm": "sha256", + "value": "c5c1bed0f54f756cff29ebb9d7b1ffef96bd0d121b0cb0dbf9722c9181917601" + } + ] + }, + { + "id": "ffa40bf00111bcc1", + "location": { + "path": "/usr/share/zoneinfo/tzdata.zi", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 109726 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e106ccbb7aaf0cafd1b2faa80616fafb5674fa66" + }, + { + "algorithm": "sha256", + "value": "b707de303ec6cb982b853d30430970fd5cac7cd6086396d911b6fe5e66a746e0" + } + ] + }, + { + "id": "7439d6928726b505", + "location": { + "path": "/usr/share/zoneinfo/zone.tab", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 18822 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "4f9c2681dad62e7eb99c7ed3a376a04d2cc581e9" + }, + { + "algorithm": "sha256", + "value": "586b4207e6c76722de82adcda6bf49d761f668517f45a673f64da83b333eecc4" + } + ] + }, + { + "id": "2e80788a46bd1d3a", + "location": { + "path": "/usr/share/zoneinfo/zone1970.tab", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 17605 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "0409ecccab58b2cd0d5aa758d2a518354dd83bdb" + }, + { + "algorithm": "sha256", + "value": "e9d9fe30942a880f756b73f649667d8647a1ecf2131149445d9cc24c65e4ee8f" + } + ] + }, + { + "id": "084238eeedbaeb04", + "location": { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/vnd.sqlite3", + "size": 12632064 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7a8c03d5b08705a280360933df7cd1976094ba4a" + }, + { + "algorithm": "sha256", + "value": "6888185a33db9606643fcd280b7a8e3e306125aa168dd3f9cf607e49018cf6e9" + } + ] + }, + { + "id": "9e643efa3244df62", + "location": { + "path": "/var/lib/rpm/rpmdb.sqlite-shm", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 32768 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "608eeb7488042453c9ca40f7e1398fc1a270f3f4" + }, + { + "algorithm": "sha256", + "value": "fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb" + } + ] + }, + { + "id": "42347261e3296811", + "location": { + "path": "/var/lib/rpm/rpmdb.sqlite-wal", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "", + "size": 0 + } + }, + { + "id": "886a39eba3384970", + "location": { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764" + }, + "metadata": { + "mode": 755, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/x-executable", + "size": 20217144 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "5efb3de1ded928596bca4048f3472b768bb3feba" + }, + { + "algorithm": "sha256", + "value": "891223001e144cac4c62809b340aaab6bd50ff4fc8ab3c32253732a8e6277b1b" + } + ], + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libsasl2.so.3", + "libgit2.so.1.9", + "libyaml-0.so.2", + "libsystemd.so.0", + "libssl.so.3", + "libcrypto.so.3", + "libz.so.1", + "libm.so.6", + "libstdc++.so.6", + "libgcc_s.so.1", + "libc.so.6", + "ld-linux-x86-64.so.2" + ], + "elfSecurityFeatures": { + "symbolTableStripped": true, + "stackCanary": true, + "nx": true, + "relRO": "full", + "pie": false, + "dso": false, + "safeStack": false + } + } + }, + { + "id": "c03425ae2dddd928", + "location": { + "path": "/usr/local/lib64/libgit2.so", + "layerID": "sha256:2dd56835d8c56f3444b57498c321c66c12efecb37d70724c051dbcb9346de8f9" + }, + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libssl.so.3", + "libcrypto.so.3", + "libssh2.so.1", + "libz.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": false, + "stackCanary": false, + "nx": true, + "relRO": "partial", + "pie": false, + "dso": true, + "safeStack": false, + "cfi": false, + "fortify": false + } + }, + "unknowns": [ + "unknowns-labeler: no package identified in executable file" + ] + }, + { + "id": "b0b3df9ccdee8153", + "location": { + "path": "/usr/local/lib64/libgit2.so.1.9", + "layerID": "sha256:2dd56835d8c56f3444b57498c321c66c12efecb37d70724c051dbcb9346de8f9" + }, + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libssl.so.3", + "libcrypto.so.3", + "libssh2.so.1", + "libz.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": false, + "stackCanary": false, + "nx": true, + "relRO": "partial", + "pie": false, + "dso": true, + "safeStack": false, + "cfi": false, + "fortify": false + } + }, + "unknowns": [ + "unknowns-labeler: no package identified in executable file" + ] + }, + { + "id": "0920be45b70234f3", + "location": { + "path": "/usr/local/lib64/libgit2.so.1.9.1", + "layerID": "sha256:2dd56835d8c56f3444b57498c321c66c12efecb37d70724c051dbcb9346de8f9" + }, + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libssl.so.3", + "libcrypto.so.3", + "libssh2.so.1", + "libz.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": false, + "stackCanary": false, + "nx": true, + "relRO": "partial", + "pie": false, + "dso": true, + "safeStack": false, + "cfi": false, + "fortify": false + } + }, + "unknowns": [ + "unknowns-labeler: no package identified in executable file" + ] + }, + { + "id": "3791337a2e68fc20", + "location": { + "path": "/usr/local/lib/libssh2.so", + "layerID": "sha256:6c7de3a89a06cc6fb80f8ce2113fe04dc919d7de7c58c25f62b245e61b77e73e" + }, + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libssl.so.3", + "libcrypto.so.3", + "libz.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": false, + "stackCanary": false, + "nx": true, + "relRO": "partial", + "pie": false, + "dso": true, + "safeStack": false, + "cfi": false, + "fortify": false + } + }, + "unknowns": [ + "unknowns-labeler: no package identified in executable file" + ] + }, + { + "id": "bdeb3a841c55c4e0", + "location": { + "path": "/usr/local/lib/libssh2.so.1", + "layerID": "sha256:6c7de3a89a06cc6fb80f8ce2113fe04dc919d7de7c58c25f62b245e61b77e73e" + }, + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libssl.so.3", + "libcrypto.so.3", + "libz.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": false, + "stackCanary": false, + "nx": true, + "relRO": "partial", + "pie": false, + "dso": true, + "safeStack": false, + "cfi": false, + "fortify": false + } + }, + "unknowns": [ + "unknowns-labeler: no package identified in executable file" + ] + }, + { + "id": "407f9c72dd226086", + "location": { + "path": "/usr/local/lib/libssh2.so.1.0.1", + "layerID": "sha256:6c7de3a89a06cc6fb80f8ce2113fe04dc919d7de7c58c25f62b245e61b77e73e" + }, + "executable": { + "format": "elf", + "hasExports": true, + "hasEntrypoint": true, + "importedLibraries": [ + "libssl.so.3", + "libcrypto.so.3", + "libz.so.1", + "libc.so.6" + ], + "elfSecurityFeatures": { + "symbolTableStripped": false, + "stackCanary": false, + "nx": true, + "relRO": "partial", + "pie": false, + "dso": true, + "safeStack": false, + "cfi": false, + "fortify": false + } + }, + "unknowns": [ + "unknowns-labeler: no package identified in executable file" + ] + }, + { + "id": "76f1c9985254e2be", + "location": { + "path": "/etc/ld.so.cache", + "layerID": "sha256:9bc7c492562f465ba19a77b35e5f630d7559005d0753b2d888b175a07126b785" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 6415 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "36b8c3b64d37014908e77572188954aa3cb20f14" + }, + { + "algorithm": "sha256", + "value": "c81f81c0014895d5f3d4c6a18352d7cec8d84c7545d02e03ca9f978848bb00ee" + } + ] + }, + { + "id": "f7b1ca91de4b87e3", + "location": { + "path": "/var/cache/ldconfig/aux-cache", + "layerID": "sha256:9bc7c492562f465ba19a77b35e5f630d7559005d0753b2d888b175a07126b785" + }, + "metadata": { + "mode": 600, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "application/octet-stream", + "size": 8839 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "e262a9b428960942bd73da550bc313c4e8595c8c" + }, + { + "algorithm": "sha256", + "value": "b7e9580a23b413e77efbb2b5ece1629ba22a45c22802c754f90ac5b3dc4f3fa8" + } + ] + }, + { + "id": "17f0452d88c35045", + "location": { + "path": "/etc/group", + "layerID": "sha256:63c0de0eafb982af6b23145c1fadacccc45db5ddba5c9c570c9ecd891f744168" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 287 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "d43893aba8e1f7ac50d31350f0c6749c1d74f34d" + }, + { + "algorithm": "sha256", + "value": "cd480d020fa833ee740993a401310b59092e696c462d7b5a386996a5af403f5e" + } + ] + }, + { + "id": "0d2d3ea44fec0394", + "location": { + "path": "/etc/gshadow", + "layerID": "sha256:63c0de0eafb982af6b23145c1fadacccc45db5ddba5c9c570c9ecd891f744168" + }, + "metadata": { + "mode": 0, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 217 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "fb399da662da4f767b177d7101dc37f7ee7abccb" + }, + { + "algorithm": "sha256", + "value": "57b2c179c1d1a435610d1ea0bfb5bed7eb6d6ced6c0e2f17bfe6362356be1706" + } + ] + }, + { + "id": "645eceef84258f08", + "location": { + "path": "/etc/passwd", + "layerID": "sha256:63c0de0eafb982af6b23145c1fadacccc45db5ddba5c9c570c9ecd891f744168" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 593 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "bf7007eebcb9840ffbed9e1cb7bc6807fcb367c4" + }, + { + "algorithm": "sha256", + "value": "1dec20adb7cfa5c2800dab6921bd133f7959b9ad359530f9b38291c6a2dee424" + } + ] + }, + { + "id": "14b36bc2e9d50e6f", + "location": { + "path": "/etc/shadow", + "layerID": "sha256:63c0de0eafb982af6b23145c1fadacccc45db5ddba5c9c570c9ecd891f744168" + }, + "metadata": { + "mode": 0, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 383 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "095e6a4cc33051a79e9d1c6442ae92d4ea72c488" + }, + { + "algorithm": "sha256", + "value": "aae87b88360de60fd8f5a49b2313bf3fc24458e4fa861b822c2f427b44c1fed7" + } + ] + }, + { + "id": "4765190f6febf036", + "location": { + "path": "/etc/subgid", + "layerID": "sha256:63c0de0eafb982af6b23145c1fadacccc45db5ddba5c9c570c9ecd891f744168" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 28 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7ca1e92216dc341b70ef97d68a951c8e93db2a7e" + }, + { + "algorithm": "sha256", + "value": "f079cf47cb24bbdf98490c506bac4718f374566f28abd90f85bb07bab919d8bc" + } + ] + }, + { + "id": "45437c0792f4c201", + "location": { + "path": "/etc/subuid", + "layerID": "sha256:63c0de0eafb982af6b23145c1fadacccc45db5ddba5c9c570c9ecd891f744168" + }, + "metadata": { + "mode": 644, + "type": "RegularFile", + "userID": 0, + "groupID": 0, + "mimeType": "text/plain", + "size": 28 + }, + "digests": [ + { + "algorithm": "sha1", + "value": "7ca1e92216dc341b70ef97d68a951c8e93db2a7e" + }, + { + "algorithm": "sha256", + "value": "f079cf47cb24bbdf98490c506bac4718f374566f28abd90f85bb07bab919d8bc" + } + ] + } + ], + "source": { + "id": "2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "name": "ghcr.io/fluentdo/agent", + "version": "25.10.10", + "type": "image", + "metadata": { + "userInput": "ghcr.io/fluentdo/agent:25.10.10", + "imageID": "sha256:c57809c3a3be7c65bf41a3194075ffa4a5197712b505ae92bb91807cf488ea64", + "manifestDigest": "sha256:2bf62abc60782e22e4e4cae7b1895f1d0da18e6279c18e6eb347444a255efd16", + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "tags": [ + "ghcr.io/fluentdo/agent:25.10.10" + ], + "imageSize": 216848737, + "layers": [ + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2", + "size": 104377261 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "size": 83235445 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:dfacb86663237a701a02e011b9bd7b2890d174e5bb4a63bdd26039e1aa8439f1", + "size": 10174 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:5da4ab47a35ef3ffb3db4fad31c699e45ca6919bc50484c00c9858e83cbb5f23", + "size": 7542 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", + "size": 20260055 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:2dd56835d8c56f3444b57498c321c66c12efecb37d70724c051dbcb9346de8f9", + "size": 5193552 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:6c7de3a89a06cc6fb80f8ce2113fe04dc919d7de7c58c25f62b245e61b77e73e", + "size": 3333024 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:9bc7c492562f465ba19a77b35e5f630d7559005d0753b2d888b175a07126b785", + "size": 15286 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:007d2f3ef5cff9621ab68f63b78cd170545e3614d5d5103815476281db1fcbdc", + "size": 0 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:cd9daa1c72bb01c32db0fbbea799682f034ecdf5d6eb4e959966a6942c99f249", + "size": 581 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:04bb136ff849c7eedf927a287b5f734c14738f541819ba94eba61331ad0b05c1", + "size": 581 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:08d5321f8651f6848b036e4ece4303b6a5d05029c9355e0a1ad4a6fec5c60adb", + "size": 411708 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:63c0de0eafb982af6b23145c1fadacccc45db5ddba5c9c570c9ecd891f744168", + "size": 3528 + } + ], + "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjoxMTY5NCwiZGlnZXN0Ijoic2hhMjU2OmM1NzgwOWMzYTNiZTdjNjViZjQxYTMxOTQwNzVmZmE0YTUxOTc3MTJiNTA1YWU5MmJiOTE4MDdjZjQ4OGVhNjQifSwibGF5ZXJzIjpbeyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTA2MDc4MjA4LCJkaWdlc3QiOiJzaGEyNTY6N2I5ZDhlZTA2YmViODc5NGQxNDM1YWNhMjVlZDc2MTNlNDI4YjAwYTg2YTZmODBlYjVmMWE2NzFiNWNiOWRjMiJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjg2NDUwNjg4LCJkaWdlc3QiOiJzaGEyNTY6NGYyNWU2MDVlOTA5MjRlY2FkNDU5ZTE1YzgyM2JlNjk4YTliZDI3NmQ5YWUxZmQxNmI4YzMwMWMzZTM4YzA5ZSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjEyMjg4LCJkaWdlc3QiOiJzaGEyNTY6ZGZhY2I4NjY2MzIzN2E3MDFhMDJlMDExYjliZDdiMjg5MGQxNzRlNWJiNGE2M2JkZDI2MDM5ZTFhYTg0MzlmMSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjkyMTYsImRpZ2VzdCI6InNoYTI1Njo1ZGE0YWI0N2EzNWVmM2ZmYjNkYjRmYWQzMWM2OTllNDVjYTY5MTliYzUwNDg0YzAwYzk4NThlODNjYmI1ZjIzIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjAyODU0NDAsImRpZ2VzdCI6InNoYTI1NjplZGZkZmQ5ZjQ2OTZjM2YzZWM3N2U4MTQwMzQzYjE0ZmY3NjE0ODE1NGUwZWU0ZDljMWM0ODllYjQxYjM1NzY0In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NTE5ODg0OCwiZGlnZXN0Ijoic2hhMjU2OjJkZDU2ODM1ZDhjNTZmMzQ0NGI1NzQ5OGMzMjFjNjZjMTJlZmVjYjM3ZDcwNzI0YzA1MWRiY2I5MzQ2ZGU4ZjkifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozMzM3MjE2LCJkaWdlc3QiOiJzaGEyNTY6NmM3ZGUzYTg5YTA2Y2M2ZmI4MGY4Y2UyMTEzZmUwNGRjOTE5ZDdkZTdjNThjMjVmNjJiMjQ1ZTYxYjc3ZTczZSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIxNTA0LCJkaWdlc3QiOiJzaGEyNTY6OWJjN2M0OTI1NjJmNDY1YmExOWE3N2IzNWU1ZjYzMGQ3NTU5MDA1ZDA3NTNiMmQ4ODhiMTc1YTA3MTI2Yjc4NSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjI1NjAsImRpZ2VzdCI6InNoYTI1NjowMDdkMmYzZWY1Y2ZmOTYyMWFiNjhmNjNiNzhjZDE3MDU0NWUzNjE0ZDVkNTEwMzgxNTQ3NjI4MWRiMWZjYmRjIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2OmNkOWRhYTFjNzJiYjAxYzMyZGIwZmJiZWE3OTk2ODJmMDM0ZWNkZjVkNmViNGU5NTk5NjZhNjk0MmM5OWYyNDkifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozNTg0LCJkaWdlc3QiOiJzaGEyNTY6MDRiYjEzNmZmODQ5YzdlZWRmOTI3YTI4N2I1ZjczNGMxNDczOGY1NDE4MTliYTk0ZWJhNjEzMzFhZDBiMDVjMSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjQxNzI4MCwiZGlnZXN0Ijoic2hhMjU2OjA4ZDUzMjFmODY1MWY2ODQ4YjAzNmU0ZWNlNDMwM2I2YTVkMDUwMjljOTM1NWUwYTFhZDRhNmZlYzVjNjBhZGIifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyMDQ4MCwiZGlnZXN0Ijoic2hhMjU2OjYzYzBkZTBlYWZiOTgyYWY2YjIzMTQ1YzFmYWRhY2NjYzQ1ZGI1ZGRiYTVjOWM1NzBjOWVjZDg5MWY3NDQxNjgifV19", + "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJVc2VyIjoiOTg3NiIsIkV4cG9zZWRQb3J0cyI6eyIyMDIwL3RjcCI6e319LCJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iLCJjb250YWluZXI9b2NpIiwiRkxVRU5UQklUX1ZFUlNJT049IiwiRkxVRU5URE9fQUdFTlRfVkVSU0lPTj0yNS4xMC4xMCJdLCJFbnRyeXBvaW50IjpbIi9mbHVlbnQtYml0L2Jpbi9mbHVlbnQtYml0Il0sIkNtZCI6WyIvZmx1ZW50LWJpdC9iaW4vZmx1ZW50LWJpdCIsIi1jIiwiL2ZsdWVudC1iaXQvZXRjL2ZsdWVudC1iaXQuY29uZiJdLCJXb3JraW5nRGlyIjoiLyIsIkxhYmVscyI6eyJhcmNoaXRlY3R1cmUiOiJ4ODZfNjQiLCJidWlsZC1kYXRlIjoiMjAyNTEyMjItMTAwMzMxIiwiY29tLnJlZGhhdC5jb21wb25lbnQiOiJ1Ymk5LW1pbmltYWwtY29udGFpbmVyIiwiY29tLnJlZGhhdC5saWNlbnNlX3Rlcm1zIjoiaHR0cHM6Ly93d3cucmVkaGF0LmNvbS9lbi9hYm91dC9yZWQtaGF0LWVuZC11c2VyLWxpY2Vuc2UtYWdyZWVtZW50cyNVQkkiLCJkZXNjcmlwdGlvbiI6IkZsdWVudERvIEFnZW50IGlzIGEgc3RhYmxlLCBzZWN1cmUgYnkgZGVmYXVsdCwgT1NTIChBcGFjaGUtbGljZW5zZWQpIGRvd25zdHJlYW0gZGlzdHJpYnV0aW9uIG9mIEZsdWVudCBCaXQgd2l0aCBwcmVkaWN0YWJsZSByZWxlYXNlcyBhbmQgbG9uZy10ZXJtIHN1cHBvcnRlZCB2ZXJzaW9ucyBmb3IgMjQgbW9udGhzLiIsImRpc3RyaWJ1dGlvbi1zY29wZSI6InB1YmxpYyIsImlvLmJ1aWxkYWgudmVyc2lvbiI6IjEuMzkuMC1kZXYiLCJpby5rOHMuZGVzY3JpcHRpb24iOiJGbHVlbnREbyBBZ2VudCBpcyBhIHN0YWJsZSwgc2VjdXJlIGJ5IGRlZmF1bHQsIE9TUyAoQXBhY2hlLWxpY2Vuc2VkKSBkb3duc3RyZWFtIGRpc3RyaWJ1dGlvbiBvZiBGbHVlbnQgQml0IHdpdGggcHJlZGljdGFibGUgcmVsZWFzZXMgYW5kIGxvbmctdGVybSBzdXBwb3J0ZWQgdmVyc2lvbnMgZm9yIDI0IG1vbnRocy4iLCJpby5rOHMuZGlzcGxheS1uYW1lIjoiRmx1ZW50RG8gQWdlbnQiLCJpby5vcGVuc2hpZnQuZXhwb3NlLXNlcnZpY2VzIjoiIiwiaW8ub3BlbnNoaWZ0LnRhZ3MiOiJvYnNlcnZhYmlsaXR5LGxvZ2dpbmcsbG9nLWFnZ3JlZ2F0aW9uLGZsdWVudGRvLGZsdWVudC1iaXQiLCJtYWludGFpbmVyIjoiRmx1ZW50RG8gdmlhIGluZm9AZmx1ZW50LmRvIiwibmFtZSI6IkZsdWVudERvIEFnZW50Iiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLmNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjAzOjMxLjgwOVoiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UuZGVzY3JpcHRpb24iOiJGbHVlbnREbyBBZ2VudCBpcyBhIHN0YWJsZSwgc2VjdXJlIGJ5IGRlZmF1bHQsIE9TUyAoQXBhY2hlLWxpY2Vuc2VkKSBkb3duc3RyZWFtIGRpc3RyaWJ1dGlvbiBvZiBGbHVlbnQgQml0IHdpdGggcHJlZGljdGFibGUgcmVsZWFzZXMgYW5kIGxvbmctdGVybSBzdXBwb3J0ZWQgdmVyc2lvbnMgZm9yIDI0IG1vbnRocy4iLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UubGljZW5zZXMiOiIiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UucmV2aXNpb24iOiJlNGExYjRlYmM4YWNlYzhlNDQ3MzQ0YzkyNTE1MjhhNzEwZGY3YjExIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnNvdXJjZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9GbHVlbnREby9hZ2VudCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS50aXRsZSI6ImFnZW50Iiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9GbHVlbnREby9hZ2VudCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uIjoidjI1LjEwLjEwIiwicmVsZWFzZSI6IjE3NDcxMTEyNjciLCJzdW1tYXJ5IjoiRmx1ZW50RG8gQWdlbnQgaXMgYW4gRW50ZXJwcmlzZSBoYXJkZW5lZCB2ZXJzaW9uIG9mIEZsdWVudCBCaXQiLCJ1cmwiOiJodHRwczovL2ZsdWVudC5kbyIsInZjcy1yZWYiOiI3NTc1ZDdlYjQ1ZWI3ZjU0NWZlZjMxYmEwNjdkZmUzZDhlNTJjNGViIiwidmNzLXR5cGUiOiJnaXQiLCJ2ZW5kb3IiOiJGbHVlbnREbyBhdCBodHRwczovL2ZsdWVudC5kbyIsInZlcnNpb24iOiIyNS4xMC4xMCJ9LCJBcmdzRXNjYXBlZCI6dHJ1ZX0sImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjA4OjIyLjQ2NjkwNDQyOVoiLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNS42Njg0MzA3MDRaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIG1haW50YWluZXI9XCJSZWQgSGF0LCBJbmMuXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNS42ODM2ODQ1ODFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIHZlbmRvcj1cIlJlZCBIYXQsIEluYy5cIiIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI1LjcwMjkyOTI2WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBMQUJFTCB1cmw9XCJodHRwczovL3d3dy5yZWRoYXQuY29tXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNS43MjAzNjM1MDdaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIGNvbS5yZWRoYXQuY29tcG9uZW50PVwidWJpOS1taW5pbWFsLWNvbnRhaW5lclwiICAgICAgIG5hbWU9XCJ1Ymk5LW1pbmltYWxcIiAgICAgICB2ZXJzaW9uPVwiOS41XCIgICAgICAgZGlzdHJpYnV0aW9uLXNjb3BlPVwicHVibGljXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNS43MzYwMDkzMzFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIGNvbS5yZWRoYXQubGljZW5zZV90ZXJtcz1cImh0dHBzOi8vd3d3LnJlZGhhdC5jb20vZW4vYWJvdXQvcmVkLWhhdC1lbmQtdXNlci1saWNlbnNlLWFncmVlbWVudHMjVUJJXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNS43NTI1NjExNjFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIHN1bW1hcnk9XCJQcm92aWRlcyB0aGUgbGF0ZXN0IHJlbGVhc2Ugb2YgdGhlIG1pbmltYWwgUmVkIEhhdCBVbml2ZXJzYWwgQmFzZSBJbWFnZSA5LlwiIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDUtMTNUMDQ6NDI6MjUuNzY3OTI5OThaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIGRlc2NyaXB0aW9uPVwiVGhlIFVuaXZlcnNhbCBCYXNlIEltYWdlIE1pbmltYWwgaXMgYSBzdHJpcHBlZCBkb3duIGltYWdlIHRoYXQgdXNlcyBtaWNyb2RuZiBhcyBhIHBhY2thZ2UgbWFuYWdlci4gVGhpcyBiYXNlIGltYWdlIGlzIGZyZWVseSByZWRpc3RyaWJ1dGFibGUsIGJ1dCBSZWQgSGF0IG9ubHkgc3VwcG9ydHMgUmVkIEhhdCB0ZWNobm9sb2dpZXMgdGhyb3VnaCBzdWJzY3JpcHRpb25zIGZvciBSZWQgSGF0IHByb2R1Y3RzLiBUaGlzIGltYWdlIGlzIG1haW50YWluZWQgYnkgUmVkIEhhdCBhbmQgdXBkYXRlZCByZWd1bGFybHkuXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNS43ODMzNTU5OTFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIGlvLms4cy5kZXNjcmlwdGlvbj1cIlRoZSBVbml2ZXJzYWwgQmFzZSBJbWFnZSBNaW5pbWFsIGlzIGEgc3RyaXBwZWQgZG93biBpbWFnZSB0aGF0IHVzZXMgbWljcm9kbmYgYXMgYSBwYWNrYWdlIG1hbmFnZXIuIFRoaXMgYmFzZSBpbWFnZSBpcyBmcmVlbHkgcmVkaXN0cmlidXRhYmxlLCBidXQgUmVkIEhhdCBvbmx5IHN1cHBvcnRzIFJlZCBIYXQgdGVjaG5vbG9naWVzIHRocm91Z2ggc3Vic2NyaXB0aW9ucyBmb3IgUmVkIEhhdCBwcm9kdWN0cy4gVGhpcyBpbWFnZSBpcyBtYWludGFpbmVkIGJ5IFJlZCBIYXQgYW5kIHVwZGF0ZWQgcmVndWxhcmx5LlwiIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDUtMTNUMDQ6NDI6MjUuODAyMjgyNDU0WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBMQUJFTCBpby5rOHMuZGlzcGxheS1uYW1lPVwiUmVkIEhhdCBVbml2ZXJzYWwgQmFzZSBJbWFnZSA5IE1pbmltYWxcIiIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI1LjgyMDQyODA5M1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgaW8ub3BlbnNoaWZ0LmV4cG9zZS1zZXJ2aWNlcz1cIlwiIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDUtMTNUMDQ6NDI6MjUuODM3MjI4NzM5WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBMQUJFTCBpby5vcGVuc2hpZnQudGFncz1cIm1pbmltYWwgcmhlbDlcIiIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI1Ljg1MzgyNTcyWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBFTlYgY29udGFpbmVyIG9jaSIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI2LjM1NDEwOTA3NVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgQ09QWSBkaXI6MmRjMjUyODljM2IxMGY2ZmFlNjgxZDA4NTQ1MjQ3NGJmNGQxMzNkOGY0MzU1MTBlMGU5YWE2NDExNGI4NjFhYiBpbiAvICIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI2LjQ0NzEyMzIyM1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgQ09QWSBmaWxlOmIzN2Q1OTM3MTNlZTIxYWQ1MmE0Y2QxNDI0ZGMwMTlhMjRmNzk2NmY4NWRmMGFjNGI4NmQyMzQzMDI2OTUzMjggaW4gL2V0Yy95dW0ucmVwb3MuZC8uICIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI2LjQ2MzI3Mjg0N1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgQ01EIFtcIi9iaW4vYmFzaFwiXSIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI2Ljc2NzkwNzA1OFoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAuIC9jYWNoaTIvY2FjaGkyLmVudiBcdTAwMjZcdTAwMjYgICAgIHJtIC1yZiAvdmFyL2xvZy8qIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDUtMTNUMDQ6NDI6MjYuODU3OTg0MjU0WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBDT1BZIGZpbGU6NThjYzk0ZjViM2IyZDYwZGUyYzc3YTZlZDRiMTc5N2RjZWRlNTAyY2NkYjQyOWE3MmU3YTcyZDk5NDIzNWIzYyBpbiAvdXNyL3NoYXJlL2J1aWxkaW5mby9jb250ZW50LXNldHMuanNvbiAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNy4xNjIzNjEyOTFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIFwiYnVpbGQtZGF0ZVwiPVwiMjAyNS0wNS0xM1QwNDo0MjoxMFwiIFwiYXJjaGl0ZWN0dXJlXCI9XCJ4ODZfNjRcIiBcInZjcy10eXBlXCI9XCJnaXRcIiBcInZjcy1yZWZcIj1cIjc1NzVkN2ViNDVlYjdmNTQ1ZmVmMzFiYTA2N2RmZTNkOGU1MmM0ZWJcIiBcInJlbGVhc2VcIj1cIjE3NDcxMTEyNjdcIiJ9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDM6NTAuODUxOTQzMDdaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIG1pY3JvZG5mIHVwZGF0ZSAteSBcdTAwMjZcdTAwMjYgbWljcm9kbmYgaW5zdGFsbCAteSBvcGVuc3NsIGxpYnlhbWwgXHUwMDI2XHUwMDI2IG1pY3JvZG5mIGNsZWFuIGFsbCAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjAzOjUwLjkwMDUwMzYzMVoiLCJjcmVhdGVkX2J5IjoiRVhQT1NFIFsyMDIwL3RjcF0iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjAzOjUwLjkwMDUwMzYzMVoiLCJjcmVhdGVkX2J5IjoiRU5UUllQT0lOVCBbXCIvZmx1ZW50LWJpdC9iaW4vZmx1ZW50LWJpdFwiXSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDM6NTAuOTAwNTAzNjMxWiIsImNyZWF0ZWRfYnkiOiJDTUQgW1wiL2ZsdWVudC1iaXQvYmluL2ZsdWVudC1iaXRcIiBcIi1jXCIgXCIvZmx1ZW50LWJpdC9ldGMvZmx1ZW50LWJpdC5jb25mXCJdIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowMzo1MC45MDA1MDM2MzFaIiwiY3JlYXRlZF9ieSI6IkNPUFkgbGljZW5zZXMvKiAvbGljZW5zZXMvICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDM6NTAuOTU4OTU1Mzc2WiIsImNyZWF0ZWRfYnkiOiJDT1BZIFJFQURNRS5tZCAvaGVscC4xICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMDkyMDA3NjM0WiIsImNyZWF0ZWRfYnkiOiJDT1BZIC9mbHVlbnQtYml0IC9mbHVlbnQtYml0ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMTA3Njk5MzUxWiIsImNyZWF0ZWRfYnkiOiJDT1BZIC91c3IvbG9jYWwvbGliNjQvbGliZ2l0Mi5zbyogL3Vzci9sb2NhbC9saWI2NC8gIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowODoyMi4xMjA3NDgwNDVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgL3Vzci9sb2NhbC9saWIvbGlic3NoMi5zbyogL3Vzci9sb2NhbC9saWIvICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMTk2NjE1MzkzWiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBlY2hvIFwiL3Vzci9sb2NhbC9saWI2NFwiIFx1MDAzZSAvZXRjL2xkLnNvLmNvbmYuZC9sb2NhbC1saWJzLmNvbmYgXHUwMDI2XHUwMDI2ICAgICBlY2hvIFwiL3Vzci9sb2NhbC9saWJcIiBcdTAwM2VcdTAwM2UgL2V0Yy9sZC5zby5jb25mLmQvbG9jYWwtbGlicy5jb25mIFx1MDAyNlx1MDAyNiAgICAgbGRjb25maWcgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowODoyMi4yNzYzOTIyMTRaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIG1rZGlyIC1wIC9vcHQvZmx1ZW50ZG8tYWdlbnQvZXRjICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMjg2OTI2MDUxWiIsImNyZWF0ZWRfYnkiOiJDT1BZIGNvbmZpZy8gL29wdC9mbHVlbnRkby1hZ2VudC9ldGMvICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMjk2NjU0NzA3WiIsImNyZWF0ZWRfYnkiOiJDT1BZIGNvbmZpZy8gL2ZsdWVudC1iaXQvZXRjLyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjA4OjIyLjM4MjE1NTgxOFoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgL2ZsdWVudC1iaXQvYmluL2ZsdWVudC1iaXQgLUogXHUwMDNlIC9mbHVlbnQtYml0L2V0Yy9zY2hlbWEuanNvbiBcdTAwMjZcdTAwMjYgICAgIC9mbHVlbnQtYml0L2Jpbi9mbHVlbnQtYml0IC1KIFx1MDAzZSAvb3B0L2ZsdWVudGRvLWFnZW50L2V0Yy9zY2hlbWEuanNvbiAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjA4OjIyLjM4MjE1NTgxOFoiLCJjcmVhdGVkX2J5IjoiQVJHIEZMVUVOVF9CSVRfVkVSU0lPTiIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMzgyMTU1ODE4WiIsImNyZWF0ZWRfYnkiOiJBUkcgRkxVRU5URE9fQUdFTlRfVkVSU0lPTj0yNS4xMC4xMCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMzgyMTU1ODE4WiIsImNyZWF0ZWRfYnkiOiJFTlYgRkxVRU5UQklUX1ZFUlNJT049IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowODoyMi4zODIxNTU4MThaIiwiY3JlYXRlZF9ieSI6IkVOViBGTFVFTlRET19BR0VOVF9WRVJTSU9OPTI1LjEwLjEwIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowODoyMi4zODIxNTU4MThaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIHZlbmRvcj1GbHVlbnREbyBhdCBodHRwczovL2ZsdWVudC5kbyIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMzgyMTU1ODE4WiIsImNyZWF0ZWRfYnkiOiJMQUJFTCBtYWludGFpbmVyPUZsdWVudERvIHZpYSBpbmZvQGZsdWVudC5kbyIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMzgyMTU1ODE4WiIsImNyZWF0ZWRfYnkiOiJMQUJFTCBuYW1lPUZsdWVudERvIEFnZW50IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowODoyMi4zODIxNTU4MThaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIGlvLms4cy5kaXNwbGF5LW5hbWU9Rmx1ZW50RG8gQWdlbnQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjA4OjIyLjM4MjE1NTgxOFoiLCJjcmVhdGVkX2J5IjoiTEFCRUwgc3VtbWFyeT1GbHVlbnREbyBBZ2VudCBpcyBhbiBFbnRlcnByaXNlIGhhcmRlbmVkIHZlcnNpb24gb2YgRmx1ZW50IEJpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuMzgyMTU1ODE4WiIsImNyZWF0ZWRfYnkiOiJMQUJFTCB1cmw9aHR0cHM6Ly9mbHVlbnQuZG8iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjA4OjIyLjM4MjE1NTgxOFoiLCJjcmVhdGVkX2J5IjoiTEFCRUwgaW8ub3BlbnNoaWZ0LnRhZ3M9b2JzZXJ2YWJpbGl0eSxsb2dnaW5nLGxvZy1hZ2dyZWdhdGlvbixmbHVlbnRkbyxmbHVlbnQtYml0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowODoyMi4zODIxNTU4MThaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIHZlcnNpb249MjUuMTAuMTAiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTEyLTIyVDEwOjA4OjIyLjM4MjE1NTgxOFoiLCJjcmVhdGVkX2J5IjoiTEFCRUwgaW8uazhzLmRlc2NyaXB0aW9uPUZsdWVudERvIEFnZW50IGlzIGEgc3RhYmxlLCBzZWN1cmUgYnkgZGVmYXVsdCwgT1NTIChBcGFjaGUtbGljZW5zZWQpIGRvd25zdHJlYW0gZGlzdHJpYnV0aW9uIG9mIEZsdWVudCBCaXQgd2l0aCBwcmVkaWN0YWJsZSByZWxlYXNlcyBhbmQgbG9uZy10ZXJtIHN1cHBvcnRlZCB2ZXJzaW9ucyBmb3IgMjQgbW9udGhzLiIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMTItMjJUMTA6MDg6MjIuNDY2OTA0NDI5WiIsImNyZWF0ZWRfYnkiOiJSVU4gfDIgRkxVRU5UX0JJVF9WRVJTSU9OPSBGTFVFTlRET19BR0VOVF9WRVJTSU9OPTI1LjEwLjEwIC9iaW4vc2ggLWMgdXNlcmFkZCAtdSA5ODc2IC1tIC1zIC9iaW4vZmFsc2UgZmx1ZW50ZG8tYWdlbnQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNS0xMi0yMlQxMDowODoyMi40NjY5MDQ0MjlaIiwiY3JlYXRlZF9ieSI6IlVTRVIgOTg3NiIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9XSwib3MiOiJsaW51eCIsInJvb3RmcyI6eyJ0eXBlIjoibGF5ZXJzIiwiZGlmZl9pZHMiOlsic2hhMjU2OjdiOWQ4ZWUwNmJlYjg3OTRkMTQzNWFjYTI1ZWQ3NjEzZTQyOGIwMGE4NmE2ZjgwZWI1ZjFhNjcxYjVjYjlkYzIiLCJzaGEyNTY6NGYyNWU2MDVlOTA5MjRlY2FkNDU5ZTE1YzgyM2JlNjk4YTliZDI3NmQ5YWUxZmQxNmI4YzMwMWMzZTM4YzA5ZSIsInNoYTI1NjpkZmFjYjg2NjYzMjM3YTcwMWEwMmUwMTFiOWJkN2IyODkwZDE3NGU1YmI0YTYzYmRkMjYwMzllMWFhODQzOWYxIiwic2hhMjU2OjVkYTRhYjQ3YTM1ZWYzZmZiM2RiNGZhZDMxYzY5OWU0NWNhNjkxOWJjNTA0ODRjMDBjOTg1OGU4M2NiYjVmMjMiLCJzaGEyNTY6ZWRmZGZkOWY0Njk2YzNmM2VjNzdlODE0MDM0M2IxNGZmNzYxNDgxNTRlMGVlNGQ5YzFjNDg5ZWI0MWIzNTc2NCIsInNoYTI1NjoyZGQ1NjgzNWQ4YzU2ZjM0NDRiNTc0OThjMzIxYzY2YzEyZWZlY2IzN2Q3MDcyNGMwNTFkYmNiOTM0NmRlOGY5Iiwic2hhMjU2OjZjN2RlM2E4OWEwNmNjNmZiODBmOGNlMjExM2ZlMDRkYzkxOWQ3ZGU3YzU4YzI1ZjYyYjI0NWU2MWI3N2U3M2UiLCJzaGEyNTY6OWJjN2M0OTI1NjJmNDY1YmExOWE3N2IzNWU1ZjYzMGQ3NTU5MDA1ZDA3NTNiMmQ4ODhiMTc1YTA3MTI2Yjc4NSIsInNoYTI1NjowMDdkMmYzZWY1Y2ZmOTYyMWFiNjhmNjNiNzhjZDE3MDU0NWUzNjE0ZDVkNTEwMzgxNTQ3NjI4MWRiMWZjYmRjIiwic2hhMjU2OmNkOWRhYTFjNzJiYjAxYzMyZGIwZmJiZWE3OTk2ODJmMDM0ZWNkZjVkNmViNGU5NTk5NjZhNjk0MmM5OWYyNDkiLCJzaGEyNTY6MDRiYjEzNmZmODQ5YzdlZWRmOTI3YTI4N2I1ZjczNGMxNDczOGY1NDE4MTliYTk0ZWJhNjEzMzFhZDBiMDVjMSIsInNoYTI1NjowOGQ1MzIxZjg2NTFmNjg0OGIwMzZlNGVjZTQzMDNiNmE1ZDA1MDI5YzkzNTVlMGExYWQ0YTZmZWM1YzYwYWRiIiwic2hhMjU2OjYzYzBkZTBlYWZiOTgyYWY2YjIzMTQ1YzFmYWRhY2NjYzQ1ZGI1ZGRiYTVjOWM1NzBjOWVjZDg5MWY3NDQxNjgiXX19", + "repoDigests": [ + "ghcr.io/fluentdo/agent@sha256:36b800f0964925b6e7fd3c1dc8483798ce10dbb06bd098dc5309a9937318f6c0" + ], + "architecture": "amd64", + "os": "linux", + "labels": { + "architecture": "x86_64", + "build-date": "20251222-100331", + "com.redhat.component": "ubi9-minimal-container", + "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", + "description": "FluentDo Agent is a stable, secure by default, OSS (Apache-licensed) downstream distribution of Fluent Bit with predictable releases and long-term supported versions for 24 months.", + "distribution-scope": "public", + "io.buildah.version": "1.39.0-dev", + "io.k8s.description": "FluentDo Agent is a stable, secure by default, OSS (Apache-licensed) downstream distribution of Fluent Bit with predictable releases and long-term supported versions for 24 months.", + "io.k8s.display-name": "FluentDo Agent", + "io.openshift.expose-services": "", + "io.openshift.tags": "observability,logging,log-aggregation,fluentdo,fluent-bit", + "maintainer": "FluentDo via info@fluent.do", + "name": "FluentDo Agent", + "org.opencontainers.image.created": "2025-12-22T10:03:31.809Z", + "org.opencontainers.image.description": "FluentDo Agent is a stable, secure by default, OSS (Apache-licensed) downstream distribution of Fluent Bit with predictable releases and long-term supported versions for 24 months.", + "org.opencontainers.image.licenses": "", + "org.opencontainers.image.revision": "e4a1b4ebc8acec8e447344c9251528a710df7b11", + "org.opencontainers.image.source": "https://github.com/FluentDo/agent", + "org.opencontainers.image.title": "agent", + "org.opencontainers.image.url": "https://github.com/FluentDo/agent", + "org.opencontainers.image.version": "v25.10.10", + "release": "1747111267", + "summary": "FluentDo Agent is an Enterprise hardened version of Fluent Bit", + "url": "https://fluent.do", + "vcs-ref": "7575d7eb45eb7f545fef31ba067dfe3d8e52c4eb", + "vcs-type": "git", + "vendor": "FluentDo at https://fluent.do", + "version": "25.10.10" + } + } + }, + "distro": { + "prettyName": "Red Hat Enterprise Linux 9.7 (Plow)", + "name": "Red Hat Enterprise Linux", + "id": "rhel", + "idLike": [ + "fedora" + ], + "version": "9.7 (Plow)", + "versionID": "9.7", + "homeURL": "https://www.redhat.com/", + "bugReportURL": "https://issues.redhat.com/", + "cpeName": "cpe:/o:redhat:enterprise_linux:9::baseos" + }, + "descriptor": { + "name": "syft", + "version": "1.38.2", + "configuration": { + "catalogers": { + "requested": { + "default": [ + "image", + "file" + ] + }, + "used": [ + "alpm-db-cataloger", + "apk-db-cataloger", + "binary-classifier-cataloger", + "bitnami-cataloger", + "cargo-auditable-binary-cataloger", + "conan-info-cataloger", + "dotnet-deps-binary-cataloger", + "dotnet-packages-lock-cataloger", + "dpkg-db-cataloger", + "elf-binary-package-cataloger", + "file-content-cataloger", + "file-digest-cataloger", + "file-executable-cataloger", + "file-metadata-cataloger", + "gguf-cataloger", + "go-module-binary-cataloger", + "graalvm-native-image-cataloger", + "homebrew-cataloger", + "java-archive-cataloger", + "java-jvm-cataloger", + "javascript-package-cataloger", + "linux-kernel-cataloger", + "lua-rock-cataloger", + "nix-cataloger", + "pe-binary-package-cataloger", + "php-composer-installed-cataloger", + "php-interpreter-cataloger", + "php-pear-serialized-cataloger", + "portage-cataloger", + "python-installed-package-cataloger", + "r-package-cataloger", + "rpm-db-cataloger", + "ruby-installed-gemspec-cataloger", + "snap-cataloger", + "wordpress-plugins-cataloger" + ] + }, + "data-generation": { + "generate-cpes": true + }, + "files": { + "content": { + "globs": null, + "skip-files-above-size": 0 + }, + "hashers": [ + "sha-1", + "sha-256" + ], + "selection": "owned-by-package" + }, + "licenses": { + "coverage": 75, + "include-content": "none" + }, + "packages": { + "binary": [ + "python-binary", + "python-binary-lib", + "pypy-binary-lib", + "go-binary", + "julia-binary", + "helm", + "redis-binary", + "nodejs-binary", + "go-binary-hint", + "busybox-binary", + "util-linux-binary", + "haproxy-binary", + "perl-binary", + "php-composer-binary", + "httpd-binary", + "memcached-binary", + "traefik-binary", + "arangodb-binary", + "postgresql-binary", + "mysql-binary", + "mysql-binary", + "mysql-binary", + "xtrabackup-binary", + "mariadb-binary", + "rust-standard-library-linux", + "rust-standard-library-macos", + "ruby-binary", + "erlang-binary", + "erlang-alpine-binary", + "erlang-library", + "swipl-binary", + "dart-binary", + "haskell-ghc-binary", + "haskell-cabal-binary", + "haskell-stack-binary", + "consul-binary", + "hashicorp-vault-binary", + "nginx-binary", + "bash-binary", + "openssl-binary", + "gcc-binary", + "fluent-bit-binary", + "wordpress-cli-binary", + "curl-binary", + "lighttpd-binary", + "proftpd-binary", + "zstd-binary", + "xz-binary", + "gzip-binary", + "sqlcipher-binary", + "jq-binary", + "chrome-binary", + "ffmpeg-binary", + "ffmpeg-library", + "ffmpeg-library", + "elixir-binary", + "elixir-library", + "java-binary", + "java-jdb-binary" + ], + "dotnet": { + "dep-packages-must-claim-dll": true, + "dep-packages-must-have-dll": false, + "propagate-dll-claims-to-parents": true, + "relax-dll-claims-when-bundling-detected": true + }, + "golang": { + "local-mod-cache-dir": "go/pkg/mod", + "local-vendor-dir": "", + "main-module-version": { + "from-build-settings": true, + "from-contents": false, + "from-ld-flags": true + }, + "proxies": [ + "https://proxy.golang.org", + "direct" + ], + "search-local-mod-cache-licenses": false, + "search-local-vendor-licenses": false, + "search-remote-licenses": false + }, + "java-archive": { + "include-indexed-archives": true, + "include-unindexed-archives": false, + "maven-base-url": "https://repo1.maven.org/maven2", + "maven-localrepository-dir": ".m2/repository", + "max-parent-recursive-depth": 0, + "resolve-transitive-dependencies": false, + "use-maven-localrepository": false, + "use-network": false + }, + "javascript": { + "include-dev-dependencies": false, + "npm-base-url": "https://registry.npmjs.org", + "search-remote-licenses": false + }, + "linux-kernel": { + "catalog-modules": true + }, + "nix": { + "capture-owned-files": false + }, + "python": { + "guess-unpinned-requirements": false, + "pypi-base-url": "https://pypi.org/pypi", + "search-remote-licenses": false + } + }, + "relationships": { + "exclude-binary-packages-with-file-ownership-overlap": true, + "package-file-ownership": true, + "package-file-ownership-overlap": true + }, + "search": { + "scope": "squashed" + } + } + }, + "schema": { + "version": "16.1.0", + "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-16.1.0.json" + } +} diff --git a/docs/security/cves.md b/docs/security/cves.md index 226fe14..9712544 100644 --- a/docs/security/cves.md +++ b/docs/security/cves.md @@ -21,6 +21,15 @@ Full unfiltered reports are shown below, covering all severities and without any - [CycloneDX JSON SBOM](agent/cyclonedx-25.10.1.cdx.json) - [SPDX JSON SBOM](agent/spdx-25.10.1.spdx.json) +### Agent Version: 25.10.10 + +- [Grype Markdown Report](agent/grype-25.10.10.md) +- [Grype JSON Report](agent/grype-25.10.10.json) + +- [Syft JSON SBOM](agent/syft-25.10.10.json) +- [CycloneDX JSON SBOM](agent/cyclonedx-25.10.10.cdx.json) +- [SPDX JSON SBOM](agent/spdx-25.10.10.spdx.json) + ### Agent Version: 25.10.2 - [Grype Markdown Report](agent/grype-25.10.2.md) diff --git a/docs/security/oss/grype-4.0.10.json b/docs/security/oss/grype-4.0.10.json index be31832..3a481be 100644 --- a/docs/security/oss/grype-4.0.10.json +++ b/docs/security/oss/grype-4.0.10.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -837,129 +837,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.07125000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:b4a39b70e964ebebbece567bb17d6f8248c6267b5bda8c42de06b7037fa560b5", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2019-9192", @@ -973,8 +850,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1033,8 +910,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1128,8 +1005,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1182,8 +1059,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1271,8 +1148,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ], "fix": { @@ -1315,8 +1192,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ] } @@ -1370,153 +1247,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.034550000000000004 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" - ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-12818", @@ -1543,8 +1273,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1590,8 +1320,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1666,8 +1396,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1728,8 +1458,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1800,8 +1530,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -1860,8 +1590,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -1945,8 +1675,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2005,8 +1735,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2081,8 +1811,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2141,8 +1871,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2222,8 +1952,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2282,8 +2012,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2371,8 +2101,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -2447,8 +2177,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -2553,8 +2283,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -2617,8 +2347,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -2727,8 +2457,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ @@ -2807,8 +2537,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -2870,8 +2600,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -2965,8 +2695,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ], "fix": { @@ -3032,8 +2762,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ] } @@ -3106,6 +2836,276 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.0165 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:b4a39b70e964ebebbece567bb17d6f8248c6267b5bda8c42de06b7037fa560b5", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.015950000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-9232", @@ -3131,9 +3131,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -3163,7 +3163,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" } ], - "risk": 0.014715000000000002 + "risk": 0.01526 }, "relatedVulnerabilities": [ { @@ -3198,9 +3198,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -3312,8 +3312,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -3359,8 +3359,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -3422,130 +3422,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011100000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:b4a39b70e964ebebbece567bb17d6f8248c6267b5bda8c42de06b7037fa560b5", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2020-15719", @@ -3559,8 +3435,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -3624,8 +3500,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -3709,8 +3585,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3757,8 +3633,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3842,8 +3718,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3890,8 +3766,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3966,8 +3842,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4014,8 +3890,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4095,8 +3971,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4143,8 +4019,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4219,8 +4095,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -4276,8 +4152,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -4367,8 +4243,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -4434,6 +4310,130 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0095 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:b4a39b70e964ebebbece567bb17d6f8248c6267b5bda8c42de06b7037fa560b5", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2019-1010022", @@ -4447,8 +4447,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -4509,8 +4509,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -4604,8 +4604,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4671,8 +4671,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4753,8 +4753,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4820,8 +4820,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4898,8 +4898,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -4958,8 +4958,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -5043,8 +5043,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -5093,8 +5093,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -5169,8 +5169,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -5219,8 +5219,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -5291,8 +5291,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5341,8 +5341,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5417,8 +5417,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5467,8 +5467,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5538,9 +5538,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5556,7 +5556,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5586,9 +5586,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5671,9 +5671,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5689,7 +5689,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5719,9 +5719,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5795,9 +5795,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5813,7 +5813,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5843,9 +5843,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5924,9 +5924,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5942,7 +5942,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5972,9 +5972,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -6049,8 +6049,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -6116,8 +6116,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -6198,8 +6198,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -6265,8 +6265,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -6343,8 +6343,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6404,8 +6404,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6512,8 +6512,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6573,8 +6573,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6649,8 +6649,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6710,8 +6710,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6814,8 +6814,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6875,8 +6875,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6974,8 +6974,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7035,8 +7035,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7134,8 +7134,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -7182,8 +7182,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -7279,8 +7279,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -7321,8 +7321,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -7762,87 +7762,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/oss/grype-4.0.10.md b/docs/security/oss/grype-4.0.10.md index 30afa8b..33919c6 100644 --- a/docs/security/oss/grype-4.0.10.md +++ b/docs/security/oss/grype-4.0.10.md @@ -6,8 +6,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | fluent-bit | 4.0.10 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | @@ -20,7 +20,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -29,13 +28,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.11.json b/docs/security/oss/grype-4.0.11.json index 4161ab0..176bc6d 100644 --- a/docs/security/oss/grype-4.0.11.json +++ b/docs/security/oss/grype-4.0.11.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -837,129 +837,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.07125000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:43789fe97f5566d641028c0fae496e6c7e5e76709b6cf6b2a7768453a3915cfb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2019-9192", @@ -973,8 +850,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1033,8 +910,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1128,8 +1005,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1182,8 +1059,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1271,8 +1148,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ], "fix": { @@ -1315,8 +1192,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ] } @@ -1370,153 +1247,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.034550000000000004 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" - ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-12818", @@ -1543,8 +1273,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1590,8 +1320,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1666,8 +1396,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1728,8 +1458,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1800,8 +1530,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -1860,8 +1590,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -1945,8 +1675,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2005,8 +1735,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2081,8 +1811,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2141,8 +1871,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2222,8 +1952,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2282,8 +2012,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2371,8 +2101,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -2447,8 +2177,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -2553,8 +2283,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -2617,8 +2347,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -2727,8 +2457,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ @@ -2807,8 +2537,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -2870,8 +2600,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -2965,8 +2695,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ], "fix": { @@ -3032,8 +2762,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ] } @@ -3106,6 +2836,276 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.0165 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:43789fe97f5566d641028c0fae496e6c7e5e76709b6cf6b2a7768453a3915cfb", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.015950000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-9232", @@ -3131,9 +3131,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -3163,7 +3163,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" } ], - "risk": 0.014715000000000002 + "risk": 0.01526 }, "relatedVulnerabilities": [ { @@ -3198,9 +3198,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -3312,8 +3312,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -3359,8 +3359,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -3422,130 +3422,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011100000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:43789fe97f5566d641028c0fae496e6c7e5e76709b6cf6b2a7768453a3915cfb", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2020-15719", @@ -3559,8 +3435,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -3624,8 +3500,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -3709,8 +3585,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3757,8 +3633,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3842,8 +3718,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3890,8 +3766,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3966,8 +3842,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4014,8 +3890,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4095,8 +3971,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4143,8 +4019,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4219,8 +4095,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -4276,8 +4152,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -4367,8 +4243,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -4434,6 +4310,130 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0095 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:43789fe97f5566d641028c0fae496e6c7e5e76709b6cf6b2a7768453a3915cfb", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2019-1010022", @@ -4447,8 +4447,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -4509,8 +4509,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -4604,8 +4604,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4671,8 +4671,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4753,8 +4753,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4820,8 +4820,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4898,8 +4898,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -4958,8 +4958,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -5043,8 +5043,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -5093,8 +5093,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -5169,8 +5169,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -5219,8 +5219,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -5291,8 +5291,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5341,8 +5341,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5417,8 +5417,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5467,8 +5467,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5538,9 +5538,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5556,7 +5556,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5586,9 +5586,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5671,9 +5671,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5689,7 +5689,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5719,9 +5719,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5795,9 +5795,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5813,7 +5813,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5843,9 +5843,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5924,9 +5924,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5942,7 +5942,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5972,9 +5972,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -6049,8 +6049,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -6116,8 +6116,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -6198,8 +6198,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -6265,8 +6265,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -6343,8 +6343,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6404,8 +6404,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6512,8 +6512,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6573,8 +6573,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6649,8 +6649,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6710,8 +6710,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6814,8 +6814,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6875,8 +6875,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6974,8 +6974,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7035,8 +7035,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7134,8 +7134,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -7182,8 +7182,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -7279,8 +7279,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -7321,8 +7321,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -7762,87 +7762,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/oss/grype-4.0.11.md b/docs/security/oss/grype-4.0.11.md index 479cbef..8f0f8b8 100644 --- a/docs/security/oss/grype-4.0.11.md +++ b/docs/security/oss/grype-4.0.11.md @@ -6,8 +6,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | fluent-bit | 4.0.11 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | @@ -20,7 +20,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -29,13 +28,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.12.json b/docs/security/oss/grype-4.0.12.json index ae0903c..549dc34 100644 --- a/docs/security/oss/grype-4.0.12.json +++ b/docs/security/oss/grype-4.0.12.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -837,129 +837,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.07125000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:417b18e12362eb08bbee953a1a4ffe7152162c98178006fd3274e3a6e11d36df", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2019-9192", @@ -973,8 +850,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1033,8 +910,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1128,8 +1005,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1182,8 +1059,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1271,8 +1148,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ], "fix": { @@ -1315,8 +1192,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ] } @@ -1370,153 +1247,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.034550000000000004 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" - ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-12818", @@ -1543,8 +1273,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1590,8 +1320,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1666,8 +1396,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1728,8 +1458,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1800,8 +1530,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -1860,8 +1590,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -1945,8 +1675,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2005,8 +1735,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2081,8 +1811,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2141,8 +1871,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2222,8 +1952,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2282,8 +2012,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2358,8 +2088,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -2422,8 +2152,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -2532,8 +2262,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ @@ -2612,8 +2342,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -2675,8 +2405,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -2770,8 +2500,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ], "fix": { @@ -2837,8 +2567,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ] } @@ -2913,40 +2643,32 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { @@ -2954,46 +2676,41 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.014029999999999999 + "risk": 0.0165 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -3008,27 +2725,27 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12817", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:417b18e12362eb08bbee953a1a4ffe7152162c98178006fd3274e3a6e11d36df", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -3037,39 +2754,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "postgresql-15" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3077,50 +2794,205 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.015950000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "namespace": "debian:distro:debian:12", + "severity": "Low", + "urls": [], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12817", + "epss": 0.00046, + "percentile": 0.14172, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.014029999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2025-12817/" + ], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" + "cve": "CVE-2025-12817", + "epss": 0.00046, + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] @@ -3128,7 +3000,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3136,27 +3008,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2025-12817", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:417b18e12362eb08bbee953a1a4ffe7152162c98178006fd3274e3a6e11d36df", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -3165,10 +3037,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "upstreams": [ + { + "name": "postgresql-15" + } + ] } }, { @@ -3184,8 +3060,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -3249,8 +3125,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -3334,8 +3210,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3382,8 +3258,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3467,8 +3343,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3515,8 +3391,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3591,8 +3467,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3639,8 +3515,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3720,8 +3596,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3768,8 +3644,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3844,8 +3720,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -3901,8 +3777,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -3992,8 +3868,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -4059,6 +3935,130 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0095 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:417b18e12362eb08bbee953a1a4ffe7152162c98178006fd3274e3a6e11d36df", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2019-1010022", @@ -4072,8 +4072,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -4134,8 +4134,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -4229,8 +4229,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4296,8 +4296,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4378,8 +4378,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4445,8 +4445,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4523,8 +4523,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -4583,8 +4583,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -4668,8 +4668,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -4718,8 +4718,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -4794,8 +4794,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -4844,8 +4844,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -4916,8 +4916,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -4966,8 +4966,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5042,8 +5042,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5092,8 +5092,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5163,9 +5163,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5181,7 +5181,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5211,9 +5211,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5296,9 +5296,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5314,7 +5314,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5344,9 +5344,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5420,9 +5420,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5438,7 +5438,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5468,9 +5468,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5549,9 +5549,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5567,7 +5567,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5597,9 +5597,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5674,8 +5674,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -5741,8 +5741,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -5823,8 +5823,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -5890,8 +5890,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -5968,8 +5968,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6029,8 +6029,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6137,8 +6137,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6198,8 +6198,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6274,8 +6274,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6335,8 +6335,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6439,8 +6439,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6500,8 +6500,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6599,8 +6599,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6660,8 +6660,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6759,8 +6759,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -6807,8 +6807,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -6904,8 +6904,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -6946,8 +6946,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -7387,87 +7387,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/oss/grype-4.0.12.md b/docs/security/oss/grype-4.0.12.md index 9200be7..238fc8f 100644 --- a/docs/security/oss/grype-4.0.12.md +++ b/docs/security/oss/grype-4.0.12.md @@ -18,7 +18,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -27,13 +26,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.13.json b/docs/security/oss/grype-4.0.13.json index c19fcbf..cd805be 100644 --- a/docs/security/oss/grype-4.0.13.json +++ b/docs/security/oss/grype-4.0.13.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -837,129 +837,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.07125000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2019-9192", @@ -973,8 +850,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1033,8 +910,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1128,8 +1005,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1182,8 +1059,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1271,8 +1148,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ], "fix": { @@ -1315,8 +1192,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ] } @@ -1370,153 +1247,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.034550000000000004 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" - ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-12818", @@ -1543,8 +1273,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1590,8 +1320,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1666,8 +1396,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1728,8 +1458,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1800,8 +1530,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -1860,8 +1590,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -1945,8 +1675,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2005,8 +1735,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2081,8 +1811,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2141,8 +1871,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2222,8 +1952,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2282,8 +2012,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2358,8 +2088,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -2422,8 +2152,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -2532,8 +2262,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ @@ -2612,8 +2342,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -2675,8 +2405,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -2770,8 +2500,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ], "fix": { @@ -2837,8 +2567,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ] } @@ -2913,40 +2643,32 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { @@ -2954,46 +2676,41 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.014029999999999999 + "risk": 0.0165 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -3008,27 +2725,27 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12817", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -3037,39 +2754,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "postgresql-15" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3077,50 +2794,205 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.015950000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "namespace": "debian:distro:debian:12", + "severity": "Low", + "urls": [], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12817", + "epss": 0.00046, + "percentile": 0.14172, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.014029999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2025-12817/" + ], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" + "cve": "CVE-2025-12817", + "epss": 0.00046, + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] @@ -3128,7 +3000,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3136,27 +3008,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2025-12817", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -3165,10 +3037,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "upstreams": [ + { + "name": "postgresql-15" + } + ] } }, { @@ -3184,8 +3060,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -3249,8 +3125,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -3334,8 +3210,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3382,8 +3258,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3467,8 +3343,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3515,8 +3391,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3591,8 +3467,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3639,8 +3515,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3720,8 +3596,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3768,8 +3644,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -3844,8 +3720,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -3901,8 +3777,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -3992,8 +3868,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -4059,6 +3935,130 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0095 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2019-1010022", @@ -4072,8 +4072,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -4134,8 +4134,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -4229,8 +4229,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4296,8 +4296,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4378,8 +4378,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4445,8 +4445,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -4523,8 +4523,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -4583,8 +4583,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -4668,8 +4668,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -4718,8 +4718,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -4794,8 +4794,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -4844,8 +4844,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -4916,8 +4916,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -4966,8 +4966,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5042,8 +5042,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5092,8 +5092,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5163,9 +5163,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5181,7 +5181,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5211,9 +5211,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5296,9 +5296,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5314,7 +5314,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5344,9 +5344,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5420,9 +5420,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5438,7 +5438,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5468,9 +5468,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5549,9 +5549,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5567,7 +5567,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -5597,9 +5597,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -5674,8 +5674,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -5741,8 +5741,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -5823,8 +5823,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -5890,8 +5890,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -5968,8 +5968,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6029,8 +6029,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6137,8 +6137,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6198,8 +6198,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6274,8 +6274,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6335,8 +6335,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6439,8 +6439,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6500,8 +6500,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6599,8 +6599,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6660,8 +6660,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6759,8 +6759,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -6807,8 +6807,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -6904,8 +6904,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -6946,8 +6946,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -7387,87 +7387,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/oss/grype-4.0.13.md b/docs/security/oss/grype-4.0.13.md index e9e7fc8..b8aec7a 100644 --- a/docs/security/oss/grype-4.0.13.md +++ b/docs/security/oss/grype-4.0.13.md @@ -18,7 +18,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -27,13 +26,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.3.json b/docs/security/oss/grype-4.0.3.json index f271d03..ec64518 100644 --- a/docs/security/oss/grype-4.0.3.json +++ b/docs/security/oss/grype-4.0.3.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ] } @@ -556,9 +556,9 @@ "epss": [ { "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ @@ -588,7 +588,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-5962-1" } ], - "risk": 0.08635 + "risk": 0.12167499999999998 }, "relatedVulnerabilities": [ { @@ -640,9 +640,9 @@ "epss": [ { "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ @@ -707,6 +707,182 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-32988", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-32988", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 8.2, + "exploitabilityScore": 3.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.7.9-2+deb12u5" + ], + "state": "fixed", + "available": [ + { + "version": "3.7.9-2+deb12u5", + "date": "2025-07-16", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-5962-1", + "link": "https://security-tracker.debian.org/tracker/DSA-5962-1" + } + ], + "risk": 0.091845 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + ], + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 8.2, + "exploitabilityScore": 3.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "gnutls28", + "version": "3.7.9-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-32988", + "versionConstraint": "< 3.7.9-2+deb12u5 (deb)" + }, + "fix": { + "suggestedVersion": "3.7.9-2+deb12u5" + } + } + ], + "artifact": { + "id": "323290daf0bb11df", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u4", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgnutls30", + "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u4:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=gnutls28", + "upstreams": [ + { + "name": "gnutls28" + } + ] + } + }, { "vulnerability": { "id": "CVE-2018-20796", @@ -720,8 +896,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -783,8 +959,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -878,8 +1054,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -941,8 +1117,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -1015,74 +1191,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-8715", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8715", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-8715", + "epss": 0.00072, + "percentile": 0.22342, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8715", + "cwe": "CWE-93", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.07125000000000001 + "risk": 0.05868 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-8715", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8715", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://www.postgresql.org/support/security/CVE-2025-8715/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-8715", + "epss": 0.00072, + "percentile": 0.22342, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8715", + "cwe": "CWE-93", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -1097,27 +1295,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8715", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -1126,33 +1327,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-32988", + "id": "CVE-2025-6395", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-6395", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 8.2, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.3, "impactScore": 4.3 }, "vendorMetadata": {} @@ -1160,16 +1361,16 @@ ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", + "cve": "CVE-2025-6395", + "cwe": "CWE-476", "source": "secalert@redhat.com", "type": "Secondary" } @@ -1193,14 +1394,14 @@ "link": "https://security-tracker.debian.org/tracker/DSA-5962-1" } ], - "risk": 0.065155 + "risk": 0.048299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", + "id": "CVE-2025-6395", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2025:16115", "https://access.redhat.com/errata/RHSA-2025:16116", @@ -1210,25 +1411,13 @@ "https://access.redhat.com/errata/RHSA-2025:17415", "https://access.redhat.com/errata/RHSA-2025:19088", "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", + "https://access.redhat.com/security/cve/CVE-2025-6395", + "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", "http://www.openwall.com/lists/oss-security/2025/07/11/3", "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 8.2, - "exploitabilityScore": 3.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -1244,16 +1433,16 @@ ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", + "cve": "CVE-2025-6395", + "cwe": "CWE-476", "source": "secalert@redhat.com", "type": "Secondary" } @@ -1276,7 +1465,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-32988", + "vulnerabilityID": "CVE-2025-6395", "versionConstraint": "< 3.7.9-2+deb12u5 (deb)" }, "fix": { @@ -1312,154 +1501,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-8715", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8715", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-8715", - "epss": 0.00072, - "percentile": 0.22219, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8715", - "cwe": "CWE-93", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "15.14-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" - } - ] - }, - "advisories": [], - "risk": 0.05868 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-8715", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8715", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8715/" - ], - "description": "Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-8715", - "epss": 0.00072, - "percentile": 0.22219, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8715", - "cwe": "CWE-93", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-8715", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.14-0+deb12u1" - } - } - ], - "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libpq5", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", - "upstreams": [ - { - "name": "postgresql-15" - } - ] - } - }, { "vulnerability": { "id": "CVE-2019-9192", @@ -1473,8 +1514,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1533,8 +1574,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1628,8 +1669,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1682,8 +1723,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1747,15 +1788,15 @@ }, { "vulnerability": { - "id": "CVE-2025-10148", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", + "id": "CVE-2025-32989", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-32989", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", @@ -1769,37 +1810,63 @@ ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32989", + "cwe": "CWE-295", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.7.9-2+deb12u5" + ], + "state": "fixed", + "available": [ + { + "version": "3.7.9-2+deb12u5", + "date": "2025-07-16", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.03605 + "advisories": [ + { + "id": "DSA-5962-1", + "link": "https://security-tracker.debian.org/tracker/DSA-5962-1" + } + ], + "risk": 0.044289999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10148", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", - "namespace": "nvd:cpe", + "id": "CVE-2025-32989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", + "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10148.html", - "https://curl.se/docs/CVE-2025-10148.json", - "https://hackerone.com/reports/3330839", - "http://www.openwall.com/lists/oss-security/2025/09/10/2", - "http://www.openwall.com/lists/oss-security/2025/09/10/3", - "http://www.openwall.com/lists/oss-security/2025/09/10/4" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", + "http://www.openwall.com/lists/oss-security/2025/07/11/3" ], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", @@ -1813,10 +1880,18 @@ ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32989", + "cwe": "CWE-295", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -1831,27 +1906,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "gnutls28", + "version": "3.7.9-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10148", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32989", + "versionConstraint": "< 3.7.9-2+deb12u5 (deb)" + }, + "fix": { + "suggestedVersion": "3.7.9-2+deb12u5" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "323290daf0bb11df", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libgnutls30", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } @@ -1860,91 +1938,88 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=gnutls28", "upstreams": [ { - "name": "curl" + "name": "gnutls28" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2025-10148", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ + "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "cvss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.21642, + "date": "2025-12-21" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.034550000000000004 + "risk": 0.03605 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2025-10148", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://curl.se/docs/CVE-2025-10148.html", + "https://curl.se/docs/CVE-2025-10148.json", + "https://hackerone.com/reports/3330839", + "http://www.openwall.com/lists/oss-security/2025/09/10/2", + "http://www.openwall.com/lists/oss-security/2025/09/10/3", + "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.21642, + "date": "2025-12-21" } ] } @@ -1959,303 +2034,120 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2025-10148", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-6395", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-6395", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", - "source": "secalert@redhat.com", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [ - "3.7.9-2+deb12u5" - ], - "state": "fixed", - "available": [ - { - "version": "3.7.9-2+deb12u5", - "date": "2025-07-16", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-5962-1", - "link": "https://security-tracker.debian.org/tracker/DSA-5962-1" - } - ], - "risk": 0.033925 + "advisories": [], + "risk": 0.031065 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6395", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-6395", - "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u4" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-6395", - "versionConstraint": "< 3.7.9-2+deb12u5 (deb)" - }, - "fix": { - "suggestedVersion": "3.7.9-2+deb12u5" - } - } - ], - "artifact": { - "id": "323290daf0bb11df", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u4", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30", - "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u4:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.031065 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" - ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -2330,8 +2222,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -2392,8 +2284,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -2453,108 +2345,108 @@ }, { "vulnerability": { - "id": "CVE-2025-32989", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-32989", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" + "cve": "CVE-2025-3576", + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "3.7.9-2+deb12u5" + "1.20.1-2+deb12u4" ], "state": "fixed", "available": [ { - "version": "3.7.9-2+deb12u5", - "date": "2025-07-16", - "kind": "advisory" + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" } ] }, - "advisories": [ - { - "id": "DSA-5962-1", - "link": "https://security-tracker.debian.org/tracker/DSA-5962-1" - } - ], - "risk": 0.028325000000000003 + "advisories": [], + "risk": 0.026705 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", - "http://www.openwall.com/lists/oss-security/2025/07/11/3" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" + "cve": "CVE-2025-3576", + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2571,30 +2463,30 @@ "version": "12" }, "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u4" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-32989", - "versionConstraint": "< 3.7.9-2+deb12u5 (deb)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" }, "fix": { - "suggestedVersion": "3.7.9-2+deb12u5" + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "323290daf0bb11df", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u4", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgnutls30", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -2603,12 +2495,21 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=gnutls28", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gnutls28" + "name": "krb5" } ] } @@ -2638,9 +2539,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2665,7 +2566,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2708,9 +2609,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2748,179 +2649,8 @@ } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] - }, - "advisories": [], - "risk": 0.02725 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" - ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" - } - } - ], - "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ @@ -2971,9 +2701,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2998,7 +2728,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -3041,9 +2771,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -3138,9 +2868,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -3165,7 +2895,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -3208,9 +2938,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -3301,8 +3031,8 @@ { "cve": "CVE-2025-8714", "epss": 0.00032, - "percentile": 0.08868, - "date": "2025-12-15" + "percentile": 0.0896, + "date": "2025-12-21" } ], "cwes": [ @@ -3357,8 +3087,8 @@ { "cve": "CVE-2025-8714", "epss": 0.00032, - "percentile": 0.08868, - "date": "2025-12-15" + "percentile": 0.0896, + "date": "2025-12-21" } ], "cwes": [ @@ -3436,8 +3166,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3496,8 +3226,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3581,8 +3311,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3641,8 +3371,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3717,8 +3447,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3777,8 +3507,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3858,8 +3588,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3918,8 +3648,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -4007,8 +3737,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -4083,8 +3813,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -4189,8 +3919,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -4253,8 +3983,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -4363,8 +4093,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ @@ -4443,8 +4173,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -4506,8 +4236,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -4614,8 +4344,8 @@ { "cve": "CVE-2025-8713", "epss": 0.00057, - "percentile": 0.17855, - "date": "2025-12-15" + "percentile": 0.18006, + "date": "2025-12-21" } ], "cwes": [ @@ -4670,8 +4400,8 @@ { "cve": "CVE-2025-8713", "epss": 0.00057, - "percentile": 0.17855, - "date": "2025-12-15" + "percentile": 0.18006, + "date": "2025-12-21" } ], "cwes": [ @@ -4749,8 +4479,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ], "fix": { @@ -4816,8 +4546,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ] } @@ -4892,94 +4622,74 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "2.36-9+deb12u13" - ], - "state": "fixed", - "available": [ - { - "version": "2.36-9+deb12u13", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.016895 + "risk": 0.0165 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -4994,18 +4704,143 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 2.36-9+deb12u13 (deb)" - }, - "fix": { - "suggestedVersion": "2.36-9+deb12u13" - } + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.015950000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } } ], "artifact": { @@ -5080,9 +4915,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5112,7 +4947,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" } ], - "risk": 0.014715000000000002 + "risk": 0.01526 }, "relatedVulnerabilities": [ { @@ -5147,9 +4982,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5261,8 +5096,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -5308,8 +5143,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -5371,130 +5206,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011100000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2020-15719", @@ -5508,8 +5219,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -5573,8 +5284,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -5658,8 +5369,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5706,8 +5417,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5791,8 +5502,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5839,8 +5550,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5915,8 +5626,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5963,8 +5674,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -6044,8 +5755,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -6092,8 +5803,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -6168,8 +5879,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -6225,8 +5936,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -6316,8 +6027,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -6383,6 +6094,295 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0095 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-8058", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "2.36-9+deb12u13" + ], + "state": "fixed", + "available": [ + { + "version": "2.36-9+deb12u13", + "date": "2025-09-11", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.009265000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" + ], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 2.36-9+deb12u13 (deb)" + }, + "fix": { + "suggestedVersion": "2.36-9+deb12u13" + } + } + ], + "artifact": { + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-4802", @@ -6409,8 +6409,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01154, - "date": "2025-12-15" + "percentile": 0.01164, + "date": "2025-12-21" } ], "cwes": [ @@ -6469,8 +6469,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01154, - "date": "2025-12-15" + "percentile": 0.01164, + "date": "2025-12-21" } ], "cwes": [ @@ -6567,8 +6567,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -6629,8 +6629,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -6724,8 +6724,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6791,8 +6791,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6873,8 +6873,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6940,8 +6940,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -7018,8 +7018,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -7078,8 +7078,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -7163,8 +7163,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -7213,8 +7213,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -7289,8 +7289,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -7339,8 +7339,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -7411,8 +7411,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -7461,8 +7461,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -7537,8 +7537,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -7587,8 +7587,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -7658,9 +7658,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7676,7 +7676,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7706,9 +7706,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7791,9 +7791,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7809,7 +7809,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7839,9 +7839,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7915,9 +7915,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7933,7 +7933,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7963,9 +7963,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -8044,9 +8044,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -8062,7 +8062,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8092,9 +8092,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -8169,8 +8169,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -8236,8 +8236,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -8318,8 +8318,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -8385,8 +8385,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -8463,8 +8463,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8524,8 +8524,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8632,8 +8632,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8693,8 +8693,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8769,8 +8769,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8830,8 +8830,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8934,8 +8934,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8995,8 +8995,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -9094,8 +9094,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -9155,8 +9155,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -9254,8 +9254,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -9302,8 +9302,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -9399,8 +9399,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -9441,8 +9441,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -9877,87 +9877,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/oss/grype-4.0.3.md b/docs/security/oss/grype-4.0.3.md index 6c802d0..294f1b1 100644 --- a/docs/security/oss/grype-4.0.3.md +++ b/docs/security/oss/grype-4.0.3.md @@ -7,24 +7,24 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | High | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714) | High | | libssl3 | 3.0.16-1~deb12u1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libc6 | 2.36-9+deb12u10 | [CVE-2025-4802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802) | High | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2025-6395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6395) | Medium | -| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2025-32989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989) | Medium | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | +| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | fluent-bit | 4.0.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libssl3 | 3.0.16-1~deb12u1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | | fluent-bit | 4.0.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713) | Low | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | @@ -33,7 +33,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -42,13 +41,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.22-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.22-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.4.json b/docs/security/oss/grype-4.0.4.json index cdb8b51..e9cec00 100644 --- a/docs/security/oss/grype-4.0.4.json +++ b/docs/security/oss/grype-4.0.4.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ] } @@ -556,9 +556,9 @@ "epss": [ { "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ @@ -588,7 +588,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-5962-1" } ], - "risk": 0.08635 + "risk": 0.12167499999999998 }, "relatedVulnerabilities": [ { @@ -640,9 +640,9 @@ "epss": [ { "cve": "CVE-2025-32990", - "epss": 0.0011, - "percentile": 0.3004, - "date": "2025-12-15" + "epss": 0.00155, + "percentile": 0.36872, + "date": "2025-12-21" } ], "cwes": [ @@ -707,6 +707,182 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-32988", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-32988", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 8.2, + "exploitabilityScore": 3.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.7.9-2+deb12u5" + ], + "state": "fixed", + "available": [ + { + "version": "3.7.9-2+deb12u5", + "date": "2025-07-16", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-5962-1", + "link": "https://security-tracker.debian.org/tracker/DSA-5962-1" + } + ], + "risk": 0.091845 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + ], + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 8.2, + "exploitabilityScore": 3.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.31288, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "gnutls28", + "version": "3.7.9-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-32988", + "versionConstraint": "< 3.7.9-2+deb12u5 (deb)" + }, + "fix": { + "suggestedVersion": "3.7.9-2+deb12u5" + } + } + ], + "artifact": { + "id": "323290daf0bb11df", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u4", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgnutls30", + "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u4:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=gnutls28", + "upstreams": [ + { + "name": "gnutls28" + } + ] + } + }, { "vulnerability": { "id": "CVE-2018-20796", @@ -720,8 +896,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -783,8 +959,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -878,8 +1054,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -941,8 +1117,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -1015,74 +1191,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-8715", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8715", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-8715", + "epss": 0.00072, + "percentile": 0.22342, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8715", + "cwe": "CWE-93", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.07125000000000001 + "risk": 0.05868 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-8715", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8715", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://www.postgresql.org/support/security/CVE-2025-8715/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-8715", + "epss": 0.00072, + "percentile": 0.22342, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8715", + "cwe": "CWE-93", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -1097,27 +1295,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8715", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -1126,33 +1327,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-32988", + "id": "CVE-2025-6395", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-6395", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 8.2, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.3, "impactScore": 4.3 }, "vendorMetadata": {} @@ -1160,16 +1361,16 @@ ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", + "cve": "CVE-2025-6395", + "cwe": "CWE-476", "source": "secalert@redhat.com", "type": "Secondary" } @@ -1193,14 +1394,14 @@ "link": "https://security-tracker.debian.org/tracker/DSA-5962-1" } ], - "risk": 0.065155 + "risk": 0.048299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", + "id": "CVE-2025-6395", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2025:16115", "https://access.redhat.com/errata/RHSA-2025:16116", @@ -1210,25 +1411,13 @@ "https://access.redhat.com/errata/RHSA-2025:17415", "https://access.redhat.com/errata/RHSA-2025:19088", "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", + "https://access.redhat.com/security/cve/CVE-2025-6395", + "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", "http://www.openwall.com/lists/oss-security/2025/07/11/3", "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 8.2, - "exploitabilityScore": 3.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -1244,16 +1433,16 @@ ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00083, - "percentile": 0.24562, - "date": "2025-12-15" + "cve": "CVE-2025-6395", + "epss": 0.00084, + "percentile": 0.25002, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", + "cve": "CVE-2025-6395", + "cwe": "CWE-476", "source": "secalert@redhat.com", "type": "Secondary" } @@ -1276,7 +1465,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-32988", + "vulnerabilityID": "CVE-2025-6395", "versionConstraint": "< 3.7.9-2+deb12u5 (deb)" }, "fix": { @@ -1312,154 +1501,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-8715", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8715", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-8715", - "epss": 0.00072, - "percentile": 0.22219, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8715", - "cwe": "CWE-93", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "15.14-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" - } - ] - }, - "advisories": [], - "risk": 0.05868 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-8715", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8715", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8715/" - ], - "description": "Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-8715", - "epss": 0.00072, - "percentile": 0.22219, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8715", - "cwe": "CWE-93", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-8715", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.14-0+deb12u1" - } - } - ], - "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libpq5", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", - "upstreams": [ - { - "name": "postgresql-15" - } - ] - } - }, { "vulnerability": { "id": "CVE-2019-9192", @@ -1473,8 +1514,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1533,8 +1574,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1628,8 +1669,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1682,8 +1723,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1747,15 +1788,15 @@ }, { "vulnerability": { - "id": "CVE-2025-10148", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", + "id": "CVE-2025-32989", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-32989", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", @@ -1769,37 +1810,63 @@ ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32989", + "cwe": "CWE-295", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.7.9-2+deb12u5" + ], + "state": "fixed", + "available": [ + { + "version": "3.7.9-2+deb12u5", + "date": "2025-07-16", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.03605 + "advisories": [ + { + "id": "DSA-5962-1", + "link": "https://security-tracker.debian.org/tracker/DSA-5962-1" + } + ], + "risk": 0.044289999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10148", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", - "namespace": "nvd:cpe", + "id": "CVE-2025-32989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", + "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10148.html", - "https://curl.se/docs/CVE-2025-10148.json", - "https://hackerone.com/reports/3330839", - "http://www.openwall.com/lists/oss-security/2025/09/10/2", - "http://www.openwall.com/lists/oss-security/2025/09/10/3", - "http://www.openwall.com/lists/oss-security/2025/09/10/4" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", + "http://www.openwall.com/lists/oss-security/2025/07/11/3" ], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", @@ -1813,10 +1880,18 @@ ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25348, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32989", + "cwe": "CWE-295", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -1831,27 +1906,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "gnutls28", + "version": "3.7.9-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10148", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32989", + "versionConstraint": "< 3.7.9-2+deb12u5 (deb)" + }, + "fix": { + "suggestedVersion": "3.7.9-2+deb12u5" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "323290daf0bb11df", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libgnutls30", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } @@ -1860,91 +1938,88 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=gnutls28", "upstreams": [ { - "name": "curl" + "name": "gnutls28" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2025-10148", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ + "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "cvss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.21642, + "date": "2025-12-21" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.034550000000000004 + "risk": 0.03605 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2025-10148", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://curl.se/docs/CVE-2025-10148.html", + "https://curl.se/docs/CVE-2025-10148.json", + "https://hackerone.com/reports/3330839", + "http://www.openwall.com/lists/oss-security/2025/09/10/2", + "http://www.openwall.com/lists/oss-security/2025/09/10/3", + "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.21642, + "date": "2025-12-21" } ] } @@ -1959,303 +2034,120 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2025-10148", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-6395", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-6395", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", - "source": "secalert@redhat.com", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [ - "3.7.9-2+deb12u5" - ], - "state": "fixed", - "available": [ - { - "version": "3.7.9-2+deb12u5", - "date": "2025-07-16", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-5962-1", - "link": "https://security-tracker.debian.org/tracker/DSA-5962-1" - } - ], - "risk": 0.033925 + "advisories": [], + "risk": 0.031065 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6395", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-6395", - "https://bugzilla.redhat.com/show_bug.cgi?id=2376755", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6395", - "epss": 0.00059, - "percentile": 0.18672, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6395", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u4" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-6395", - "versionConstraint": "< 3.7.9-2+deb12u5 (deb)" - }, - "fix": { - "suggestedVersion": "3.7.9-2+deb12u5" - } - } - ], - "artifact": { - "id": "323290daf0bb11df", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u4", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30", - "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u4:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.031065 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" - ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -2330,8 +2222,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -2392,8 +2284,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -2453,108 +2345,108 @@ }, { "vulnerability": { - "id": "CVE-2025-32989", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-32989", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" + "cve": "CVE-2025-3576", + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "3.7.9-2+deb12u5" + "1.20.1-2+deb12u4" ], "state": "fixed", "available": [ { - "version": "3.7.9-2+deb12u5", - "date": "2025-07-16", - "kind": "advisory" + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" } ] }, - "advisories": [ - { - "id": "DSA-5962-1", - "link": "https://security-tracker.debian.org/tracker/DSA-5962-1" - } - ], - "risk": 0.028325000000000003 + "advisories": [], + "risk": 0.026705 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", - "http://www.openwall.com/lists/oss-security/2025/07/11/3" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00055, - "percentile": 0.17321, - "date": "2025-12-15" + "cve": "CVE-2025-3576", + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", "source": "secalert@redhat.com", "type": "Secondary" } @@ -2571,30 +2463,30 @@ "version": "12" }, "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u4" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-32989", - "versionConstraint": "< 3.7.9-2+deb12u5 (deb)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" }, "fix": { - "suggestedVersion": "3.7.9-2+deb12u5" + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "323290daf0bb11df", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u4", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgnutls30", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -2603,12 +2495,21 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=gnutls28", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gnutls28" + "name": "krb5" } ] } @@ -2638,9 +2539,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2665,7 +2566,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2708,9 +2609,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2748,179 +2649,8 @@ } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] - }, - "advisories": [], - "risk": 0.02725 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" - ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" - } - } - ], - "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ @@ -2971,9 +2701,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2998,7 +2728,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -3041,9 +2771,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -3138,9 +2868,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -3165,7 +2895,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -3208,9 +2938,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -3301,8 +3031,8 @@ { "cve": "CVE-2025-8714", "epss": 0.00032, - "percentile": 0.08868, - "date": "2025-12-15" + "percentile": 0.0896, + "date": "2025-12-21" } ], "cwes": [ @@ -3357,8 +3087,8 @@ { "cve": "CVE-2025-8714", "epss": 0.00032, - "percentile": 0.08868, - "date": "2025-12-15" + "percentile": 0.0896, + "date": "2025-12-21" } ], "cwes": [ @@ -3436,8 +3166,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3496,8 +3226,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3581,8 +3311,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3641,8 +3371,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3717,8 +3447,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3777,8 +3507,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3858,8 +3588,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3918,8 +3648,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -4007,8 +3737,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -4083,8 +3813,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -4189,8 +3919,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -4253,8 +3983,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -4363,8 +4093,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ @@ -4443,8 +4173,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -4506,8 +4236,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -4614,8 +4344,8 @@ { "cve": "CVE-2025-8713", "epss": 0.00057, - "percentile": 0.17855, - "date": "2025-12-15" + "percentile": 0.18006, + "date": "2025-12-21" } ], "cwes": [ @@ -4670,8 +4400,8 @@ { "cve": "CVE-2025-8713", "epss": 0.00057, - "percentile": 0.17855, - "date": "2025-12-15" + "percentile": 0.18006, + "date": "2025-12-21" } ], "cwes": [ @@ -4749,8 +4479,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ], "fix": { @@ -4816,8 +4546,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ] } @@ -4892,94 +4622,74 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "2.36-9+deb12u13" - ], - "state": "fixed", - "available": [ - { - "version": "2.36-9+deb12u13", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.016895 + "risk": 0.0165 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] } @@ -4994,18 +4704,143 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 2.36-9+deb12u13 (deb)" - }, - "fix": { - "suggestedVersion": "2.36-9+deb12u13" - } + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.015950000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } } ], "artifact": { @@ -5080,9 +4915,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5112,7 +4947,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" } ], - "risk": 0.014715000000000002 + "risk": 0.01526 }, "relatedVulnerabilities": [ { @@ -5147,9 +4982,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -5261,8 +5096,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -5308,8 +5143,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -5371,130 +5206,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011100000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2020-15719", @@ -5508,8 +5219,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -5573,8 +5284,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -5658,8 +5369,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5706,8 +5417,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5791,8 +5502,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5839,8 +5550,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5915,8 +5626,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5963,8 +5674,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -6044,8 +5755,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -6092,8 +5803,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -6168,8 +5879,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -6225,8 +5936,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -6316,8 +6027,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -6383,6 +6094,295 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0095 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-8058", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "2.36-9+deb12u13" + ], + "state": "fixed", + "available": [ + { + "version": "2.36-9+deb12u13", + "date": "2025-09-11", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.009265000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" + ], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 2.36-9+deb12u13 (deb)" + }, + "fix": { + "suggestedVersion": "2.36-9+deb12u13" + } + } + ], + "artifact": { + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-4802", @@ -6409,8 +6409,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01154, - "date": "2025-12-15" + "percentile": 0.01164, + "date": "2025-12-21" } ], "cwes": [ @@ -6469,8 +6469,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01154, - "date": "2025-12-15" + "percentile": 0.01164, + "date": "2025-12-21" } ], "cwes": [ @@ -6567,8 +6567,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -6629,8 +6629,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -6724,8 +6724,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6791,8 +6791,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6873,8 +6873,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6940,8 +6940,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -7018,8 +7018,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -7078,8 +7078,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -7163,8 +7163,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -7213,8 +7213,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -7289,8 +7289,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -7339,8 +7339,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -7411,8 +7411,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -7461,8 +7461,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -7537,8 +7537,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -7587,8 +7587,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -7658,9 +7658,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7676,7 +7676,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7706,9 +7706,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7791,9 +7791,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7809,7 +7809,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7839,9 +7839,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7915,9 +7915,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7933,7 +7933,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7963,9 +7963,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -8044,9 +8044,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -8062,7 +8062,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8092,9 +8092,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -8169,8 +8169,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -8236,8 +8236,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -8318,8 +8318,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -8385,8 +8385,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -8463,8 +8463,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8524,8 +8524,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8632,8 +8632,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8693,8 +8693,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8769,8 +8769,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8830,8 +8830,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8934,8 +8934,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8995,8 +8995,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -9094,8 +9094,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -9155,8 +9155,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -9254,8 +9254,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -9302,8 +9302,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -9399,8 +9399,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -9441,8 +9441,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -9877,87 +9877,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/oss/grype-4.0.4.md b/docs/security/oss/grype-4.0.4.md index e423e03..59e51e9 100644 --- a/docs/security/oss/grype-4.0.4.md +++ b/docs/security/oss/grype-4.0.4.md @@ -7,24 +7,24 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | High | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714) | High | | libssl3 | 3.0.16-1~deb12u1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libc6 | 2.36-9+deb12u10 | [CVE-2025-4802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802) | High | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2025-6395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6395) | Medium | -| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2025-32989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989) | Medium | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | +| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | fluent-bit | 4.0.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libssl3 | 3.0.16-1~deb12u1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | | fluent-bit | 4.0.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713) | Low | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | @@ -33,7 +33,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -42,13 +41,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.5.json b/docs/security/oss/grype-4.0.5.json index 07fa10d..217d70e 100644 --- a/docs/security/oss/grype-4.0.5.json +++ b/docs/security/oss/grype-4.0.5.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -837,129 +837,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.07125000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-8715", @@ -986,8 +863,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22219, - "date": "2025-12-15" + "percentile": 0.22342, + "date": "2025-12-21" } ], "cwes": [ @@ -1042,8 +919,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22219, - "date": "2025-12-15" + "percentile": 0.22342, + "date": "2025-12-21" } ], "cwes": [ @@ -1121,8 +998,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1181,8 +1058,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1276,8 +1153,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1330,8 +1207,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1419,8 +1296,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ], "fix": { @@ -1463,8 +1340,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ] } @@ -1518,153 +1395,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.034550000000000004 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" - ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-12818", @@ -1691,8 +1421,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1738,8 +1468,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1814,8 +1544,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1876,8 +1606,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1960,9 +1690,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -1987,7 +1717,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2030,9 +1760,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2131,9 +1861,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2158,7 +1888,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2201,9 +1931,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2293,9 +2023,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2320,7 +2050,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2363,9 +2093,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2460,9 +2190,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2487,7 +2217,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2530,9 +2260,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2623,8 +2353,8 @@ { "cve": "CVE-2025-8714", "epss": 0.00032, - "percentile": 0.08868, - "date": "2025-12-15" + "percentile": 0.0896, + "date": "2025-12-21" } ], "cwes": [ @@ -2679,8 +2409,8 @@ { "cve": "CVE-2025-8714", "epss": 0.00032, - "percentile": 0.08868, - "date": "2025-12-15" + "percentile": 0.0896, + "date": "2025-12-21" } ], "cwes": [ @@ -2758,8 +2488,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2818,8 +2548,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2903,8 +2633,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2963,8 +2693,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3039,8 +2769,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3099,8 +2829,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3180,8 +2910,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3240,8 +2970,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3329,8 +3059,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -3405,8 +3135,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -3511,8 +3241,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -3575,8 +3305,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -3685,8 +3415,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ @@ -3765,8 +3495,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -3828,8 +3558,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -3936,8 +3666,8 @@ { "cve": "CVE-2025-8713", "epss": 0.00057, - "percentile": 0.17855, - "date": "2025-12-15" + "percentile": 0.18006, + "date": "2025-12-21" } ], "cwes": [ @@ -3992,8 +3722,8 @@ { "cve": "CVE-2025-8713", "epss": 0.00057, - "percentile": 0.17855, - "date": "2025-12-15" + "percentile": 0.18006, + "date": "2025-12-21" } ], "cwes": [ @@ -4071,8 +3801,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ], "fix": { @@ -4138,8 +3868,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ] } @@ -4214,94 +3944,202 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "2.36-9+deb12u13" + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.0165 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "state": "fixed", - "available": [ + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ { - "version": "2.36-9+deb12u13", - "date": "2025-09-11", - "kind": "first-observed" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u12" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.016895 + "risk": 0.015950000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.9 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4322,11 +4160,8 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 2.36-9+deb12u13 (deb)" - }, - "fix": { - "suggestedVersion": "2.36-9+deb12u13" + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" } } ], @@ -4402,9 +4237,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -4434,7 +4269,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" } ], - "risk": 0.014715000000000002 + "risk": 0.01526 }, "relatedVulnerabilities": [ { @@ -4469,9 +4304,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -4583,8 +4418,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -4630,8 +4465,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -4695,27 +4530,27 @@ }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4723,161 +4558,37 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.0108 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0108 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" - ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - }, + }, { "source": "nvd@nist.gov", "type": "Primary", @@ -4895,8 +4606,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -4980,8 +4691,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5028,8 +4739,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5113,8 +4824,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5161,8 +4872,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5237,8 +4948,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5285,8 +4996,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5366,8 +5077,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5414,8 +5125,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5490,8 +5201,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -5547,8 +5258,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -5638,8 +5349,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5705,6 +5416,295 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0095 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-8058", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "2.36-9+deb12u13" + ], + "state": "fixed", + "available": [ + { + "version": "2.36-9+deb12u13", + "date": "2025-09-11", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.009265000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" + ], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 2.36-9+deb12u13 (deb)" + }, + "fix": { + "suggestedVersion": "2.36-9+deb12u13" + } + } + ], + "artifact": { + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-4802", @@ -5731,8 +5731,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01154, - "date": "2025-12-15" + "percentile": 0.01164, + "date": "2025-12-21" } ], "cwes": [ @@ -5791,8 +5791,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01154, - "date": "2025-12-15" + "percentile": 0.01164, + "date": "2025-12-21" } ], "cwes": [ @@ -5889,8 +5889,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -5951,8 +5951,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -6046,8 +6046,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6113,8 +6113,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6195,8 +6195,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6262,8 +6262,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6340,8 +6340,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -6400,8 +6400,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -6485,8 +6485,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6535,8 +6535,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6611,8 +6611,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6661,8 +6661,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6733,8 +6733,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6783,8 +6783,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6859,8 +6859,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6909,8 +6909,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6980,9 +6980,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -6998,7 +6998,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7028,9 +7028,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,9 +7113,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7131,7 +7131,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7161,9 +7161,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7237,9 +7237,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7255,7 +7255,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7285,9 +7285,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7366,9 +7366,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7384,7 +7384,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7414,9 +7414,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7491,8 +7491,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7558,8 +7558,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7640,8 +7640,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7707,8 +7707,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7785,8 +7785,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7846,8 +7846,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7954,8 +7954,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8015,8 +8015,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8091,8 +8091,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8152,8 +8152,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8256,8 +8256,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8317,8 +8317,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8416,8 +8416,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8477,8 +8477,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8576,8 +8576,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -8624,8 +8624,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -8721,8 +8721,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -8763,8 +8763,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -9199,87 +9199,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/oss/grype-4.0.5.md b/docs/security/oss/grype-4.0.5.md index c22ff7c..53ba6c5 100644 --- a/docs/security/oss/grype-4.0.5.md +++ b/docs/security/oss/grype-4.0.5.md @@ -6,10 +6,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714) | High | | libssl3 | 3.0.16-1~deb12u1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libc6 | 2.36-9+deb12u10 | [CVE-2025-4802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802) | High | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | @@ -18,9 +18,9 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | fluent-bit | 4.0.5 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libssl3 | 3.0.16-1~deb12u1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | | fluent-bit | 4.0.5 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713) | Low | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | @@ -29,7 +29,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -38,13 +37,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.6.json b/docs/security/oss/grype-4.0.6.json index af50501..f593fba 100644 --- a/docs/security/oss/grype-4.0.6.json +++ b/docs/security/oss/grype-4.0.6.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -837,129 +837,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.07125000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-8715", @@ -986,8 +863,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22219, - "date": "2025-12-15" + "percentile": 0.22342, + "date": "2025-12-21" } ], "cwes": [ @@ -1042,8 +919,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22219, - "date": "2025-12-15" + "percentile": 0.22342, + "date": "2025-12-21" } ], "cwes": [ @@ -1121,8 +998,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1181,8 +1058,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1276,8 +1153,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1330,8 +1207,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1419,8 +1296,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ], "fix": { @@ -1463,8 +1340,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ] } @@ -1518,153 +1395,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.034550000000000004 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" - ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-12818", @@ -1691,8 +1421,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1738,8 +1468,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1814,8 +1544,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1876,8 +1606,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1960,9 +1690,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -1987,7 +1717,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2030,9 +1760,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2131,9 +1861,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2158,7 +1888,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2201,9 +1931,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2293,9 +2023,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2320,7 +2050,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2363,9 +2093,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2460,9 +2190,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2487,7 +2217,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2530,9 +2260,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2623,8 +2353,8 @@ { "cve": "CVE-2025-8714", "epss": 0.00032, - "percentile": 0.08868, - "date": "2025-12-15" + "percentile": 0.0896, + "date": "2025-12-21" } ], "cwes": [ @@ -2679,8 +2409,8 @@ { "cve": "CVE-2025-8714", "epss": 0.00032, - "percentile": 0.08868, - "date": "2025-12-15" + "percentile": 0.0896, + "date": "2025-12-21" } ], "cwes": [ @@ -2758,8 +2488,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2818,8 +2548,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2903,8 +2633,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2963,8 +2693,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3039,8 +2769,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3099,8 +2829,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3180,8 +2910,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3240,8 +2970,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3329,8 +3059,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -3405,8 +3135,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -3511,8 +3241,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -3575,8 +3305,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -3685,8 +3415,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ @@ -3765,8 +3495,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -3828,8 +3558,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -3936,8 +3666,8 @@ { "cve": "CVE-2025-8713", "epss": 0.00057, - "percentile": 0.17855, - "date": "2025-12-15" + "percentile": 0.18006, + "date": "2025-12-21" } ], "cwes": [ @@ -3992,8 +3722,8 @@ { "cve": "CVE-2025-8713", "epss": 0.00057, - "percentile": 0.17855, - "date": "2025-12-15" + "percentile": 0.18006, + "date": "2025-12-21" } ], "cwes": [ @@ -4071,8 +3801,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ], "fix": { @@ -4138,8 +3868,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ] } @@ -4214,94 +3944,202 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "2.36-9+deb12u13" + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.0165 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "state": "fixed", - "available": [ + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ { - "version": "2.36-9+deb12u13", - "date": "2025-09-11", - "kind": "first-observed" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u12" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.016895 + "risk": 0.015950000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.9 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4322,11 +4160,8 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 2.36-9+deb12u13 (deb)" - }, - "fix": { - "suggestedVersion": "2.36-9+deb12u13" + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" } } ], @@ -4402,9 +4237,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -4434,7 +4269,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" } ], - "risk": 0.014715000000000002 + "risk": 0.01526 }, "relatedVulnerabilities": [ { @@ -4469,9 +4304,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -4583,8 +4418,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -4630,8 +4465,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -4695,27 +4530,27 @@ }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4723,161 +4558,37 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.0108 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0108 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" - ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - }, + }, { "source": "nvd@nist.gov", "type": "Primary", @@ -4895,8 +4606,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -4980,8 +4691,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5028,8 +4739,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5113,8 +4824,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5161,8 +4872,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5237,8 +4948,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5285,8 +4996,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5366,8 +5077,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5414,8 +5125,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5490,8 +5201,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -5547,8 +5258,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -5638,8 +5349,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5705,6 +5416,295 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0095 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-8058", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "2.36-9+deb12u13" + ], + "state": "fixed", + "available": [ + { + "version": "2.36-9+deb12u13", + "date": "2025-09-11", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.009265000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" + ], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 2.36-9+deb12u13 (deb)" + }, + "fix": { + "suggestedVersion": "2.36-9+deb12u13" + } + } + ], + "artifact": { + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-4802", @@ -5731,8 +5731,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01154, - "date": "2025-12-15" + "percentile": 0.01164, + "date": "2025-12-21" } ], "cwes": [ @@ -5791,8 +5791,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01154, - "date": "2025-12-15" + "percentile": 0.01164, + "date": "2025-12-21" } ], "cwes": [ @@ -5889,8 +5889,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -5951,8 +5951,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -6046,8 +6046,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6113,8 +6113,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6195,8 +6195,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6262,8 +6262,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6340,8 +6340,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -6400,8 +6400,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -6485,8 +6485,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6535,8 +6535,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6611,8 +6611,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6661,8 +6661,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6733,8 +6733,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6783,8 +6783,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6859,8 +6859,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6909,8 +6909,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6980,9 +6980,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -6998,7 +6998,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7028,9 +7028,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,9 +7113,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7131,7 +7131,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7161,9 +7161,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7237,9 +7237,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7255,7 +7255,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7285,9 +7285,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7366,9 +7366,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7384,7 +7384,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7414,9 +7414,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7491,8 +7491,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7558,8 +7558,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7640,8 +7640,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7707,8 +7707,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7785,8 +7785,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7846,8 +7846,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7954,8 +7954,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8015,8 +8015,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8091,8 +8091,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8152,8 +8152,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8256,8 +8256,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8317,8 +8317,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8416,8 +8416,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8477,8 +8477,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8576,8 +8576,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -8624,8 +8624,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -8721,8 +8721,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -8763,8 +8763,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -9199,87 +9199,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/oss/grype-4.0.6.md b/docs/security/oss/grype-4.0.6.md index 7335e06..5c5b98b 100644 --- a/docs/security/oss/grype-4.0.6.md +++ b/docs/security/oss/grype-4.0.6.md @@ -6,10 +6,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714) | High | | libssl3 | 3.0.17-1~deb12u1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libc6 | 2.36-9+deb12u10 | [CVE-2025-4802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802) | High | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | @@ -18,9 +18,9 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | fluent-bit | 4.0.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libssl3 | 3.0.17-1~deb12u1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | | fluent-bit | 4.0.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713) | Low | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | @@ -29,7 +29,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -38,13 +37,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.7.json b/docs/security/oss/grype-4.0.7.json index 33b4283..4ce2fbc 100644 --- a/docs/security/oss/grype-4.0.7.json +++ b/docs/security/oss/grype-4.0.7.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -837,129 +837,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.07125000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-8715", @@ -986,8 +863,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22219, - "date": "2025-12-15" + "percentile": 0.22342, + "date": "2025-12-21" } ], "cwes": [ @@ -1042,8 +919,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22219, - "date": "2025-12-15" + "percentile": 0.22342, + "date": "2025-12-21" } ], "cwes": [ @@ -1121,8 +998,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1181,8 +1058,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1276,8 +1153,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1330,8 +1207,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1419,8 +1296,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ], "fix": { @@ -1463,8 +1340,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ] } @@ -1518,153 +1395,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.034550000000000004 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" - ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-12818", @@ -1691,8 +1421,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1738,8 +1468,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1814,8 +1544,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1876,8 +1606,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1960,9 +1690,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -1987,7 +1717,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2030,9 +1760,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2131,9 +1861,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2158,7 +1888,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2201,9 +1931,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2293,9 +2023,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2320,7 +2050,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2363,9 +2093,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2460,9 +2190,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2487,7 +2217,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2530,9 +2260,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2623,8 +2353,8 @@ { "cve": "CVE-2025-8714", "epss": 0.00032, - "percentile": 0.08868, - "date": "2025-12-15" + "percentile": 0.0896, + "date": "2025-12-21" } ], "cwes": [ @@ -2679,8 +2409,8 @@ { "cve": "CVE-2025-8714", "epss": 0.00032, - "percentile": 0.08868, - "date": "2025-12-15" + "percentile": 0.0896, + "date": "2025-12-21" } ], "cwes": [ @@ -2758,8 +2488,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2818,8 +2548,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2903,8 +2633,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2963,8 +2693,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3039,8 +2769,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3099,8 +2829,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3180,8 +2910,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3240,8 +2970,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3329,8 +3059,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -3405,8 +3135,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -3511,8 +3241,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -3575,8 +3305,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -3685,8 +3415,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ @@ -3765,8 +3495,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -3828,8 +3558,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -3936,8 +3666,8 @@ { "cve": "CVE-2025-8713", "epss": 0.00057, - "percentile": 0.17855, - "date": "2025-12-15" + "percentile": 0.18006, + "date": "2025-12-21" } ], "cwes": [ @@ -3992,8 +3722,8 @@ { "cve": "CVE-2025-8713", "epss": 0.00057, - "percentile": 0.17855, - "date": "2025-12-15" + "percentile": 0.18006, + "date": "2025-12-21" } ], "cwes": [ @@ -4071,8 +3801,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ], "fix": { @@ -4138,8 +3868,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ] } @@ -4214,94 +3944,202 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "2.36-9+deb12u13" + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.0165 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "state": "fixed", - "available": [ + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ { - "version": "2.36-9+deb12u13", - "date": "2025-09-11", - "kind": "first-observed" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u12" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.016895 + "risk": 0.015950000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.9 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4322,11 +4160,8 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 2.36-9+deb12u13 (deb)" - }, - "fix": { - "suggestedVersion": "2.36-9+deb12u13" + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" } } ], @@ -4402,9 +4237,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -4434,7 +4269,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" } ], - "risk": 0.014715000000000002 + "risk": 0.01526 }, "relatedVulnerabilities": [ { @@ -4469,9 +4304,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -4583,8 +4418,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -4630,8 +4465,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -4695,27 +4530,27 @@ }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4723,161 +4558,37 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.0108 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0108 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" - ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - }, + }, { "source": "nvd@nist.gov", "type": "Primary", @@ -4895,8 +4606,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -4980,8 +4691,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5028,8 +4739,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5113,8 +4824,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5161,8 +4872,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5237,8 +4948,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5285,8 +4996,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5366,8 +5077,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5414,8 +5125,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5490,8 +5201,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -5547,8 +5258,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -5638,8 +5349,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5705,6 +5416,295 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0095 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-8058", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "2.36-9+deb12u13" + ], + "state": "fixed", + "available": [ + { + "version": "2.36-9+deb12u13", + "date": "2025-09-11", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.009265000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" + ], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 2.36-9+deb12u13 (deb)" + }, + "fix": { + "suggestedVersion": "2.36-9+deb12u13" + } + } + ], + "artifact": { + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-4802", @@ -5731,8 +5731,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01154, - "date": "2025-12-15" + "percentile": 0.01164, + "date": "2025-12-21" } ], "cwes": [ @@ -5791,8 +5791,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01154, - "date": "2025-12-15" + "percentile": 0.01164, + "date": "2025-12-21" } ], "cwes": [ @@ -5889,8 +5889,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -5951,8 +5951,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -6046,8 +6046,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6113,8 +6113,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6195,8 +6195,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6262,8 +6262,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6340,8 +6340,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -6400,8 +6400,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -6485,8 +6485,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6535,8 +6535,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6611,8 +6611,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6661,8 +6661,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6733,8 +6733,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6783,8 +6783,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6859,8 +6859,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6909,8 +6909,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6980,9 +6980,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -6998,7 +6998,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7028,9 +7028,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,9 +7113,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7131,7 +7131,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7161,9 +7161,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7237,9 +7237,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7255,7 +7255,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7285,9 +7285,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7366,9 +7366,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7384,7 +7384,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7414,9 +7414,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7491,8 +7491,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7558,8 +7558,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7640,8 +7640,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7707,8 +7707,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7785,8 +7785,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7846,8 +7846,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7954,8 +7954,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8015,8 +8015,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8091,8 +8091,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8152,8 +8152,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8256,8 +8256,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8317,8 +8317,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8416,8 +8416,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8477,8 +8477,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8576,8 +8576,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -8624,8 +8624,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -8721,8 +8721,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -8763,8 +8763,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -9204,87 +9204,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/oss/grype-4.0.7.md b/docs/security/oss/grype-4.0.7.md index 3b4b021..aa5cf1b 100644 --- a/docs/security/oss/grype-4.0.7.md +++ b/docs/security/oss/grype-4.0.7.md @@ -6,10 +6,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714) | High | | libssl3 | 3.0.17-1~deb12u1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libc6 | 2.36-9+deb12u10 | [CVE-2025-4802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802) | High | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | @@ -18,9 +18,9 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | fluent-bit | 4.0.7 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libssl3 | 3.0.17-1~deb12u1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | | fluent-bit | 4.0.7 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713) | Low | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | @@ -29,7 +29,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -38,13 +37,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.8.json b/docs/security/oss/grype-4.0.8.json index f2a8c01..c55c33c 100644 --- a/docs/security/oss/grype-4.0.8.json +++ b/docs/security/oss/grype-4.0.8.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -837,129 +837,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.07125000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-8715", @@ -986,8 +863,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22219, - "date": "2025-12-15" + "percentile": 0.22342, + "date": "2025-12-21" } ], "cwes": [ @@ -1042,8 +919,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22219, - "date": "2025-12-15" + "percentile": 0.22342, + "date": "2025-12-21" } ], "cwes": [ @@ -1121,8 +998,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1181,8 +1058,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1276,8 +1153,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1330,8 +1207,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1419,8 +1296,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ], "fix": { @@ -1463,8 +1340,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ] } @@ -1518,153 +1395,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.034550000000000004 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" - ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-12818", @@ -1691,8 +1421,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1738,8 +1468,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1814,8 +1544,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1876,8 +1606,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1960,9 +1690,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -1987,7 +1717,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2030,9 +1760,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2131,9 +1861,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2158,7 +1888,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2201,9 +1931,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2293,9 +2023,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2320,7 +2050,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2363,9 +2093,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2460,9 +2190,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2487,7 +2217,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2530,9 +2260,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2623,8 +2353,8 @@ { "cve": "CVE-2025-8714", "epss": 0.00032, - "percentile": 0.08868, - "date": "2025-12-15" + "percentile": 0.0896, + "date": "2025-12-21" } ], "cwes": [ @@ -2679,8 +2409,8 @@ { "cve": "CVE-2025-8714", "epss": 0.00032, - "percentile": 0.08868, - "date": "2025-12-15" + "percentile": 0.0896, + "date": "2025-12-21" } ], "cwes": [ @@ -2758,8 +2488,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2818,8 +2548,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2903,8 +2633,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2963,8 +2693,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3039,8 +2769,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3099,8 +2829,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3180,8 +2910,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3240,8 +2970,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3329,8 +3059,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -3405,8 +3135,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -3511,8 +3241,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -3575,8 +3305,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -3685,8 +3415,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ @@ -3765,8 +3495,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -3828,8 +3558,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -3936,8 +3666,8 @@ { "cve": "CVE-2025-8713", "epss": 0.00057, - "percentile": 0.17855, - "date": "2025-12-15" + "percentile": 0.18006, + "date": "2025-12-21" } ], "cwes": [ @@ -3992,8 +3722,8 @@ { "cve": "CVE-2025-8713", "epss": 0.00057, - "percentile": 0.17855, - "date": "2025-12-15" + "percentile": 0.18006, + "date": "2025-12-21" } ], "cwes": [ @@ -4071,8 +3801,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ], "fix": { @@ -4138,8 +3868,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ] } @@ -4214,94 +3944,202 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "2.36-9+deb12u13" + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.0165 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "state": "fixed", - "available": [ + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ { - "version": "2.36-9+deb12u13", - "date": "2025-09-11", - "kind": "first-observed" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u12" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.016895 + "risk": 0.015950000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.9 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4322,11 +4160,8 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 2.36-9+deb12u13 (deb)" - }, - "fix": { - "suggestedVersion": "2.36-9+deb12u13" + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" } } ], @@ -4402,9 +4237,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -4434,7 +4269,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" } ], - "risk": 0.014715000000000002 + "risk": 0.01526 }, "relatedVulnerabilities": [ { @@ -4469,9 +4304,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -4583,8 +4418,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -4630,8 +4465,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -4695,27 +4530,27 @@ }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4723,161 +4558,37 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.0108 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0108 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" - ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - }, + }, { "source": "nvd@nist.gov", "type": "Primary", @@ -4895,8 +4606,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -4980,8 +4691,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5028,8 +4739,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5113,8 +4824,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5161,8 +4872,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5237,8 +4948,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5285,8 +4996,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5366,8 +5077,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5414,8 +5125,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5490,8 +5201,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -5547,8 +5258,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -5638,8 +5349,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5705,6 +5416,295 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0095 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-8058", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "2.36-9+deb12u13" + ], + "state": "fixed", + "available": [ + { + "version": "2.36-9+deb12u13", + "date": "2025-09-11", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.009265000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" + ], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 2.36-9+deb12u13 (deb)" + }, + "fix": { + "suggestedVersion": "2.36-9+deb12u13" + } + } + ], + "artifact": { + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-4802", @@ -5731,8 +5731,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01154, - "date": "2025-12-15" + "percentile": 0.01164, + "date": "2025-12-21" } ], "cwes": [ @@ -5791,8 +5791,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01154, - "date": "2025-12-15" + "percentile": 0.01164, + "date": "2025-12-21" } ], "cwes": [ @@ -5889,8 +5889,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -5951,8 +5951,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -6046,8 +6046,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6113,8 +6113,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6195,8 +6195,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6262,8 +6262,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6340,8 +6340,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -6400,8 +6400,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -6485,8 +6485,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6535,8 +6535,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6611,8 +6611,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6661,8 +6661,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6733,8 +6733,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6783,8 +6783,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6859,8 +6859,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6909,8 +6909,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6980,9 +6980,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -6998,7 +6998,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7028,9 +7028,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,9 +7113,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7131,7 +7131,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7161,9 +7161,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7237,9 +7237,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7255,7 +7255,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7285,9 +7285,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7366,9 +7366,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7384,7 +7384,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7414,9 +7414,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7491,8 +7491,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7558,8 +7558,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7640,8 +7640,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7707,8 +7707,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7785,8 +7785,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7846,8 +7846,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7954,8 +7954,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8015,8 +8015,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8091,8 +8091,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8152,8 +8152,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8256,8 +8256,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8317,8 +8317,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8416,8 +8416,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8477,8 +8477,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8576,8 +8576,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -8624,8 +8624,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -8721,8 +8721,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -8763,8 +8763,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -9204,87 +9204,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/oss/grype-4.0.8.md b/docs/security/oss/grype-4.0.8.md index 62bd23e..a040eb6 100644 --- a/docs/security/oss/grype-4.0.8.md +++ b/docs/security/oss/grype-4.0.8.md @@ -6,10 +6,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714) | High | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libc6 | 2.36-9+deb12u10 | [CVE-2025-4802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802) | High | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | @@ -18,9 +18,9 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | fluent-bit | 4.0.8 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | | fluent-bit | 4.0.8 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713) | Low | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | @@ -29,7 +29,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -38,13 +37,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.9.json b/docs/security/oss/grype-4.0.9.json index 7959c7e..7531ca6 100644 --- a/docs/security/oss/grype-4.0.9.json +++ b/docs/security/oss/grype-4.0.9.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -837,129 +837,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.07125000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-8715", @@ -986,8 +863,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22219, - "date": "2025-12-15" + "percentile": 0.22342, + "date": "2025-12-21" } ], "cwes": [ @@ -1042,8 +919,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22219, - "date": "2025-12-15" + "percentile": 0.22342, + "date": "2025-12-21" } ], "cwes": [ @@ -1121,8 +998,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1181,8 +1058,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1276,8 +1153,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1330,8 +1207,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1419,8 +1296,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ], "fix": { @@ -1463,8 +1340,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ] } @@ -1518,153 +1395,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.034550000000000004 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" - ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-12818", @@ -1691,8 +1421,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1738,8 +1468,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -1814,8 +1544,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1876,8 +1606,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -1960,9 +1690,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -1987,7 +1717,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2030,9 +1760,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2131,9 +1861,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2158,7 +1888,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2201,9 +1931,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2293,9 +2023,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2320,7 +2050,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2363,9 +2093,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2460,9 +2190,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2487,7 +2217,7 @@ ] }, "advisories": [], - "risk": 0.02725 + "risk": 0.026705 }, "relatedVulnerabilities": [ { @@ -2530,9 +2260,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.0005, - "percentile": 0.15765, - "date": "2025-12-15" + "epss": 0.00049, + "percentile": 0.15515, + "date": "2025-12-21" } ], "cwes": [ @@ -2623,8 +2353,8 @@ { "cve": "CVE-2025-8714", "epss": 0.00032, - "percentile": 0.08868, - "date": "2025-12-15" + "percentile": 0.0896, + "date": "2025-12-21" } ], "cwes": [ @@ -2679,8 +2409,8 @@ { "cve": "CVE-2025-8714", "epss": 0.00032, - "percentile": 0.08868, - "date": "2025-12-15" + "percentile": 0.0896, + "date": "2025-12-21" } ], "cwes": [ @@ -2758,8 +2488,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2818,8 +2548,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2903,8 +2633,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2963,8 +2693,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3039,8 +2769,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3099,8 +2829,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3180,8 +2910,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3240,8 +2970,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -3329,8 +3059,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -3405,8 +3135,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -3511,8 +3241,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -3575,8 +3305,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -3685,8 +3415,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ @@ -3765,8 +3495,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -3828,8 +3558,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -3936,8 +3666,8 @@ { "cve": "CVE-2025-8713", "epss": 0.00057, - "percentile": 0.17855, - "date": "2025-12-15" + "percentile": 0.18006, + "date": "2025-12-21" } ], "cwes": [ @@ -3992,8 +3722,8 @@ { "cve": "CVE-2025-8713", "epss": 0.00057, - "percentile": 0.17855, - "date": "2025-12-15" + "percentile": 0.18006, + "date": "2025-12-21" } ], "cwes": [ @@ -4071,8 +3801,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ], "fix": { @@ -4138,8 +3868,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ] } @@ -4214,94 +3944,202 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ], "fix": { - "versions": [ - "2.36-9+deb12u13" + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.0165 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" ], - "state": "fixed", - "available": [ + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ { - "version": "2.36-9+deb12u13", - "date": "2025-09-11", - "kind": "first-observed" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" } ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u12" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.016895 + "risk": 0.015950000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.9 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00031, - "percentile": 0.08225, - "date": "2025-12-15" + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4322,11 +4160,8 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 2.36-9+deb12u13 (deb)" - }, - "fix": { - "suggestedVersion": "2.36-9+deb12u13" + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" } } ], @@ -4402,9 +4237,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -4434,7 +4269,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" } ], - "risk": 0.014715000000000002 + "risk": 0.01526 }, "relatedVulnerabilities": [ { @@ -4469,9 +4304,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -4583,8 +4418,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -4630,8 +4465,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -4695,27 +4530,27 @@ }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4723,161 +4558,37 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.0108 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0108 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" - ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - }, + }, { "source": "nvd@nist.gov", "type": "Primary", @@ -4895,8 +4606,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -4980,8 +4691,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5028,8 +4739,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5113,8 +4824,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5161,8 +4872,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5237,8 +4948,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5285,8 +4996,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5366,8 +5077,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5414,8 +5125,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -5490,8 +5201,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -5547,8 +5258,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -5638,8 +5349,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -5705,6 +5416,295 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0095 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-8058", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "2.36-9+deb12u13" + ], + "state": "fixed", + "available": [ + { + "version": "2.36-9+deb12u13", + "date": "2025-09-11", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.009265000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" + ], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-8058", + "epss": 0.00017, + "percentile": 0.0308, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 2.36-9+deb12u13 (deb)" + }, + "fix": { + "suggestedVersion": "2.36-9+deb12u13" + } + } + ], + "artifact": { + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-4802", @@ -5731,8 +5731,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01154, - "date": "2025-12-15" + "percentile": 0.01164, + "date": "2025-12-21" } ], "cwes": [ @@ -5791,8 +5791,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01154, - "date": "2025-12-15" + "percentile": 0.01164, + "date": "2025-12-21" } ], "cwes": [ @@ -5889,8 +5889,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -5951,8 +5951,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -6046,8 +6046,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6113,8 +6113,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6195,8 +6195,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6262,8 +6262,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -6340,8 +6340,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -6400,8 +6400,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -6485,8 +6485,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6535,8 +6535,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6611,8 +6611,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6661,8 +6661,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -6733,8 +6733,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6783,8 +6783,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6859,8 +6859,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6909,8 +6909,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6980,9 +6980,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -6998,7 +6998,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7028,9 +7028,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7113,9 +7113,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7131,7 +7131,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7161,9 +7161,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7237,9 +7237,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7255,7 +7255,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7285,9 +7285,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7366,9 +7366,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7384,7 +7384,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -7414,9 +7414,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -7491,8 +7491,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7558,8 +7558,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7640,8 +7640,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7707,8 +7707,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -7785,8 +7785,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7846,8 +7846,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7954,8 +7954,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8015,8 +8015,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8091,8 +8091,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8152,8 +8152,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8256,8 +8256,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8317,8 +8317,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8416,8 +8416,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8477,8 +8477,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -8576,8 +8576,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -8624,8 +8624,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -8721,8 +8721,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -8763,8 +8763,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -9204,87 +9204,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/oss/grype-4.0.9.md b/docs/security/oss/grype-4.0.9.md index 4fadc49..c905057 100644 --- a/docs/security/oss/grype-4.0.9.md +++ b/docs/security/oss/grype-4.0.9.md @@ -6,10 +6,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714) | High | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libc6 | 2.36-9+deb12u10 | [CVE-2025-4802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802) | High | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | @@ -18,9 +18,9 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | fluent-bit | 4.0.9 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | | fluent-bit | 4.0.9 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713) | Low | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | @@ -29,7 +29,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -38,13 +37,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.1.0.json b/docs/security/oss/grype-4.1.0.json index fb33db0..3a1483f 100644 --- a/docs/security/oss/grype-4.1.0.json +++ b/docs/security/oss/grype-4.1.0.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80389, - "date": "2025-12-15" + "percentile": 0.80423, + "date": "2025-12-21" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87688, - "date": "2025-12-15" + "percentile": 0.8771, + "date": "2025-12-21" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02852, - "percentile": 0.85775, - "date": "2025-12-15" + "percentile": 0.85796, + "date": "2025-12-21" } ] } @@ -560,8 +560,8 @@ { "cve": "CVE-2025-12970", "epss": 0.00117, - "percentile": 0.31179, - "date": "2025-12-15" + "percentile": 0.31255, + "date": "2025-12-21" } ], "cwes": [ @@ -640,8 +640,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -703,8 +703,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.81616, - "date": "2025-12-15" + "percentile": 0.81642, + "date": "2025-12-21" } ], "cwes": [ @@ -798,8 +798,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -861,8 +861,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81467, - "date": "2025-12-15" + "percentile": 0.81495, + "date": "2025-12-21" } ], "cwes": [ @@ -935,109 +935,86 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "id": "CVE-2025-12977", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12977", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", + "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" + ], + "description": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 9.1, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" + "cve": "CVE-2025-12977", + "epss": 0.00072, + "percentile": 0.22252, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12977", + "cwe": "CWE-1287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.07125000000000001 + "risk": 0.06516 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00095, - "percentile": 0.27151, - "date": "2025-12-15" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.1.0" + } }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12977", + "versionConstraint": "= 4.1.0 (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -1046,55 +1023,42 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-12977", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12977", + "id": "CVE-2025-12978", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12978", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", - "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" + "https://fluentbit.io/announcements/v4.1.0/" ], - "description": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.", + "description": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed access to these input endpoints can exploit this behavior to manipulate tags and redirect records to unintended destinations. This compromises the authenticity of ingested logs and can allow injection of forged data, alert flooding and routing manipulation.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 9.1, - "exploitabilityScore": 3.9, - "impactScore": 5.2 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12977", - "epss": 0.00072, - "percentile": 0.22126, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12977", - "cwe": "CWE-1287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-12978", + "epss": 0.00114, + "percentile": 0.30867, + "date": "2025-12-21" } ], "fix": { @@ -1102,7 +1066,7 @@ "state": "" }, "advisories": [], - "risk": 0.06516 + "risk": 0.05928 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -1120,7 +1084,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-12977", + "vulnerabilityID": "CVE-2025-12978", "versionConstraint": "= 4.1.0 (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -1154,23 +1118,24 @@ }, { "vulnerability": { - "id": "CVE-2025-12978", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12978", + "id": "CVE-2025-12969", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12969", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://fluentbit.io/announcements/v4.1.0/" + "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", + "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" ], - "description": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed access to these input endpoints can exploit this behavior to manipulate tags and redirect records to unintended destinations. This compromises the authenticity of ingested logs and can allow injection of forged data, alert flooding and routing manipulation.", + "description": "Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, + "baseScore": 6.5, + "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -1178,10 +1143,18 @@ ], "epss": [ { - "cve": "CVE-2025-12978", - "epss": 0.00114, - "percentile": 0.30806, - "date": "2025-12-15" + "cve": "CVE-2025-12969", + "epss": 0.00097, + "percentile": 0.27511, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12969", + "cwe": "CWE-306", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1189,7 +1162,7 @@ "state": "" }, "advisories": [], - "risk": 0.05928 + "risk": 0.055775 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -1207,7 +1180,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-12978", + "vulnerabilityID": "CVE-2025-12969", "versionConstraint": "= 4.1.0 (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -1252,8 +1225,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1312,8 +1285,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75628, - "date": "2025-12-15" + "percentile": 0.75678, + "date": "2025-12-21" } ], "cwes": [ @@ -1407,8 +1380,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1461,8 +1434,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.7508, - "date": "2025-12-15" + "percentile": 0.75132, + "date": "2025-12-21" } ], "cwes": [ @@ -1553,8 +1526,8 @@ { "cve": "CVE-2025-12972", "epss": 0.00086, - "percentile": 0.25288, - "date": "2025-12-15" + "percentile": 0.25372, + "date": "2025-12-21" } ], "cwes": [ @@ -1620,102 +1593,6 @@ "upstreams": [] } }, - { - "vulnerability": { - "id": "CVE-2025-12969", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12969", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", - "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" - ], - "description": "Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12969", - "epss": 0.00076, - "percentile": 0.22908, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12969", - "cwe": "CWE-306", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0437 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.1.0" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-12969", - "versionConstraint": "= 4.1.0 (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2025-10148", @@ -1742,8 +1619,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ], "fix": { @@ -1786,8 +1663,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.21504, - "date": "2025-12-15" + "percentile": 0.21642, + "date": "2025-12-21" } ] } @@ -1825,165 +1702,18 @@ "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.034550000000000004 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" - ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71128, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" + } + } ], + "language": "", + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } @@ -2014,8 +1744,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -2061,8 +1791,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.1792, - "date": "2025-12-15" + "percentile": 0.18068, + "date": "2025-12-21" } ], "cwes": [ @@ -2137,8 +1867,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -2199,8 +1929,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.6804, - "date": "2025-12-15" + "percentile": 0.68094, + "date": "2025-12-21" } ], "cwes": [ @@ -2271,8 +2001,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2331,8 +2061,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2416,8 +2146,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2476,8 +2206,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2552,8 +2282,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2612,8 +2342,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2693,8 +2423,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2753,8 +2483,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63493, - "date": "2025-12-15" + "percentile": 0.63563, + "date": "2025-12-21" } ], "cwes": [ @@ -2842,8 +2572,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -2918,8 +2648,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06447, - "date": "2025-12-15" + "percentile": 0.06593, + "date": "2025-12-21" } ], "cwes": [ @@ -3024,8 +2754,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -3088,8 +2818,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00364, - "percentile": 0.57833, - "date": "2025-12-15" + "percentile": 0.57878, + "date": "2025-12-21" } ], "cwes": [ @@ -3198,8 +2928,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00034, - "percentile": 0.09393, - "date": "2025-12-15" + "percentile": 0.09506, + "date": "2025-12-21" } ], "cwes": [ @@ -3278,8 +3008,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -3341,8 +3071,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00356, - "percentile": 0.57254, - "date": "2025-12-15" + "percentile": 0.57309, + "date": "2025-12-21" } ], "cwes": [ @@ -3436,8 +3166,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "percentile": 0.56652, + "date": "2025-12-21" } ], "fix": { @@ -3492,19 +3222,289 @@ "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56652, + "date": "2025-12-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.0165 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00022, + "percentile": 0.05126, + "date": "2025-12-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.015950000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56596, - "date": "2025-12-15" + "cve": "CVE-2010-4756", + "epss": 0.00319, + "percentile": 0.5447, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3525,7 +3525,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } @@ -3602,9 +3602,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -3634,7 +3634,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" } ], - "risk": 0.014715000000000002 + "risk": 0.01526 }, "relatedVulnerabilities": [ { @@ -3669,9 +3669,9 @@ "epss": [ { "cve": "CVE-2025-9232", - "epss": 0.00027, - "percentile": 0.06628, - "date": "2025-12-15" + "epss": 0.00028, + "percentile": 0.07258, + "date": "2025-12-21" } ], "cwes": [ @@ -3783,8 +3783,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -3830,8 +3830,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14034, - "date": "2025-12-15" + "percentile": 0.14172, + "date": "2025-12-21" } ], "cwes": [ @@ -3893,130 +3893,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011100000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44727, - "date": "2025-12-15" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2020-15719", @@ -4030,8 +3906,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -4095,8 +3971,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44125, - "date": "2025-12-15" + "percentile": 0.44188, + "date": "2025-12-21" } ], "cwes": [ @@ -4180,8 +4056,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4228,8 +4104,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4313,8 +4189,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4361,8 +4237,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4437,8 +4313,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4485,8 +4361,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4566,8 +4442,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4614,8 +4490,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43043, - "date": "2025-12-15" + "percentile": 0.43111, + "date": "2025-12-21" } ], "cwes": [ @@ -4690,8 +4566,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -4747,8 +4623,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42737, - "date": "2025-12-15" + "percentile": 0.42801, + "date": "2025-12-21" } ], "cwes": [ @@ -4838,8 +4714,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00019, - "percentile": 0.04084, - "date": "2025-12-15" + "percentile": 0.04185, + "date": "2025-12-21" } ], "cwes": [ @@ -4905,6 +4781,130 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0095 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0019, + "percentile": 0.41196, + "date": "2025-12-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2019-1010022", @@ -4918,8 +4918,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -4980,8 +4980,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35413, - "date": "2025-12-15" + "percentile": 0.35486, + "date": "2025-12-21" } ], "cwes": [ @@ -5075,8 +5075,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -5142,8 +5142,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -5224,8 +5224,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -5291,8 +5291,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32907, - "date": "2025-12-15" + "percentile": 0.32987, + "date": "2025-12-21" } ], "cwes": [ @@ -5369,8 +5369,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -5429,8 +5429,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32198, - "date": "2025-12-15" + "percentile": 0.32264, + "date": "2025-12-21" } ], "cwes": [ @@ -5514,8 +5514,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -5564,8 +5564,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -5640,8 +5640,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -5690,8 +5690,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28437, - "date": "2025-12-15" + "percentile": 0.28491, + "date": "2025-12-21" } ], "cwes": [ @@ -5762,8 +5762,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5812,8 +5812,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5888,8 +5888,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -5938,8 +5938,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26877, - "date": "2025-12-15" + "percentile": 0.26945, + "date": "2025-12-21" } ], "cwes": [ @@ -6009,9 +6009,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -6027,7 +6027,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -6057,9 +6057,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -6142,9 +6142,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -6160,7 +6160,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -6190,9 +6190,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -6266,9 +6266,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -6284,7 +6284,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -6314,9 +6314,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -6395,9 +6395,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -6413,7 +6413,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -6443,9 +6443,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19368, - "date": "2025-12-15" + "epss": 0.00081, + "percentile": 0.24428, + "date": "2025-12-21" } ], "cwes": [ @@ -6520,8 +6520,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -6587,8 +6587,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -6669,8 +6669,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -6736,8 +6736,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17808, - "date": "2025-12-15" + "percentile": 0.17957, + "date": "2025-12-21" } ], "cwes": [ @@ -6814,8 +6814,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6875,8 +6875,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -6983,8 +6983,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7044,8 +7044,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7120,8 +7120,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7181,8 +7181,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7285,8 +7285,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7346,8 +7346,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7445,8 +7445,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7506,8 +7506,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15487, - "date": "2025-12-15" + "percentile": 0.15644, + "date": "2025-12-21" } ], "cwes": [ @@ -7605,8 +7605,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -7653,8 +7653,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10027, - "date": "2025-12-15" + "percentile": 0.10136, + "date": "2025-12-21" } ], "cwes": [ @@ -7750,8 +7750,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ], "fix": { @@ -7792,8 +7792,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03214, - "date": "2025-12-15" + "percentile": 0.03267, + "date": "2025-12-21" } ] } @@ -8233,87 +8233,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-16T00:25:11Z_1765880790.tar.zst?checksum=sha256%3Aa8bb3ef2cc68f242e78cda1e451f290ff56a23b1063de65d22a0ac20e16ae5bd", - "built": "2025-12-16T10:26:30Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-22T00:27:55Z_1766391539.tar.zst?checksum=sha256%3A8076a64ce3be63762b0192083d4274b361d17866fb275d81279878e26df22461", + "built": "2025-12-22T08:18:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-16T00:25:17Z", - "input": "xxh64:3bae44c7a22f7a7a" + "captured": "2025-12-22T00:28:14Z", + "input": "xxh64:a0d50876ed3bfef6" }, "alpine": { - "captured": "2025-12-16T00:25:13Z", - "input": "xxh64:0d94cc3d895e96e4" + "captured": "2025-12-22T00:28:10Z", + "input": "xxh64:340ab042b574ff97" }, "amazon": { - "captured": "2025-12-16T00:25:14Z", - "input": "xxh64:96351b3c21f16cdd" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:f299fe06e0e6f002" }, "bitnami": { - "captured": "2025-12-16T00:25:26Z", - "input": "xxh64:01d096e52d6c584d" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:86b88681a2b79ab2" }, "chainguard": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:aeb142b1fabd05ef" + "captured": "2025-12-22T00:27:58Z", + "input": "xxh64:94b7e6823d05b5ad" }, "chainguard-libraries": { - "captured": "2025-12-16T00:25:25Z", - "input": "xxh64:131c1a3e98113468" + "captured": "2025-12-22T00:28:04Z", + "input": "xxh64:ebaf858a1147e15d" }, "debian": { - "captured": "2025-12-16T00:25:24Z", - "input": "xxh64:9c5942d58a5f0d0a" + "captured": "2025-12-22T00:28:11Z", + "input": "xxh64:72e468916a0b0480" }, "echo": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:e65ed35a7a7899d0" + "captured": "2025-12-22T00:28:17Z", + "input": "xxh64:1f327c0363c50625" }, "epss": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:c443dbaf0209cf17" + "captured": "2025-12-22T00:28:00Z", + "input": "xxh64:aa02b2d97883583c" }, "github": { - "captured": "2025-12-16T00:25:21Z", - "input": "xxh64:640038905439d285" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:b4fc4f2075b65b49" }, "kev": { - "captured": "2025-12-16T00:25:11Z", - "input": "xxh64:c28f5b32e2103243" + "captured": "2025-12-22T00:27:59Z", + "input": "xxh64:da74a9d3152b0332" }, "mariner": { - "captured": "2025-12-16T00:25:18Z", - "input": "xxh64:647810a8c07a63eb" + "captured": "2025-12-22T00:27:56Z", + "input": "xxh64:cc87a72977707391" }, "minimos": { - "captured": "2025-12-16T00:25:20Z", - "input": "xxh64:24ca3b7889974a27" + "captured": "2025-12-22T00:27:55Z", + "input": "xxh64:b96814e11a96a684" }, "nvd": { - "captured": "2025-12-16T00:28:18Z", - "input": "xxh64:8ee1877e9a9e680b" + "captured": "2025-12-22T00:31:28Z", + "input": "xxh64:c312c00616bec812" }, "oracle": { - "captured": "2025-12-16T00:25:23Z", - "input": "xxh64:a4416b6b3e4250df" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:0da07f07bcee7701" }, "rhel": { - "captured": "2025-12-16T00:26:07Z", - "input": "xxh64:9911b1a567d8f57c" + "captured": "2025-12-22T00:29:00Z", + "input": "xxh64:2e675c98f65a1e23" }, "sles": { - "captured": "2025-12-16T00:25:43Z", - "input": "xxh64:1b717d5f2e45fdee" + "captured": "2025-12-22T00:28:27Z", + "input": "xxh64:88e89da9b71f5756" }, "ubuntu": { - "captured": "2025-12-16T00:27:14Z", - "input": "xxh64:2d3097578288b46f" + "captured": "2025-12-22T00:29:49Z", + "input": "xxh64:af2ef829b80846f0" }, "wolfi": { - "captured": "2025-12-16T00:25:19Z", - "input": "xxh64:f85923693eb62700" + "captured": "2025-12-22T00:28:06Z", + "input": "xxh64:3774cf56e75820bd" } } } diff --git a/docs/security/oss/grype-4.1.0.md b/docs/security/oss/grype-4.1.0.md index 0cf6b4e..6ec6a4e 100644 --- a/docs/security/oss/grype-4.1.0.md +++ b/docs/security/oss/grype-4.1.0.md @@ -8,11 +8,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | fluent-bit | 4.1.0 | [CVE-2025-12977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12977) | Critical | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | fluent-bit | 4.1.0 | [CVE-2025-12970](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12970) | High | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | | fluent-bit | 4.1.0 | [CVE-2025-12978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12978) | Medium | -| fluent-bit | 4.1.0 | [CVE-2025-12972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12972) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-12969](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12969) | Medium | +| fluent-bit | 4.1.0 | [CVE-2025-12972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12972) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | @@ -25,7 +25,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -34,13 +33,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/version-mapping.md b/docs/version-mapping.md index 98f5cb6..c47a10e 100644 --- a/docs/version-mapping.md +++ b/docs/version-mapping.md @@ -6,6 +6,7 @@ The following shows the underlying [OSS version of Fluent Bit](https://github.co |FluentDo Agent Version|OSS Version Base| |----------------------|----------------| +| 25.10.10 | 4.0.13 | | 25.12.3 | 4.1.0 | | 25.10.9 | 4.0.13 | | 25.12.2 | 4.1.0 | diff --git a/scripts/security/scan-config.json b/scripts/security/scan-config.json index 0da441d..6daf8c2 100644 --- a/scripts/security/scan-config.json +++ b/scripts/security/scan-config.json @@ -15,6 +15,7 @@ ], "agent_versions": [ "25.10.1", + "25.10.10", "25.10.2", "25.10.3", "25.10.4",